Frr update to 10.4.1-1 broke external routing?

[spirit]

I ended up tossing the idea of using static routes and attempted again to setup bgp on the switches. The biggest thing I missed and also didn't understand was not only did I need to define an evpn controller in the SDN but also a BGP controller for the node I wanted to use as an exit node. I assumed the evpn controller was both and I just needed to use that ASN on the switch side. When that didn't work originally, I tossed that idea and went with the static routes. A new day, a lot of coffee and the ah-ha moment; configuring a bgp controller on the node was the missing piece for dynamic routing to work.

the "evpn controller", is deploying config for evpn+bgp (they are only a bgp daemon in frr, but different peers for bgp or evpn layer), with same ASN for both evpn/bgp peers.

but if you need create custom bgp configuration (e-bgp, different ASN , different peers for bgp,...) you can add an extra bgp controller configuration.

 

[spirit]

"I'm assuming defining static routes to get back to the VMs from external is perfectly okay, but we're going to see about getting bgp set up on our switches"

If you want to reach the evpn network from outside, if need indeed routes to the evpn network. (so static routes, or bgp learned routes on your external router).


here a example :

out traffic
-----------------
vm (192.168.0.1)-----gw-------192.168.0.254(node1)-----0.0.0.0/0(default evpn type5route)---------->node2(exit-node) 172.168.0.1-------------->172.16.0.254--->external router(10.0.0.254)-------->computer(10.0.0.1)


in traffic
-----------
computer(10.0.0.1)------gw----->10.0.0.254(external router)172.16.0.254--------route add 192.168.0.0/24 gw 172.168.0.1------------>172.168.0.1-node2(exit node)-192.168.0.254----------------->vm(192.168.0.1)

 

[ggoller]

Glad that it worked! Just to answer your last question: the default value of net.ipv4.conf.all.forwarding is 0, so IPv4 forwarding is disabled by default. IPv4 forwarding turns the host into a router, allowing it to forward IPv4 packets. Everything should still work as it did with IPv4 forwarding disabled. If you notice anything off, you can also enable IPv4 forwarding only on the necessary interfaces with net.ipv4.conf.ens19.forwarding=1.

Let me know if you have any other questions!