From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pve-user-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
	by lore.proxmox.com (Postfix) with ESMTPS id 0A0921FF15E
	for <inbox@lore.proxmox.com>; Tue, 11 Mar 2025 17:41:42 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id 6712815BDF;
	Tue, 11 Mar 2025 17:41:30 +0100 (CET)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
 b=NM8m/opo9wxL1t5jkIEd45IBmE7pfDIOqVQ+crgWm5DszCu/DO/iYDAHdmwI54GPKslVSsBJEOv27+eFaN1fkUG28bQvzU9T8j5xMjjlhovI0+SLjl19f6NWZgl1HopomoXLQq96dWELMKMZreOjZd73gM+KP/P5plxES7Eb1HyYfxeIGWHd0sqrz3CSy5CkNkKaVqFSPJRfodKNmtek3jSmdyF2AvGIQ7IIWSCAtUy38V6HpU8O8CjjxZDXGh4EjDN6/87KoLSw7w6TsL+OxRfdvkowTdgzVObgjLecHL+j81fsk2pOrusuLBx5YbTowYT3gge6p7twQ27hQQqkgQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; 
 s=arcselector10001;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=aVrwSaK5j/XhhciscmRt5OphTQ71gXtEu11GwJVg9Hg=;
 b=piAB+qA9gbQCQTX68LBWOVQAwq3Haj9rrI+v2oCWY16w1uvsBIyOJUHZj7mpOSl5eoXEoS/FnuvDGOYHumSiPgiVOXjvP16m0Fz2rKSPUKUlfEch+tfFM9sR+NXyhXLqFRVlxOC8Kp0rPvv9S4ZlspQlRrBIJLIx4F/T2Nw+3sdBMf45BPvBdZzC85P6X1tKhRsKAbHBiJTpAhRF+wDckL4OWqLMYz+F/OPl2OmP3IfXxY04QZcIzl840NVT/aIFdTqKjxZsfOlO8CNhsKIE9SnrgmUCdNGeXwKA/JVrRuzFgwq0Ec52z15jG/uVtvh/QHBQRd3WfE+pF55Io2mwRg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=groupe-cyllene.com; dmarc=pass action=none
 header.from=groupe-cyllene.com; dkim=pass header.d=groupe-cyllene.com;
 arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=groupecyllene.onmicrosoft.com; s=selector2-groupecyllene-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=aVrwSaK5j/XhhciscmRt5OphTQ71gXtEu11GwJVg9Hg=;
 b=B24um9Lkw2L7kPSEE1gQufpTRgqGihnwSrtkBnlxOjyhD8ODzyMrcXK6Vl4Kva7hOgEvis1bO2MJ+vKcnXGYHYMyYEfYv0rhsrI+B/Qya+IXdT6Z2jtRe4WX86whrrdZKMZAh8ky75A5eDYV78CvMQXyrhQEi05Bedh9xEoTG9c=
From: "DERUMIER, Alexandre" <alexandre.derumier@groupe-cyllene.com>
To: "pve-user@lists.proxmox.com" <pve-user@lists.proxmox.com>
Thread-Topic: [PVE-User] Inter VRF traffic
Thread-Index: AQHbkfyuncKy+20hLEeaLdN0i6rDjLNuIHyA
Date: Tue, 11 Mar 2025 16:25:42 +0000
Message-ID: <cb247dc37c5dbb57239b61ad49466131ebef41a3.camel@groupe-cyllene.com>
References: <CAEaLa5E2VUvhecTwpiR5FGWU1xp3BKB-r31JsGQP+hVHvQwt5A@mail.gmail.com>
