[pve-devel] [PATCH v2 pve-network 2/4] vxlan: evpn: fix routing to local vms on gateway nodes

Alexandre Derumier aderumier at odiso.com
Mon Sep 9 08:45:51 CEST 2019 

Signed-off-by: Alexandre Derumier <aderumier at odiso.com>
---
 PVE/Network/SDN.pm             | 2 ++
 PVE/Network/SDN/FrrPlugin.pm   | 8 ++++++++
 PVE/Network/SDN/VxlanPlugin.pm | 4 ++++
 3 files changed, 14 insertions(+)

diff --git a/PVE/Network/SDN.pm b/PVE/Network/SDN.pm
index d72b94a..528437f 100644
--- a/PVE/Network/SDN.pm
+++ b/PVE/Network/SDN.pm
@@ -223,6 +223,8 @@ sub generate_frr_config {
 
     my $final_config = [];
     push @{$final_config}, "log syslog informational";
+    push @{$final_config}, "!";
+    push @{$final_config}, "ip prefix-list deny seq 10 deny any";
 
     generate_frr_recurse($final_config, $config, undef, 0);
 
diff --git a/PVE/Network/SDN/FrrPlugin.pm b/PVE/Network/SDN/FrrPlugin.pm
index 772d7d2..b227745 100644
--- a/PVE/Network/SDN/FrrPlugin.pm
+++ b/PVE/Network/SDN/FrrPlugin.pm
@@ -68,6 +68,14 @@ sub generate_frr_config {
     push @router_config, "advertise-all-vni";
     push(@{$config->{router}->{"bgp $asn"}->{"address-family"}->{"l2vpn evpn"}}, @router_config);
 
+    #don't distribute default vrf route to other peers
+    @router_config = ();
+    foreach my $address (@peers) {
+	next if $address eq $ifaceip;
+	push @router_config, "neighbor $address prefix-list deny out";
+    }
+    push(@{$config->{router}->{"bgp $asn"}->{"address-family"}->{"ipv4 unicast"}}, @router_config);
+
     return $config;
 }
 
diff --git a/PVE/Network/SDN/VxlanPlugin.pm b/PVE/Network/SDN/VxlanPlugin.pm
index 9ab0ade..3e18de3 100644
--- a/PVE/Network/SDN/VxlanPlugin.pm
+++ b/PVE/Network/SDN/VxlanPlugin.pm
@@ -199,7 +199,11 @@ sub generate_frr_config {
 	push(@{$config->{router}->{"bgp $asn"}->{"address-family"}->{"ipv4 unicast"}}, @router_config);
 
 	@router_config = ();
+	#redistribute connected to be able to route to local vms on the gateway
+	push @router_config, "redistribute connected";
+	push(@{$config->{router}->{"bgp $asn vrf $vrf"}->{"address-family"}->{"ipv4 unicast"}}, @router_config);
 
+	@router_config = ();
 	#add default originate to announce 0.0.0.0/0 type5 route in evpn
 	push @router_config, "default-originate ipv4";
 	push(@{$config->{router}->{"bgp $asn vrf $vrf"}->{"address-family"}->{"l2vpn evpn"}}, @router_config);
-- 
2.20.1

More information about the pve-devel mailing list