Overall this LGTM! Some minor things inline, but nothing that would be a
blocker. Especially given the size this is a very well put together
series!
Consider this
Reviewed-by: Hannes Laimer <[email protected]>
On 10/30/25 16:51, Stefan Hanreich wrote:
This patch series builds upon and replaces the two patch series initially
submitted by Gabriel [1] [2]. Main reason for merging those is that some
additional refactoring to the status API module structure as well as the UI
widgets for the SDN browser has been done, which both series would need to
depend on. Additionally, the EVPN series depended on the fabric series already
as well, so submitting them as one seemed like the least complicated option for
both developers and maintainers with the additional changes introduced in this
iteration.
## Rationale
Currently, the SDN and PVE networking stack provide little insight into their
inner workings and can be a bit of a black box to users. Inspecting the current
state of networking resources, particularly for EVPN zones, requires dropping
into the CLI and invoking specific iproute2 / FRR commands. The current status
endpoint only provides very coarse and limited feedback on the current state of
SDN / networking resources.
With this iteration, this patch series also adds status reporting for bridges /
vnets, which has been requested several times in forums / enterprise support /
trainings.
Most of those endpoints could be interesting additions to the PDM UI as well,
particularly fabrics and evpn status.
## New network resource type
While the initial implementations extended the existing SDN resource type, this
iteration introduces a 'network' resource type. The pre-existing SDN resource
type utilized 'sdn/<zone_id>' as its id, which makes it hard to add additional
types that do not share that ID space. Changing the schema for the ID would also
break backwards-compatibility of API and UI between 9.0 and 9.1.
With potential additional status reporting for other network entities (see
below), it would make sense to generalize the resource type to network in
particular, to avoid cluttering the top level with one type per SDN/networking
entity. If that is not a concern, the current state could be easily adapted to
have one top-level type per resource - simplifying the current implementation.
The ID schema for this resource type is now as follow:
network/{node}/{network_type}/{name}
An example network resource:
{
"id": "network/acolyte/fabric/underlay",
"type": "network",
"network_type": "fabric",
"network": "underlay"
"node": "acolyte",
"status": "ok",
"protocol": "ospf",
}
The plan for migrating:
* The zones will still report their status as they did before (SDN resource
type)
* New networking entities (fabrics, for now) will utilize the network resource
type
* We will add support for parsing the new zone status reporting format in this
patch series (but it will not be sent by any node)
* When migrating from PVE 9 -> 10, status reporting for zones will move to the
new network resource type
* old nodes should be able to cope with the new format, since support for it has
been included for awhile
I know this is a bit of a sledgehammer method of solving this problem, but imo
while this migration might be a bit painful now, it seems the best option to me
long-term. Any suggestions / opinions on this would be greatly appreciated. I
don't really see another way of implementing additional types of entities
without either breaking backwards-compatibility with PVE <= 9.0 or having
potential ID collisions in the SDN resource type or having one dedicated type
per networking resource.
## Potential future work / extensions
Add status reporting for the firewall, which currently acts a bit like a
black-box as well, without any easy way of checking the current (running) state
of the firewall.
Other entities to consider adding to the resources: controllers, DNS, external
IPAM.
The data from those endpoints could be used to provide a graphical overview of a
bridge in the UI, an idea which has been floating around internally for awhile.
## New API endpoints
/nodes/{node}/sdn/fabrics/{fabric}/routes
/nodes/{node}/sdn/fabrics/{fabric}/neighbors
/nodes/{node}/sdn/fabrics/{fabric}/interfaces
/nodes/{node}/sdn/zones/{zone}/ip-vrf
/nodes/{node}/sdn/zones/{zone}/bridges
/nodes/{node}/sdn/vnets/{vnet}/mac-vrf
## New UI panels
Those panels can all be reached via the resource tree and are found in the SDN
browser.
For all zones:
* Bridges overview
For EVPN zones:
* IP-VRF
* MAC-VRFs
For Fabrics:
* Routes
* Neighbors
* Interfaces
## Dependencies
proxmox-perl-rs depends on proxmox-ve-rs
pve-network depends on proxmox-perl-rs
pve-network depends on pve-common
pve-manager depends on pve-network
Changes from (v1, v4):
* refactor the SDN status API module structure (no functional changes to
existing endpoints)
* move the fabrics API endpoints to the pre-existing /nodes/{node}/sdn subdir
* refactor the SDN content view panel, so it can be reused for the EVPN panels
(no functional changes to existing UI panels)
* add a completely new resource type, instead of trying to re-use the existing
SDN one (reasoning above).
