sdn Config. gateway not reachable

pille99 · 2026-05-30T08:39:17+0200

hello
the post in the network section is unanswered, so i figured there is not much reader there. so i open a post here.

i stack on the issue with SDN, for quite some time. i tried to sove it with AI but other than entering command over command - no possitive outcome.

i have an proxmox cluster with 4 Nodes, and a stanalone node. on the standalone node is Proxmox installed and there is an OPNSense VM.

IP Maps
10.10.12.1 standalone Proxmox
10.01.12.2 OPNsense
10.10.12.5 Bastion server
10.10.12.10-13 Proxmox cluster
all servers are pingable in all direction (so, network is reachable)

on the cluster is a SDN with 3 Networks:
172.16.1.0/24 for infra serivices like dns, ntp
172.16.61.0/28 (16x28 subnets)
172.16.62.0/28 (16x28 subnets)

i got a controller (nowhere is written with subnet you NEED to configure a controller, without the subnet just doesnt pick up)

the zones

the vnets and subnets

the network is for all servers on NIC1 (for the cluster

and standalone/opnsense

i just cant get the sdn network to reach the opnsense. no ping, tcpdump shows no income traffic.
i tried with AI, entered round about 50 commands, but nothing worked. and to be honest, i cant imagine proxmox team leave users with half finished configs and let them configure the rest with manually commands.

can anybody see an mistake ?

btw: frrr

frr version 10.6.1
frr defaults datacenter
hostname pve01-ch
log syslog informational
service integrated-vtysh-config
!
ip prefix-list only_default seq 1 permit 0.0.0.0/0
!
ipv6 prefix-list only_default_v6 seq 1 permit ::/0
!
route-map MAP_VTEP_IN deny 1
match ip address prefix-list only_default
exit
!
route-map MAP_VTEP_IN deny 2
match ipv6 address prefix-list only_default_v6
exit
!
route-map MAP_VTEP_IN deny 3
match ip address prefix-list only_default
exit
!
route-map MAP_VTEP_IN deny 4
match ipv6 address prefix-list only_default_v6
exit
!
route-map MAP_VTEP_IN permit 5
exit
!
route-map MAP_VTEP_OUT permit 1
exit
!
ip route 172.16.1.0/24 10.255.255.2 xvrf_infra
ip route 172.16.61.0/28 10.255.255.2 xvrf_kunden
ip route 172.16.61.16/28 10.255.255.2 xvrf_kunden
ip route 172.16.61.32/28 10.255.255.2 xvrf_kunden
ip route 172.16.61.48/28 10.255.255.2 xvrf_kunden
ip route 172.16.61.64/28 10.255.255.2 xvrf_kunden
ip route 172.16.61.80/28 10.255.255.2 xvrf_kunden
ip route 172.16.61.96/28 10.255.255.2 xvrf_kunden
ip route 172.16.61.112/28 10.255.255.2 xvrf_kunden
ip route 172.16.61.128/28 10.255.255.2 xvrf_kunden
ip route 172.16.61.144/28 10.255.255.2 xvrf_kunden
ip route 172.16.61.160/28 10.255.255.2 xvrf_kunden
ip route 172.16.61.176/28 10.255.255.2 xvrf_kunden
ip route 172.16.61.192/28 10.255.255.2 xvrf_kunden
ip route 172.16.61.208/28 10.255.255.2 xvrf_kunden
ip route 172.16.61.224/28 10.255.255.2 xvrf_kunden
ip route 172.16.61.240/28 10.255.255.2 xvrf_kunden
ip route 172.16.62.16/28 10.255.255.2 xvrf_kunden
ip route 172.16.62.32/28 10.255.255.2 xvrf_kunden
ip route 172.16.62.48/28 10.255.255.2 xvrf_kunden
ip route 172.16.62.64/28 10.255.255.2 xvrf_kunden
ip route 172.16.62.80/28 10.255.255.2 xvrf_kunden
ip route 172.16.62.96/28 10.255.255.2 xvrf_kunden
ip route 172.16.62.112/28 10.255.255.2 xvrf_kunden
ip route 172.16.62.128/28 10.255.255.2 xvrf_kunden
ip route 172.16.62.144/28 10.255.255.2 xvrf_kunden
ip route 172.16.62.160/28 10.255.255.2 xvrf_kunden
ip route 172.16.62.176/28 10.255.255.2 xvrf_kunden
ip route 172.16.62.192/28 10.255.255.2 xvrf_kunden
ip route 172.16.62.240/28 10.255.255.2 xvrf_kunden
!
vrf vrf_infra
ip route 0.0.0.0/0 10.255.255.1
ip route 0.0.0.0/0 10.255.255.1 xvrfp_infra onlink
ip route 172.16.1.0/24 Null0
ip route 172.16.61.0/28 Null0
ip route 172.16.61.16/28 Null0
ip route 172.16.61.32/28 Null0
ip route 172.16.61.48/28 Null0
ip route 172.16.61.64/28 Null0
ip route 172.16.61.80/28 Null0
ip route 172.16.61.96/28 Null0
ip route 172.16.61.112/28 Null0
ip route 172.16.61.128/28 Null0
ip route 172.16.61.144/28 Null0
ip route 172.16.61.160/28 Null0
ip route 172.16.61.176/28 Null0
ip route 172.16.61.192/28 Null0
ip route 172.16.61.208/28 Null0
ip route 172.16.61.224/28 Null0
ip route 172.16.61.240/28 Null0
ip route 172.16.62.16/28 Null0
ip route 172.16.62.32/28 Null0
ip route 172.16.62.48/28 Null0
ip route 172.16.62.64/28 Null0
ip route 172.16.62.80/28 Null0
ip route 172.16.62.96/28 Null0
ip route 172.16.62.112/28 Null0
ip route 172.16.62.128/28 Null0
ip route 172.16.62.144/28 Null0
ip route 172.16.62.160/28 Null0
ip route 172.16.62.176/28 Null0
ip route 172.16.62.192/28 Null0
ip route 172.16.62.208/28 Null0
ip route 172.16.62.224/28 Null0
ip route 172.16.62.240/28 Null0
vni 10000
exit-vrf
!
vrf vrf_kunden
ip route 0.0.0.0/0 10.255.255.1 xvrfp_kunden onlink
ip route 172.16.1.0/24 Null0
ip route 172.16.61.0/28 Null0
ip route 172.16.61.16/28 Null0
ip route 172.16.61.32/28 Null0
ip route 172.16.61.48/28 Null0
ip route 172.16.61.64/28 Null0
ip route 172.16.61.80/28 Null0
ip route 172.16.61.96/28 Null0
ip route 172.16.61.112/28 Null0
ip route 172.16.61.128/28 Null0
ip route 172.16.61.144/28 Null0
ip route 172.16.61.160/28 Null0
ip route 172.16.61.176/28 Null0
ip route 172.16.61.192/28 Null0
ip route 172.16.62.208/28 Null0
ip route 172.16.62.224/28 Null0
ip route 172.16.62.240/28 Null0
vni 20000
exit-vrf
!
vrf evpn-cust-vrf
exit-vrf
!
vrf evpn-infra-vrf
exit-vrf
!
router bgp 65000
bgp router-id 10.10.11.10
no bgp hard-administrative-reset
no bgp default ipv4-unicast
no bgp deterministic-med
coalesce-time 1000
no bgp graceful-restart notification
neighbor VTEP peer-group
neighbor VTEP remote-as 65000
neighbor VTEP bfd
neighbor 10.10.11.11 peer-group VTEP
neighbor 10.10.11.12 peer-group VTEP
neighbor 10.10.11.13 peer-group VTEP
!
address-family l2vpn evpn
neighbor VTEP activate
neighbor VTEP route-map MAP_VTEP_IN in
neighbor VTEP route-map MAP_VTEP_OUT out
advertise-all-vni
exit-address-family
exit
!
router bgp 65000 vrf vrf_infra
bgp router-id 10.10.11.10
no bgp hard-administrative-reset
no bgp deterministic-med
no bgp graceful-restart notification
!
address-family l2vpn evpn
default-originate ipv4
default-originate ipv6
exit-address-family
exit
!
router bgp 65000 vrf vrf_kunden
bgp router-id 10.10.11.10
no bgp hard-administrative-reset
no bgp deterministic-med
no bgp graceful-restart notification
!
address-family l2vpn evpn
default-originate ipv4
default-originate ipv6
exit-address-family
exit

btw: the VMs inside the SDN and same subnet can ping and access each other - this works flawlessly and the performance it pure evil (this was a mandatory mistake i did, add the firewall with a 1gb connection to the subnet, so every traffic went over the firewall first and performance dropped - before migrating a vm round about 30 secs, after 0 seconds.)

pille99 · 2026-05-31T08:49:06+0200

nobody here has a proper configuration (for multi domain usecases ?) nobody knows anything about sdn ?

pille99 · 2026-05-31T08:52:03+0200

i just cant get the sdn to send a byte outside the sdn. doesnt matter what i do. with AI i got round about 1 trillion commands and command chains, but nothing worked. is there any possibilities to buy support ? i need to get that sorted and move forward. i wasted enough time with that.

pille99 · 2026-05-31T08:53:26+0200

one thing i read that dsn is bound to a virtual bridge (at the moment i have it on a pysically network bound) otherwise i cant see any errors

sdn Config. gateway not reachable

pille99

Active Member

pille99

Active Member

pille99

Active Member

pille99

Active Member

We value your privacy