Created Single VxLAN Device management for EVPN

Helen Chen · cubeek · commit 570efdbe1886 · 2026-06-07T14:00:14.000Z
A Single VxLAN Device (SVD) is a vlan-aware Linux bridge and a
vlan-aware VxLAN paired together to support mapping of VNI to VLAN ID.
It is a way to create a VxLAN interface that can receive traffic for
multiple VNIs, reducing the number of VxLAN interfaces needed in the
system to support the entire VxLAN VNI space.  EVPN uses SVD to map a
VNI to VLAN interface on the vlan-aware Linux bridge.  The VLAN
interface represents the EVPN instance's bridge domain.  Netlink,
primarily through pyroute2, is used to programmatically create the
following interfaces and update their settings.  Where pyroute2 does not
provide the API, a raw netlink message is composed and the configuration
is still through netlink.

Creating SVD:
ip link add $br type bridge vlan_filtering 1 vlan_default_pvid 0
ip link set $br addrgenmode none
ip link set $br address $svd_mac
ip link set $br mtu 1500
ip link set dev $br up
ip link add $vxlan type vxlan \
  dev $underlay_device \
  dstport $dstport local $local_ip \
  nolearning external vnifilter \
ip link set $vxlan addrgenmode none master $br
ip link set $vxlan address $svd_mac
bridge link set dev $vxlan \
  vlan_tunnel on neigh_suppress on learning off
ip link set dev $vxlan up

Create VLAN interface with VLAN ID mapped to VNI:
bridge vlan add dev $br vid $vid self
bridge vlan add dev $vxlan vid $vid
bridge vni add dev $vxlan vni $vni
bridge vlan add dev $vxlan vid $vid tunnel_info id $vni
ip link add vl-0-$vid link $br type vlan id $vid
ip link set vl-0-$vid master $vrf
ip link set vl-0-$vid addr $router_mac addrgenmode none
ip link set vl-0-$vid up