* move the iproute2 and bridge helpers to pve-common
* improve JSONSchema of all API endpoints (descriptions mainly)
* return additional information in the fabric endpoints
* add full UI integration for EVPN status (IP-VRF + MAC-VRF panels)
* Use the installed, duplicate and bestpath properties of FRR to show only
routes that are actually installed into the kernel routing table for EVPN
zones
* filter for type 2 routes specifically when invoking vtysh
[1]
https://lore.proxmox.com/pve-devel/[email protected]/
[2]
https://lore.proxmox.com/pve-devel/[email protected]/
pve-common:
Stefan Hanreich (2):
iproute2: add helper for detecting bridge members
iproute2: add helper for querying vlan information
src/PVE/IPRoute2.pm | 23 +++++++++++++++++++++++
1 file changed, 23 insertions(+)
proxmox-ve-rs:
Gabriel Goller (6):
frr: make room for deserialization structs
frr: add deserialization types for openfabric and ospf
ve-config: add helper function to iterate over all nodes in all
fabrics
ve-config: add optional tag property to vnet
frr: fix some route deserialization types
frr: add deserialization types for EVPN
proxmox-frr/Cargo.toml | 2 +
proxmox-frr/debian/control | 6 +
proxmox-frr/src/de/evpn.rs | 165 ++++++++++++
proxmox-frr/src/de/mod.rs | 49 ++++
proxmox-frr/src/de/openfabric.rs | 101 ++++++++
proxmox-frr/src/de/ospf.rs | 64 +++++
proxmox-frr/src/lib.rs | 243 +-----------------
proxmox-frr/src/ser/mod.rs | 241 +++++++++++++++++
proxmox-frr/src/{ => ser}/openfabric.rs | 4 +-
proxmox-frr/src/{ => ser}/ospf.rs | 2 +-
proxmox-frr/src/{ => ser}/route_map.rs | 0
proxmox-frr/src/{ => ser}/serializer.rs | 2 +-
proxmox-ve-config/src/sdn/config.rs | 27 +-
proxmox-ve-config/src/sdn/fabric/frr.rs | 170 ++++++------
proxmox-ve-config/src/sdn/fabric/mod.rs | 5 +
proxmox-ve-config/src/sdn/frr.rs | 2 +-
proxmox-ve-config/tests/fabric/main.rs | 2 +-
proxmox-ve-config/tests/sdn/main.rs | 5 +-
.../tests/sdn/resources/running-config.json | 1 +
19 files changed, 761 insertions(+), 330 deletions(-)
create mode 100644 proxmox-frr/src/de/evpn.rs
create mode 100644 proxmox-frr/src/de/mod.rs
create mode 100644 proxmox-frr/src/de/openfabric.rs
create mode 100644 proxmox-frr/src/de/ospf.rs
create mode 100644 proxmox-frr/src/ser/mod.rs
rename proxmox-frr/src/{ => ser}/openfabric.rs (97%)
rename proxmox-frr/src/{ => ser}/ospf.rs (99%)
rename proxmox-frr/src/{ => ser}/route_map.rs (100%)
rename proxmox-frr/src/{ => ser}/serializer.rs (99%)
proxmox-perl-rs:
Gabriel Goller (9):
pve-rs: firewall: cargo: fmt
pve-rs: cargo: bump proxmox-apt and proxmox-ve-config versions
pve-rs: fabrics: update proxmox-frr import path
pve-rs: fabrics: fix clippy lint warnings
pve-rs: fabrics: add function to get status of fabric
pve-rs: fabrics: add function to get l2vpn and l3vpn routes for evpn
pve-rs: fabrics: add function to get routes learned by a fabric
pve-rs: fabrics: add function to get the interfaces used for a fabric
pve-rs: fabrics: add function to get the neighbors for a fabric
Stefan Hanreich (1):
pve-rs: firewall: add missing documentation comments
pve-rs/Cargo.toml | 4 +-
pve-rs/src/bindings/firewall/sdn.rs | 16 +-
pve-rs/src/bindings/sdn/fabrics.rs | 296 +++++++++++++-
pve-rs/src/lib.rs | 2 +
pve-rs/src/sdn/mod.rs | 3 +
pve-rs/src/sdn/status.rs | 585 ++++++++++++++++++++++++++++
6 files changed, 896 insertions(+), 10 deletions(-)
create mode 100644 pve-rs/src/sdn/mod.rs
create mode 100644 pve-rs/src/sdn/status.rs
pve-network:
Gabriel Goller (3):
fabrics: add fabrics status to SDN::status function
