]> git.proxmox.com Git - pve-docs.git/blame - vxlan-and-evpn.adoc
projects / pve-docs.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
vxlan : add missing vxlan-id
[pve-docs.git] / vxlan-and-evpn.adoc
CommitLineData
445822a9
DM		 1
2////
3
4This is currently not included, because
5- it requires ifupdown2
6- routing needs more documentation
7
8////
9
10
11VXLAN layer2 with vlan unware linux bridges
12~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
13
14VXLAN is an overlay network to carry Ethernet traffic over an existing IP network
15while accommodating a very large number of tenants. It is defined in RFC 7348.
16Each overlay network is known as a VXLAN Segment and identified by a unique
1724-bit segment ID called a VXLAN Network Identifier (VNI).
18
47cf2d10
AD		 19VXLAN encapsulation add 50bytes overhead, so you need to increase mtu on your host
20physical interfaces to 1550 at minimum. (or decrease mtu inside your vms to 1450)
21
445822a9
DM		 22For BUM traffic (broadcast / unknown unicast traffic, multicast),
23we have 3 differents vxlan setup modes : multicast, unicast, bgp-evpn
24
25image::images/vxlan-l2-vlanunaware.svg["vxlan l2 bridge vlan unaware",align="center"]
26
27multicast mode
28^^^^^^^^^^^^^^
29
30This scenario relies in head end replication, meaning that end host in case
31of not having any entry for the destination MAC address will send out an ARP
32to other devices / VTEPs in the VXLAN network.
33This is done by sending the request to the VXLAN multicast group,
34remote VTEPs will get the packet and answer accordingly direct to the originating VTEP.
35
36
37* node1
38
39----
40auto eno1
41iface eno1 inet manual
47cf2d10 42 mtu 1550
445822a9
DM		 43
44auto vmbr0
45iface vmbr0 inet static
46 address 192.168.0.1
47 netmask 255.255.255.0
48 bridge_ports eno1
49 bridge_stp off
50 bridge_fd 0
51
52auto vxlan2
53iface vxlan2 inet manual
edcf2118 54 vxlan-id 2
445822a9
DM		 55 vxlan-svcnodeip 225.20.1.1
56 vxlan-physdev eno1
57
58auto vmbr2
59iface vmbr2 inet manual
60 bridge_ports vxlan2
61 bridge_stp off
62 bridge_fd 0
63
64auto vxlan3
65iface vxlan3 inet manual
edcf2118 66 vxlan-id 3
445822a9
DM		 67 vxlan-svcnodeip 225.20.1.1
68 vxlan-physdev eno1
69
70auto vmbr3
71iface vmbr3 inet manual
72 bridge_ports vxlan3
73 bridge_stp off
74 bridge_fd 0
75----
76
77
78* node2
79
80----
81auto eno1
82iface eno1 inet manual
47cf2d10 83 mtu 1550
445822a9
DM		 84
85auto vmbr0
86iface vmbr0 inet static
87 address 192.168.0.2
88 netmask 255.255.255.0
89 bridge_ports eno1
90 bridge_stp off
91 bridge_fd 0
92
93auto vxlan2
94iface vxlan2 inet manual
edcf2118 95 vxlan-id 2
445822a9
DM		 96 vxlan-svcnodeip 225.20.1.1
97 vxlan-physdev eno1
98
99auto vmbr2
100iface vmbr2 inet manual
101 bridge_ports vxlan2
102 bridge_stp off
103 bridge_fd 0
104
105
106auto vxlan3
107iface vxlan3 inet manual
edcf2118 108 vxlan-id 3
445822a9
DM		 109 vxlan-svcnodeip 225.20.1.1
110 vxlan-physdev eno1
111
112auto vmbr3
113iface vmbr3 inet manual
114 bridge_ports vxlan3
115 bridge_stp off
116 bridge_fd 0
117----
118
119
120* node3
121
122----
123auto eno1
124iface eno1 inet manual
47cf2d10 125 mtu 1550
445822a9
DM		 126
127auto vmbr0
128iface vmbr0 inet static
129 address 192.168.0.3
130 netmask 255.255.255.0
131 bridge_ports eno1
132 bridge_stp off
133 bridge_fd 0
134
135auto vxlan2
136iface vxlan2 inet manual
edcf2118 137 vxlan-id 2
445822a9
DM		 138 vxlan-svcnodeip 225.20.1.1
139 vxlan-physdev eno1
140
141auto vmbr2
142iface vmbr2 inet manual
143 bridge_ports vxlan2
144 bridge_stp off
145 bridge_fd 0
146
147
148auto vxlan3
149iface vxlan3 inet manual
edcf2118 150 vxlan-id 3
445822a9
DM		 151 vxlan-svcnodeip 225.20.1.1
152 vxlan-physdev eno1
153
154auto vmbr3
155iface vmbr3 inet manual
156 bridge_ports vxlan3
157 bridge_stp off
158 bridge_fd 0
159----
160
161
162unicast mode
163^^^^^^^^^^^^
164
165We can replace multicast by head-end replication of BUM frames to a statically configured lists of remote VTEPs.
166The VXLAN is defined without a remote multicast group.
167Instead, all the remote VTEPs are associated with the all-zero address:
168a BUM frame will be duplicated to all these destinations.
169The VXLAN device will still learn remote addresses automatically using source-address learning.
