From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: <pve-user-bounces@lists.proxmox.com> Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 90DF01FF15E for <inbox@lore.proxmox.com>; Tue, 11 Mar 2025 18:45:05 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 6DF1C168C6; Tue, 11 Mar 2025 18:44:53 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1741715083; x=1742319883; darn=lists.proxmox.com; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=Lxdyk4Gn8H41Z4smRX3o0SoQhmtFDhJCudw7D+gRiek=; b=mnhlAX/1jMJ3OxWZFFZIIPNz0uLzk1HWEECy6Fdb66ZYulg09+yO3A9TXCK+JO8W5L 51zIMbZVprU0u5KMHel2BnWmUJ003sGBKJjPLGsPbe+H8NnlWK1BfeQNII1yPIi54Y0E eGFbZFDa3LvSLXWRRxFqvg5lWXWMyxujoWxLsQHgv9MMed1IMilCera/WK5Yga9rg5uG TfvWkafSVHjxnzoXSs9vGIdd6V6jc+/Xjg1HSjhnVQQkIBpm0vhXRW5Mc8VZXI1e6fq6 lEj+HN7H2ihBAUmaMT1/PMFoMlnEGGLevyWgpeEyQxAm3ROVVfBp9a6UOsCaaj7WJRwh fW3Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741715083; x=1742319883; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Lxdyk4Gn8H41Z4smRX3o0SoQhmtFDhJCudw7D+gRiek=; b=EMcZKjBFlwD9Mhl757/dCnyPhtXpDmMMf/IyN0xKDHz95SkO6UZmj/Ko/E++aUaYiC G4dqKliryrX+wilKG6DRIWir7jbiv7UvluvwWJgzdNeNmKAdJ0OGwe8IC2ZjceGAeAtu kXY3MttiZvT2CbB8WeRwT2fnqqPjO5/LgfitkgVpEyaw9WrnF6tQOi1W0G4eLTkXctif 8DTheNJCeTEs7xedBasBcmcNb6lxsdlg2CfmViqYNvmR/OB/uF6Zz4A5n3XsYZWpzuUU V616BQGOAky0iaUFaWoMNNnrkhNGjRiTX4fvQXTtP4c5STW6ncbBvVSbsBq5DbnccPhy Bthg== X-Gm-Message-State: AOJu0YwEgvsv2wEh0TyXuo9c3W2crgLofyQ+hxK1Tt2zlMckSzyBBruJ LNqfAJq9qT0nZxA9MPA+mNYS03Zd7m9yfacuc6IL2vTTyBzjCYq4umlHN/gpO5xRpn+8E+Se1Kg D6jlwY5gpXayJp/0rBEVQCurD3Y72xA== X-Gm-Gg: ASbGnctvjOpCEIcrjUT6rw856N6gRqNPtvR+jsoWsEyQsj4deFbee5pu4svHYK8U53x mbdkJBZ0hPKek60n3k8uuNI/8yqN4S02X20pPW9yBOsF5CsFxVt5zO+TmWMmGXSCq5Jhr4yDz+M z/H5AqWFxuSncb6NL6vbnKcZ67qzI= X-Google-Smtp-Source: AGHT+IE4yflUlP7pNOMxlitz7OmsuGF7LsFYHpwGQnlVYHQgWhNKnTbB7cM+BGlIv2juCVLyqCu50KEZgUv2mfOEg50= X-Received: by 2002:a05:6e02:11:b0:3d3:d23b:220c with SMTP id e9e14a558f8ab-3d4418d50efmr215175955ab.1.1741715083077; Tue, 11 Mar 2025 10:44:43 -0700 (PDT) MIME-Version: 1.0 References: <CAEaLa5E2VUvhecTwpiR5FGWU1xp3BKB-r31JsGQP+hVHvQwt5A@mail.gmail.com> <cb247dc37c5dbb57239b61ad49466131ebef41a3.camel@groupe-cyllene.com> In-Reply-To: <cb247dc37c5dbb57239b61ad49466131ebef41a3.camel@groupe-cyllene.com> From: Cyrus <cyruspy@gmail.com> Date: Tue, 11 Mar 2025 14:44:32 -0300 X-Gm-Features: AQ5f1Joq_-aJ6qg_8nFJg5fXw-of-WVk-d1ufhL5mFdt-V90A7NMlLwNvuP9EZ0 Message-ID: <CAEaLa5GNAxr=XHqU9V7+coAankHGqDB-hL_b9fBL34vH5qrNxg@mail.gmail.com> To: Proxmox VE user list <pve-user@lists.proxmox.com> X-SPAM-LEVEL: Spam detection results: 0 AWL -0.000 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature DKIM_VALID_AU -0.1 Message has a valid DKIM or DK signature from author's domain DKIM_VALID_EF -0.1 Message has a valid DKIM or DK signature from envelope-from domain DMARC_PASS -0.1 DMARC pass policy FREEMAIL_FROM 0.001 Sender email is commonly abused enduser mail provider HTML_MESSAGE 0.001 HTML included in message RCVD_IN_DNSWL_NONE -0.0001 Sender listed at https://www.dnswl.org/, no trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record X-Content-Filtered-By: Mailman/MimeDel 2.1.29 Subject: Re: [PVE-User] Inter VRF traffic X-BeenThere: pve-user@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE user list <pve-user.lists.proxmox.com> List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-user>, <mailto:pve-user-request@lists.proxmox.com?subject=unsubscribe> List-Archive: <http://lists.proxmox.com/pipermail/pve-user/> List-Post: <mailto:pve-user@lists.proxmox.com> List-Help: <mailto:pve-user-request@lists.proxmox.com?subject=help> List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user>, <mailto:pve-user-request@lists.proxmox.com?subject=subscribe> Reply-To: Proxmox VE user list <pve-user@lists.proxmox.com> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pve-user-bounces@lists.proxmox.com Sender: "pve-user" <pve-user-bounces@lists.proxmox.com> On Tue, Mar 11, 2025, 13:41 DERUMIER, Alexandre < alexandre.derumier@groupe-cyllene.com> wrote: > Hi, > > >>I'm trying to make traffic work between VRFs passing through a an > >>external firewall (opnsense+frr) but traffic seems to be resolved > >>locally by the node, even though source/destination are on different > >>VRFs (and ultimately doesn't work): > > as you have defined exit-nodes, they are leaking routes between the > main vrf && the evpn zone vrf. (to be able to route traffic between the > evpn network and the real network) > > > if you want to announce evpn subnets to your opensense, you can create > an extra bgp controller for each node, and add your opensense ip as > peer. it should be enough. > Hello!, Now that you mention it.... Probably I don't need exit nodes to be defined. In this specific usecase, I'm placing peering interfaces in the specific VRFs and configuring 2 manual BGP instances towards the firewalls. That might fix my current problem. Will try and report back! Regards. > _______________________________________________ pve-user mailing list pve-user@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user