[PVE-User] Inter VRF traffic
Cyrus
cyruspy at gmail.com
Tue Mar 11 18:44:32 CET 2025
On Tue, Mar 11, 2025, 13:41 DERUMIER, Alexandre <
alexandre.derumier at groupe-cyllene.com> wrote:
> Hi,
>
> >>I'm trying to make traffic work between VRFs passing through a an
> >>external firewall (opnsense+frr) but traffic seems to be resolved
> >>locally by the node, even though source/destination are on different
> >>VRFs (and ultimately doesn't work):
>
> as you have defined exit-nodes, they are leaking routes between the
> main vrf && the evpn zone vrf. (to be able to route traffic between the
> evpn network and the real network)
>
>
> if you want to announce evpn subnets to your opensense, you can create
> an extra bgp controller for each node, and add your opensense ip as
> peer. it should be enough.
>
Hello!,
Now that you mention it.... Probably I don't need exit nodes to be defined.
In this specific usecase, I'm placing peering interfaces in the specific
VRFs and configuring 2 manual BGP instances towards the firewalls.
That might fix my current problem. Will try and report back!
Regards.
>
More information about the pve-user
mailing list