[pve-devel] [PATCH pve-docs] vxlan: allowed routing to local vm on gateway nodes
Alexandre Derumier
aderumier at odiso.com
Fri Sep 6 09:42:05 CEST 2019
We need to redistributed connected network to be able
to join a vm running on a gateway nodes.
also add a prefix-list in default vrf, to not propagate
theses connected routes. (avoid loop)
Signed-off-by: Alexandre Derumier <aderumier at odiso.com>
---
vxlan-and-evpn.adoc | 44 ++++++++++++++++++++++++++++++++++++++++----
1 file changed, 40 insertions(+), 4 deletions(-)
diff --git a/vxlan-and-evpn.adoc b/vxlan-and-evpn.adoc
index 5b9a8c2..7f7e04b 100644
--- a/vxlan-and-evpn.adoc
+++ b/vxlan-and-evpn.adoc
@@ -1155,6 +1155,8 @@ iface vmbr0 inet static
bridge_ports eno1
bridge_stp off
bridge_fd 0
+ ip-forward on
+ ip6-forward on
auto vxlan2
iface vxlan2 inet manual
@@ -1222,6 +1224,8 @@ iface vmbr4000 inet manual
frr.conf
----
+ip prefix-list deny seq 10 deny any
+!
vrf vrf1
vni 4000
exit-vrf
@@ -1235,6 +1239,8 @@ router bgp 1234
!
address-family ipv4 unicast
import vrf vrf1
+ neighbor 192.168.0.2 prefix-list deny out
+ neighbor 192.168.0.3 prefix-list deny out
exit-address-family
!
address-family l2vpn evpn
@@ -1245,6 +1251,10 @@ router bgp 1234
!
router bgp 1234 vrf vrf1
!
+ address-family ipv4 unicast
+ redistribute connected
+ exit-address-family
+ !
address-family l2vpn evpn
default-originate ipv4
exit-address-family
@@ -1497,6 +1507,8 @@ iface vmbr0 inet static
bridge_ports eno1
bridge_stp off
bridge_fd 0
+ ip-forward on
+ ip6-forward on
auto vxlan2
iface vxlan2 inet manual
@@ -1564,6 +1576,8 @@ iface vmbr4000 inet manual
frr.conf
----
+ip prefix-list deny seq 10 deny any
+!
vrf vrf1
vni 4000
exit-vrf
@@ -1577,6 +1591,8 @@ router bgp 1234
!
address-family ipv4 unicast
import vrf vrf1
+ neighbor 192.168.0.2 prefix-list deny out
+ neighbor 192.168.0.3 prefix-list deny out
exit-address-family
!
address-family l2vpn evpn
@@ -1587,6 +1603,10 @@ router bgp 1234
!
router bgp 1234 vrf vrf1
!
+ address-family ipv4 unicast
+ redistribute connected
+ exit-address-family
+ !
address-family l2vpn evpn
default-originate ipv4
exit-address-family
@@ -1615,6 +1635,8 @@ iface vmbr0 inet static
bridge_ports eno1
bridge_stp off
bridge_fd 0
+ ip-forward on
+ ip6-forward on
auto vxlan2
iface vxlan2 inet manual
@@ -1683,6 +1705,8 @@ iface vmbr4000 inet manual
frr.conf
----
+ip prefix-list deny seq 10 deny any
+!
vrf vrf1
vni 4000
exit-vrf
@@ -1696,6 +1720,8 @@ router bgp 1234
!
address-family ipv4 unicast
import vrf vrf1
+ neighbor 192.168.0.1 prefix-list deny out
+ neighbor 192.168.0.3 prefix-list deny out
exit-address-family
!
address-family l2vpn evpn
@@ -1704,6 +1730,10 @@ router bgp 1234
advertise-all-vni
exit-address-family
!
+ address-family ipv4 unicast
+ redistribute connected
+ exit-address-family
+ !
address-family l2vpn evpn
default-originate ipv4
exit-address-family
@@ -1732,6 +1762,8 @@ iface vmbr0 inet static
bridge_ports eno1
bridge_stp off
bridge_fd 0
+ ip-forward on
+ ip6-forward on
auto vxlan2
iface vxlan2 inet manual
@@ -1800,6 +1832,8 @@ iface vmbr4000 inet manual
frr.conf
----
+ip prefix-list deny seq 10 deny any
+!
vrf vrf1
vni 4000
exit-vrf
@@ -1813,6 +1847,8 @@ router bgp 1234
!
address-family ipv4 unicast
import vrf vrf1
+ neighbor 192.168.0.1 prefix-list deny out
+ neighbor 192.168.0.2 prefix-list deny out
exit-address-family
!
address-family l2vpn evpn
@@ -1823,6 +1859,10 @@ router bgp 1234
!
router bgp 1234 vrf vrf1
!
+ address-family ipv4 unicast
+ redistribute connected
+ exit-address-family
+ !
address-family l2vpn evpn
default-originate ipv4
exit-address-family
@@ -1943,10 +1983,6 @@ router bgp 1234
neighbor 192.168.0.200 remote-as 1234
neighbor 192.168.0.201 remote-as 1234
!
- address-family ipv4 unicast
- import vrf vrf1
- exit-address-family
- !
address-family l2vpn evpn
neighbor 192.168.0.200 activate
neighbor 192.168.0.201 activate
--
2.20.1
More information about the pve-devel
mailing list