diff options
| author | Alexandre Derumier <aderumier@odiso.com> | 2023-12-03 16:46:08 +0100 |
|---|---|---|
| committer | Thomas Lamprecht <t.lamprecht@proxmox.com> | 2024-01-22 11:57:37 +0100 |
| commit | e614da43f13e3c61f9b78ee9984364495eff91b6 (patch) | |
| tree | 75886d65ea3db3f1449cd12a5893a893546c66ad /src/PVE/Network/SDN/Controllers | |
| parent | b5471f5a2fd3813029349938b271e6f7db11f334 (diff) | |
controllers: evpn: bugfix: use prefix-list in route-map instead evpn match
"match evpn" in route-map is broken since 8.5.0
https://github.com/FRRouting/frr/issues/14419
the patch
https://github.com/FRRouting/frr/commit/272c6d5db128ff7450fe9fcd16c046160594deb3
is converting type-2 && type-5 evpn routes to prefix-prefix.
(fixing prefix-list not working previously, but breaking "match evpn")
So, simply use prefix-list now, as "match epvn" was a workaround anyway.
reported on the forum, where user have routing loop between the 2 exit-nodes:
https://forum.proxmox.com/threads/sdn-with-evpn-controller-routing-loop-when-using-multiple-exit-nodes.137362/
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
Diffstat (limited to 'src/PVE/Network/SDN/Controllers')
| -rw-r--r-- | src/PVE/Network/SDN/Controllers/EvpnPlugin.pm | 26 |
1 files changed, 19 insertions, 7 deletions
diff --git a/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm b/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm index e536226..f1605a3 100644 --- a/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm +++ b/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm @@ -188,22 +188,34 @@ sub generate_controller_zone_config { if ($is_gateway) { + $config->{frr_prefix_list}->{'only_default'}->{1} = "permit 0.0.0.0/0"; + $config->{frr_prefix_list_v6}->{'only_default_v6'}->{1} = "permit ::/0"; + if (!$exitnodes_primary || $exitnodes_primary eq $local_node) { - #filter default type5 route coming from other exit nodes on primary node or both nodes if no primary is defined. + #filter default route coming from other exit nodes on primary node or both nodes if no primary is defined. + my $routemap_config_v6 = (); + push @{$routemap_config_v6}, "match ip address prefix-list only_default_v6"; + my $routemap_v6 = { rule => $routemap_config_v6, action => "deny" }; + unshift(@{$config->{frr_routemap}->{'MAP_VTEP_IN'}}, $routemap_v6); + my $routemap_config = (); - push @{$routemap_config}, "match evpn vni $vrfvxlan"; - push @{$routemap_config}, "match evpn route-type prefix"; + push @{$routemap_config}, "match ip address prefix-list only_default"; my $routemap = { rule => $routemap_config, action => "deny" }; unshift(@{$config->{frr_routemap}->{'MAP_VTEP_IN'}}, $routemap); + } elsif ($exitnodes_primary ne $local_node) { + my $routemap_config_v6 = (); + push @{$routemap_config_v6}, "match ipv6 address prefix-list only_default_v6"; + push @{$routemap_config_v6}, "set metric 200"; + my $routemap_v6 = { rule => $routemap_config_v6, action => "permit" }; + unshift(@{$config->{frr_routemap}->{'MAP_VTEP_OUT'}}, $routemap_v6); + my $routemap_config = (); - push @{$routemap_config}, "match evpn vni $vrfvxlan"; - push @{$routemap_config}, "match evpn route-type prefix"; + push @{$routemap_config}, "match ip address prefix-list only_default"; push @{$routemap_config}, "set metric 200"; my $routemap = { rule => $routemap_config, action => "permit" }; unshift(@{$config->{frr_routemap}->{'MAP_VTEP_OUT'}}, $routemap); - } - + } if (!$exitnodes_local_routing) { @controller_config = (); |