gave this a quick spin on my test cluster, notes below
On 12/19/24 17:17, Alexandre Derumier wrote:
> reported by user on the forum:
> https://forum.proxmox.com/threads/sdn-mismatch-afi-with-bgp-controller-ipv6-session.159250/
>
> This is for dualstack, when evpn is ipv4, and bgp is ipv6+(ipv4)
>
> Signed-off-by: Alexandre Derumier <alexandre.derum...@groupe-cyllene.com>
> ---
> src/PVE/Network/SDN/Controllers/BgpPlugin.pm | 43 ++++++++-----
> .../bgp_ipv4_ipv6/expected_controller_config | 63 +++++++++++++++++++
> .../bgp_ipv4_ipv6/expected_sdn_interfaces | 41 ++++++++++++
> src/test/zones/evpn/bgp_ipv4_ipv6/interfaces | 11 ++++
> src/test/zones/evpn/bgp_ipv4_ipv6/sdn_config | 48 ++++++++++++++
> 5 files changed, 192 insertions(+), 14 deletions(-)
> create mode 100644
> src/test/zones/evpn/bgp_ipv4_ipv6/expected_controller_config
> create mode 100644 src/test/zones/evpn/bgp_ipv4_ipv6/expected_sdn_interfaces
> create mode 100644 src/test/zones/evpn/bgp_ipv4_ipv6/interfaces
> create mode 100644 src/test/zones/evpn/bgp_ipv4_ipv6/sdn_config
>
> diff --git a/src/PVE/Network/SDN/Controllers/BgpPlugin.pm
> b/src/PVE/Network/SDN/Controllers/BgpPlugin.pm
> index 53963e5..24828db 100644
> --- a/src/PVE/Network/SDN/Controllers/BgpPlugin.pm
> +++ b/src/PVE/Network/SDN/Controllers/BgpPlugin.pm
> @@ -94,28 +94,43 @@ sub generate_controller_config {
>
> push @controller_config, "bgp bestpath as-path multipath-relax" if
> $multipath_relax;
>
> + my $peers_ipversion = { 4 => [], 6 => [] };
> + foreach my $address (@peers) {
> + my $ipversion = Net::IP::ip_is_ipv6($address) ? "6" : "4";
> + push (@{$peers_ipversion->{$ipversion}}, $address);
> + }
> +
> #BGP neighbors
> - if(@peers) {
> - push @controller_config, "neighbor BGP peer-group";
> - push @controller_config, "neighbor BGP remote-as $remoteas";
> - push @controller_config, "neighbor BGP bfd";
> - push @controller_config, "neighbor BGP ebgp-multihop $ebgp_multihop" if
> $ebgp && $ebgp_multihop;
> + for my $version (sort keys %$peers_ipversion) {
> + next if !@{$peers_ipversion->{$version}};
> + $version = "" if $version eq '4';
> + push @controller_config, "neighbor BGP${version} peer-group";
> + push @controller_config, "neighbor BGP${version} remote-as $remoteas";
> + push @controller_config, "neighbor BGP${version} bfd";
> + push @controller_config, "neighbor BGP${version} ebgp-multihop
> $ebgp_multihop" if $ebgp && $ebgp_multihop;
> }
>
> # BGP peers
> - foreach my $address (@peers) {
> - push @controller_config, "neighbor $address peer-group BGP";
> + for my $version (sort keys %$peers_ipversion) {
> + for my $address (@{$peers_ipversion->{$version}}) {
> + $version = "" if $version eq '4';
> + push @controller_config, "neighbor $address peer-group
> BGP${version}";
> + }
> }
> +
> push(@{$bgp->{""}}, @controller_config);
>
> # address-family unicast
> - if (@peers) {
> - my $ipversion = Net::IP::ip_is_ipv6($ifaceip) ? "ipv6" : "ipv4";
> - my $mask = Net::IP::ip_is_ipv6($ifaceip) ? "/128" : "32";
> -
> - push(@{$bgp->{"address-family"}->{"$ipversion unicast"}}, "network
> $ifaceip/$mask") if $loopback;
> - push(@{$bgp->{"address-family"}->{"$ipversion unicast"}}, "neighbor BGP
> activate");
> - push(@{$bgp->{"address-family"}->{"$ipversion unicast"}}, "neighbor BGP
> soft-reconfiguration inbound");
> + for my $version (sort keys %$peers_ipversion) {
> + next if !@{$peers_ipversion->{$version}};
> + my $ipversion = "ipv${version}";
> + $version = "" if $version eq '4';
> + if($loopback) {
> + my $mask = Net::IP::ip_is_ipv6($ifaceip) ? "/128" : "32";
> + push(@{$bgp->{"address-family"}->{"$ipversion unicast"}}, "network
> $ifaceip/$mask");
It should work for redistributing EVPN routes via BGP, but if you want
to use the BGP controller with loopback + multiple address families this
doesn't seem to work. My generated configuration looks like this if I
try to do dual-stack BGP:
address-family ipv6 unicast
network 172.20.1.1/32
neighbor BGP6 activate
neighbor BGP6 soft-reconfiguration inbound
exit-address-family
This should take the IPv6 from the loopback, right? We would also need
to create a correct_src_ipv6 route map then I suppose. Not sure how much
sense a dual-stack underlay makes, maybe when transitioning from 4 to 6?
