[pve-devel] [PATCH pve-network 9/9] api: nodes: vnets: add mac-vrf endpoint for evpn vnets

Stefan Hanreich s.hanreich at proxmox.com
Thu Oct 30 16:48:34 CET 2025 

This endpoint returns the current L2VNI of a given EVPN VNet, as
learned via BGP. This is used by the SDN browser to provide status
information for the EVPN vnet.

Signed-off-by: Stefan Hanreich <s.hanreich at proxmox.com>
---
 src/PVE/API2/Network/SDN/Nodes/Makefile  |   2 +
 src/PVE/API2/Network/SDN/Nodes/Status.pm |   8 +-
 src/PVE/API2/Network/SDN/Nodes/Vnet.pm   | 147 +++++++++++++++++++++++
 src/PVE/API2/Network/SDN/Nodes/Vnets.pm  |  16 +++
 src/PVE/API2/Network/SDN/Vnets.pm        |   2 +-
 5 files changed, 173 insertions(+), 2 deletions(-)
 create mode 100644 src/PVE/API2/Network/SDN/Nodes/Vnet.pm
 create mode 100644 src/PVE/API2/Network/SDN/Nodes/Vnets.pm

diff --git a/src/PVE/API2/Network/SDN/Nodes/Makefile b/src/PVE/API2/Network/SDN/Nodes/Makefile
index 4e4791a..e70d2ce 100644
--- a/src/PVE/API2/Network/SDN/Nodes/Makefile
+++ b/src/PVE/API2/Network/SDN/Nodes/Makefile
@@ -2,6 +2,8 @@ SOURCES=\
 	Fabric.pm\
 	Fabrics.pm\
 	Status.pm\
+	Vnet.pm\
+	Vnets.pm\
 	Zone.pm\
 	Zones.pm
 
diff --git a/src/PVE/API2/Network/SDN/Nodes/Status.pm b/src/PVE/API2/Network/SDN/Nodes/Status.pm
index 2ce2702..7977e0c 100644
--- a/src/PVE/API2/Network/SDN/Nodes/Status.pm
+++ b/src/PVE/API2/Network/SDN/Nodes/Status.pm
@@ -5,6 +5,7 @@ use warnings;
 
 use PVE::API2::Network::SDN::Nodes::Fabrics;
 use PVE::API2::Network::SDN::Nodes::Zones;
+use PVE::API2::Network::SDN::Nodes::Vnets;
 
 use PVE::JSONSchema qw(get_standard_option);
 
@@ -21,6 +22,11 @@ __PACKAGE__->register_method({
     path => 'zones',
 });
 
+__PACKAGE__->register_method({
+    subclass => "PVE::API2::Network::SDN::Nodes::Vnets",
+    path => 'vnets',
+});
+
 __PACKAGE__->register_method({
     name => 'sdnindex',
     path => '',
@@ -46,7 +52,7 @@ __PACKAGE__->register_method({
         my ($param) = @_;
 
