From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <pve-user-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9])
by lore.proxmox.com (Postfix) with ESMTPS id 2C8201FF173
for <inbox@lore.proxmox.com>; Mon, 10 Mar 2025 21:39:59 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
by firstgate.proxmox.com (Proxmox) with ESMTP id C11141A93;
Mon, 10 Mar 2025 21:39:46 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1741639176; x=1742243976; darn=lists.proxmox.com;
h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
:date:message-id:reply-to;
bh=/6av9d83QHYDiYqQ5KpEG7iKxBLZ6KovfrMeUxhPy3Y=;
b=MZGEJZyK0AaHjmnYRKNkHc0kqbHDeKT4NLBLfMYIAGFBhmN3paBJG5buYsY6xZA8Kq
nw5iMNsQB0axWCsUTHxYIj81fycjvTMur9olYB5bMTmScQYBDl2KY2uCsxy+Ue7vXQlr
hZoHINvB/1GY2xlIz2MoWnbr0t9+2dMbt404IWibSanvIIdbLXdxPUpaei69JqHGamja
KYlAyNP5ech/z7EKHa1+KmYoc6p2coKmQogBq7lTnl7QK4/26zXpenmnqMIr/l4k7n+Z
oDoubPYQWAXSwi4zNXbR7dOadJSH+/0XQinJJvCw4RdhL/f21aIaPS3iyfSOgzbhUFd6
IF1Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1741639176; x=1742243976;
h=to:subject:message-id:date:from:mime-version:x-gm-message-state
:from:to:cc:subject:date:message-id:reply-to;
bh=/6av9d83QHYDiYqQ5KpEG7iKxBLZ6KovfrMeUxhPy3Y=;
b=lkxbTAMuSPFrAP96E0spifG7UmB4erxVXe7LDN6QmvGeVF3w/10lvkxuGE0zJ2JgQ0
296O4hxW8TBiHpSXxjZ0+w2P8oqwQw3Rbca00Obgp85OEJRPYu4SSJWb3YZMZvwKbgIJ
dl0DuKKyFSAWLjBf3URnmQZq0ANnXH+/S0p3qtUFAbeRk3y6KazoiC+400/ahq/bWNxH
HG/lQGJ3vVeZ2hAoYCqsE5gX1Y/99HjQjlFfiIrxSQ4BYnFwaXLThz9Ooy73SFQuWaox
OGuUyA9Lf2Ji1z/+6WKV9Kfd/sa4aWYhRZxF12hM3c6uDjjgZCH7alE/20tmM8sPCYZv
yyzA==
X-Gm-Message-State: AOJu0Yy1e5MnH1pY2NBg/gHIZeTghWg/fK8dIA6uoK3CB93umjxHEJgH
Aayrarrv9OSbtBi54XElddI05gzmiAIusg/MapJjSitp8id2FKcKsFHd9bms2l8xmKeig5zG5iJ
oD4M0M6//ZkAaJgwG4FAcu6UekyiuhLf6
X-Gm-Gg: ASbGncs9D3esinwEToiIwdjN/cPZ6tLS7JmHeQe/XjDIdAew2xTadR4lc4JzX3pAjSu
yiQIfuDkOxpHlR9GPxwWF9F77yX4KHjsxQCCQAsVMZHggqXsG2p/1GrRAiuh8iey3Mgq7McgqqN
IFHSYgT2Ze0+NCUEYPCJhzD3hgMzE=
X-Google-Smtp-Source: AGHT+IGaBSolyJAJ2/n3wwaZ8poBnpf/O7KibCz8cKicXy1hYWdRO4/r9BOF8EWekWuiBEN0FSO4APCjfLTETX5ih5w=
X-Received: by 2002:a05:6e02:180b:b0:3d3:e191:71bd with SMTP id
e9e14a558f8ab-3d441943966mr159494335ab.16.1741639176224; Mon, 10 Mar 2025
13:39:36 -0700 (PDT)
MIME-Version: 1.0
From: Cyrus <cyruspy@gmail.com>
Date: Mon, 10 Mar 2025 17:39:25 -0300
X-Gm-Features: AQ5f1JoTcmjaIkCBCfjeru5QNBzhVU7i6unPy5-z8lMZ9Mx8-2O-y27pJTaZz64
Message-ID: <CAEaLa5E2VUvhecTwpiR5FGWU1xp3BKB-r31JsGQP+hVHvQwt5A@mail.gmail.com>
To: pve-user@lists.proxmox.com
X-SPAM-LEVEL: Spam detection results: 0
BAYES_00 -1.9 Bayes spam probability is 0 to 1%
DKIM_SIGNED 0.1 Message has a DKIM or DK signature,
not necessarily valid
DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature
DKIM_VALID_AU -0.1 Message has a valid DKIM or DK signature from author's
domain
DKIM_VALID_EF -0.1 Message has a valid DKIM or DK signature from envelope-from
