From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: <pve-user-bounces@lists.proxmox.com> Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 91A521FF15E for <inbox@lore.proxmox.com>; Tue, 11 Mar 2025 19:55:41 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 979F31745A; Tue, 11 Mar 2025 19:55:29 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1741719289; x=1742324089; darn=lists.proxmox.com; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=Th44YYMdvHBHC4fEDZt4292e4elyRtdWUGIUS5vO9gs=; b=JWKUNjrYW7DMoLDrjL1NTbldL7lK8Ywjza98UzCJ3P/p/PSb3t/a4adLyv80liDZ2X kTox375NkSzHR8R1hsP4ilsigu71uonlwSjFpAK6PGoiIkG2W9l7a05nmaMF9GAMvYEp /Lo8Mf33z6vr99b6j/QTBooDEPGKMvnEZic0doiKMYqzocXKstljwwVf53BwrtkUkB5j rODjpESKmVR95UnW8KKiw+nwBuKJOqnRMgoAUeL6BfGGeoENoC6PaeyEtNUPlzVPx+Gn qSTe8S53ExVKjHBWoZicR7qe/Hcchh/zC6HnQl4oBhtwmUAi7fbALVBpSMSkVaPHXqvP +ZkQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741719289; x=1742324089; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Th44YYMdvHBHC4fEDZt4292e4elyRtdWUGIUS5vO9gs=; b=kxCgqRPqPKSFjtrTAg8I2dN/B5RTqCqHJLt9b9CfS5hEKmwj+p0opb9DqFrAp0TZmV D8sizt7DQv0oe/QVTTRz/6hHwb8wuubQ8TQ1td/FxXZQltg4uyAYuPctHQJXPjmJ66tR xU8GXlhP5wJJbmDV0C9xCvclCcLDP/o6Fdx+P1kSZrNb/X/+SFC0bmDgYF3mavk28aB3 LoJufs8We9p4QZfkDGIof4rjhEkTUwhSfAcd3qMkEfmqyiCa/0FkIqC9JtMYHAQ/Vv3a BQxhQHBeOrjkUOb+7p1Ns7/CuMJ69u739SDN2WYO4+hiQxzg2v+dd33O5kziyynYIdAV z83Q== X-Gm-Message-State: AOJu0Yx2fvxZv8J1HRrkwA4qywX+ChFvMkNbmvM/fPinQywJOf9kKXSE P+rEnhwdAKN9akdV57+/nQP44KKwcyRGovhDT0E2DUOFZ0KkPHbuPsIWbtkYT19vh0mIoC0cfdt m7ViOlEOthF/i/TeqRlNX2+48rxTviw== X-Gm-Gg: ASbGnctogOQKgE8hJy+E7+lMoC8ZA7J64kmZd6KbkEHqeRzI5ZlFme/2RyWrdHi3u98 llAQxy1BaUEm5f0BriOlJ9azuAWGXQPtK0P1l0Deq+wLtUyW2wnR8LnvquDRfYJu/5aiNQMxJO/ SpEJLhRgRg5IfaTjA8lOgT+LKQeMY= X-Google-Smtp-Source: AGHT+IFFqeq7gRz+SQyUmgz6rCu937udrqGB3yFvr+nN1IxJdgRhmwb5mN0eVnNy8HlWDdv8e05FLGgox6dX0cBDSrM= X-Received: by 2002:a05:6e02:1aaa:b0:3d0:19c6:c9df with SMTP id e9e14a558f8ab-3d441965a54mr192184905ab.9.1741719289038; Tue, 11 Mar 2025 11:54:49 -0700 (PDT) MIME-Version: 1.0 References: <CAEaLa5E2VUvhecTwpiR5FGWU1xp3BKB-r31JsGQP+hVHvQwt5A@mail.gmail.com> <cb247dc37c5dbb57239b61ad49466131ebef41a3.camel@groupe-cyllene.com> <CAEaLa5GNAxr=XHqU9V7+coAankHGqDB-hL_b9fBL34vH5qrNxg@mail.gmail.com> In-Reply-To: <CAEaLa5GNAxr=XHqU9V7+coAankHGqDB-hL_b9fBL34vH5qrNxg@mail.gmail.com> From: Cyrus <cyruspy@gmail.com> Date: Tue, 11 Mar 2025 15:54:37 -0300 X-Gm-Features: AQ5f1JrxixWrld3eURH_RXDbNEBBd8eGZm0GjIDdD61TOD2hztP2G6JNt2aDK50 Message-ID: <CAEaLa5Ge_VgGhjaVXKh7QDDaOuFcw+VTXsBjdGzKk9ERQSj+6Q@mail.gmail.com> To: Proxmox VE user list <pve-user@lists.proxmox.com> X-SPAM-LEVEL: Spam detection results: 0 AWL -0.000 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature DKIM_VALID_AU -0.1 Message has a valid DKIM or DK signature from author's domain DKIM_VALID_EF -0.1 Message has a valid DKIM or DK signature from envelope-from domain DMARC_PASS -0.1 DMARC pass policy FREEMAIL_FROM 0.001 Sender email is commonly abused enduser mail provider HTML_MESSAGE 0.001 HTML included in message RCVD_IN_DNSWL_NONE -0.0001 Sender listed at https://www.dnswl.org/, no trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record X-Content-Filtered-By: Mailman/MimeDel 2.1.29 Subject: Re: [PVE-User] Inter VRF traffic X-BeenThere: pve-user@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE user list <pve-user.lists.proxmox.com> List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-user>, <mailto:pve-user-request@lists.proxmox.com?subject=unsubscribe> List-Archive: <http://lists.proxmox.com/pipermail/pve-user/> List-Post: <mailto:pve-user@lists.proxmox.com> List-Help: <mailto:pve-user-request@lists.proxmox.com?subject=help> List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user>, <mailto:pve-user-request@lists.proxmox.com?subject=subscribe> Reply-To: Proxmox VE user list <pve-user@lists.proxmox.com> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pve-user-bounces@lists.proxmox.com Sender: "pve-user" <pve-user-bounces@lists.proxmox.com> On Tue, Mar 11, 2025, 14:44 Cyrus <cyruspy@gmail.com> wrote: > On Tue, Mar 11, 2025, 13:41 DERUMIER, Alexandre < > alexandre.derumier@groupe-cyllene.com> wrote: > >> Hi, >> >> >>I'm trying to make traffic work between VRFs passing through a an >> >>external firewall (opnsense+frr) but traffic seems to be resolved >> >>locally by the node, even though source/destination are on different >> >>VRFs (and ultimately doesn't work): >> >> as you have defined exit-nodes, they are leaking routes between the >> main vrf && the evpn zone vrf. (to be able to route traffic between the >> evpn network and the real network) >> >> >> if you want to announce evpn subnets to your opensense, you can create >> an extra bgp controller for each node, and add your opensense ip as >> peer. it should be enough. >> > > Hello!, > > Now that you mention it.... Probably I don't need exit nodes to be defined. > > In this specific usecase, I'm placing peering interfaces in the specific > VRFs and configuring 2 manual BGP instances towards the firewalls. > > That might fix my current problem. Will try and report back! > > Regards. > That was it!!!!, thanks for your comments. I removed my exit nodes from the zone configuration and kept my manual BGP peers (1 set per VRF) towards the external NE (not supporting EVPN). Regards. > _______________________________________________ pve-user mailing list pve-user@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user