Switches as exit nodes?

[cyruspy]

hi!, I'm planning to implement another PVE solution, this time a more capabilities on the SDN front.

I'm reading about the "exit on the host" option and I'm not clear about what does it mean for management vs workload traffic isolation.

Reading also than an external node is recommended for "exit" role I'm wondering if the exit nodes could be the switch stack that I'll be using to match the servers. What would be required on the switches besides "EVPN support"?

As a second usecase (more curiosity than actual need right now), would having switches and servers in the same EVPN/VXLAN mesh, would allow other physical clients of the physical network participate in the same VXLAN than a VM?

any thoughts @spirit?

 

[spirit]

hi!, I'm planning to implement another PVE solution, this time a more capabilities on the SDN front.

I'm reading about the "exit on the host" option and I'm not clear about what does it mean for management vs workload traffic isolation.

Reading also than an external node is recommended for "exit" role I'm wondering if the exit nodes could be the switch stack that I'll be using to match the servers. What would be required on the switches besides "EVPN support"?

As a second usecase (more curiosity than actual need right now), would having switches and servers in the same EVPN/VXLAN mesh, would allow other physical clients of the physical network participate in the same VXLAN than a VM?

any thoughts @spirit?

I'm using arista switches as exit-node/router in my production. (also tested with nvidia/mellanox switches + cumulus linux os)

and yes, sure, this will allow to have vxlan on physical clients. (or even vlan->vxlan translation)

 

[cyruspy]

I'm using arista switches as exit-node/router in my production. (also tested with nvidia/mellanox switches + cumulus linux os)

and yes, sure, this will allow to have vxlan on physical clients. (or even vlan->vxlan translation)

any documented configuration examples you could share?