[SDN] Wrong automatic VXLAN configuration to use it over wiregaurd

[caskote]

Hi everyone,

i test the last days SDN on my cluster (v7.1-10, lasted updates) and detect some problem with VXLAN over wireguard.

The automatic create config is something like this for three nodes:

auto <zone_name>_<vnet_name>
iface <zone_name>_<vnet_name>
        vxlan-id <vnet_id>
        vxlan_remoteip <ip-address_node01>
        vxlan_remoteip <ip-address_node02>
        vxlan_remoteip <ip-address_node03>
        mtu <mtu_of_underlayer_network>

The "<...>" are placeholder and need to replace with the corresponding value.

With this configuration the connection between the nodes are very bad, i don't get a connection respectively after i start a ping i need to wait 5-10 sec to get a result.
I can ping the wireguard peer-nodes without a problem, so i think this is a configure problem this vxlan.

After some searching I came across this website: Static VXLAN Tunnels (NVIDEA Docs)
Under the section "Configure Static VXLAN Tunnels", in the point "Linux Commands" we can see an example configuration of vxlan. If we use this as an output point and adjust our network config like this:

auto <zone_name>_<vnet_name>
iface <zone_name>_<vnet_name>
        vxlan-id <vnet_id>
        vxlan-local-tunnelip <ip-address_local_node>
        vxlan_remoteip <ip-address_other_node02>
        vxlan_remoteip <ip-address_other_node03>
        mtu <mtu_of_underlayer_network>

VXLAN works now over wireguard without a problem, the connection (pings) are very good, not much worse than without vxlan.
The change in the config is the use of the option "vxlan-local-tunnelip" for the local node ip-address.

Therefore my question if you can adjust the package so that the vxlan configuration is generated corrected.

Thanks for your help

 

[spirit]

Hi,

for the reporting this.
I can't look at it before 2 weeks, but I think it should be easy to add it.
(I'm already doing it with evpn vxlan)

 

[caskote]

I can't look at it before 2 weeks, but I think it should be easy to add it.
(I'm already doing it with evpn vxlan)

No Problem and thanks for your fast replay.

Is there any way to stop Proxmox from changing this config in the meantime?

 

[spirit]

No Problem and thanks for your fast replay.

Is there any way to stop Proxmox from changing this config in the meantime?

The config is only change if you use the "apply sdn" button.

they are only 1 file generated /etc/network/interfaces.d/sdn.

so you could do a "chattr +i /etc/network/interfaces.d/sdn" to write lock it.

 

[spirit]

Hi,
I'm going to work on it.

can you provide me :

/etc/pve/sdn/*.cfg , /etc/network/interfaces && /etc/network/interfaces.d/sdn

I'll like to see exactly your configuration with wireguard.

I woud like to be sure of the value of:

vxlan-local-tunnelip <ip-address_local_node>

Normally you shouldn't see on node1:
vxlan_remoteip <ip-address_node01> , if this ip is used as local node source to join peers. (I'm looking into route table)

But I'm not sure when wireguard is used.

 

[caskote]

Hi,

sorry for the late reply.

I attached my config from one node

In this config I have removed all entries that are not related to wireguard.

 

[spirit]

I m currently on holiday, i ll look at it next week. Thanks

 

[spirit]

Could you send the content of interfaces ? (With masked IP if needed ) .

 

[caskote]

I attached it.

 

[servada]

Hello! It seems this issue has not been resolved yet looking at the resulting `sdn` config generated by PVE. Are there any plans on the roadmap to fix it? Thanks in advance.

 

[spirit]

Hello! It seems this issue has not been resolved yet looking at the resulting `sdn` config generated by PVE. Are there any plans on the roadmap to fix it? Thanks in advance.

Could you make a request on bugzilla.proxmox.com ?

as workaround, it's possible to add option in /etc/network/interfaces, for example

iface vxlan_test
    vxlan-local-tunnelip xxx.xxx.xxx.98

it'll be merged with generated config in /etc/network/interfaces.d/sdn

auto vxlan_test
iface vxlan_test
    vxlan-id 50
    vxlan-remoteip xxx.xxx.xxx.102
    vxlan-remoteip xxx.xxx.xxx.54