         my $result = [
-            { name => 'fabrics' }, { name => 'zones' },
+            { name => 'fabrics' }, { name => 'vnets' }, { name => 'zones' },
         ];
         return $result;
     },
diff --git a/src/PVE/API2/Network/SDN/Nodes/Vnet.pm b/src/PVE/API2/Network/SDN/Nodes/Vnet.pm
new file mode 100644
index 0000000..d5dae56
--- /dev/null
+++ b/src/PVE/API2/Network/SDN/Nodes/Vnet.pm
@@ -0,0 +1,147 @@
+package PVE::API2::Network::SDN::Nodes::Vnet;
+
+use strict;
+use warnings;
+
+use PVE::API2::Network::SDN::Vnets;
+use PVE::Exception qw(raise_param_exc);
+use PVE::JSONSchema qw(get_standard_option);
+use PVE::Network::SDN::Vnets;
+use PVE::Network::SDN::Zones;
+use PVE::RS::SDN::Fabrics;
+use PVE::Tools qw(extract_param);
+
+use PVE::RESTHandler;
+use base qw(PVE::RESTHandler);
+
+__PACKAGE__->register_method({
+    name => 'diridx',
+    path => '',
+    method => 'GET',
+    description => "",
+    permissions => {
+        description => "Require 'SDN.Audit' permissions on '/sdn/zones/<zone>/<vnet>'",
+        user => 'all',
+    },
+    parameters => {
+        additionalProperties => 0,
+        properties => {
+            node => get_standard_option('pve-node'),
+            vnet => get_standard_option(
+                'pve-sdn-vnet-id',
+                {
+                    completion => \&PVE::Network::SDN::Vnets::complete_sdn_vnets,
+                },
+            ),
+        },
+    },
+    returns => {
+        type => 'array',
+        items => {
+            type => "object",
+            properties => {
+                subdir => { type => 'string' },
+            },
+        },
+        links => [{ rel => 'child', href => "{subdir}" }],
+    },
+    code => sub {
+        my ($param) = @_;
+
+        my $vnet_id = extract_param($param, 'vnet');
+        $PVE::API2::Network::SDN::Vnets::check_vnet_access->($vnet_id, ['SDN.Audit']);
+
+        my $res = [
+            { subdir => 'mac-vrf' },
+        ];
+
+        return $res;
+    },
+});
+
+__PACKAGE__->register_method({
+    name => 'mac-vrf',
+    path => 'mac-vrf',
+    proxyto => 'node',
+    method => 'GET',
+    description => "Get the MAC VRF for a VNet in an EVPN zone.",
+    protected => 1,
+    permissions => {
+        description => "Require 'SDN.Audit' permissions on '/sdn/zones/<zone>/<vnet>'",
+        user => 'all',
+    },
+    parameters => {
+        additionalProperties => 0,
+        properties => {
+            vnet => get_standard_option(
+                'pve-sdn-vnet-id',
+                {
+                    completion => \&PVE::Network::SDN::Vnets::complete_sdn_vnets,
+                },
+            ),
+            node => get_standard_option('pve-node'),
+        },
+    },
+    returns => {
+        description =>
+            'All routes from the MAC VRF that this node self-originates or has learned via BGP.',
+        type => 'array',
+        items => {
+            type => 'object',
+            properties => {
+                ip => {
+                    type => 'string',
+                    format => 'ip',
+                    description => 'The IP address of the MAC VRF entry.',
+                },
+                mac => {
+                    type => 'string',
+                    format => 'mac-addr',
+                    description => 'The MAC address of the MAC VRF entry.',
+                },
+                'nexthop' => {
+                    type => 'string',
+                    format => 'ip',
+                    description => 'The IP address of the nexthop.',
+                },
+            },
+        },
+    },
+    code => sub {
+        my ($param) = @_;
+
+        my $vnet_id = extract_param($param, 'vnet');
+
+        $PVE::API2::Network::SDN::Vnets::check_vnet_access->($vnet_id, ['SDN.Audit']);
+
+        my $vnet = PVE::Network::SDN::Vnets::get_vnet($vnet_id, 1);
+
+        raise_param_exc({
+            vnet => "vnet does not exist",
+        })
+            if !$vnet;
+
+        my $zone = PVE::Network::SDN::Zones::get_zone($vnet->{zone}, 1);
+
+        raise_param_exc({
+            zone => "zone $vnet->{zone} does not exist",
+        })
+            if !$zone;
+
+        raise_param_exc({
+            zone => "zone $vnet->{zone} is not an EVPN zone.",
+        })
+            if $zone->{type} ne 'evpn';
+
+        my $node_id = extract_param($param, 'node');
+
+        raise_param_exc({
+            zone => "zone $vnet->{zone} of vnet $vnet_id does not exist on node $node_id",
+        })
+            if defined($zone->{nodes}) && !grep { $_ eq $node_id } $zone->{nodes}->@*;
+
+        return PVE::RS::SDN::Fabrics::l2vpn_routes($vnet_id);
+    },
+});
+
+1;
diff --git a/src/PVE/API2/Network/SDN/Nodes/Vnets.pm b/src/PVE/API2/Network/SDN/Nodes/Vnets.pm
new file mode 100644
index 0000000..4f07201
--- /dev/null
+++ b/src/PVE/API2/Network/SDN/Nodes/Vnets.pm
@@ -0,0 +1,16 @@
+package PVE::API2::Network::SDN::Nodes::Vnets;
+
+use strict;
+use warnings;
+
+use PVE::API2::Network::SDN::Nodes::Vnet;
+
+use PVE::RESTHandler;
+use base qw(PVE::RESTHandler);
+
+__PACKAGE__->register_method({
+    subclass => "PVE::API2::Network::SDN::Nodes::Vnet",
+    path => '{vnet}',
+});
+
+1;
diff --git a/src/PVE/API2/Network/SDN/Vnets.pm b/src/PVE/API2/Network/SDN/Vnets.pm
index 1d9e500..b8faeac 100644
--- a/src/PVE/API2/Network/SDN/Vnets.pm
+++ b/src/PVE/API2/Network/SDN/Vnets.pm
@@ -63,7 +63,7 @@ my $api_sdn_vnets_deleted_config = sub {
     }
 };
 
-my $check_vnet_access = sub {
+our $check_vnet_access = sub {
     my ($vnet, $privs) = @_;
 
     my $cfg = PVE::Network::SDN::Vnets::config();
-- 
2.47.3

More information about the pve-devel mailing list