X-Git-Url: https://git.proxmox.com/?p=pve-network.git;a=blobdiff_plain;f=PVE%2FNetwork%2FSDN%2FControllers%2FEvpnPlugin.pm;h=0c498939dc09431dd131e806f7643eedb09b045a;hp=e59c142ca6d3e91835a6c3a11aa104922de1120e;hb=9c24bcc5eb191d6f59541dc714d4c8df672f0925;hpb=f23633dc24196b0e09c1fa592b3ad70095b1b3fb

diff --git a/PVE/Network/SDN/Controllers/EvpnPlugin.pm b/PVE/Network/SDN/Controllers/EvpnPlugin.pm
index e59c142..0c49893 100644
--- a/PVE/Network/SDN/Controllers/EvpnPlugin.pm
+++ b/PVE/Network/SDN/Controllers/EvpnPlugin.pm
@@ -22,6 +22,8 @@ sub properties {
 	asn => {
 	    type => 'integer',
 	    description => "autonomous system number",
+	    minimum => 0,
+	    maximum => 4294967296
 	},
 	peers => {
 	    description => "peers address list.",
@@ -97,11 +99,14 @@ sub generate_controller_config {
 
     # address-family l2vpn
     @controller_config = ();
+    push @controller_config, "neighbor VTEP route-map MAP_VTEP_OUT out";
     push @controller_config, "neighbor VTEP activate";
     push @controller_config, "advertise-all-vni";
     push @controller_config, "autort as $autortas" if $autortas;
     push(@{$bgp->{"address-family"}->{"l2vpn evpn"}}, @controller_config);
 
+    push(@{$config->{frr_routemap}->{'MAP_VTEP_OUT'}}, []);
+
     return $config;
 }
 
@@ -113,8 +118,13 @@ sub generate_controller_zone_config {
     my $vrf = "vrf_$id";
     my $vrfvxlan = $plugin_config->{'vrf-vxlan'};
     my $exitnodes = $plugin_config->{'exitnodes'};
+    my $exitnodes_primary = $plugin_config->{'exitnodes-primary'};
+    my $advertisesubnets = $plugin_config->{'advertise-subnets'};
+    my $exitnodes_local_routing = $plugin_config->{'exitnodes-local-routing'};
+    my $rt_import = [PVE::Tools::split_list($plugin_config->{'rt-import'})] if $plugin_config->{'rt-import'};
 
     my $asn = $controller->{asn};
+    my @peers = PVE::Tools::split_list($controller->{'peers'}) if $controller->{'peers'};
     my $ebgp = undef;
     my $loopback = undef;
     my $autortas = undef;
@@ -128,6 +138,8 @@ sub generate_controller_zone_config {
 
     return if !$vrf || !$vrfvxlan || !$asn;
 
+    my ($ifaceip, $interface) = PVE::Network::SDN::Zones::Plugin::find_local_ip_interface_peers(\@peers, $loopback);
+
     # vrf
     my @controller_config = ();
     push @controller_config, "vni $vrfvxlan";
@@ -135,7 +147,7 @@ sub generate_controller_zone_config {
 
     #main vrf router
     @controller_config = ();
-    push @controller_config, "no bgp ebgp-requires-policy" if $ebgp;
+    push @controller_config, "bgp router-id $ifaceip";
 #    push @controller_config, "!";
     push(@{$config->{frr}->{router}->{"bgp $asn vrf $vrf"}->{""}}, @controller_config);
 
@@ -144,31 +156,86 @@ sub generate_controller_zone_config {
 	push(@{$config->{frr}->{router}->{"bgp $asn vrf $vrf"}->{"address-family"}->{"l2vpn evpn"}}, "route-target export $autortas:$vrfvxlan");
     }
 
-    my $is_gateway = grep { $_ eq $local_node } PVE::Tools::split_list($exitnodes);
+    my $is_gateway = $exitnodes->{$local_node};
+
     if ($is_gateway) {
 