If I have no IPv4 on my loopback and try an IPv6 only BGP underlay
(peers are only IPv6, loopback is IPv6 /128), then it fails on creating
a router-id:
TASK ERROR: can't autofind a router-id value from ip or mac at
/usr/share/perl5/PVE/Network/SDN/Controllers/Plugin.pm line 135.
Not 100% sure why that is, I will need to check tomorrow, I think it is
because we are only checking the address field of the interfaces file
(in find_local_ip_interface_peers), but IPv6 addresses are in the
address6 field. That seems to break when using IPv6.
Reading the MAC from "/sys/class/net/$iface/master/address" also doesn't
always work if the interface is not part of a bridge. I have my ptp
links configured directly on the interfaces, so that might also be a
problem.
Redistributing IPv4 and IPv6 routes from an EVPN zone exit-node worked
on my machine with this patch.
> + }
> + push(@{$bgp->{"address-family"}->{"$ipversion unicast"}}, "neighbor
> BGP${version} activate");
> + push(@{$bgp->{"address-family"}->{"$ipversion unicast"}}, "neighbor
> BGP${version} soft-reconfiguration inbound");
> }
>
> if ($loopback) {
> diff --git a/src/test/zones/evpn/bgp_ipv4_ipv6/expected_controller_config
> b/src/test/zones/evpn/bgp_ipv4_ipv6/expected_controller_config
> new file mode 100644
> index 0000000..a5671c8
> --- /dev/null
> +++ b/src/test/zones/evpn/bgp_ipv4_ipv6/expected_controller_config
> @@ -0,0 +1,63 @@
> +frr version 8.5.2
> +frr defaults datacenter
> +hostname localhost
> +log syslog informational
> +service integrated-vtysh-config
> +!
> +!
> +vrf vrf_myzone
> + vni 1000
> +exit-vrf
> +!
> +router bgp 65000
> + bgp router-id 192.168.0.1
> + no bgp hard-administrative-reset
> + no bgp default ipv4-unicast
> + coalesce-time 1000
> + no bgp graceful-restart notification
> + neighbor VTEP peer-group
> + neighbor VTEP remote-as 65000
> + neighbor VTEP bfd
> + neighbor 192.168.0.2 peer-group VTEP
> + neighbor 192.168.0.3 peer-group VTEP
> + neighbor BGP peer-group
> + neighbor BGP remote-as 65000
> + neighbor BGP bfd
> + neighbor BGP6 peer-group
> + neighbor BGP6 remote-as 65000
> + neighbor BGP6 bfd
> + neighbor 192.168.0.10 peer-group BGP
> + neighbor 2a08:2142:302:3::2 peer-group BGP6
> + !
> + address-family ipv4 unicast
> + neighbor BGP activate
> + neighbor BGP soft-reconfiguration inbound
> + exit-address-family
> + !
> + address-family ipv6 unicast
> + neighbor BGP6 activate
> + neighbor BGP6 soft-reconfiguration inbound
> + exit-address-family
> + !
> + address-family l2vpn evpn
> + neighbor VTEP activate
> + neighbor VTEP route-map MAP_VTEP_IN in
> + neighbor VTEP route-map MAP_VTEP_OUT out
> + advertise-all-vni
> + exit-address-family
> +exit
> +!