In-Reply-To: <CAEaLa5E2VUvhecTwpiR5FGWU1xp3BKB-r31JsGQP+hVHvQwt5A@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
user-agent: Evolution 3.52.3-0ubuntu1 
authentication-results: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=groupe-cyllene.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: PAZP264MB3686:EE_|MRZP264MB2331:EE_
x-ms-office365-filtering-correlation-id: 75d16c8a-32aa-4d24-75c3-08dd60b95e25
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
 ARA:13230040|10070799003|1800799024|366016|376014|38070700018; 
x-microsoft-antispam-message-info: =?utf-8?B?VWtMazBsdisxanhkeFkwdkthQmNRQmlYVUkveXowem5rTXdzUGhuelJBZmU1?=
 =?utf-8?B?dTc4T2JuUVBweVE4R3Z4NENaYU1PaVRDTkFTaUpFdlhLaHhzdm13dy9GZ05J?=
 =?utf-8?B?RmowKzJ1SFlmdFB5WjZTcGdNQXl5bTlqY1VwbWYrVitoZEF5QTlBcktPTjl1?=
 =?utf-8?B?NFkzOGhXUHc0NERNVUNiYzVIMXJ6OU1iOFVXcjJzU28xVEdWMEUwTlluR0pN?=
 =?utf-8?B?dlc2WDJET004T1Q3ZkxpRlNNWHFGS0pQL0RTcW9JU3JVRkRLREMwQ2hTaGdG?=
 =?utf-8?B?RTFzc1JHRUYwUXRRdEpxWDREL0VQYW5BdmxCc2UvclRRaEZtTkFSRHRTUS9M?=
 =?utf-8?B?ZWhCNDFFM3FJSnFoS0pkR0ZrNW9KL3dTVDJtVE9KTmJpRGlWOHpMekdhU0ZY?=
 =?utf-8?B?UjN2aHp4Tlc1bUNUMlU5NkRHbHpMeC95TThqbVdGR1dpLy9ZcGtrYURhZ1dm?=
 =?utf-8?B?UzRBY2RpY3FSMkdLbDF5eDRpTDNNam9DU1dFMjNPdSsyUjdBOHhCYWhWclFM?=
 =?utf-8?B?eHVtNW1kdXpqYmYrNEEyWjVVREVMc3h4eGVYQnVwL2twbzd3bnRxcU1WZ2RT?=
 =?utf-8?B?SVMxd2dST1hKYlY3WmFYWWlZQlJCUWEyQklhL1NJaW5RYWZuRUVyeW5lcTht?=
 =?utf-8?B?NC95K25rT1RMVDdRWDZBVC90WktVTWV4cGNzVE81TmxRa0Q5UTlYVjhVVWVI?=
 =?utf-8?B?NUJGRmE4eFBlMFhCY2JzbWhlUmxJVFZhYVBYeFpiSmxNc1d4cXNqalN1UmU3?=
 =?utf-8?B?QVdKR0ZQTTZsSGdTQzZESEQ3aWRsZnozYWR2NG1VaHZJZHZzb2RiTy9kTDk3?=
 =?utf-8?B?RE00aWhXSENpMU9uNU9oZDdsYnlCb2FSazAya1gwMkQyV2xEUEk0ZEliUGFx?=
 =?utf-8?B?ZzhRWk9MWE81eHhHUk9DMk91SDE0T2tiZEFZNWxtTU4zY093anFpeWsrYTVC?=
 =?utf-8?B?VTVsTEk5R2pmWEtKbDBYTWw2Mk9QQWtxNjBscDZETzRwdWIrNGs2RE5ySnBZ?=
 =?utf-8?B?MkxrZjRrTXhYeUFIR093azN1bmNmS2NIUVZlaFBCaTYzVUk4S042cnZsVnhV?=
 =?utf-8?B?czA4NFUxdjN2bnVuNk1pVjRoMFN3UjQ5RndOMkZOdmsrQTlDR1I1cEFJUUFK?=
 =?utf-8?B?dmxHVzFHaytJSGM5YlM3T1JDYkZXcE1talBzSzJ2USthcTYwenBpMXZYa0NM?=
 =?utf-8?B?c0FlWGdnNm9xbC9RTE9WTyttZWt6NCsxZ2hDRjhhRC9YZG1wMk1EVzN6Zlkv?=
 =?utf-8?B?eVZ1OWNSaFBodkwxdDZtQXA2NU9vc1dRcVVZRW1UR2ozbGdQYWM3TUs1ekd1?=