Related-Bug: #2144617
Assisted-By: Claude Opus 4.6
Change-Id: I78fec86595fb358880b306ec1fe014adad007d87
Signed-off-by: Helen Chen &lt;ichen@redhat.com&gt;
diff --git a/neutron/agent/linux/svd.py b/neutron/agent/linux/svd.py
@@ -0,0 +1,95 @@
+# Copyright 2026 Red Hat, LLC
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+import errno
+
+from pyroute2.netlink import exceptions as netlink_exc
+
+from neutron.agent.ovn.extensions.evpn import exceptions as evpn_exc
+from neutron.privileged.agent.linux import svd as privileged_svd
+
+
+class Svd:
+    """A Single VXLAN Device: a VLAN-aware bridge + VXLAN device pair.
+
+    Up to 4094 VNIs share the same SVD via VLAN/VNI mappings added
+    with add_vni().
+
+    When a VNI is mapped to a VLAN, a VLAN interface with
+    EVPN_VLAN_IFNAME_PATTERN is created
+    """
+
+    def __init__(self, br_evpn, vxlan_evpn, index=0):
+        self._index = index
+        self.br_evpn = br_evpn
+        self.vxlan_evpn = vxlan_evpn
+
+    def create(self, local_ip, mac, vxlan_parent, dstport):
+        try:
+            privileged_svd.create_svd(
+                self.br_evpn, self.vxlan_evpn,
+                local_ip, mac, vxlan_parent, dstport)
+        except IndexError:
+            raise evpn_exc.SvdNoVxlanParent("Missing VxLAN underlay: %s" %
+                                            (vxlan_parent))
+        except netlink_exc.NetlinkError as e:
+            if e.code == errno.EEXIST:
+                raise evpn_exc.SvdDeviceAlreadyExists("SVD %s/%s device(s) "
+                                                      "already exist(s)" %
+                                                      (self.br_evpn,
+                                                       self.vxlan_evpn))
+            raise evpn_exc.SvdNetlinkError(
+                "Failed to add SVD %s/%s: %s" %
+                (self.br_evpn, self.vxlan_evpn, e))
+
+    def delete(self):
+        try:
+            privileged_svd.delete_svd(self.br_evpn, self.vxlan_evpn)
+        except IndexError:
+            raise evpn_exc.SvdNotFound(
+                "SVD %s/%s not found" %
+                (self.br_evpn, self.vxlan_evpn))
+        except netlink_exc.NetlinkError as e:
+            raise evpn_exc.SvdNetlinkError(
+                "Failed to delete SVD %s/%s: %s" %
+                (self.br_evpn, self.vxlan_evpn, e))
+
+    def add_vni(self, vni, vid, vrf_name, mac):
+        try:
+            privileged_svd.add_vni(
+                self.br_evpn, self.vxlan_evpn,
+                vni, vid, vrf_name, mac, self._index)
+        except IndexError:
+            raise evpn_exc.SvdDevsNotFound(
+                "SVD %s/%s or VRF %s not found" %
+                (self.br_evpn, self.vxlan_evpn, vrf_name))
+        except netlink_exc.NetlinkError as e:
+            raise evpn_exc.SvdNetlinkError(
+                "Failed to add VNI %d to SVD %s/%s: %s" %
+                (vni, self.br_evpn, self.vxlan_evpn, e))
+
+    def del_vni(self, vni, vid):
+        try:
+            privileged_svd.del_vni(
+                self.br_evpn, self.vxlan_evpn,
+                vni, vid, self._index)
+        except IndexError:
+            raise evpn_exc.SvdSviNotFound(
+                "SVI for VNI %d not found on SVD %s/%s" %
+                (vni, self.br_evpn, self.vxlan_evpn))
+        except netlink_exc.NetlinkError as e:
+            raise evpn_exc.SvdNetlinkError(
+                "Failed to delete VNI %d from SVD %s/%s: %s" %
+                (vni, self.br_evpn, self.vxlan_evpn, e))
diff --git a/neutron/agent/ovn/extensions/evpn/constants.py b/neutron/agent/ovn/extensions/evpn/constants.py
@@ -1,4 +1,4 @@
-# Copyright 2026 Red Hat, Inc.
+# Copyright 2026 Red Hat, LLC
 # All Rights Reserved.
 #
 #    Licensed under the Apache License, Version 2.0 (the "License"); you may
@@ -19,9 +19,14 @@
 EVPN_LINK_KIND_VRF = 'vrf'
 EVPN_RTM_NEWLINK = 'RTM_NEWLINK'
 EVPN_RTM_DELLINK = 'RTM_DELLINK'
+EVPN_IP_LINK_ADD = 'add'
+EVPN_IP_LINK_DEL = 'del'
+EVPN_IP_LINK_SET = 'set'
 
 EVPN_LB_NAME_PREFIX = 'brevpn-'
 
 EVPN_VXLAN_IFNAME = 'vxlanevpn-'
 
 EVPN_VLAN_IFNAME_PATTERN = 'vl-%(index)d-%(vid)d'
+
+EVPN_BR_MTU = 1500
diff --git a/neutron/agent/ovn/extensions/evpn/exceptions.py b/neutron/agent/ovn/extensions/evpn/exceptions.py
@@ -1,4 +1,4 @@
-# Copyright 2026 Red Hat, Inc.
+# Copyright 2026 Red Hat, LLC
 # All Rights Reserved.
 #
 #    Licensed under the Apache License, Version 2.0 (the "License"); you may
@@ -28,3 +28,27 @@ class FSMIllegalTransition(Exception):
 
 class FSMMissingTransitionCallback(Exception):
     pass
+
+
+class SvdNoVxlanParent(Exception):
+    pass
+
+
+class SvdDeviceAlreadyExists(Exception):
+    pass
+
+
+class SvdDevsNotFound(Exception):
+    pass
+
+
+class SvdSviNotFound(Exception):
+    pass
+
+
+class SvdNotFound(Exception):
+    pass
+
+
+class SvdNetlinkError(Exception):
+    pass
diff --git a/neutron/privileged/agent/linux/svd.py b/neutron/privileged/agent/linux/svd.py
