From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: <pve-user-bounces@lists.proxmox.com> Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 0A0921FF15E for <inbox@lore.proxmox.com>; Tue, 11 Mar 2025 17:41:42 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 6712815BDF; Tue, 11 Mar 2025 17:41:30 +0100 (CET) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=NM8m/opo9wxL1t5jkIEd45IBmE7pfDIOqVQ+crgWm5DszCu/DO/iYDAHdmwI54GPKslVSsBJEOv27+eFaN1fkUG28bQvzU9T8j5xMjjlhovI0+SLjl19f6NWZgl1HopomoXLQq96dWELMKMZreOjZd73gM+KP/P5plxES7Eb1HyYfxeIGWHd0sqrz3CSy5CkNkKaVqFSPJRfodKNmtek3jSmdyF2AvGIQ7IIWSCAtUy38V6HpU8O8CjjxZDXGh4EjDN6/87KoLSw7w6TsL+OxRfdvkowTdgzVObgjLecHL+j81fsk2pOrusuLBx5YbTowYT3gge6p7twQ27hQQqkgQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=aVrwSaK5j/XhhciscmRt5OphTQ71gXtEu11GwJVg9Hg=; b=piAB+qA9gbQCQTX68LBWOVQAwq3Haj9rrI+v2oCWY16w1uvsBIyOJUHZj7mpOSl5eoXEoS/FnuvDGOYHumSiPgiVOXjvP16m0Fz2rKSPUKUlfEch+tfFM9sR+NXyhXLqFRVlxOC8Kp0rPvv9S4ZlspQlRrBIJLIx4F/T2Nw+3sdBMf45BPvBdZzC85P6X1tKhRsKAbHBiJTpAhRF+wDckL4OWqLMYz+F/OPl2OmP3IfXxY04QZcIzl840NVT/aIFdTqKjxZsfOlO8CNhsKIE9SnrgmUCdNGeXwKA/JVrRuzFgwq0Ec52z15jG/uVtvh/QHBQRd3WfE+pF55Io2mwRg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=groupe-cyllene.com; dmarc=pass action=none header.from=groupe-cyllene.com; dkim=pass header.d=groupe-cyllene.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=groupecyllene.onmicrosoft.com; s=selector2-groupecyllene-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=aVrwSaK5j/XhhciscmRt5OphTQ71gXtEu11GwJVg9Hg=; b=B24um9Lkw2L7kPSEE1gQufpTRgqGihnwSrtkBnlxOjyhD8ODzyMrcXK6Vl4Kva7hOgEvis1bO2MJ+vKcnXGYHYMyYEfYv0rhsrI+B/Qya+IXdT6Z2jtRe4WX86whrrdZKMZAh8ky75A5eDYV78CvMQXyrhQEi05Bedh9xEoTG9c= From: "DERUMIER, Alexandre" <alexandre.derumier@groupe-cyllene.com> To: "pve-user@lists.proxmox.com" <pve-user@lists.proxmox.com> Thread-Topic: [PVE-User] Inter VRF traffic Thread-Index: AQHbkfyuncKy+20hLEeaLdN0i6rDjLNuIHyA Date: Tue, 11 Mar 2025 16:25:42 +0000 Message-ID: <cb247dc37c5dbb57239b61ad49466131ebef41a3.camel@groupe-cyllene.com> References: <CAEaLa5E2VUvhecTwpiR5FGWU1xp3BKB-r31JsGQP+hVHvQwt5A@mail.gmail.com> In-Reply-To: <CAEaLa5E2VUvhecTwpiR5FGWU1xp3BKB-r31JsGQP+hVHvQwt5A@mail.gmail.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Evolution 3.52.3-0ubuntu1 authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=groupe-cyllene.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: PAZP264MB3686:EE_|MRZP264MB2331:EE_ x-ms-office365-filtering-correlation-id: 75d16c8a-32aa-4d24-75c3-08dd60b95e25 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; ARA:13230040|10070799003|1800799024|366016|376014|38070700018; x-microsoft-antispam-message-info: =?utf-8?B?VWtMazBsdisxanhkeFkwdkthQmNRQmlYVUkveXowem5rTXdzUGhuelJBZmU1?