 =?utf-8?B?SDY2b2xJc3I4cXZaR29JcjFLQ1NMZDZKS2VacFYyd0pxUVd3Y09udkF6dFlw?=
 =?utf-8?B?c1huam5SNnp6NnpSQW5CZ3FKYXM1V1VXV1J2cFFLOWtaL2oxMU91U2R4bWZW?=
 =?utf-8?B?YTZhbmdWbFNWQnVnOTVxS0RxMDdZMlZZckF2MVVZWEtESzdRVHpSQ1RBZGlV?=
 =?utf-8?B?bEMrVzhwNndOTlR1Uy9zTGcvWHJwbXpsZ0ZTUnVDU2QyMDJ3MFpFRXErdVAx?=
 =?utf-8?B?eWkwSUc3RmJGS3M1WkdybXFaWVpUYzBBTWpwRVpJU2NhaS9qc1FDK0NTaWV0?=
 =?utf-8?B?WGVWSGg2K0MwQjVFZk52R01lVHlJSUE4SjZza2hvemdzVjFTWlg0WUpFTGJH?=
 =?utf-8?B?SEt1ZENwRjVJL0MrTUJUdkt2UXJXRlVLbUx0czdFODhZckNhQ25OL1dXZmkv?=
 =?utf-8?B?ajBBR3FKRG1VT2ZWeWJPOHRXZWM3amJmY1hVU3hEOGNNWnhyeGtsam15cE5L?=
 =?utf-8?B?THErb3paenZuMklJdHJXNzR3S2I3c1N2eHdkUmRNZEg2Q3dTeDRwNnU1L1Vp?=
 =?utf-8?B?UTFjcWw4WnJWaGZ0Y2pMeVEyWXd3cUJtNHBGRk02RDNNUGRGM2NUWUJiVHNM?=
 =?utf-8?Q?WJJ7zxxQVyUrv3h0Ulx8bY265w/GwDLt?=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;
 IPV:NLI; SFV:NSPM; H:PAZP264MB3686.FRAP264.PROD.OUTLOOK.COM; PTR:; CAT:NONE;
 SFS:(13230040)(10070799003)(1800799024)(366016)(376014)(38070700018); DIR:OUT;
 SFP:1102; 
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?utf-8?B?TEpIYXE3NTZvY3Q3NVc1Q2hadTk0TEFaUkFxdVZMM0xQaFVNckNvV3hjanFj?=
 =?utf-8?B?WXcvT2M0T0F3T3MwQTUyN1dRWFZvMzROOW8zdUkvb1VYUFhDVll1TXJyK0Y1?=
 =?utf-8?B?a0ZnYWllYk4xbk9TMXg5VzlueWptQmhUZTl3anJhWjBxZk5zQWFPMW53dUp3?=
 =?utf-8?B?TkZTN2tMNFV5NTlHTGNZazh4Q1VENUplRWZxUDRPcjllNVU4RElraGNTTzZN?=
 =?utf-8?B?SE9CY2tTSDdoNTd4UlBtMVZLQi9YTEpaa1NRbVIvVTFOcXB4dndaQWhlVnc0?=
 =?utf-8?B?VlAxUmpXdUJVdldqNnhKbHZGMndiVm5jSHBIU0d5clZIQ1pXWlBVU2Z3YWVs?=
 =?utf-8?B?cUM2NVpFZVVjQ3FxeXpOenVna0Y0MWEvU2kxOE1STEV4NUdzWEc2ZG0rM3JK?=
 =?utf-8?B?L09YK0xISTVycFQzRDVVQXJsWUNiV2ZzT1pJcm5KeTRheFFEWHdUVEFEQ2Jx?=
 =?utf-8?B?QnErbW0xVUY5MlpJTHB5bGs1SC9lTW0vMmQ1eDZ3OXBpMytIKzNhMWNrV21C?=
 =?utf-8?B?K25kaldJTnhkUk9iNzdKWnNPdzZUazJqUDVSMzI1cFZ4bW5Fdzk3a1NRUk1H?=
 =?utf-8?B?NmkzSkNGTlpXZ1FUVnpCdzhOQ1UvNnVEbnBSM1cwTFpScWgxRFVCQ2pDdGhh?=
 =?utf-8?B?eHVQQTR0K1JZRHpta21SQUtadTZXSTBWKzd2Y2RCWUp0NlBrd0k0am53N0hs?=
 =?utf-8?B?Ym5ROFJUMFVmT01NVE1mU3pQd2IyZXpRTlRHRkFqWXhpNHYybVp2azk4M3Vk?=
 =?utf-8?B?amRhSHZwbFdXZ3BtOHQrK09HdUdWWlhHUTluanFnSEJ0dmNEYTR2OW5xT3Zn?=
 =?utf-8?B?bEp6UEF1VjhJaGlKRVByT3dqbXU0MVlNMWUwQVFuemZIQWoxZUo1aXFXalQ3?=
