]>
Commit | Line | Data |
---|---|---|
1 | package PVE::Network::SDN::Controllers::EvpnPlugin; | |
2 | ||
3 | use strict; | |
4 | use warnings; | |
5 | use PVE::Network::SDN::Controllers::Plugin; | |
6 | use PVE::Tools; | |
7 | use PVE::INotify; | |
8 | use PVE::JSONSchema qw(get_standard_option); | |
9 | use PVE::Network::SDN::Zones::Plugin; | |
10 | use base('PVE::Network::SDN::Controllers::Plugin'); | |
11 | ||
12 | sub type { | |
13 | return 'evpn'; | |
14 | } | |
15 | ||
16 | sub properties { | |
17 | return { | |
18 | 'asn' => { | |
19 | type => 'integer', | |
20 | description => "autonomous system number", | |
21 | }, | |
22 | 'peers' => { | |
23 | description => "peers address list.", | |
24 | type => 'string', format => 'ip-list' | |
25 | }, | |
26 | 'gateway-nodes' => get_standard_option('pve-node-list'), | |
27 | 'gateway-external-peers' => { | |
28 | description => "upstream bgp peers address list.", | |
29 | type => 'string', format => 'ip-list' | |
30 | }, | |
31 | }; | |
32 | } | |
33 | ||
34 | sub options { | |
35 | ||
36 | return { | |
37 | 'asn' => { optional => 0 }, | |
38 | 'peers' => { optional => 0 }, | |
39 | 'gateway-nodes' => { optional => 1 }, | |
40 | 'gateway-external-peers' => { optional => 1 }, | |
41 | }; | |
42 | } | |
43 | ||
44 | # Plugin implementation | |
45 | sub generate_controller_config { | |
46 | my ($class, $plugin_config, $controller, $id, $uplinks, $config) = @_; | |
47 | ||
48 | my @peers = split(',', $plugin_config->{'peers'}) if $plugin_config->{'peers'}; | |
49 | ||
50 | my $asn = $plugin_config->{asn}; | |
51 | my $gatewaynodes = $plugin_config->{'gateway-nodes'}; | |
52 | my @gatewaypeers = split(',', $plugin_config->{'gateway-external-peers'}) if $plugin_config->{'gateway-external-peers'}; | |
53 | ||
54 | return if !$asn; | |
55 | ||
56 | my ($ifaceip, $interface) = PVE::Network::SDN::Zones::Plugin::find_local_ip_interface_peers(\@peers); | |
57 | ||
58 | my $is_gateway = undef; | |
59 | my $local_node = PVE::INotify::nodename(); | |
60 | ||
61 | foreach my $gatewaynode (PVE::Tools::split_list($gatewaynodes)) { | |
62 | $is_gateway = 1 if $gatewaynode eq $local_node; | |
63 | } | |
64 | ||
65 | my @controller_config = (); | |
66 | ||
67 | push @controller_config, "bgp router-id $ifaceip"; | |
68 | push @controller_config, "no bgp default ipv4-unicast"; | |
69 | push @controller_config, "coalesce-time 1000"; | |
70 | ||
71 | foreach my $address (@peers) { | |
72 | next if $address eq $ifaceip; | |
73 | push @controller_config, "neighbor $address remote-as $asn"; | |
74 | } | |
75 | ||
76 | if ($is_gateway) { | |
77 | foreach my $address (@gatewaypeers) { | |
78 | push @controller_config, "neighbor $address remote-as external"; | |
79 | } | |
80 | } | |
81 | push(@{$config->{frr}->{router}->{"bgp $asn"}->{""}}, @controller_config); | |
82 | ||
83 | @controller_config = (); | |
84 | foreach my $address (@peers) { | |
85 | next if $address eq $ifaceip; | |
86 | push @controller_config, "neighbor $address activate"; | |
87 | } | |
88 | push @controller_config, "advertise-all-vni"; | |
89 | push(@{$config->{frr}->{router}->{"bgp $asn"}->{"address-family"}->{"l2vpn evpn"}}, @controller_config); | |
90 | ||
91 | if ($is_gateway) { | |
92 | ||
93 | @controller_config = (); | |
94 | #import /32 routes of evpn network from vrf1 to default vrf (for packet return) | |
95 | foreach my $address (@gatewaypeers) { | |
96 | push @controller_config, "neighbor $address activate"; | |
97 | } | |
98 | push(@{$config->{frr}->{router}->{"bgp $asn"}->{"address-family"}->{"ipv4 unicast"}}, @controller_config); | |
99 | push(@{$config->{frr}->{router}->{"bgp $asn"}->{"address-family"}->{"ipv6 unicast"}}, @controller_config); | |
100 | ||
101 | } | |
102 | ||
103 | return $config; | |
104 | } | |
105 | ||
106 | sub generate_controller_zone_config { | |
