fix #4662: frr: fix config generation ordering

vrf and router bgp vrf need to be ordered by vrf name

ip protocol need to be at the end

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>

diff --git a/src/PVE/Network/SDN/Controllers/BgpPlugin.pm b/src/PVE/Network/SDN/Controllers/BgpPlugin.pm
index 0b8cf1a171928122af9b5afa92e3ec5af2871168..e001faa254bbbfb5fca1ef253f4da5efd2a8e07e 100644 (file)
--- a/src/PVE/Network/SDN/Controllers/BgpPlugin.pm
+++ b/src/PVE/Network/SDN/Controllers/BgpPlugin.pm
@@ -119,7 +119,7 @@ sub generate_controller_config {
 
     if ($loopback) {
        $config->{frr_prefix_list}->{loopbacks_ips}->{10} = "permit 0.0.0.0/0 le 32";
-       push(@{$config->{frr}->{''}}, "ip protocol bgp route-map correct_src");
+       push(@{$config->{frr_ip_protocol}}, "ip protocol bgp route-map correct_src");
 
        my $routemap_config = ();
        push @{$routemap_config}, "match ip address prefix-list loopbacks_ips";

diff --git a/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm b/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm
index 9d39b9b7c637ee29a9329237e2a9fb0f31b1d5dc..19441782500c639d3e641418f64cd72e85d7c58a 100644 (file)
--- a/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm
+++ b/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm
@@ -247,7 +247,7 @@ sub generate_controller_vnet_config {
        my $cidr = $subnet->{cidr};
        push @controller_config, "ip route $cidr 10.255.255.2 xvrf_$zoneid";
     }
-    push(@{$config->{frr}->{''}}, @controller_config);
+    push(@{$config->{frr_ip_protocol}}, @controller_config);
 }
 
 sub on_delete_hook {
@@ -291,41 +291,14 @@ sub find_bgp_controller {
 }
 
 
-sub sort_frr_config {
-    my $order = {};
-    $order->{''} = 0;
-    $order->{'vrf'} = 1;
-    $order->{'ipv4 unicast'} = 1;
-    $order->{'ipv6 unicast'} = 2;
-    $order->{'l2vpn evpn'} = 3;
-
-    my $a_val = 100;
-    my $b_val = 100;
-
-    $a_val = $order->{$a} if defined($order->{$a});
-    $b_val = $order->{$b} if defined($order->{$b});
-
-    if ($a =~ /bgp (\d+)$/) {
-       $a_val = 2;
-    }
-
-    if ($b =~ /bgp (\d+)$/) {
-       $b_val = 2;
-    }
-
-    return $a_val <=> $b_val;
-}
-
 sub generate_frr_recurse{
    my ($final_config, $content, $parentkey, $level) = @_;
 
    my $keylist = {};
-   $keylist->{vrf} = 1;
    $keylist->{'address-family'} = 1;
    $keylist->{router} = 1;
 
    my $exitkeylist = {};
-   $exitkeylist->{vrf} = 1;
    $exitkeylist->{'address-family'} = 1;
 
    my $simple_exitkeylist = {};
@@ -343,7 +316,8 @@ sub generate_frr_recurse{
    $padding = ' ' x ($paddinglevel) if $paddinglevel;
 
    if (ref $content eq  'HASH') {
-       foreach my $key (sort sort_frr_config keys %$content) {
+       foreach my $key (sort keys %$content) {
+           next if $key eq 'vrf';
            if ($parentkey && defined($keylist->{$parentkey})) {
                push @{$final_config}, $padding."!";
                push @{$final_config}, $padding."$parentkey $key";
@@ -364,6 +338,39 @@ sub generate_frr_recurse{
     }
 }
 
+sub generate_frr_vrf {
+   my ($final_config, $vrfs) = @_;
+
+   return if !$vrfs;
+
+   my @config = ();
+
+   foreach my $id (sort keys %$vrfs) {
+       my $vrf = $vrfs->{$id};
+       push @config, "!";
+       push @config, "vrf $id";
+       foreach my $rule (@$vrf) {
+           push @config, " $rule";
+
+       }
+       push @config, "exit-vrf";
+    }
+
+    push @{$final_config}, @config;
+}
+
+sub generate_frr_ip_protocol {
+   my ($final_config, $ips) = @_;
+
+   return if !$ips;
+
+   my @config = ();
+   push @{$final_config}, "!";
+   foreach my $rule (sort @$ips) {
+       push @{$final_config}, $rule;
+   }
+}
+
 sub generate_frr_routemap {
    my ($final_config, $routemaps) = @_;
 
