From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pve-user-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9])
	by lore.proxmox.com (Postfix) with ESMTPS id 90DF01FF15E
	for <inbox@lore.proxmox.com>; Tue, 11 Mar 2025 18:45:05 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id 6DF1C168C6;
	Tue, 11 Mar 2025 18:44:53 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1741715083; x=1742319883; darn=lists.proxmox.com;
 h=to:subject:message-id:date:from:in-reply-to:references:mime-version
 :from:to:cc:subject:date:message-id:reply-to;
 bh=Lxdyk4Gn8H41Z4smRX3o0SoQhmtFDhJCudw7D+gRiek=;
 b=mnhlAX/1jMJ3OxWZFFZIIPNz0uLzk1HWEECy6Fdb66ZYulg09+yO3A9TXCK+JO8W5L
 51zIMbZVprU0u5KMHel2BnWmUJ003sGBKJjPLGsPbe+H8NnlWK1BfeQNII1yPIi54Y0E
 eGFbZFDa3LvSLXWRRxFqvg5lWXWMyxujoWxLsQHgv9MMed1IMilCera/WK5Yga9rg5uG
 TfvWkafSVHjxnzoXSs9vGIdd6V6jc+/Xjg1HSjhnVQQkIBpm0vhXRW5Mc8VZXI1e6fq6
 lEj+HN7H2ihBAUmaMT1/PMFoMlnEGGLevyWgpeEyQxAm3ROVVfBp9a6UOsCaaj7WJRwh
 fW3Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1741715083; x=1742319883;
 h=to:subject:message-id:date:from:in-reply-to:references:mime-version
 :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
 bh=Lxdyk4Gn8H41Z4smRX3o0SoQhmtFDhJCudw7D+gRiek=;
 b=EMcZKjBFlwD9Mhl757/dCnyPhtXpDmMMf/IyN0xKDHz95SkO6UZmj/Ko/E++aUaYiC
 G4dqKliryrX+wilKG6DRIWir7jbiv7UvluvwWJgzdNeNmKAdJ0OGwe8IC2ZjceGAeAtu
 kXY3MttiZvT2CbB8WeRwT2fnqqPjO5/LgfitkgVpEyaw9WrnF6tQOi1W0G4eLTkXctif
 8DTheNJCeTEs7xedBasBcmcNb6lxsdlg2CfmViqYNvmR/OB/uF6Zz4A5n3XsYZWpzuUU
 V616BQGOAky0iaUFaWoMNNnrkhNGjRiTX4fvQXTtP4c5STW6ncbBvVSbsBq5DbnccPhy
 Bthg==
X-Gm-Message-State: AOJu0YwEgvsv2wEh0TyXuo9c3W2crgLofyQ+hxK1Tt2zlMckSzyBBruJ
 LNqfAJq9qT0nZxA9MPA+mNYS03Zd7m9yfacuc6IL2vTTyBzjCYq4umlHN/gpO5xRpn+8E+Se1Kg
 D6jlwY5gpXayJp/0rBEVQCurD3Y72xA==
X-Gm-Gg: ASbGnctvjOpCEIcrjUT6rw856N6gRqNPtvR+jsoWsEyQsj4deFbee5pu4svHYK8U53x
 mbdkJBZ0hPKek60n3k8uuNI/8yqN4S02X20pPW9yBOsF5CsFxVt5zO+TmWMmGXSCq5Jhr4yDz+M
 z/H5AqWFxuSncb6NL6vbnKcZ67qzI=
X-Google-Smtp-Source: AGHT+IE4yflUlP7pNOMxlitz7OmsuGF7LsFYHpwGQnlVYHQgWhNKnTbB7cM+BGlIv2juCVLyqCu50KEZgUv2mfOEg50=
X-Received: by 2002:a05:6e02:11:b0:3d3:d23b:220c with SMTP id
 e9e14a558f8ab-3d4418d50efmr215175955ab.1.1741715083077; Tue, 11 Mar 2025
 10:44:43 -0700 (PDT)
MIME-Version: 1.0
References: <CAEaLa5E2VUvhecTwpiR5FGWU1xp3BKB-r31JsGQP+hVHvQwt5A@mail.gmail.com>
 <cb247dc37c5dbb57239b61ad49466131ebef41a3.camel@groupe-cyllene.com>
In-Reply-To: <cb247dc37c5dbb57239b61ad49466131ebef41a3.camel@groupe-cyllene.com>
From: Cyrus <cyruspy@gmail.com>
Date: Tue, 11 Mar 2025 14:44:32 -0300
X-Gm-Features: AQ5f1Joq_-aJ6qg_8nFJg5fXw-of-WVk-d1ufhL5mFdt-V90A7NMlLwNvuP9EZ0
Message-ID: <CAEaLa5GNAxr=XHqU9V7+coAankHGqDB-hL_b9fBL34vH5qrNxg@mail.gmail.com>
To: Proxmox VE user list <pve-user@lists.proxmox.com>
X-SPAM-LEVEL: Spam detection results:  0
 AWL -0.000 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DKIM_SIGNED               0.1 Message has a DKIM or DK signature,
 not necessarily valid
 DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature
 DKIM_VALID_AU -0.1 Message has a valid DKIM or DK signature from author's
 domain
 DKIM_VALID_EF -0.1 Message has a valid DKIM or DK signature from envelope-from
 domain DMARC_PASS               -0.1 DMARC pass policy
 FREEMAIL_FROM 0.001 Sender email is commonly abused enduser mail provider
 HTML_MESSAGE            0.001 HTML included in message
 RCVD_IN_DNSWL_NONE     -0.0001 Sender listed at https://www.dnswl.org/,
 no trust
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
X-Content-Filtered-By: Mailman/MimeDel 2.1.29
Subject: Re: [PVE-User] Inter VRF traffic
X-BeenThere: pve-user@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE user list <pve-user.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-user>, 
 <mailto:pve-user-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-user/>
List-Post: <mailto:pve-user@lists.proxmox.com>
List-Help: <mailto:pve-user-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user>, 
 <mailto:pve-user-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox VE user list <pve-user@lists.proxmox.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pve-user-bounces@lists.proxmox.com
Sender: "pve-user" <pve-user-bounces@lists.proxmox.com>

On Tue, Mar 11, 2025, 13:41 DERUMIER, Alexandre <
alexandre.derumier@groupe-cyllene.com> wrote:

> Hi,
>
> >>I'm trying to make traffic work between VRFs passing through a an
> >>external firewall (opnsense+frr) but traffic seems to be resolved
> >>locally by the node, even though source/destination are on different
> >>VRFs (and ultimately doesn't work):
>
> as you have defined exit-nodes, they are leaking routes between the
> main vrf && the evpn zone vrf. (to be able to route traffic between the
> evpn network and the real network)
>
>
> if you want to announce evpn subnets to your opensense, you can create
> an extra bgp controller for each node, and add your opensense ip as
> peer. it should be enough.
>

Hello!,

Now that you mention it.... Probably I don't need exit nodes to be defined.

In this specific usecase, I'm placing peering interfaces in the specific
VRFs and configuring 2 manual BGP instances towards the firewalls.

That might fix my current problem. Will try and report back!

Regards.

>
_______________________________________________
pve-user mailing list
pve-user@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user