+        if($exitnodes_primary && $exitnodes_primary ne $local_node) {
+	    my $routemap_config = ();
+	    push @{$routemap_config}, "match evpn vni $vrfvxlan";
+	    push @{$routemap_config}, "match evpn route-type prefix";
+	    push @{$routemap_config}, "set metric 200";
+	    unshift(@{$config->{frr_routemap}->{'MAP_VTEP_OUT'}}, $routemap_config);
+        }
+
+	if (!$exitnodes_local_routing) {
+	    @controller_config = ();
+	    #import /32 routes of evpn network from vrf1 to default vrf (for packet return)
+	    push @controller_config, "import vrf $vrf";
+	    push(@{$config->{frr}->{router}->{"bgp $asn"}->{"address-family"}->{"ipv4 unicast"}}, @controller_config);
+	    push(@{$config->{frr}->{router}->{"bgp $asn"}->{"address-family"}->{"ipv6 unicast"}}, @controller_config);
+
+	    @controller_config = ();
+	    #redistribute connected to be able to route to local vms on the gateway
+	    push @controller_config, "redistribute connected";
+	    push(@{$config->{frr}->{router}->{"bgp $asn vrf $vrf"}->{"address-family"}->{"ipv4 unicast"}}, @controller_config);
+	    push(@{$config->{frr}->{router}->{"bgp $asn vrf $vrf"}->{"address-family"}->{"ipv6 unicast"}}, @controller_config);
+	}
+
 	@controller_config = ();
-	#import /32 routes of evpn network from vrf1 to default vrf (for packet return)
-	push @controller_config, "import vrf $vrf";
-	push(@{$config->{frr}->{router}->{"bgp $asn"}->{"address-family"}->{"ipv4 unicast"}}, @controller_config);
-	push(@{$config->{frr}->{router}->{"bgp $asn"}->{"address-family"}->{"ipv6 unicast"}}, @controller_config);
+	#add default originate to announce 0.0.0.0/0 type5 route in evpn
+	push @controller_config, "default-originate ipv4";
+	push @controller_config, "default-originate ipv6";
+	push(@{$config->{frr}->{router}->{"bgp $asn vrf $vrf"}->{"address-family"}->{"l2vpn evpn"}}, @controller_config);
+    } elsif ($advertisesubnets) {
 
 	@controller_config = ();
-	#redistribute connected to be able to route to local vms on the gateway
+	#redistribute connected networks
 	push @controller_config, "redistribute connected";
 	push(@{$config->{frr}->{router}->{"bgp $asn vrf $vrf"}->{"address-family"}->{"ipv4 unicast"}}, @controller_config);
 	push(@{$config->{frr}->{router}->{"bgp $asn vrf $vrf"}->{"address-family"}->{"ipv6 unicast"}}, @controller_config);
 
 	@controller_config = ();
-	#add default originate to announce 0.0.0.0/0 type5 route in evpn
-	push @controller_config, "default-originate ipv4";
-	push @controller_config, "default-originate ipv6";
+	#advertise connected networks type5 route in evpn
+	push @controller_config, "advertise ipv4 unicast";
+	push @controller_config, "advertise ipv6 unicast";
+	push(@{$config->{frr}->{router}->{"bgp $asn vrf $vrf"}->{"address-family"}->{"l2vpn evpn"}}, @controller_config);
+    }
+
+    if($rt_import) {
+	@controller_config = ();
+	foreach my $rt (sort @{$rt_import}) {
+	    push @controller_config, "route-target import $rt";
+	}
 	push(@{$config->{frr}->{router}->{"bgp $asn vrf $vrf"}->{"address-family"}->{"l2vpn evpn"}}, @controller_config);
     }
 
