Doubt in configuration using OVS; duplicate macadress when using OVSINTPORT

L

lp_xanclas

Member
Apr 29, 2022
26
1
8
Hello all,
I'm a new starter in proxmox, and I have a doubt regarding OVS and SDN.
I have two proxmox servers, each one dual port NIC
My doubt, first regarding OVS:
1- created two OVS bridges on each proxmox server, using a dual port NIC, but one OVS bridge associated with one port, and second OVS bridge associated with another port
2- In each OVS bridge I created one ovsintport, with an IP address and without tagging any vlan
3- what's happening here, and the reason of my doubt:
the IPs configured on each ovsinport, which each ovsintport associated to one bridge, are in the same network segment. When I ping one IP, I get one mac address from the arp table. Pinging the second IP, returns the same mac address, generating a warning of two different IPs having the same mac address.
Do you know if I'm configuring this correctly? My design is to use a different NIC port for proxmox management, and the other to the VTEP on SDN.
This makes sense for all of you?

Thank you
LP_xanclas
 
Hi, I don't have tested vtep/Vxlan too much with ovs, but they are pure linux interfaces without any relation to ovs.
Only traffic is routed through the ip of the server, so here (I think) through the ovsintport ip.

Do you have any reason to use ovs here ? because if you only use vtep/vxlan, you really don't need it.


Anyway, could you share your current /etc/network/interfaces ?

do you have already geneated the sdn configuration ?
 
Thought that VXLANs are only available when using OVS.
However, by reading your message, can SDN be achieved without the using of OVS?
Click to expand...

No, really, this don't use ovs. (and if you want to use evpn, I'll really recommend to not use ovs, I'm not sure that frr routing daemon is working fine, because it's parsing mac address of kernel devices).

You don't even need any vmbrX linux bridge or ovs in /etc/network/interfaces. you can setup ip address directly on physical interfaces.

The sdn plugin create linux bridge for each vnet with a linux vxlan interfaces. (this is generated in /etc/nework/interfaces.d/sdn)

Then, the vxlan is transported on top of your physical interface ip address.


All the differents sdn plugins (vlan,qinq,vxlan,...) are working without ovs.
 
Hello, it's working with EVPN+VXLAN.
I got this on the local peer:

Flags: I=local-inactive, P=peer-active, X=peer-proxy Neighbor Type Flags State MAC Remote ES/VTEP Seq #'s fe80::a0ab:52ff:feb1:9a26 local active a2:ab:52:b1:9a:26 0/0 fe80::c8b9:cdff:fec5:7dcf remote active [B]ca:b9:cd:c5:7d:cf 192.168.2.29 [/B] 0/0

The remote VM as the MAC ca:b9:cd:c5:7d:cf, which matches.
L2 Network is working, between two different hosts.
Thanks one more time for your help @spirit
 
By the way, what limitations can I face by not using OVS and using Linux Bridges instead? Can I use BGP with an external firewall?
 
lp_xanclas said:
By the way, what limitations can I face by not using OVS and using Linux Bridges instead?
Click to expand...

Maybe if you need to do port mirroring, it's easier with ovs.
For all others features, linux bridge is 100% complete.

lp_xanclas said:
Can I use BGP with an external firewall?
Click to expand...
Well, bgp is not related to ovs or linux bridge.
Do you talk about an external bgp peer (without evpn) with a firewall ? (Like routing to an external pfsense maybe ?)
 
Hello @spirit

spirit said:
Well, bgp is not related to ovs or linux bridge.
Do you talk about an external bgp peer (without evpn) with a firewall ? (Like routing to an external pfsense maybe ?)
Click to expand...
Yes, that's my plan. That the workloads on proxmox can communicate externally. I'm only now talking about VMs, not containers. For connecting a pfsense for example, I need an additional BGP controller, correct? Then I need to define what routes I want to advertise to pfsense in proxmox server?
 
Last edited:
lp_xanclas said:
Hello @spirit


Yes, that's my plan. That the workloads on proxmox can communicate externally. I'm only now talking about VMs, not containers. For connecting a pfsense for example, I need an additional BGP controller, correct? Then I need to define what routes I want to advertise to pfsense in proxmox server?
Click to expand...
Hi, sorry, I didn't see your response.

pfsense don't support evpn currently. (with evpn support, il could be defined as evpn exit-node natively)

So, what you need to do:

-define exit-nodes in evpn . (so the traffic will go out through theses nodes from evpn network to external network).

by default, the traffic will go out through the default gw of theses exit-node. (this could be your pfsense firewall, then, without extra bgp, you could add a static route in your pfsense to the evpn subnets via the exit-node ips.).

but, you could also add a classis bgp session between the exit-nodes and your pfsense.
(you can add an extra bgp controller in sdn config, for each exit-node, and define here and extra peer wih your pfsense.

I'll try to add some examples in the doc soon, but maybe look in the forum, I have already talked about this setup with some othe proxmox users.
 
Hello @spirit thanks for your message, and apologize for my late reply. If I set an extra bgp controller, do I need to set what subnets need to advertise to pfsense? If yes, how can I configure what subnets of the SDN I want to advertise to pfsense?
Thank you so much
 
Last edited:
Hello @spirit I'm trying to find some guide to configure pfsense and BGP. I've configured the BPG on pfsense and on proxmox. After configured a BPG controlller selecting EBGP and a different AS number, I receive the network advertsided from pfsense. I'm trying to advertise some VNETs from the proxmox SDN to this pfsense. I accessed "vtysh" cli and use this commands:
(changed my VNET network and the bgp AS number)

router bgp 1
address-family ipv4 unicast
network 10.0.0.0/8
exit-address-family

However I'm not getting this network added on the frr.conf, and also I don't see it being advertised to the pfsense. Do you have any tip for this?
Thank you.
 
Last edited:
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom