[PATCH pve-network] controllers: bgp: split v4 && v6 peers in different groups

DERUMIER, Alexandre alexandre.derumier at groupe-cyllene.com
Wed Mar 12 19:53:36 CET 2025 

Hi Stefan !


>>It should work for redistributing EVPN routes via BGP, but if you
>>want
>>to use the BGP controller with loopback + multiple address families
>>this
>>doesn't seem to work.
ah  shit, never tested mutiple address families on loopback on my side.
(Need to add a unit test about it )


>> My generated configuration looks like this if I
>>try to do dual-stack BGP:
>>
>> address-family ipv6 unicast
>>  network 172.20.1.1/32
>>  neighbor BGP6 activate
>>  neighbor BGP6 soft-reconfiguration inbound
>> exit-address-family

>>This should take the IPv6 from the loopback, right? 
yes, definitively


>>We would also need
>>to create a correct_src_ipv6 route map then I suppose. Not sure how
>>much
>>sense a dual-stack underlay makes, maybe when transitioning from 4 to
>>6?


>>If I have no IPv4 on my loopback and try an IPv6 only BGP underlay
>>(peers are only IPv6, loopback is IPv6 /128), then it fails on
>>creating
>>a router-id:
>>
>>TASK ERROR: can't autofind a router-id value from ip or mac at
>>/usr/share/perl5/PVE/Network/SDN/Controllers/Plugin.pm line 135.
>>
>>
>>Not 100% sure why that is, I will need to check tomorrow, I think it
>>is
>>because we are only checking the address field of the interfaces file
>>(in find_local_ip_interface_peers), but IPv6 addresses are in the
>>address6 field. That seems to break when using IPv6.

yes, it must be something like that.


>>Reading the MAC from "/sys/class/net/$iface/master/address" also
>>doesn't
>>always work if the interface is not part of a bridge. I have my ptp
>>links configured directly on the interfaces, so that might also be a
>>problem.
yes, this is common to use directly ifaces for ptp links. (I'm doing it
myself, ipv4 only). should be /sys/class/net/$IFACE/address .
(bridge should inherited from enslave iface, so it should works to for
enslaved iface in bridge)

Redistributing IPv4 and IPv6 routes from an EVPN zone exit-node worked
on my machine with this patch.



(I'll not be able to look at this until monday)

More information about the pve-devel mailing list