     return $config;
 }
 
+sub generate_controller_vnet_config {
+    my ($class, $plugin_config, $controller, $zone, $zoneid, $vnetid, $config) = @_;
+
+    my $exitnodes = $zone->{'exitnodes'};
+    my $exitnodes_local_routing = $zone->{'exitnodes-local-routing'};
+
+    return if !$exitnodes_local_routing;
+
+    my $local_node = PVE::INotify::nodename();
+    my $is_gateway = $exitnodes->{$local_node};
+    
+    return if !$is_gateway;
+
+    my $subnets = PVE::Network::SDN::Vnets::get_subnets($vnetid, 1);
+    my @controller_config = ();
+    foreach my $subnetid (sort keys %{$subnets}) {
+        my $subnet = $subnets->{$subnetid};
+	my $cidr = $subnet->{cidr};
+	push @controller_config, "ip route $cidr 10.255.255.2 xvrf_$zoneid";
+    }
+    push(@{$config->{frr}->{''}}, @controller_config);
+}
+
 sub on_delete_hook {
     my ($class, $controllerid, $zone_cfg) = @_;
 
@@ -279,22 +346,39 @@ sub generate_frr_recurse{
     }
 }
 
-sub write_controller_config {
+sub generate_frr_routemap {
+   my ($final_config, $routemaps) = @_;
+
+   foreach my $id (sort keys %$routemaps) {
+
+	my $routemap = $routemaps->{$id};
+	my $order = 0;
+	foreach my $seq (@$routemap) {
+		$order++;
+		my @config = ();
+		push @config, "!";
+		push @config, "route-map $id permit $order";
+		push @config, map { " $_" } @$seq;
+		push @{$final_config}, @config;
+	}
+   }
+}
+sub generate_controller_rawconfig {
     my ($class, $plugin_config, $config) = @_;
 
     my $nodename = PVE::INotify::nodename();
 
     my $final_config = [];
+    push @{$final_config}, "frr version 8.0.1";
+    push @{$final_config}, "frr defaults datacenter";
+    push @{$final_config}, "hostname $nodename";
     push @{$final_config}, "log syslog informational";
-    push @{$final_config}, "ip forwarding";
-    push @{$final_config}, "ipv6 forwarding";
-    push @{$final_config}, "frr defaults traditional";
     push @{$final_config}, "service integrated-vtysh-config";
-    push @{$final_config}, "hostname $nodename";
     push @{$final_config}, "!";
 
     if (-e "/etc/frr/frr.conf.local") {
 	generate_frr_recurse($final_config, $config->{frr}->{vrf}, "vrf", 1);
+	generate_frr_routemap($final_config, $config->{frr_routemap});
 	push @{$final_config}, "!";
 
 	my $local_conf = file_get_contents("/etc/frr/frr.conf.local");
@@ -302,6 +386,7 @@ sub write_controller_config {
 	push @{$final_config}, $local_conf;
     } else {
 	generate_frr_recurse($final_config, $config->{frr}, undef, 0);
+	generate_frr_routemap($final_config, $config->{frr_routemap});
     }
 
     push @{$final_config}, "!";
@@ -310,6 +395,14 @@ sub write_controller_config {
 
     my $rawconfig = join("\n", @{$final_config});
 
+    return if !$rawconfig;
+    return $rawconfig;
+}
+
+sub write_controller_config {
+    my ($class, $plugin_config, $config) = @_;
+
+    my $rawconfig = $class->generate_controller_rawconfig($plugin_config, $config);
     return if !$rawconfig;
     return if !-d "/etc/frr";
 
@@ -335,7 +428,13 @@ sub reload_controller {
     };
 
     if (-e $conf_file && -e $bin_path) {
-	run_command([$bin_path, '--stdout', '--reload', $conf_file], outfunc => {}, errfunc => $err);
+	eval {
+	    run_command([$bin_path, '--stdout', '--reload', $conf_file], outfunc => {}, errfunc => $err);
+	};
+	if ($@) {
+	    warn "frr reload command fail. Restarting frr.";
+	    eval { run_command(['systemctl', 'restart', 'frr']); };
+	}
     }
 }