[SDN] Wrong automatic VXLAN configuration to use it over wiregaurd

caskote

New Member
Mar 6, 2022
5
0
1
29
Hi everyone,

i test the last days SDN on my cluster (v7.1-10, lasted updates) and detect some problem with VXLAN over wireguard.

The automatic create config is something like this for three nodes:

Code:
auto <zone_name>_<vnet_name>
iface <zone_name>_<vnet_name>
        vxlan-id <vnet_id>
        vxlan_remoteip <ip-address_node01>
        vxlan_remoteip <ip-address_node02>
        vxlan_remoteip <ip-address_node03>
        mtu <mtu_of_underlayer_network>

The "<...>" are placeholder and need to replace with the corresponding value.

With this configuration the connection between the nodes are very bad, i don't get a connection respectively after i start a ping i need to wait 5-10 sec to get a result.
I can ping the wireguard peer-nodes without a problem, so i think this is a configure problem this vxlan.

After some searching I came across this website: Static VXLAN Tunnels (NVIDEA Docs)
Under the section "Configure Static VXLAN Tunnels", in the point "Linux Commands" we can see an example configuration of vxlan. If we use this as an output point and adjust our network config like this:

Code:
auto <zone_name>_<vnet_name>
iface <zone_name>_<vnet_name>
        vxlan-id <vnet_id>
        vxlan-local-tunnelip <ip-address_local_node>
        vxlan_remoteip <ip-address_other_node02>
        vxlan_remoteip <ip-address_other_node03>
        mtu <mtu_of_underlayer_network>

VXLAN works now over wireguard without a problem, the connection (pings) are very good, not much worse than without vxlan.
The change in the config is the use of the option "vxlan-local-tunnelip" for the local node ip-address.

Therefore my question if you can adjust the package so that the vxlan configuration is generated corrected.

Thanks for your help
 
I can't look at it before 2 weeks, but I think it should be easy to add it.
(I'm already doing it with evpn vxlan)
No Problem and thanks for your fast replay.

Is there any way to stop Proxmox from changing this config in the meantime?
 
No Problem and thanks for your fast replay.

Is there any way to stop Proxmox from changing this config in the meantime?
The config is only change if you use the "apply sdn" button.

they are only 1 file generated /etc/network/interfaces.d/sdn.

so you could do a "chattr +i /etc/network/interfaces.d/sdn" to write lock it.
 
Hi,
I'm going to work on it.

can you provide me :

/etc/pve/sdn/*.cfg , /etc/network/interfaces && /etc/network/interfaces.d/sdn

I'll like to see exactly your configuration with wireguard.

I woud like to be sure of the value of:

vxlan-local-tunnelip <ip-address_local_node>

Normally you shouldn't see on node1:
vxlan_remoteip <ip-address_node01> , if this ip is used as local node source to join peers. (I'm looking into route table)

But I'm not sure when wireguard is used.
 
Last edited:
Hi,

sorry for the late reply.

I attached my config from one node

In this config I have removed all entries that are not related to wireguard.
 

Attachments

  • interfaces.txt
    492 bytes · Views: 16
  • sdn.txt
    285 bytes · Views: 18
  • vnets.cfg.txt
    47 bytes · Views: 12
  • zones.cfg.txt
    109 bytes · Views: 10
  • subnets.cfg.txt
    7 bytes · Views: 11
Hello! It seems this issue has not been resolved yet looking at the resulting `sdn` config generated by PVE. Are there any plans on the roadmap to fix it? Thanks in advance.
Could you make a request on bugzilla.proxmox.com ?

as workaround, it's possible to add option in /etc/network/interfaces, for example

Code:
iface vxlan_test
    vxlan-local-tunnelip xxx.xxx.xxx.98

it'll be merged with generated config in /etc/network/interfaces.d/sdn

Code:
auto vxlan_test
iface vxlan_test
    vxlan-id 50
    vxlan-remoteip xxx.xxx.xxx.102
    vxlan-remoteip xxx.xxx.xxx.54
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!