= =?utf-8?B?dTc4T2JuUVBweVE4R3Z4NENaYU1PaVRDTkFTaUpFdlhLaHhzdm13dy9GZ05J?= =?utf-8?B?RmowKzJ1SFlmdFB5WjZTcGdNQXl5bTlqY1VwbWYrVitoZEF5QTlBcktPTjl1?= =?utf-8?B?NFkzOGhXUHc0NERNVUNiYzVIMXJ6OU1iOFVXcjJzU28xVEdWMEUwTlluR0pN?= =?utf-8?B?dlc2WDJET004T1Q3ZkxpRlNNWHFGS0pQL0RTcW9JU3JVRkRLREMwQ2hTaGdG?= =?utf-8?B?RTFzc1JHRUYwUXRRdEpxWDREL0VQYW5BdmxCc2UvclRRaEZtTkFSRHRTUS9M?= =?utf-8?B?ZWhCNDFFM3FJSnFoS0pkR0ZrNW9KL3dTVDJtVE9KTmJpRGlWOHpMekdhU0ZY?= =?utf-8?B?UjN2aHp4Tlc1bUNUMlU5NkRHbHpMeC95TThqbVdGR1dpLy9ZcGtrYURhZ1dm?= =?utf-8?B?UzRBY2RpY3FSMkdLbDF5eDRpTDNNam9DU1dFMjNPdSsyUjdBOHhCYWhWclFM?= =?utf-8?B?eHVtNW1kdXpqYmYrNEEyWjVVREVMc3h4eGVYQnVwL2twbzd3bnRxcU1WZ2RT?= =?utf-8?B?SVMxd2dST1hKYlY3WmFYWWlZQlJCUWEyQklhL1NJaW5RYWZuRUVyeW5lcTht?= =?utf-8?B?NC95K25rT1RMVDdRWDZBVC90WktVTWV4cGNzVE81TmxRa0Q5UTlYVjhVVWVI?= =?utf-8?B?NUJGRmE4eFBlMFhCY2JzbWhlUmxJVFZhYVBYeFpiSmxNc1d4cXNqalN1UmU3?= =?utf-8?B?QVdKR0ZQTTZsSGdTQzZESEQ3aWRsZnozYWR2NG1VaHZJZHZzb2RiTy9kTDk3?= =?utf-8?B?RE00aWhXSENpMU9uNU9oZDdsYnlCb2FSazAya1gwMkQyV2xEUEk0ZEliUGFx?= =?utf-8?B?ZzhRWk9MWE81eHhHUk9DMk91SDE0T2tiZEFZNWxtTU4zY093anFpeWsrYTVC?= =?utf-8?B?VTVsTEk5R2pmWEtKbDBYTWw2Mk9QQWtxNjBscDZETzRwdWIrNGs2RE5ySnBZ?= =?utf-8?B?MkxrZjRrTXhYeUFIR093azN1bmNmS2NIUVZlaFBCaTYzVUk4S042cnZsVnhV?= =?utf-8?B?czA4NFUxdjN2bnVuNk1pVjRoMFN3UjQ5RndOMkZOdmsrQTlDR1I1cEFJUUFK?= =?utf-8?B?dmxHVzFHaytJSGM5YlM3T1JDYkZXcE1talBzSzJ2USthcTYwenBpMXZYa0NM?= =?utf-8?B?c0FlWGdnNm9xbC9RTE9WTyttZWt6NCsxZ2hDRjhhRC9YZG1wMk1EVzN6Zlkv?= =?utf-8?B?eVZ1OWNSaFBodkwxdDZtQXA2NU9vc1dRcVVZRW1UR2ozbGdQYWM3TUs1ekd1?= =?utf-8?B?SDY2b2xJc3I4cXZaR29JcjFLQ1NMZDZKS2VacFYyd0pxUVd3Y09udkF6dFlw?= =?utf-8?B?c1huam5SNnp6NnpSQW5CZ3FKYXM1V1VXV1J2cFFLOWtaL2oxMU91U2R4bWZW?= =?utf-8?B?YTZhbmdWbFNWQnVnOTVxS0RxMDdZMlZZckF2MVVZWEtESzdRVHpSQ1RBZGlV?= =?utf-8?B?bEMrVzhwNndOTlR1Uy9zTGcvWHJwbXpsZ0ZTUnVDU2QyMDJ3MFpFRXErdVAx?= =?utf-8?B?eWkwSUc3RmJGS3M1WkdybXFaWVpUYzBBTWpwRVpJU2NhaS9qc1FDK0NTaWV0?= =?utf-8?B?WGVWSGg2K0MwQjVFZk52R01lVHlJSUE4SjZza2hvemdzVjFTWlg0WUpFTGJH?= =?utf-8?B?SEt1ZENwRjVJL0MrTUJUdkt2UXJXRlVLbUx0czdFODhZckNhQ25OL1dXZmkv?= =?utf-8?B?ajBBR3FKRG1VT2ZWeWJPOHRXZWM3amJmY1hVU3hEOGNNWnhyeGtsam15cE5L?= =?utf-8?B?THErb3paenZuMklJdHJXNzR3S2I3c1N2eHdkUmRNZEg2Q3dTeDRwNnU1L1Vp?= =?utf-8?B?UTFjcWw4WnJWaGZ0Y2pMeVEyWXd3cUJtNHBGRk02RDNNUGRGM2NUWUJiVHNM?= =?utf-8?Q?WJJ7zxxQVyUrv3h0Ulx8bY265w/GwDLt?= x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PAZP264MB3686.FRAP264.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230040)(10070799003)(1800799024)(366016)(376014)(38070700018); DIR:OUT; SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?utf-8?B?TEpIYXE3NTZvY3Q3NVc1Q2hadTk0TEFaUkFxdVZMM0xQaFVNckNvV3hjanFj?