Hello,
I have recently set up an SDN EVPN zone on my Proxmox VE 8.2 cluster. The configuration appears to be partially working as I can successfully ping all containers from my Proxmox hosts. Additionally, I can access services such as SSH from other containers within the SDN zone. However, I am facing issues accessing these services directly from the Proxmox hosts or from outside the SDN.
Here are some details about my setup:
Proxmox Version: 8.2
Below is my `/etc/network/interfaces.d/sdn` configuration file:
#version:3
auto cesenet
iface cesenet
address 10.10.10.1/24
post-up iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o vmbr0 -j SNAT --to-source 132.104.71.20
post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o vmbr0 -j SNAT --to-source 132.104.71.20
post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1
hwaddress BC:21:11:AA:E2:23
bridge_ports vxlan_cesenet
bridge_stp off
bridge_fd 0
mtu 1450
ip-forward on
arp-accept on
vrf vrf_cesenet
auto vrf_cesenet
iface vrf_cesenet
vrf-table auto
post-up ip route del vrf vrf_cesenet unreachable default metric 4278198272
auto vrfbr_cesenet
iface vrfbr_cesenet
bridge-ports vrfvx_cesenet
bridge_stp off
bridge_fd 0
mtu 1450
vrf vrf_cesenet
auto vrfvx_cesenet
iface vrfvx_cesenet
vxlan-id 10000
vxlan-local-tunnelip 132.204.71.20
bridge-learning off
bridge-arp-nd-suppress on
mtu 1450
auto vxlan_cesenet
iface vxlan_cesenet
vxlan-id 11000
vxlan-local-tunnelip 132.204.71.20
bridge-learning off
bridge-arp-nd-suppress on
mtu 1450
Current Situation
Troubleshooting Steps Taken:
Any insights or suggestions to resolve this issue would be greatly appreciated.
Thank you!
I have recently set up an SDN EVPN zone on my Proxmox VE 8.2 cluster. The configuration appears to be partially working as I can successfully ping all containers from my Proxmox hosts. Additionally, I can access services such as SSH from other containers within the SDN zone. However, I am facing issues accessing these services directly from the Proxmox hosts or from outside the SDN.
Here are some details about my setup:
Proxmox Version: 8.2
Below is my `/etc/network/interfaces.d/sdn` configuration file:
#version:3
auto cesenet
iface cesenet
address 10.10.10.1/24
post-up iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o vmbr0 -j SNAT --to-source 132.104.71.20
post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o vmbr0 -j SNAT --to-source 132.104.71.20
post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1
hwaddress BC:21:11:AA:E2:23
bridge_ports vxlan_cesenet
bridge_stp off
bridge_fd 0
mtu 1450
ip-forward on
arp-accept on
vrf vrf_cesenet
auto vrf_cesenet
iface vrf_cesenet
vrf-table auto
post-up ip route del vrf vrf_cesenet unreachable default metric 4278198272
auto vrfbr_cesenet
iface vrfbr_cesenet
bridge-ports vrfvx_cesenet
bridge_stp off
bridge_fd 0
mtu 1450
vrf vrf_cesenet
auto vrfvx_cesenet
iface vrfvx_cesenet
vxlan-id 10000
vxlan-local-tunnelip 132.204.71.20
bridge-learning off
bridge-arp-nd-suppress on
mtu 1450
auto vxlan_cesenet
iface vxlan_cesenet
vxlan-id 11000
vxlan-local-tunnelip 132.204.71.20
bridge-learning off
bridge-arp-nd-suppress on
mtu 1450
Current Situation
- I can ping containers from Proxmox hosts.
- Containers can communicate with each other and access services such as SSH internally.
- Services (e.g., SSH, HTTP) on containers are not accessible directly from Proxmox hosts or from external networks.
Troubleshooting Steps Taken:
- Verified that the services are running and accessible from other containers within the SDN.
- Ensured there are no firewall rules blocking the ports.
- Verified that the services are listening on all interfaces (`0.0.0.0`).
- Checked logs but did not find any relevant entries when trying to access the services.
Any insights or suggestions to resolve this issue would be greatly appreciated.
Thank you!