L3 routing to the hypervisor with BGP ?

benoitc · Sep 4, 2022

i'm reading this paper: https://vincent.bernat.ch/en/blog/2018-l3-routing-hypervisor

and I find it interresting to be able to use the hypervisor as a router instead of relying on another router. It makes the automation easier at some point. In some way this looks like the routed model but how to go further with frr and interface creation for vms with oroxmox. Has anyone attempted to trun such configuration ? Is this something possible with proxmox? Any advise/hint/doc is welcome

spirit · Sep 4, 2022

currently, they are bgp-evpn implemented in sdn. (it's bgp routing + vxlan). Main advantages is that it's allow easy vm migration between nodes without any distribution, and also mac/ip is auto-learning with host bridge/arp table.
https://pve.proxmox.com/pve-docs/chapter-pvesdn.html#pvesdn_zone_plugin_evpn

It should be possible to implement simple bgp routing, with /32 routes, but it's missing some hooks to dynamically add routes when vm stop/start or migrate on different host.

benoitc · Sep 4, 2022

spirit said:
currently, they are bgp-evpn implemented in sdn. (it's bgp routing + vxlan). Main advantages is that it's allow easy vm migration between nodes without any distribution, and also mac/ip is auto-learning with host bridge/arp table.
https://pve.proxmox.com/pve-docs/chapter-pvesdn.html#pvesdn_zone_plugin_evpn

It should be possible to implement simple bgp routing, with /32 routes, but it's missing some hooks to dynamically add routes when vm stop/start or migrate on different host.

i see . is there any howto for bgp-evpn? I am trying to understand how to build it with an exit node since my router isn't working ble to handle evpn.

spirit · Sep 5, 2022

benoitc said:
i see . is there any howto for bgp-evpn? I am trying to understand how to build it with an exit node since my router isn't working ble to handle evpn.

no, I really need to do a full article to explain how it's works ^_^

I have already tried to to explain it a lot in the forum, so do a search.

But yes, if you router can't do evpn natively, you need to configure exit-node. (the traffic will be routed between the evpn network && your router through the exit node).

By default, the exit-node will route traffic coming from the evpn subnets to his default gateway. (or static route).
In the reverse side, you need to configure in your router , a route to evpn subnets through the ip of the exit-node(s).

But, if you want, you can do (classic) bgp between the exit-node(s) and your router, to directly announce evpn subnets , so no static routes are needed.
in the sdn you just need to add an extra "bgp" controller for each exit-node, and in the peer option, add the ip your router + ip of others hypervisors.
.

benoitc · Sep 5, 2022

I see I will check. The things I'm not sure reading the doc is if this node can be configured using the UI or do I need to modify the configuration file? Also should netbox be installed standalone?

spirit · Sep 6, 2022

benoitc said:
I see I will check. The things I'm not sure reading the doc is if this node can be configured using the UI or do I need to modify the configuration file? Also should netbox be installed standalone?

you can do all config with u.
netbox/ipam is not needed currently (currently it's not yet implemented in vm/ct nic ip address attribution). Only subnet are registred in ipam.
you can use external netbox/phpipam or embedded pve custom ipam.

Search

Search

L3 routing to the hypervisor with BGP ?

benoitc

Member

spirit

Distinguished Member

benoitc

Member

spirit

Distinguished Member

benoitc

Member

spirit

Distinguished Member