= =?utf-8?B?WXcvT2M0T0F3T3MwQTUyN1dRWFZvMzROOW8zdUkvb1VYUFhDVll1TXJyK0Y1?= =?utf-8?B?a0ZnYWllYk4xbk9TMXg5VzlueWptQmhUZTl3anJhWjBxZk5zQWFPMW53dUp3?= =?utf-8?B?TkZTN2tMNFV5NTlHTGNZazh4Q1VENUplRWZxUDRPcjllNVU4RElraGNTTzZN?= =?utf-8?B?SE9CY2tTSDdoNTd4UlBtMVZLQi9YTEpaa1NRbVIvVTFOcXB4dndaQWhlVnc0?= =?utf-8?B?VlAxUmpXdUJVdldqNnhKbHZGMndiVm5jSHBIU0d5clZIQ1pXWlBVU2Z3YWVs?= =?utf-8?B?cUM2NVpFZVVjQ3FxeXpOenVna0Y0MWEvU2kxOE1STEV4NUdzWEc2ZG0rM3JK?= =?utf-8?B?L09YK0xISTVycFQzRDVVQXJsWUNiV2ZzT1pJcm5KeTRheFFEWHdUVEFEQ2Jx?= =?utf-8?B?QnErbW0xVUY5MlpJTHB5bGs1SC9lTW0vMmQ1eDZ3OXBpMytIKzNhMWNrV21C?= =?utf-8?B?K25kaldJTnhkUk9iNzdKWnNPdzZUazJqUDVSMzI1cFZ4bW5Fdzk3a1NRUk1H?= =?utf-8?B?NmkzSkNGTlpXZ1FUVnpCdzhOQ1UvNnVEbnBSM1cwTFpScWgxRFVCQ2pDdGhh?= =?utf-8?B?eHVQQTR0K1JZRHpta21SQUtadTZXSTBWKzd2Y2RCWUp0NlBrd0k0am53N0hs?= =?utf-8?B?Ym5ROFJUMFVmT01NVE1mU3pQd2IyZXpRTlRHRkFqWXhpNHYybVp2azk4M3Vk?= =?utf-8?B?amRhSHZwbFdXZ3BtOHQrK09HdUdWWlhHUTluanFnSEJ0dmNEYTR2OW5xT3Zn?= =?utf-8?B?bEp6UEF1VjhJaGlKRVByT3dqbXU0MVlNMWUwQVFuemZIQWoxZUo1aXFXalQ3?= =?utf-8?B?OG0rOG45OFJ2NERhdHB4U2JMR2M1WFJkcVYwM3VPc08vMVU3Q0hlR2w5c2RL?= =?utf-8?B?Y2xFenNzUzBhSW53Q1pQRE1CVkc0VmNsNkRjaHBmV1J1cVhLU3hWVm03RldQ?= =?utf-8?B?WkdUSEZBU0lxbUE2R3djM2hWNlZXOEJ2U0VDbjFkUGRCSU9zbU1rRERYaGsz?= =?utf-8?B?clhCcFlSYXp0TzUwSVhJeEdzUGFiYTkwNEs1RmJHZTBLRWZjd0tINGxsTXBF?= =?utf-8?B?WUs1S2dBVzJ3Mmd5YzRLWGVIYmZJZVZmYm4vb09iTmV3SXhqN2hxSG1RNEpS?= =?utf-8?B?cnd3RjBkWGp5TDlFVElKMzBEVVdkaStLT1dwS1VyREdlU2RJRDdZYldKS0Nr?= =?utf-8?B?TzN2Lzl5N3dqamhIRmo3dXlQbG5JQm9iTTV1L3NVM0s3Yy8vYWdMVnE0UjdU?= =?utf-8?B?RjdWSVlSMmdWRDFNUCt6MXVnYmR6K0dvNERUUTVsWVV5WDVzU0VaTTRTZ09L?= =?utf-8?B?eGVMaEI0SFdVekhyblp1L3ROUTFSYU0zMDlqdG1wMEFLeGc1a0NSalVQUHZQ?= =?utf-8?B?YjJzelEwcllIek5qZkRZOGZjNVgvaUtBVDcwVVBTemVXYVFjc1BPZzhWRi9O?= =?utf-8?B?T1hPcTNWOTV6MXRKc2Q4ck9UUkFXYWUzYUJiZEFhd0kvK1VLL1E1RWE2cmIw?= =?utf-8?B?c2dFUG5jTko1djdZdEp5WmVaODdQaEw5ckdERVVhbkVxRThXZXBKVGwvSXBv?= =?utf-8?B?ZFlEMEQ0YlZXS2phUDBuZURBYlRTYWhCZTd6R1VUekRhTWJiY0dVUXFXUFNC?= =?utf-8?B?bnpvZUNDL2FpcGk4eXJ2ZGhPcStpWEhPWEFaT09tQm82QUkzOXNwT1YxYTk5?= =?utf-8?B?dmk3QkVSa0R3WE5GRHFHVTNtMHlvVEF2TStKNHBPUFBiRmRxZ3czc2dvS3hB?= =?utf-8?B?Mi9qVUpqM0pjelo0VmdiSldlbHhqaGIyUFJrRk96alRPVk50Sm5KWlpZUG1y?= =?utf-8?B?ZTJQU1lzZmRIZ2N4RTdzQno4a3JsTzhEY1BtbHhFN1QwNWVIYUppT3BVTXdV?= =?utf-8?B?emlFK0w2TDg1SGlEWVpueHRMUC93ZXpBZkpaa091dGNXanN0TDNKVjZGUHMy?= =?utf-8?B?ZXBBUHZYS3V0Q2RPUU1FQnJJYkNkQTBOZGRweWlqSm1ISU5FMDlZUTdZRG1U?= =?utf-8?B?aHlnODU1Q0FjQi9BeitTMkVXK1g5TFhFa2lOMlZmeGw0YW56OWMzVE9raHk1?= =?utf-8?B?ZjRrbGVTdEFhbUk0b0EzamljWE16SVNqM1QrZjJaR3dGdCtFQUlJZHhjS2xo?