api: nodes: fabrics: add endpoint for querying route status
api: nodes: fabrics: add endpoint for querying neighbor information
Stefan Hanreich (6):
refactor: rework api module structure for the /nodes/{node}/sdn subdir
sdn: status: add zone type to sdn resource
api: nodes: fabrics: add endpoint for querying interface status
api: nodes: zones: add bridge status
api: nodes: zones: add ip vrf endpoint for evpn zones
api: nodes: vnets: add mac-vrf endpoint for evpn vnets
src/PVE/API2/Network/SDN/Makefile | 2 +-
src/PVE/API2/Network/SDN/Nodes/Fabric.pm | 187 +++++++++
src/PVE/API2/Network/SDN/Nodes/Fabrics.pm | 16 +
.../Network/SDN/{Zones => Nodes}/Makefile | 12 +-
src/PVE/API2/Network/SDN/Nodes/Status.pm | 61 +++
src/PVE/API2/Network/SDN/Nodes/Vnet.pm | 147 +++++++
src/PVE/API2/Network/SDN/Nodes/Vnets.pm | 16 +
src/PVE/API2/Network/SDN/Nodes/Zone.pm | 379 ++++++++++++++++++
.../SDN/{Zones/Status.pm => Nodes/Zones.pm} | 58 +--
src/PVE/API2/Network/SDN/Vnets.pm | 2 +-
src/PVE/API2/Network/SDN/Zones/Content.pm | 88 ----
src/PVE/Network/SDN.pm | 6 +-
src/PVE/Network/SDN/Zones.pm | 2 +
src/test/debug/statuscheck.pl | 3 +-
14 files changed, 833 insertions(+), 146 deletions(-)
create mode 100644 src/PVE/API2/Network/SDN/Nodes/Fabric.pm
create mode 100644 src/PVE/API2/Network/SDN/Nodes/Fabrics.pm
rename src/PVE/API2/Network/SDN/{Zones => Nodes}/Makefile (51%)
create mode 100644 src/PVE/API2/Network/SDN/Nodes/Status.pm
create mode 100644 src/PVE/API2/Network/SDN/Nodes/Vnet.pm
create mode 100644 src/PVE/API2/Network/SDN/Nodes/Vnets.pm
create mode 100644 src/PVE/API2/Network/SDN/Nodes/Zone.pm
rename src/PVE/API2/Network/SDN/{Zones/Status.pm => Nodes/Zones.pm} (56%)
delete mode 100644 src/PVE/API2/Network/SDN/Zones/Content.pm
pve-manager:
Gabriel Goller (2):
pvestatd: add network resource to status reporting
ui: resource tree: add network resource
Stefan Hanreich (6):
api: nodes: use new status module for sdn subdirectory
refactor: ui: sdn browser: parametrize zone content panel
pvestatd: sdn: adapt to changes in status reporting
ui: sdn browser: Add ip-vrf panel for evpn zones
ui: sdn browser: add mac vrf panel
ui: sdn browser: add zone bridge view
PVE/API2/Cluster.pm | 102 ++++++++++++---
PVE/API2/Nodes.pm | 50 +------
PVE/Service/pvestatd.pm | 29 ++--
www/manager6/Makefile | 6 +
www/manager6/Utils.js | 11 ++
www/manager6/Workspace.js | 1 +
www/manager6/sdn/Browser.js | 29 ++++
www/manager6/sdn/EvpnZoneIpVrfPanel.js | 84 ++++++++++++
www/manager6/sdn/EvpnZoneMacVrfPanel.js | 130 ++++++++++++++++++
www/manager6/sdn/FabricsContentView.js | 77 +++++++++++
www/manager6/sdn/NetworkBrowser.js | 167 ++++++++++++++++++++++++
www/manager6/sdn/ZoneBridgeView.js | 88 +++++++++++++
www/manager6/sdn/ZoneBridgesPanel.js | 131 +++++++++++++++++++
www/manager6/sdn/ZoneContentPanel.js | 11 +-
www/manager6/sdn/ZoneContentView.js | 75 ++++++-----
www/manager6/tree/ResourceTree.js | 6 +
16 files changed, 888 insertions(+), 109 deletions(-)
create mode 100644 www/manager6/sdn/EvpnZoneIpVrfPanel.js
create mode 100644 www/manager6/sdn/EvpnZoneMacVrfPanel.js
create mode 100644 www/manager6/sdn/FabricsContentView.js
create mode 100644 www/manager6/sdn/NetworkBrowser.js
create mode 100644 www/manager6/sdn/ZoneBridgeView.js
create mode 100644 www/manager6/sdn/ZoneBridgesPanel.js
Summary over all repositories:
56 files changed, 3401 insertions(+), 595 deletions(-)
_______________________________________________
pve-devel mailing list
[email protected]
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
