Hello,
I’m trying to get connectivity between a Proxmox node and a VM located on the same node but in a tenant VRF (vrf_z10001)
proxmox (10.0.4.4) -> VM (10.0.20.10)
I leaked host routes between VRFs.
vtysh -c 'show ip route'
vtysh -c 'show ip route vrf vrf_z10001'
After leaking the routes, the Proxmox node still cannot reach the VM.
ICMP reaches the VM and the VM sends replies, but the traffic appears to get stuck when returning from the tenant VRF to the default VRF.
What am I missing to allow traffic to traverse back from vrf_z10001 to the default VRF?
ping 10.0.20.10 -I 10.0.4.4
tcpdump -i v100001 -n icmp
I’m trying to get connectivity between a Proxmox node and a VM located on the same node but in a tenant VRF (vrf_z10001)
proxmox (10.0.4.4) -> VM (10.0.20.10)
I leaked host routes between VRFs.
Code:
ip route add 10.0.20.10/32 dev v100001
ip route add 10.0.4.4/32 dev vmbr0 vrf vrf_z10001vtysh -c 'show ip route'
Code:
IPv4 unicast VRF default:
K>* 0.0.0.0/0 [0/0] via 10.0.7.1, vmbr0 onlink, weight 1, 01w4d13h
C>* 10.0.4.0/22 is directly connected, vmbr0, weight 1, 01w4d13h
L>* 10.0.4.4/32 is directly connected, vmbr0, weight 1, 01w4d13h
K>* 10.0.20.10/32 [0/0] is directly connected, v100001 (vrf vrf_z10001), weight 1, 13:30:17vtysh -c 'show ip route vrf vrf_z10001'
Code:
IPv4 unicast VRF vrf_z10001:
B>* 0.0.0.0/0 [200/0] via 192.168.10.1, vrfbr_z10001 onlink, weight 1, 01w3d11h
K * 0.0.0.0/0 [255/8192] unreachable (ICMP unreachable), weight 1, 01w4d12h
K>* 10.0.4.4/32 [0/0] is directly connected, vmbr0 (vrf default), weight 1, 04:07:28
C>* 10.0.20.0/24 is directly connected, v100001, weight 1, 01w4d13h
B 10.0.20.1/32 [200/0] via 192.168.10.1, vrfbr_z10001 onlink, weight 1, 01w4d13h
L>* 10.0.20.1/32 is directly connected, v100001, weight 1, 01w4d13h
B>* 10.0.20.8/32 [200/0] via 10.0.4.1, vrfbr_z10001 onlink, weight 1, 1d07h05m
B>* 10.0.20.9/32 [200/0] via 10.0.4.3, vrfbr_z10001 onlink, weight 1, 01w4d13h
B>* 10.0.20.19/32 [200/0] via 10.0.4.3, vrfbr_z10001 onlink, weight 1, 01w4d13h
B>* 10.0.20.31/32 [200/0] via 10.0.4.3, vrfbr_z10001 onlink, weight 1, 01w4d13h
B>* 10.0.20.33/32 [200/0] via 10.0.4.1, vrfbr_z10001 onlink, weight 1, 1d07h05m
B>* 10.0.20.42/32 [200/0] via 10.0.4.3, vrfbr_z10001 onlink, weight 1, 01w4d13h
B>* 10.0.20.44/32 [200/0] via 10.0.4.3, vrfbr_z10001 onlink, weight 1, 01w4d13hAfter leaking the routes, the Proxmox node still cannot reach the VM.
ICMP reaches the VM and the VM sends replies, but the traffic appears to get stuck when returning from the tenant VRF to the default VRF.
What am I missing to allow traffic to traverse back from vrf_z10001 to the default VRF?
ping 10.0.20.10 -I 10.0.4.4
tcpdump -i v100001 -n icmp
Code:
listening on v100001, link-type EN10MB (Ethernet), snapshot length 262144 bytes
22:47:02.234435 IP 10.0.4.4 > 10.0.20.10: ICMP echo request, id 115, seq 454, length 64
22:47:02.234569 IP 10.0.20.10 > 10.0.4.4: ICMP echo reply, id 115, seq 454, length 64