From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pve-user-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
	by lore.proxmox.com (Postfix) with ESMTPS id 91A521FF15E
	for <inbox@lore.proxmox.com>; Tue, 11 Mar 2025 19:55:41 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id 979F31745A;
	Tue, 11 Mar 2025 19:55:29 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1741719289; x=1742324089; darn=lists.proxmox.com;
 h=to:subject:message-id:date:from:in-reply-to:references:mime-version
 :from:to:cc:subject:date:message-id:reply-to;
 bh=Th44YYMdvHBHC4fEDZt4292e4elyRtdWUGIUS5vO9gs=;
 b=JWKUNjrYW7DMoLDrjL1NTbldL7lK8Ywjza98UzCJ3P/p/PSb3t/a4adLyv80liDZ2X
 kTox375NkSzHR8R1hsP4ilsigu71uonlwSjFpAK6PGoiIkG2W9l7a05nmaMF9GAMvYEp
 /Lo8Mf33z6vr99b6j/QTBooDEPGKMvnEZic0doiKMYqzocXKstljwwVf53BwrtkUkB5j
 rODjpESKmVR95UnW8KKiw+nwBuKJOqnRMgoAUeL6BfGGeoENoC6PaeyEtNUPlzVPx+Gn
 qSTe8S53ExVKjHBWoZicR7qe/Hcchh/zC6HnQl4oBhtwmUAi7fbALVBpSMSkVaPHXqvP
 +ZkQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1741719289; x=1742324089;
 h=to:subject:message-id:date:from:in-reply-to:references:mime-version
 :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
 bh=Th44YYMdvHBHC4fEDZt4292e4elyRtdWUGIUS5vO9gs=;
 b=kxCgqRPqPKSFjtrTAg8I2dN/B5RTqCqHJLt9b9CfS5hEKmwj+p0opb9DqFrAp0TZmV
 D8sizt7DQv0oe/QVTTRz/6hHwb8wuubQ8TQ1td/FxXZQltg4uyAYuPctHQJXPjmJ66tR
 xU8GXlhP5wJJbmDV0C9xCvclCcLDP/o6Fdx+P1kSZrNb/X/+SFC0bmDgYF3mavk28aB3
 LoJufs8We9p4QZfkDGIof4rjhEkTUwhSfAcd3qMkEfmqyiCa/0FkIqC9JtMYHAQ/Vv3a
 BQxhQHBeOrjkUOb+7p1Ns7/CuMJ69u739SDN2WYO4+hiQxzg2v+dd33O5kziyynYIdAV
 z83Q==
X-Gm-Message-State: AOJu0Yx2fvxZv8J1HRrkwA4qywX+ChFvMkNbmvM/fPinQywJOf9kKXSE
 P+rEnhwdAKN9akdV57+/nQP44KKwcyRGovhDT0E2DUOFZ0KkPHbuPsIWbtkYT19vh0mIoC0cfdt
 m7ViOlEOthF/i/TeqRlNX2+48rxTviw==
X-Gm-Gg: ASbGnctogOQKgE8hJy+E7+lMoC8ZA7J64kmZd6KbkEHqeRzI5ZlFme/2RyWrdHi3u98
 llAQxy1BaUEm5f0BriOlJ9azuAWGXQPtK0P1l0Deq+wLtUyW2wnR8LnvquDRfYJu/5aiNQMxJO/
 SpEJLhRgRg5IfaTjA8lOgT+LKQeMY=
X-Google-Smtp-Source: AGHT+IFFqeq7gRz+SQyUmgz6rCu937udrqGB3yFvr+nN1IxJdgRhmwb5mN0eVnNy8HlWDdv8e05FLGgox6dX0cBDSrM=
X-Received: by 2002:a05:6e02:1aaa:b0:3d0:19c6:c9df with SMTP id
 e9e14a558f8ab-3d441965a54mr192184905ab.9.1741719289038; Tue, 11 Mar 2025
 11:54:49 -0700 (PDT)
MIME-Version: 1.0
References: <CAEaLa5E2VUvhecTwpiR5FGWU1xp3BKB-r31JsGQP+hVHvQwt5A@mail.gmail.com>
 <cb247dc37c5dbb57239b61ad49466131ebef41a3.camel@groupe-cyllene.com>
 <CAEaLa5GNAxr=XHqU9V7+coAankHGqDB-hL_b9fBL34vH5qrNxg@mail.gmail.com>
In-Reply-To: <CAEaLa5GNAxr=XHqU9V7+coAankHGqDB-hL_b9fBL34vH5qrNxg@mail.gmail.com>
From: Cyrus <cyruspy@gmail.com>
Date: Tue, 11 Mar 2025 15:54:37 -0300
X-Gm-Features: AQ5f1JrxixWrld3eURH_RXDbNEBBd8eGZm0GjIDdD61TOD2hztP2G6JNt2aDK50
Message-ID: <CAEaLa5Ge_VgGhjaVXKh7QDDaOuFcw+VTXsBjdGzKk9ERQSj+6Q@mail.gmail.com>
To: Proxmox VE user list <pve-user@lists.proxmox.com>
X-SPAM-LEVEL: Spam detection results:  0
 AWL -0.000 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DKIM_SIGNED               0.1 Message has a DKIM or DK signature,
 not necessarily valid
 DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature
 DKIM_VALID_AU -0.1 Message has a valid DKIM or DK signature from author's
 domain
 DKIM_VALID_EF -0.1 Message has a valid DKIM or DK signature from envelope-from
 domain DMARC_PASS               -0.1 DMARC pass policy
 FREEMAIL_FROM 0.001 Sender email is commonly abused enduser mail provider
 HTML_MESSAGE            0.001 HTML included in message
 RCVD_IN_DNSWL_NONE     -0.0001 Sender listed at https://www.dnswl.org/,
 no trust
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
X-Content-Filtered-By: Mailman/MimeDel 2.1.29
Subject: Re: [PVE-User] Inter VRF traffic
X-BeenThere: pve-user@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE user list <pve-user.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-user>, 
 <mailto:pve-user-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-user/>
List-Post: <mailto:pve-user@lists.proxmox.com>
List-Help: <mailto:pve-user-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user>, 
 <mailto:pve-user-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox VE user list <pve-user@lists.proxmox.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pve-user-bounces@lists.proxmox.com
Sender: "pve-user" <pve-user-bounces@lists.proxmox.com>

On Tue, Mar 11, 2025, 14:44 Cyrus <cyruspy@gmail.com> wrote:

> On Tue, Mar 11, 2025, 13:41 DERUMIER, Alexandre <
> alexandre.derumier@groupe-cyllene.com> wrote:
>
>> Hi,
>>
>> >>I'm trying to make traffic work between VRFs passing through a an
>> >>external firewall (opnsense+frr) but traffic seems to be resolved
>> >>locally by the node, even though source/destination are on different
>> >>VRFs (and ultimately doesn't work):
>>
>> as you have defined exit-nodes, they are leaking routes between the
>> main vrf && the evpn zone vrf. (to be able to route traffic between the
>> evpn network and the real network)
>>
>>
>> if you want to announce evpn subnets to your opensense, you can create
>> an extra bgp controller for each node, and add your opensense ip as
>> peer. it should be enough.
>>
>
> Hello!,
>
> Now that you mention it.... Probably I don't need exit nodes to be defined.
>
> In this specific usecase, I'm placing peering interfaces in the specific
> VRFs and configuring 2 manual BGP instances towards the firewalls.
>
> That might fix my current problem. Will try and report back!
>
> Regards.
>

That was it!!!!, thanks for your comments.

I removed my exit nodes from the zone configuration and kept my manual BGP
peers (1 set per VRF) towards the external NE (not supporting EVPN).

Regards.

>
_______________________________________________
pve-user mailing list
pve-user@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user