 =?utf-8?B?OG0rOG45OFJ2NERhdHB4U2JMR2M1WFJkcVYwM3VPc08vMVU3Q0hlR2w5c2RL?=
 =?utf-8?B?Y2xFenNzUzBhSW53Q1pQRE1CVkc0VmNsNkRjaHBmV1J1cVhLU3hWVm03RldQ?=
 =?utf-8?B?WkdUSEZBU0lxbUE2R3djM2hWNlZXOEJ2U0VDbjFkUGRCSU9zbU1rRERYaGsz?=
 =?utf-8?B?clhCcFlSYXp0TzUwSVhJeEdzUGFiYTkwNEs1RmJHZTBLRWZjd0tINGxsTXBF?=
 =?utf-8?B?WUs1S2dBVzJ3Mmd5YzRLWGVIYmZJZVZmYm4vb09iTmV3SXhqN2hxSG1RNEpS?=
 =?utf-8?B?cnd3RjBkWGp5TDlFVElKMzBEVVdkaStLT1dwS1VyREdlU2RJRDdZYldKS0Nr?=
 =?utf-8?B?TzN2Lzl5N3dqamhIRmo3dXlQbG5JQm9iTTV1L3NVM0s3Yy8vYWdMVnE0UjdU?=
 =?utf-8?B?RjdWSVlSMmdWRDFNUCt6MXVnYmR6K0dvNERUUTVsWVV5WDVzU0VaTTRTZ09L?=
 =?utf-8?B?eGVMaEI0SFdVekhyblp1L3ROUTFSYU0zMDlqdG1wMEFLeGc1a0NSalVQUHZQ?=
 =?utf-8?B?YjJzelEwcllIek5qZkRZOGZjNVgvaUtBVDcwVVBTemVXYVFjc1BPZzhWRi9O?=
 =?utf-8?B?T1hPcTNWOTV6MXRKc2Q4ck9UUkFXYWUzYUJiZEFhd0kvK1VLL1E1RWE2cmIw?=
 =?utf-8?B?c2dFUG5jTko1djdZdEp5WmVaODdQaEw5ckdERVVhbkVxRThXZXBKVGwvSXBv?=
 =?utf-8?B?ZFlEMEQ0YlZXS2phUDBuZURBYlRTYWhCZTd6R1VUekRhTWJiY0dVUXFXUFNC?=
 =?utf-8?B?bnpvZUNDL2FpcGk4eXJ2ZGhPcStpWEhPWEFaT09tQm82QUkzOXNwT1YxYTk5?=
 =?utf-8?B?dmk3QkVSa0R3WE5GRHFHVTNtMHlvVEF2TStKNHBPUFBiRmRxZ3czc2dvS3hB?=
 =?utf-8?B?Mi9qVUpqM0pjelo0VmdiSldlbHhqaGIyUFJrRk96alRPVk50Sm5KWlpZUG1y?=
 =?utf-8?B?ZTJQU1lzZmRIZ2N4RTdzQno4a3JsTzhEY1BtbHhFN1QwNWVIYUppT3BVTXdV?=
 =?utf-8?B?emlFK0w2TDg1SGlEWVpueHRMUC93ZXpBZkpaa091dGNXanN0TDNKVjZGUHMy?=
 =?utf-8?B?ZXBBUHZYS3V0Q2RPUU1FQnJJYkNkQTBOZGRweWlqSm1ISU5FMDlZUTdZRG1U?=
 =?utf-8?B?aHlnODU1Q0FjQi9BeitTMkVXK1g5TFhFa2lOMlZmeGw0YW56OWMzVE9raHk1?=
 =?utf-8?B?ZjRrbGVTdEFhbUk0b0EzamljWE16SVNqM1QrZjJaR3dGdCtFQUlJZHhjS2xo?=
 =?utf-8?Q?WLNMNkw0hoPxSnkbiqNBzeIhv7cAxhHwF1ObBEE+FRAv?=
Content-ID: <BEDEDBF322D0AC4A8CBC6094E7DCD8DC@FRAP264.PROD.OUTLOOK.COM>
MIME-Version: 1.0
X-OriginatorOrg: groupe-cyllene.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PAZP264MB3686.FRAP264.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 75d16c8a-32aa-4d24-75c3-08dd60b95e25
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Mar 2025 16:25:42.0861 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: ee11ccf7-112c-4284-848b-f229745e715b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 4U2VMx9zkCMGqa/v8UvmP/dZrZ1KaK3J/2rHCDxnh3+9o7j+xhRl7R0PYhfjs14R5OcDbNgFCdVRtt584Eh5iY+w3tkuo3aj8kM9QvjNqCieoclDQ7nSw0abJu9vRwaR
