[ISSUE] VXLAN traffic leaking between isolated SDN zones in Proxmox

[iamgrudge]

I’ve set up two VXLAN SDN zones in Proxmox, each with its own bridge and unique VNI.
Example:

vxlan_ammmmm: id 2273 dstport 4789 master ammmmm
vxlan_i5mnp1: id 528335 dstport 4789 master i5mnp1

Even though the VNIs and bridges are different, VMs in those zones can still ping each other — even with overlapping IPs.


I confirmed the traffic isn’t going through vmbr0; it’s visible directly on the VXLAN interfaces.
Is this a known issue with Proxmox or the Linux VXLAN driver when using the same UDP port (4789) for multiple VNIs?
Should each VXLAN zone use a different vxlan_port to stay isolated?

 

[ggoller]

Hi!
This shouldn't happen, could you please paste the network config of the vm (inside of the vm) and the host network config?
On the host:

ip a
ip r
cat /etc/network/interfaces
cat /etc/network/interfaces.d/sdn

And on the VM:

ip a
ip r

Would also be nice if you could post a traceroute from one vm to the other.

Thanks!