[PATCH pve-docs 2/2] sdn: route map: delete note about creating an empty deny entry

[Stefan Hanreich <s.hanreich@proxmox.com>]

When another route map is called from an entry, then the route is
denied if it the called route map returns deny, even if the calling
entry has permit as its matching policy. See FRR docs [1]:

If the route-map called returns deny then processing of the route-map
finishes and the route is denied, regardless of the Matching Policy or
the Exit Policy. If the called route-map returns permit, then Matching
Policy and Exit Policy govern further behaviour, as normal.

This means that, even though MAP_VTEP_IN has permit as its matching
policy, any route will be denied if the called route map denies it.

[1] https://docs.frrouting.org/en/latest/routemap.html#term-Call-Action

Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
---
 pvesdn.adoc | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/pvesdn.adoc b/pvesdn.adoc
index 9a3b6b8..3256e96 100644
--- a/pvesdn.adoc
+++ b/pvesdn.adoc
@@ -894,12 +894,6 @@ received from a peer before installing them; outgoing maps run against routes
 before announcing them. Both fields are optional and selected from the route
 maps configured in the SDN.
 
-NOTE: For the EVPN controller, the user-provided route maps are invoked via
-`call` from internal wrapper maps (`MAP_VTEP_IN` / `MAP_VTEP_OUT`) whose
-trailing action is `permit`. As a result, a deny-only user route map will not
-block routes that do not match any of its entries; finish such a map with an
-explicit catch-all `deny` entry if you want a closed default.
-
 The OSPF and OpenFabric xref:pvesdn_config_fabrics[fabrics] take a `Route
 Filter` option that references a prefix list. When set, only routes whose
 destinations pass the prefix list are installed in the kernel routing table.
-- 
2.47.3