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MRZP264MB2331
X-SPAM-LEVEL: Spam detection results:  0
 ARC_SIGNED              0.001 Message has a ARC signature
 ARC_VALID               0.001 Message has a valid ARC signature
 AWL -0.171 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DKIM_SIGNED               0.1 Message has a DKIM or DK signature,
 not necessarily valid
 DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature
 DMARC_PASS               -0.1 DMARC pass policy
 SPF_HELO_PASS          -0.001 SPF: HELO matches SPF record
 SPF_PASS               -0.001 SPF: sender matches SPF record
 URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See
 http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more
 information. [groupecyllene.onmicrosoft.com]
Subject: Re: [PVE-User] Inter VRF traffic
X-BeenThere: pve-user@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE user list <pve-user.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-user>, 
 <mailto:pve-user-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-user/>
List-Post: <mailto:pve-user@lists.proxmox.com>
List-Help: <mailto:pve-user-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user>, 
 <mailto:pve-user-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox VE user list <pve-user@lists.proxmox.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pve-user-bounces@lists.proxmox.com
Sender: "pve-user" <pve-user-bounces@lists.proxmox.com>

Hi,

>>I'm trying to make traffic work between VRFs passing through a an
>>external firewall (opnsense+frr) but traffic seems to be resolved
>>locally by the node, even though source/destination are on different
>>VRFs (and ultimately doesn't work):

as you have defined exit-nodes, they are leaking routes between the
main vrf && the evpn zone vrf. (to be able to route traffic between the
evpn network and the real network)


if you want to announce evpn subnets to your opensense, you can create
an extra bgp controller for each node, and add your opensense ip as
peer. it should be enough.









_______________________________________________
pve-user mailing list
pve-user@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user