= =?utf-8?Q?WLNMNkw0hoPxSnkbiqNBzeIhv7cAxhHwF1ObBEE+FRAv?= Content-ID: <BEDEDBF322D0AC4A8CBC6094E7DCD8DC@FRAP264.PROD.OUTLOOK.COM> MIME-Version: 1.0 X-OriginatorOrg: groupe-cyllene.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PAZP264MB3686.FRAP264.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-Network-Message-Id: 75d16c8a-32aa-4d24-75c3-08dd60b95e25 X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Mar 2025 16:25:42.0861 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: ee11ccf7-112c-4284-848b-f229745e715b X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 4U2VMx9zkCMGqa/v8UvmP/dZrZ1KaK3J/2rHCDxnh3+9o7j+xhRl7R0PYhfjs14R5OcDbNgFCdVRtt584Eh5iY+w3tkuo3aj8kM9QvjNqCieoclDQ7nSw0abJu9vRwaR X-MS-Exchange-Transport-CrossTenantHeadersStamped: MRZP264MB2331 X-SPAM-LEVEL: Spam detection results: 0 ARC_SIGNED 0.001 Message has a ARC signature ARC_VALID 0.001 Message has a valid ARC signature AWL -0.171 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature DMARC_PASS -0.1 DMARC pass policy SPF_HELO_PASS -0.001 SPF: HELO matches SPF record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [groupecyllene.onmicrosoft.com] Subject: Re: [PVE-User] Inter VRF traffic X-BeenThere: pve-user@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE user list <pve-user.lists.proxmox.com> List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-user>, <mailto:pve-user-request@lists.proxmox.com?subject=unsubscribe> List-Archive: <http://lists.proxmox.com/pipermail/pve-user/> List-Post: <mailto:pve-user@lists.proxmox.com> List-Help: <mailto:pve-user-request@lists.proxmox.com?subject=help> List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user>, <mailto:pve-user-request@lists.proxmox.com?subject=subscribe> Reply-To: Proxmox VE user list <pve-user@lists.proxmox.com> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pve-user-bounces@lists.proxmox.com Sender: "pve-user" <pve-user-bounces@lists.proxmox.com> Hi, >>I'm trying to make traffic work between VRFs passing through a an >>external firewall (opnsense+frr) but traffic seems to be resolved >>locally by the node, even though source/destination are on different >>VRFs (and ultimately doesn't work): as you have defined exit-nodes, they are leaking routes between the main vrf && the evpn zone vrf. (to be able to route traffic between the evpn network and the real network) if you want to announce evpn subnets to your opensense, you can create an extra bgp controller for each node, and add your opensense ip as peer. it should be enough. _______________________________________________ pve-user mailing list pve-user@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user