From: Cyrus <cyruspy@gmail.com>
To: pve-user@lists.proxmox.com
Subject: [PVE-User] Inter VRF traffic
Date: Mon, 10 Mar 2025 17:39:25 -0300 [thread overview]
Message-ID: <CAEaLa5E2VUvhecTwpiR5FGWU1xp3BKB-r31JsGQP+hVHvQwt5A@mail.gmail.com> (raw)
Hello!,
I'm trying to make traffic work between VRFs passing through a an
external firewall (opnsense+frr) but traffic seems to be resolved
locally by the node, even though source/destination are on different
VRFs (and ultimately doesn't work):
root@pve-01:~/bin# ip route get 192.168.111.10
192.168.111.10 via 192.168.203.145 dev vrfbr_L01VPN01 src
192.168.203.212 uid 0
cache
root@pve-01:~/bin# ip route get 192.168.111.10
192.168.111.10 dev ol111001 src 192.168.111.1 uid 0
cache
root@pve-01:~/bin# ip addr show dev ol111001
191: ol111001: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
noqueue master vrf_L01VPN01 state UP group default qlen 1000
link/ether bc:24:11:e6:34:58 brd ff:ff:ff:ff:ff:ff
inet 192.168.111.1/25 scope global ol111001
valid_lft forever preferred_lft forever
inet6 fe80::be24:11ff:fee6:3458/64 scope link
valid_lft forever preferred_lft forever
root@pve-01:~/bin# ip addr show dev ol107001
63: ol107001: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
master vrf_SDCVPN01 state UP group default qlen 1000
link/ether bc:24:11:a9:f9:46 brd ff:ff:ff:ff:ff:ff
inet 192.168.107.1/27 scope global ol107001
valid_lft forever preferred_lft forever
inet6 fe80::be24:11ff:fea9:f946/64 scope link
valid_lft forever preferred_lft forever
"ip r" output: https://pastebin.com/Q9sF8uMv
"frr.conf.local" content: https://pastebin.com/KAqNqKB1
rendered "frr.conf": https://pastebin.com/gUpYnuc0
/etc/pve/sdn/*: https://pastebin.com/U7yjNe5N
"/etc/network/interfaces" for pve-01: https://pastebin.com/smEfYUJw
North/South traffic works anytime destination is an external network.
North/South traffic fails if destination is the host or a network in
another VRF and traffic should be forwarded via an external firewall.
Any hints?, is something missing?
Regards,
_______________________________________________
pve-user mailing list
pve-user@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user
next reply other threads:[~2025-03-10 20:39 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-10 20:39 Cyrus [this message]
2025-03-11 7:50 ` Schunke, Alexander
2025-03-11 16:25 ` DERUMIER, Alexandre
2025-03-11 17:44 ` Cyrus
2025-03-11 18:54 ` Cyrus
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAEaLa5E2VUvhecTwpiR5FGWU1xp3BKB-r31JsGQP+hVHvQwt5A@mail.gmail.com \
--to=cyruspy@gmail.com \
--cc=pve-user@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal