Proxmox SDN Traffic breakout Interface and routing

[Marco83]

Hello everyone,

I have a question about the SDN stack in Proxmox. Currently, traffic in the EVPN/VXLAN networks breaks out via the host interface that has the default route. Is there an officially supported way to change or define which interface is used without manually editing route maps in the shell?

I’m sure I can somehow rebuild this by creating VRFs and redirecting the traffic via the routing tables accordingly. However, I think this approach is not officially supported and might also not be persistent across updates.

Has anyone got experience with this, or has implemented something similar already?

 

[Blueloop]

That's a great question for which I don't have a definitive answer. If I was you I'd be running up a test rig for this. You can run PVE nested. I would imagine you have a cluster but experiments can be run on a single box. If you need to test across the cluster, you'll need more networking.

Create one or more bridges with no physical interfaces - they will become test LANs. Magic up a IP subnet plan for your test.

Create a VM and install a router eg pfSense or whatever you are familiar with. It will use your real LAN as its WAN and be a router for for the test LANs - it should NAT the test LANs to its WAN gateway which is your real LAN gateway. You could do all of this with iptables/nftables rules on your Proxmox host itself (its a bog standard Debian Linux box) but I don't recommend that!

(research the requirements for running nested virtualisation, ie PVE within PVE - make sure your gear can do it)

Create another VM and install PVE into it. It will have its management interface on one of the test LAN bridges. Make sure it can reach the internet. You can create network bridges on it too but bear in mind that VMs on a nested host will need yet another router if they need to get to the internet. It is turtles all the way down!

If you get that lot working, you can answer your own questions.

 

[spirit]

Hello everyone,

I have a question about the SDN stack in Proxmox. Currently, traffic in the EVPN/VXLAN networks breaks out via the host interface that has the default route. Is there an officially supported way to change or define which interface is used without manually editing route maps in the shell?

I’m sure I can somehow rebuild this by creating VRFs and redirecting the traffic via the routing tables accordingly. However, I think this approach is not officially supported and might also not be persistent across updates.

Has anyone got experience with this, or has implemented something similar already?

do you have an example of what you need to do with manual routes to be sure to understand what you need?

on the underlay, evpn/vxlan are using peers adress list to establish vxlan tunnel, and the vxlan tunnels are working in default vrf only.

in the overlay, in evpn, if you define an exit-node, the traffic is forward between the evpn zone vrf to the default vrf of the exit node, then follow the routes of the exit-node in the default vrf. (can we the default route, static routes, or bgp learned routes)