I have a working EVPN setup, now I want the host to be able to access services hosted on the subnet. The problem is hosts are only able to access IPs of VM/CTs that is on themselves.
Say an EVPN VNet Subnet
Running
I believe the problem is because the source address for locally generated traffic
Just to test the theory out, I tried
The fix (or workaround) on my end seems to be pretty straightforward, but this case seems to be too simple to be overlooked in the design of the SDN feature which begs the question of whether this is an intended use or if I'm doing something I'm not supposed to.
Additionally, is there a way to influence FRR to explicitly set the
Say an EVPN VNet Subnet
192.168.20.0/24, the relevant routing table entries on Node A then looks like:
Code:
192.168.20.0/24 nhid 164 dev vrf_evpn2 proto bgp metric 20
192.168.20.3 nhid 148 via 172.19.0.26 dev vrfbr_evpn2 proto bgp metric 20 onlink192.168.20.3 is a VM on the same VNet but is on a different node, 172.19.0.26 is the IP of another PVE node (Node B) in the cluster.Running
ip r get 192.168.20.3, gets me:
Code:
192.168.20.3 via 172.19.0.26 dev vrfbr_evpn2 src 192.168.20.1 uid 0
cacheI believe the problem is because the source address for locally generated traffic
192.168.20.1 (which happens to also be the VNet gateway) is essentially an anycast address which means the reply can go anywhere and is most likely hitting the remote node hosting that VM.Just to test the theory out, I tried
ping -I 172.19.0.25 192.168.20.3, and confirmed that it works.The fix (or workaround) on my end seems to be pretty straightforward, but this case seems to be too simple to be overlooked in the design of the SDN feature which begs the question of whether this is an intended use or if I'm doing something I'm not supposed to.
Additionally, is there a way to influence FRR to explicitly set the
src parameter on the route. I'm not an FRR expert, but I've tried injecting some route-map rules into frr.conf.local but have been unsuccessful so far.
Last edited: