[SOLVED] "Connect" the sdn to the real network

[abma]

How can i connect the "real network" to the sdn?

i.e.

router 192.168.1.254
proxmox node 1: 192.168.1.1
proxmox node 2: 192.168.1.2
proxmox node 3: 192.168.1.3


evpn vnet on all nodes: "test" with subnet 192.168.2.0/254 with gateway 192.168.2.254


what needs to be configured/set, so the router can ping an ip in the subnet 192.168.2.0/24?

i.e. on the router:

ping 192.168.2.1



is this possible without an additional vm which acts as gateway to 192.168.2.0/24 or is there a router vm needed which has two interfaces, one connected to vmbr0 and one to "test"?

 

[spirit]

Hi,
for evpn you have differents way:

- if your physical router support evpn natively, you can announce the default 0.0.0.0 route from it.

-if not, you can configure an "exit-node(s)" in the zone configure.
the exit-node will route the traffic between evpn network and real network;



ex:

incoming traffic:
------------------------
you need a route in your router like : "route add 192.168.2.0/24 gw 192.168.1.1"

router: 192.168.1.254-----------------------> 192.168.1.1 - node1 (exit-node) ------->evpn vnet anycast gateway(192.168.2.254)---------> vm 192.168.2.x/24


outgoing traffic
----------------------
vm (192.168.2.X/24)----------------->192.168.2.254 (evpn vnet anycast gateway)------0.0.0.0/0(announced by exit-node)-------->exit-node (node1)--192.168.1.1--------------> 192.168.1.254 router

 

[abma]

if your physical router support evpn natively, you can announce the default 0.0.0.0 route from it.

no, its not supported.

if not, you can configure an "exit-node(s)" in the zone configure.
the exit-node will route the traffic between evpn network and real network;

yes, thats how i understood it: but this way, all traffic is routed via node1. When its rebooted, all vms on the other nodes are cut off from the "real network" / router it seems?

My goal is, to have the routing between different vlans on the proxmox side and have some redundancy, so that at least a node can be rebooted.


So, i guess i have to setup a ha-router in proxmox which means two vm's running on two nodes which are connected to all vlans and route the traffic between them and the different networks?

 

[abma]

more specific: i need to setup sth. like conntrackd + keepalived?

 

[spirit]

more specific: i need to setup sth. like conntrackd + keepalived?

yes, it can works with a simple vrrp vip keepalived. (no need for conntrackd, as firewall is not related here).

also, if you router support it, you can define an ecmp route to 1 or multiple exit node. (static route, or bgp is also possible).

I'll try to see if I can have vrrp vip support in the future, at it seem that frr router support it too (never tested), so I could implement it without need an extra keepalived daemon.

 

[abma]

I'll try to see if I can have vrrp vip support in the future, at it seem that frr router support it too (never tested), so I could implement it without need an extra keepalived daemon.

That would be awesome.

thanks for the feedback!