107 | my ($class, $plugin_config, $controller, $id, $uplinks, $config) = @_; | |
108 | ||
109 | my $vrf = $id; | |
110 | my $vrfvxlan = $plugin_config->{'vrf-vxlan'}; | |
111 | my $asn = $controller->{asn}; | |
112 | my $gatewaynodes = $controller->{'gateway-nodes'}; | |
113 | ||
114 | return if !$vrf || !$vrfvxlan || !$asn; | |
115 | ||
116 | #vrf | |
117 | my @controller_config = (); | |
118 | push @controller_config, "vni $vrfvxlan"; | |
119 | push(@{$config->{frr}->{vrf}->{"$vrf"}}, @controller_config); | |
120 | ||
121 | push(@{$config->{frr}->{router}->{"bgp $asn vrf $vrf"}->{""}}, "!"); | |
122 | ||
123 | @controller_config = (); | |
124 | ||
125 | my $is_gateway = undef; | |
126 | my $local_node = PVE::INotify::nodename(); | |
127 | ||
128 | foreach my $gatewaynode (PVE::Tools::split_list($gatewaynodes)) { | |
129 | $is_gateway = 1 if $gatewaynode eq $local_node; | |
130 | } | |
131 | ||
132 | if ($is_gateway) { | |
133 | ||
134 | @controller_config = (); | |
135 | #import /32 routes of evpn network from vrf1 to default vrf (for packet return) | |
136 | push @controller_config, "import vrf $vrf"; | |
137 | push(@{$config->{frr}->{router}->{"bgp $asn"}->{"address-family"}->{"ipv4 unicast"}}, @controller_config); | |
138 | push(@{$config->{frr}->{router}->{"bgp $asn"}->{"address-family"}->{"ipv6 unicast"}}, @controller_config); | |
139 | ||
140 | @controller_config = (); | |
141 | #redistribute connected to be able to route to local vms on the gateway | |
142 | push @controller_config, "redistribute connected"; | |
143 | push(@{$config->{frr}->{router}->{"bgp $asn vrf $vrf"}->{"address-family"}->{"ipv4 unicast"}}, @controller_config); | |
144 | push(@{$config->{frr}->{router}->{"bgp $asn vrf $vrf"}->{"address-family"}->{"ipv6 unicast"}}, @controller_config); | |
145 | ||
146 | @controller_config = (); | |
147 | #add default originate to announce 0.0.0.0/0 type5 route in evpn | |
148 | push @controller_config, "default-originate ipv4"; | |
149 | push @controller_config, "default-originate ipv6"; | |
150 | push(@{$config->{frr}->{router}->{"bgp $asn vrf $vrf"}->{"address-family"}->{"l2vpn evpn"}}, @controller_config); | |
151 | } | |
152 | ||
153 | return $config; | |
154 | } | |
155 | ||
156 | sub on_delete_hook { | |
157 | my ($class, $controllerid, $zone_cfg) = @_; | |
158 | ||
159 | # verify that zone is associated to this controller | |
160 | foreach my $id (keys %{$zone_cfg->{ids}}) { | |
161 | my $zone = $zone_cfg->{ids}->{$id}; | |
162 | die "controller $controllerid is used by $id" | |
163 | if (defined($zone->{controller}) && $zone->{controller} eq $controllerid); | |
164 | } | |
165 | } | |
166 | ||
167 | sub on_update_hook { | |
168 | my ($class, $controllerid, $controller_cfg) = @_; | |
169 | ||
170 | # we can only have 1 evpn controller / 1 asn by server | |
171 | ||
172 | foreach my $id (keys %{$controller_cfg->{ids}}) { | |
173 | next if $id eq $controllerid; | |
174 | my $controller = $controller_cfg->{ids}->{$id}; | |
175 | die "only 1 evpn controller can be defined" if $controller->{type} eq "evpn"; | |
176 | } | |
177 | } | |
178 | ||
179 | sub sort_frr_config { | |
180 | my $order = {}; | |
181 | $order->{''} = 0; | |
182 | $order->{'vrf'} = 1; | |
183 | $order->{'ipv4 unicast'} = 1; | |
184 | $order->{'ipv6 unicast'} = 2; | |
185 | $order->{'l2vpn evpn'} = 3; | |
186 | ||
187 | my $a_val = 100; | |
188 | my $b_val = 100; | |
189 | ||
190 | $a_val = $order->{$a} if defined($order->{$a}); | |
191 | $b_val = $order->{$b} if defined($order->{$b}); | |
192 | ||
193 | if($a =~ /bgp (\d+)$/) { | |
194 | $a_val = 2; | |
195 | } | |
196 | ||
197 | if($b =~ /bgp (\d+)$/) { | |
198 | $b_val = 2; | |
199 | } | |
200 | ||
201 | return $a_val <=> $b_val; | |
202 | } | |
203 | ||
204 | sub generate_frr_recurse{ | |
