Hi,
I am trying to design 2 Proxmox clusters (5 nodes each) each cluster siting in separate geographical location. I want to share only networks for VM's between those sites/cluster. After some reading I came with idea to use SDN with evpn but I do have some questions:
General evpn clarifications
- in my design I want to have two evpn zones in each cluster - my asumption is that I can use single evpn controller for both zones in each cluster - is it correct assumptions or do I need separate evpn controller for each evpn zone
- is there way to split VXLAN and control traffic (bgp) onto separate interfaces
- if I don't specify gateway for specific vnet I am assuming this vent is isolated from rest of vnets in same zone and hosts outside of Proxmox
- is there a good reason to use router reflectors or full mesh is ok - personally I don't see reason to use route reflectors but maybe I am missing something
Routing traffic outside Proxmox cluster
- scenario 1 - I don't use any BGP peering - I am assuming I have to specify exit nodes in Proxmox and on my router to which Proxmox host are pointing using default gateway I need to configure static routes for every subnet that is handled by vnet zones - did I miss something
- scenario 2 - I am peering Proxmox hosts with BGP router using eBGP without evpn support - in that case I am assuming I have to configure bgp controller on every Promox host poiting to my router. Do I have to specify exit nodes if yes should I only configure bgp controller on those hosts or maybe I just configure bgp peering everywhere and don't specify exit nodes but I need than to distribute default route from BGP router
- scenario 3 - I am peering Proxmox hosts with BGP router that supports evpn - where do I configure such peering - also using BGP controller or using peers under evpn controller. In second case should I mark some nodes as exits or I don't need to.
Sharing vnets between clusters (assuming I have same vnets, zones configure with same parameters on both clusters)
- scenario 1 - I am able to reach directly each Proxmox hosts in both clusters - in such case I add all hosts from both clusters into list of peers under evpn controller and I don't need to specify anything else
- scenario 2 - host in both clusters have to talk through default gateway - where do I configure that hosts from other cluster are mutlihop bgp peers. Will such scenario even work - I am assuming yes since there is layer 3 connectivity between all hosts.
- scenario 4 - host in both clusters are peering with bgp routers that supports evpn and have already evpn route from other cluster - should I use route import option in such case to import routes from bgp router or there are some other options I need to configure.
- is there any way to protect that VM's runing on Proxmox cluster in site A not to use nodes in proxmox cluster in site B to send traffic outside evpn zone
- is there any special case where I would need to configure different ASN number in evpn controllers in each cluster other than overlapping node ips
Pawel
I am trying to design 2 Proxmox clusters (5 nodes each) each cluster siting in separate geographical location. I want to share only networks for VM's between those sites/cluster. After some reading I came with idea to use SDN with evpn but I do have some questions:
General evpn clarifications
- in my design I want to have two evpn zones in each cluster - my asumption is that I can use single evpn controller for both zones in each cluster - is it correct assumptions or do I need separate evpn controller for each evpn zone
- is there way to split VXLAN and control traffic (bgp) onto separate interfaces
- if I don't specify gateway for specific vnet I am assuming this vent is isolated from rest of vnets in same zone and hosts outside of Proxmox
- is there a good reason to use router reflectors or full mesh is ok - personally I don't see reason to use route reflectors but maybe I am missing something
Routing traffic outside Proxmox cluster
- scenario 1 - I don't use any BGP peering - I am assuming I have to specify exit nodes in Proxmox and on my router to which Proxmox host are pointing using default gateway I need to configure static routes for every subnet that is handled by vnet zones - did I miss something
- scenario 2 - I am peering Proxmox hosts with BGP router using eBGP without evpn support - in that case I am assuming I have to configure bgp controller on every Promox host poiting to my router. Do I have to specify exit nodes if yes should I only configure bgp controller on those hosts or maybe I just configure bgp peering everywhere and don't specify exit nodes but I need than to distribute default route from BGP router
- scenario 3 - I am peering Proxmox hosts with BGP router that supports evpn - where do I configure such peering - also using BGP controller or using peers under evpn controller. In second case should I mark some nodes as exits or I don't need to.
Sharing vnets between clusters (assuming I have same vnets, zones configure with same parameters on both clusters)
- scenario 1 - I am able to reach directly each Proxmox hosts in both clusters - in such case I add all hosts from both clusters into list of peers under evpn controller and I don't need to specify anything else
- scenario 2 - host in both clusters have to talk through default gateway - where do I configure that hosts from other cluster are mutlihop bgp peers. Will such scenario even work - I am assuming yes since there is layer 3 connectivity between all hosts.
- scenario 4 - host in both clusters are peering with bgp routers that supports evpn and have already evpn route from other cluster - should I use route import option in such case to import routes from bgp router or there are some other options I need to configure.
- is there any way to protect that VM's runing on Proxmox cluster in site A not to use nodes in proxmox cluster in site B to send traffic outside evpn zone
- is there any special case where I would need to configure different ASN number in evpn controllers in each cluster other than overlapping node ips
Pawel
Last edited:
