On Tue, Mar 11, 2025, 13:41 DERUMIER, Alexandre < alexandre.derum...@groupe-cyllene.com> wrote:
> Hi, > > >>I'm trying to make traffic work between VRFs passing through a an > >>external firewall (opnsense+frr) but traffic seems to be resolved > >>locally by the node, even though source/destination are on different > >>VRFs (and ultimately doesn't work): > > as you have defined exit-nodes, they are leaking routes between the > main vrf && the evpn zone vrf. (to be able to route traffic between the > evpn network and the real network) > > > if you want to announce evpn subnets to your opensense, you can create > an extra bgp controller for each node, and add your opensense ip as > peer. it should be enough. > Hello!, Now that you mention it.... Probably I don't need exit nodes to be defined. In this specific usecase, I'm placing peering interfaces in the specific VRFs and configuring 2 manual BGP instances towards the firewalls. That might fix my current problem. Will try and report back! Regards. > _______________________________________________ pve-user mailing list pve-user@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user