> +router bgp 65000 vrf vrf_myzone
> + bgp router-id 192.168.0.1
> + no bgp hard-administrative-reset
> + no bgp graceful-restart notification
> +exit
> +!
> +route-map MAP_VTEP_IN permit 1
> +exit
> +!
> +route-map MAP_VTEP_OUT permit 1
> +exit
> +!
> +line vty
> +!
> \ No newline at end of file
> diff --git a/src/test/zones/evpn/bgp_ipv4_ipv6/expected_sdn_interfaces
> b/src/test/zones/evpn/bgp_ipv4_ipv6/expected_sdn_interfaces
> new file mode 100644
> index 0000000..4cf13e0
> --- /dev/null
> +++ b/src/test/zones/evpn/bgp_ipv4_ipv6/expected_sdn_interfaces
> @@ -0,0 +1,41 @@
> +#version:1
> +
> +auto myvnet
> +iface myvnet
> + address 10.0.0.1/24
> + bridge_ports vxlan_myvnet
> + bridge_stp off
> + bridge_fd 0
> + mtu 1450
> + ip-forward on
> + arp-accept on
> + vrf vrf_myzone
> +
> +auto vrf_myzone
> +iface vrf_myzone
> + vrf-table auto
> + post-up ip route add vrf vrf_myzone unreachable default metric
> 4278198272
> +
> +auto vrfbr_myzone
> +iface vrfbr_myzone
> + bridge-ports vrfvx_myzone
> + bridge_stp off
> + bridge_fd 0
> + mtu 1450
> + vrf vrf_myzone
> +
> +auto vrfvx_myzone
> +iface vrfvx_myzone
> + vxlan-id 1000
> + vxlan-local-tunnelip 192.168.0.1
> + bridge-learning off
> + bridge-arp-nd-suppress on
> + mtu 1450
> +
> +auto vxlan_myvnet
> +iface vxlan_myvnet
> + vxlan-id 100
> + vxlan-local-tunnelip 192.168.0.1
> + bridge-learning off
> + bridge-arp-nd-suppress on
> + mtu 1450
> diff --git a/src/test/zones/evpn/bgp_ipv4_ipv6/interfaces
> b/src/test/zones/evpn/bgp_ipv4_ipv6/interfaces
> new file mode 100644
> index 0000000..36e97ce
> --- /dev/null
> +++ b/src/test/zones/evpn/bgp_ipv4_ipv6/interfaces
> @@ -0,0 +1,11 @@
> +auto vmbr0
> +iface vmbr0 inet static
> + address 192.168.0.1/24
> + gateway 192.168.0.254
> + bridge-ports eth0
> + bridge-stp off
> + bridge-fd 0
> +
> +auto vmbr0
> +iface vmbr0 inet6 static
> + address 2a08:2142:302:3::1/64
> diff --git a/src/test/zones/evpn/bgp_ipv4_ipv6/sdn_config
> b/src/test/zones/evpn/bgp_ipv4_ipv6/sdn_config
> new file mode 100644
> index 0000000..e5674bf
> --- /dev/null
> +++ b/src/test/zones/evpn/bgp_ipv4_ipv6/sdn_config
> @@ -0,0 +1,48 @@
> +{
> + version => 1,
> + vnets => {
> + ids => {
> + myvnet => {
> + tag => "100",
> + type => "vnet",
> + zone => "myzone",
> + },
> + },
> + },
> +
> + zones => {
> + ids => {
> + myzone => {
> + ipam => "pve",
> + type => "evpn",
> + controller => "evpnctl",
> + 'vrf-vxlan' => 1000,
> + },
> + },
> + },
> + controllers => {
> + ids => {
> + evpnctl => {
> + type => "evpn",
> + 'peers' => '192.168.0.1,192.168.0.2,192.168.0.3',
> + asn => "65000",
> + },
> + localhost => {
> + type => "bgp",
> + 'peers' => '192.168.0.10,2a08:2142:302:3::2',
> + asn => "65000",
> + node => "localhost",
> + },
> + },
> + },
> +
> + subnets => {
> + ids => {
> + 'myzone-10.0.0.0-24' => {
> + 'type' => 'subnet',
> + 'vnet' => 'myvnet',
> + 'gateway' => '10.0.0.1',
> + },
> + },
> + },
> +}
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