@@ -422,10 +429,12 @@ sub generate_controller_rawconfig {
        parse_merge_frr_local_config($config, $local_conf);
     }
 
+    generate_frr_vrf($final_config, $config->{frr}->{vrf});
     generate_frr_recurse($final_config, $config->{frr}, undef, 0);
     generate_frr_list($final_config, $config->{frr_access_list}, "access-list");
     generate_frr_list($final_config, $config->{frr_prefix_list}, "ip prefix-list");
     generate_frr_routemap($final_config, $config->{frr_routemap});
+    generate_frr_ip_protocol($final_config, $config->{frr_ip_protocol});
 
     push @{$final_config}, "!";
     push @{$final_config}, "line vty";

diff --git a/src/test/zones/evpn/ebgp_loopback/expected_controller_config b/src/test/zones/evpn/ebgp_loopback/expected_controller_config
index 548d532a02e7788ad793487e830c553580e3c59d..47836f847c9b83ab8197bf3ccae57c10b370d05a 100644 (file)
--- a/src/test/zones/evpn/ebgp_loopback/expected_controller_config
+++ b/src/test/zones/evpn/ebgp_loopback/expected_controller_config
@@ -4,7 +4,6 @@ hostname localhost
 log syslog informational
 service integrated-vtysh-config
 !
-ip protocol bgp route-map correct_src
 !
 vrf vrf_myzone
  vni 1000
@@ -65,5 +64,7 @@ route-map correct_src permit 1
  set src 192.168.0.1
 exit
 !
+ip protocol bgp route-map correct_src
+!
 line vty
 !
\ No newline at end of file

diff --git a/src/test/zones/evpn/exitnode_local_routing/expected_controller_config b/src/test/zones/evpn/exitnode_local_routing/expected_controller_config
index c557a7e517209eaee1b9963a18f19020dacb9229..ef3948d116284e285839262f5e460353bb02ec1e 100644 (file)
--- a/src/test/zones/evpn/exitnode_local_routing/expected_controller_config
+++ b/src/test/zones/evpn/exitnode_local_routing/expected_controller_config
@@ -4,7 +4,6 @@ hostname localhost
 log syslog informational
 service integrated-vtysh-config
 !
-ip route 10.0.0.0/24 10.255.255.2 xvrf_myzone
 !
 vrf vrf_myzone
  vni 1000
@@ -48,5 +47,7 @@ exit
 route-map MAP_VTEP_OUT permit 1
 exit
 !
+ip route 10.0.0.0/24 10.255.255.2 xvrf_myzone
+!
 line vty
 !
\ No newline at end of file

diff --git a/src/test/zones/evpn/multiplezones/expected_controller_config b/src/test/zones/evpn/multiplezones/expected_controller_config
new file mode 100644 (file)
index 0000000..d6dfa73
--- /dev/null
+++ b/src/test/zones/evpn/multiplezones/expected_controller_config
@@ -0,0 +1,49 @@
+frr version 8.2.2
+frr defaults datacenter
+hostname localhost
+log syslog informational
+service integrated-vtysh-config
+!
+!
+vrf vrf_myzone
+ vni 1000
+exit-vrf
+!
+vrf vrf_myzone2
+ vni 1001
+exit-vrf
+!
+router bgp 65000
+ bgp router-id 192.168.0.1
+ no bgp default ipv4-unicast
+ coalesce-time 1000
+ neighbor VTEP peer-group
+ neighbor VTEP remote-as 65000
+ neighbor VTEP bfd
+ neighbor 192.168.0.2 peer-group VTEP
+ neighbor 192.168.0.3 peer-group VTEP
+ !
+ address-family l2vpn evpn
+  neighbor VTEP route-map MAP_VTEP_IN in
+  neighbor VTEP route-map MAP_VTEP_OUT out
+  neighbor VTEP activate
+  advertise-all-vni
+ exit-address-family
+exit
+!
+router bgp 65000 vrf vrf_myzone
+ bgp router-id 192.168.0.1
+exit
+!
+router bgp 65000 vrf vrf_myzone2
+ bgp router-id 192.168.0.1
+exit
+!
+route-map MAP_VTEP_IN permit 1
+exit
+!
+route-map MAP_VTEP_OUT permit 1
+exit
+!
+line vty
+!
\ No newline at end of file