205 | my ($final_config, $content, $parentkey, $level) = @_; | |
206 | ||
207 | my $keylist = {}; | |
208 | $keylist->{vrf} = 1; | |
209 | $keylist->{'address-family'} = 1; | |
210 | $keylist->{router} = 1; | |
211 | ||
212 | my $exitkeylist = {}; | |
213 | $exitkeylist->{vrf} = 1; | |
214 | $exitkeylist->{'address-family'} = 1; | |
215 | ||
216 | #fix me, make this generic | |
217 | my $paddinglevel = undef; | |
218 | if($level == 1 || $level == 2) { | |
219 | $paddinglevel = $level - 1; | |
220 | } elsif ($level == 3 || $level == 4) { | |
221 | $paddinglevel = $level - 2; | |
222 | } | |
223 | ||
224 | my $padding = ""; | |
225 | $padding = ' ' x ($paddinglevel) if $paddinglevel; | |
226 | ||
227 | if (ref $content eq ref {}) { | |
228 | foreach my $key (sort sort_frr_config keys %$content) { | |
229 | if ($parentkey && defined($keylist->{$parentkey})) { | |
230 | push @{$final_config}, $padding."!"; | |
231 | push @{$final_config}, $padding."$parentkey $key"; | |
232 | } else { | |
233 | push @{$final_config}, $padding."$key" if $key ne '' && !defined($keylist->{$key}); | |
234 | } | |
235 | ||
236 | my $option = $content->{$key}; | |
237 | generate_frr_recurse($final_config, $option, $key, $level+1); | |
238 | ||
239 | push @{$final_config}, $padding."exit-$parentkey" if $parentkey && defined($exitkeylist->{$parentkey}); | |
240 | } | |
241 | } | |
242 | ||
243 | if (ref $content eq 'ARRAY') { | |
244 | foreach my $value (@$content) { | |
245 | push @{$final_config}, $padding."$value"; | |
246 | } | |
247 | } | |
248 | } | |
249 | ||
250 | sub write_controller_config { | |
251 | my ($class, $plugin_config, $config) = @_; | |
252 | ||
253 | my $nodename = PVE::INotify::nodename(); | |
254 | ||
255 | my $final_config = []; | |
256 | push @{$final_config}, "log syslog informational"; | |
257 | push @{$final_config}, "ip forwarding"; | |
258 | push @{$final_config}, "ipv6 forwarding"; | |
259 | push @{$final_config}, "frr defaults traditional"; | |
260 | push @{$final_config}, "service integrated-vtysh-config"; | |
261 | push @{$final_config}, "hostname $nodename"; | |
262 | push @{$final_config}, "!"; | |
263 | ||
264 | if (-e "/etc/frr/frr.conf.local") { | |
265 | open my $fh, '<', '/etc/frr/frr.conf.local' or die "Can't open file $!"; | |
266 | generate_frr_recurse($final_config, $config->{frr}->{vrf}, "vrf", 1); | |
267 | push @{$final_config}, "!"; | |
268 | ||
269 | while (my $line = <$fh>) { | |
270 | chomp ($line); | |
271 | push @{$final_config}, $line; | |
272 | } | |
273 | } else { | |
274 | generate_frr_recurse($final_config, $config->{frr}, undef, 0); | |
275 | } | |
276 | ||
277 | push @{$final_config}, "!"; | |
278 | push @{$final_config}, "line vty"; | |
279 | push @{$final_config}, "!"; | |
280 | ||
281 | my $rawconfig = join("\n", @{$final_config}); | |
282 | ||
283 | ||
284 | return if !$rawconfig; | |
285 | return if !-d "/etc/frr"; | |
286 | ||
287 | my $frr_config_file = "/etc/frr/frr.conf"; | |
288 | ||
289 | my $writefh = IO::File->new($frr_config_file,">"); | |
290 | print $writefh $rawconfig; | |
291 | $writefh->close(); | |
292 | } | |
293 | ||
294 | sub reload_controller { | |
295 | my ($class) = @_; | |
296 | ||
297 | my $conf_file = "/etc/frr/frr.conf"; | |
298 | my $bin_path = "/usr/lib/frr/frr-reload.py"; | |
299 | ||
300 | if (!-e $bin_path) { | |
301 | warn "missing $bin_path. Please install frr-pythontools package"; | |
302 | return; | |
303 | } | |
304 | ||
305 | my $err = sub { | |
306 | my $line = shift; | |
307 | if ($line =~ /ERROR:/) { | |
308 | warn "$line \n"; | |
309 | } | |
310 | }; | |
311 | ||
312 | if (-e $conf_file && -e $bin_path) { | |
313 | PVE::Tools::run_command([$bin_path, '--stdout', '--reload', $conf_file], outfunc => {}, errfunc => $err); | |
314 | } | |
315 | } | |
316 | ||
317 | 1; | |
318 | ||
319 |