domain DMARC_PASS -0.1 DMARC pass policy
FREEMAIL_FROM 0.001 Sender email is commonly abused enduser mail provider
RCVD_IN_DNSWL_NONE -0.0001 Sender listed at https://www.dnswl.org/,
no trust
SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record
SPF_PASS -0.001 SPF: sender matches SPF record
Subject: [PVE-User] Inter VRF traffic
X-BeenThere: pve-user@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE user list <pve-user.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-user>,
<mailto:pve-user-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-user/>
List-Post: <mailto:pve-user@lists.proxmox.com>
List-Help: <mailto:pve-user-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user>,
<mailto:pve-user-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox VE user list <pve-user@lists.proxmox.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pve-user-bounces@lists.proxmox.com
Sender: "pve-user" <pve-user-bounces@lists.proxmox.com>
Hello!,
I'm trying to make traffic work between VRFs passing through a an
external firewall (opnsense+frr) but traffic seems to be resolved
locally by the node, even though source/destination are on different
VRFs (and ultimately doesn't work):
root@pve-01:~/bin# ip route get 192.168.111.10
192.168.111.10 via 192.168.203.145 dev vrfbr_L01VPN01 src
192.168.203.212 uid 0
cache
root@pve-01:~/bin# ip route get 192.168.111.10
192.168.111.10 dev ol111001 src 192.168.111.1 uid 0
cache
root@pve-01:~/bin# ip addr show dev ol111001
191: ol111001: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
noqueue master vrf_L01VPN01 state UP group default qlen 1000
link/ether bc:24:11:e6:34:58 brd ff:ff:ff:ff:ff:ff
inet 192.168.111.1/25 scope global ol111001
valid_lft forever preferred_lft forever
inet6 fe80::be24:11ff:fee6:3458/64 scope link
valid_lft forever preferred_lft forever
root@pve-01:~/bin# ip addr show dev ol107001
63: ol107001: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
master vrf_SDCVPN01 state UP group default qlen 1000
link/ether bc:24:11:a9:f9:46 brd ff:ff:ff:ff:ff:ff
inet 192.168.107.1/27 scope global ol107001
valid_lft forever preferred_lft forever
inet6 fe80::be24:11ff:fea9:f946/64 scope link
valid_lft forever preferred_lft forever
"ip r" output: https://pastebin.com/Q9sF8uMv
"frr.conf.local" content: https://pastebin.com/KAqNqKB1
rendered "frr.conf": https://pastebin.com/gUpYnuc0
/etc/pve/sdn/*: https://pastebin.com/U7yjNe5N
"/etc/network/interfaces" for pve-01: https://pastebin.com/smEfYUJw
North/South traffic works anytime destination is an external network.
North/South traffic fails if destination is the host or a network in
another VRF and traffic should be forwarded via an external firewall.
Any hints?, is something missing?
Regards,
_______________________________________________
pve-user mailing list
pve-user@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user