diff --git a/src/test/zones/evpn/multiplezones/expected_sdn_interfaces b/src/test/zones/evpn/multiplezones/expected_sdn_interfaces
new file mode 100644 (file)
index 0000000..e279b0a
--- /dev/null
+++ b/src/test/zones/evpn/multiplezones/expected_sdn_interfaces
@@ -0,0 +1,81 @@
+#version:1
+
+auto myvnet
+iface myvnet
+       address 10.0.0.1/24
+       bridge_ports vxlan_myvnet
+       bridge_stp off
+       bridge_fd 0
+       mtu 1450
+       ip-forward on
+       arp-accept on
+       vrf vrf_myzone
+
+auto myvnet2
+iface myvnet2
+       address 172.16.0.1/24
+       bridge_ports vxlan_myvnet2
+       bridge_stp off
+       bridge_fd 0
+       mtu 1450
+       ip-forward on
+       arp-accept on
+       vrf vrf_myzone2
+
+auto vrf_myzone
+iface vrf_myzone
+       vrf-table auto
+       post-up ip route add vrf vrf_myzone unreachable default metric 4278198272
+
+auto vrf_myzone2
+iface vrf_myzone2
+       vrf-table auto
+       post-up ip route add vrf vrf_myzone2 unreachable default metric 4278198272
+
+auto vrfbr_myzone
+iface vrfbr_myzone
+       bridge-ports vrfvx_myzone
+       bridge_stp off
+       bridge_fd 0
+       mtu 1450
+       vrf vrf_myzone
+
+auto vrfbr_myzone2
+iface vrfbr_myzone2
+       bridge-ports vrfvx_myzone2
+       bridge_stp off
+       bridge_fd 0
+       mtu 1450
+       vrf vrf_myzone2
+
+auto vrfvx_myzone
+iface vrfvx_myzone
+       vxlan-id 1000
+       vxlan-local-tunnelip 192.168.0.1
+       bridge-learning off
+       bridge-arp-nd-suppress on
+       mtu 1450
+
+auto vrfvx_myzone2
+iface vrfvx_myzone2
+       vxlan-id 1001
+       vxlan-local-tunnelip 192.168.0.1
+       bridge-learning off
+       bridge-arp-nd-suppress on
+       mtu 1450
+
+auto vxlan_myvnet
+iface vxlan_myvnet
+       vxlan-id 100
+       vxlan-local-tunnelip 192.168.0.1
+       bridge-learning off
+       bridge-arp-nd-suppress on
+       mtu 1450
+
+auto vxlan_myvnet2
+iface vxlan_myvnet2
+       vxlan-id 101
+       vxlan-local-tunnelip 192.168.0.1
+       bridge-learning off
+       bridge-arp-nd-suppress on
+       mtu 1450

diff --git a/src/test/zones/evpn/multiplezones/interfaces b/src/test/zones/evpn/multiplezones/interfaces
new file mode 100644 (file)
index 0000000..66bb826
--- /dev/null
+++ b/src/test/zones/evpn/multiplezones/interfaces
@@ -0,0 +1,7 @@
+auto vmbr0
+iface vmbr0 inet static
+       address 192.168.0.1/24
+       gateway 192.168.0.254
+        bridge-ports eth0
+        bridge-stp off
+        bridge-fd 0

diff --git a/src/test/zones/evpn/multiplezones/sdn_config b/src/test/zones/evpn/multiplezones/sdn_config
new file mode 100644 (file)
index 0000000..6ffdfb9
--- /dev/null
+++ b/src/test/zones/evpn/multiplezones/sdn_config
@@ -0,0 +1,37 @@
+{
+  version => 1,
+  vnets   => {
+               ids => {
+                        myvnet => { tag => "100", type => "vnet", zone => "myzone" },
+                        myvnet2 => { tag => "101", type => "vnet", zone => "myzone2" },
+                      },
+             },
+
+  zones   => {
+               ids => { 
+                       myzone => { ipam => "pve", type => "evpn", controller => "evpnctl", 'vrf-vxlan' => 1000 },
+                       myzone2 => { ipam => "pve", type => "evpn", controller => "evpnctl", 'vrf-vxlan' => 1001 },
+               }
+             },
+  controllers  => {
+               ids => { evpnctl => { type => "evpn", 'peers' => '192.168.0.1,192.168.0.2,192.168.0.3', asn => "65000" } },
+             },
+
+  subnets => {
+               ids => { 
+                       'myzone-10.0.0.0-24' => {
+                           'type' => 'subnet',
+                           'vnet' => 'myvnet',
+                           'gateway' => '10.0.0.1',
+                       },
+                       'myzone2-172.16.0.0-24' => {
+                           'type' => 'subnet',
+                           'vnet' => 'myvnet2',
+                           'gateway' => '172.16.0.1',
+                       },
+               }
+  }
+
+}
+
+