[pve-devel] [PATCH pve-network 1/2] evpn: add ipv6 slaac support for vnets in an evpn zone

[Hannes Laimer]

With this we allow to configure a `ipv6-nd-prefix` for vnets in a evpn
zone. If set, RAs with this prefix will be sent regularly so clients on
the vnet can perform SLAAC. Currently we don't set any of the available
(in RFC5175 specified) flags.

Signed-off-by: Hannes Laimer <h.laimer at proxmox.com>
---
 src/PVE/API2/Network/SDN/Vnets.pm             |  7 +++++++
 src/PVE/Network/SDN/Controllers/EvpnPlugin.pm | 15 +++++++++++++++
 src/PVE/Network/SDN/VnetPlugin.pm             |  8 ++++++++
 3 files changed, 30 insertions(+)

diff --git a/src/PVE/API2/Network/SDN/Vnets.pm b/src/PVE/API2/Network/SDN/Vnets.pm
index b8faeac..c767d55 100644
--- a/src/PVE/API2/Network/SDN/Vnets.pm
+++ b/src/PVE/API2/Network/SDN/Vnets.pm
@@ -82,6 +82,13 @@ my $VNET_PROPERTIES = {
         maxLength => 256,
         optional => 1,
     },
+    'ipv6-nd-prefix' => {
+        type => 'string',
+        format => 'CIDR',
+        description =>
+            'IPv6 prefix to announce via Router Advertisements (SLAAC) on this VNet (EVPN).',
+        optional => 1,
+    },
     'isolate-ports' => {
         type => 'boolean',
         description =>
diff --git a/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm b/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm
index e53000a..7db620b 100644
--- a/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm
+++ b/src/PVE/Network/SDN/Controllers/EvpnPlugin.pm
@@ -447,6 +447,21 @@ sub generate_zone_frr_config {
 sub generate_vnet_frr_config {
     my ($class, $plugin_config, $controller, $zone, $zoneid, $vnetid, $config) = @_;
 
+    # SLAAC EVPN VNet
+    my $nd_prefix = $plugin_config->{'ipv6-nd-prefix'};
+    if (defined($nd_prefix) && length($nd_prefix)) {
+        my ($net) = split(/\//, $nd_prefix);
+        $nd_prefix = undef if !Net::IP::ip_is_ipv6($net);
+    } else {
+        $nd_prefix = undef;
+    }
+
+    if ($nd_prefix) {
+        my $iface_rules = ($config->{frr_interfaces}->{$vnetid} //= []);
+        push @$iface_rules, "ipv6 nd prefix $nd_prefix";
+        push @$iface_rules, "no ipv6 nd suppress-ra";
+    }
+
     my $exitnodes = $zone->{'exitnodes'};
     my $exitnodes_local_routing = $zone->{'exitnodes-local-routing'};
 
diff --git a/src/PVE/Network/SDN/VnetPlugin.pm b/src/PVE/Network/SDN/VnetPlugin.pm
index 717438c..3505f6e 100644
--- a/src/PVE/Network/SDN/VnetPlugin.pm
+++ b/src/PVE/Network/SDN/VnetPlugin.pm
@@ -62,6 +62,13 @@ sub properties {
             type => 'string',
             description => 'Name of the zone this VNet belongs to.',
         },
+        'ipv6-nd-prefix' => {
+            type => 'string',
+            format => 'CIDR',
+            description =>
+                'IPv6 prefix to announce via Router Advertisements (SLAAC) on this VNet (EVPN).',
+            optional => 1,
+        },
         type => {
             type => 'string',
             enum => ['vnet'],
@@ -104,6 +111,7 @@ sub options {
         alias => { optional => 1 },
         vlanaware => { optional => 1 },
         'isolate-ports' => { optional => 1 },
+        'ipv6-nd-prefix' => { optional => 1 },
     };
 }
 
-- 
2.47.3