170
171* node1
172
173----
174auto eno1
175iface eno1 inet manual
47cf2d10 176 mtu 1550
445822a9
DM		 177
178auto vmbr0
179iface vmbr0 inet static
180 address 192.168.0.1
181 netmask 255.255.255.0
182 bridge_ports eno1
183 bridge_stp off
184 bridge_fd 0
185
186
187auto vxlan2
188iface vxlan2 inet manual
edcf2118 189 vxlan-id 2
445822a9
DM		 190 vxlan_remoteip 192.168.0.2
191 vxlan_remoteip 192.168.0.3
192
193
194auto vmbr2
195iface vmbr2 inet manual
196 bridge_ports vxlan2
197 bridge_stp off
198 bridge_fd 0
199
200
201auto vxlan3
202iface vxlan2 inet manual
edcf2118 203 vxlan-id 3
445822a9
DM		 204 vxlan_remoteip 192.168.0.2
205 vxlan_remoteip 192.168.0.3
206
207
208auto vmbr3
209iface vmbr3 inet manual
210 bridge_ports vxlan3
211 bridge_stp off
212 bridge_fd 0
213----
214
215
216* node2
217
218----
219auto eno1
220iface eno1 inet manual
47cf2d10 221 mtu 1550
445822a9
DM		 222
223auto vmbr0
224iface vmbr0 inet static
225 address 192.168.0.2
226 netmask 255.255.255.0
227 bridge_ports eno1
228 bridge_stp off
229 bridge_fd 0
230
231auto vxlan2
232iface vxlan2 inet manual
edcf2118 233 vxlan-id 2
445822a9
DM		 234 vxlan_remoteip 192.168.0.1
235 vxlan_remoteip 192.168.0.3
236
237
238
239auto vmbr2
240iface vmbr2 inet manual
241 bridge_ports vxlan2
242 bridge_stp off
243 bridge_fd 0
244
245auto vxlan3
246iface vxlan2 inet manual
edcf2118 247 vxlan-id 3
445822a9
DM		 248 vxlan_remoteip 192.168.0.1
249 vxlan_remoteip 192.168.0.3
250
251
252auto vmbr3
253iface vmbr3 inet manual
254 bridge_ports vxlan3
255 bridge_stp off
256 bridge_fd 0
257----
258
259
260* node3
261
262----
263auto eno1
264iface eno1 inet manual
47cf2d10 265 mtu 1550
445822a9
DM		 266
267auto vmbr0
268iface vmbr0 inet static
269 address 192.168.0.3
270 netmask 255.255.255.0
271 bridge_ports eno1
272 bridge_stp off
273 bridge_fd 0
274
275auto vxlan2
276iface vxlan2 inet manual
edcf2118 277 vxlan-id 2
445822a9
DM		 278 vxlan_remoteip 192.168.0.2
279 vxlan_remoteip 192.168.0.3
280
281
282
283auto vmbr2
284iface vmbr2 inet manual
285 bridge_ports vxlan2
286 bridge_stp off
287 bridge_fd 0
288
289auto vxlan3
290iface vxlan2 inet manual
edcf2118 291 vxlan-id 3
445822a9
DM		 292 vxlan_remoteip 192.168.0.2
293 vxlan_remoteip 192.168.0.3
294
295
296auto vmbr3
297iface vmbr3 inet manual
298 bridge_ports vxlan3
299 bridge_stp off
300 bridge_fd 0
301----
302
303
304bgp-evpn
305^^^^^^^^
306
307VTEPs use control plane learning/distribution via BGP for remote MAC addresses instead of data plane learning.
308VTEPs have the ability to suppress ARP flooding over VXLAN tunnels.
309
310The control plane used here is FRR, a bgp routing software.
311Each node in the proxmox cluster peer with each others nodes.
312For bigger networks, or multiple proxmox clusters,
313it's possible to use external bgp route reflector servers.
314
315* node1
316
317----
318auto eno1
319iface eno1 inet manual
47cf2d10 320 mtu 1550
445822a9
DM		 321
322auto vmbr0
323iface vmbr0 inet static
324 address 192.168.0.1
325 netmask 255.255.255.0
326 bridge_ports eno1
327 bridge_stp off
328 bridge_fd 0
329
330auto vxlan2
331iface vxlan2 inet manual
edcf2118 332 vxlan-id 2
445822a9
DM		 333 vxlan-local-tunnelip 192.168.0.1
334 bridge-learning off
335 bridge-arp-nd-suppress on
336 bridge-unicast-flood off
337 bridge-multicast-flood off
338
339
340auto vmbr2
341iface vmbr2 inet manual
342 bridge_ports vxlan2
343 bridge_stp off
344 bridge_fd 0
345
346
347auto vxlan3
348iface vxlan3 inet manual
edcf2118 349 vxlan-id 3
445822a9
DM		 350 vxlan-local-tunnelip 192.168.0.1
351 bridge-learning off
352 bridge-arp-nd-suppress on
353 bridge-unicast-flood off
354 bridge-multicast-flood off
355
356
357auto vmbr3
358iface vmbr3 inet manual
359 bridge_ports vxlan3
360 bridge_stp off
361 bridge_fd 0
362----
363
364
365/etc/frr/frr.conf
366
367----
368router bgp 1234
369 no bgp default ipv4-unicast
370 coalesce-time 1000
371 neighbor 192.168.0.2 remote-as 1234
372 neighbor 192.168.0.3 remote-as 1234
373 !
374 address-family l2vpn evpn
375 neighbor 192.168.0.2 activate
376 neighbor 192.168.0.3 activate
377 advertise-all-vni
378 exit-address-family
379!
380line vty
381!
382----
383
384
385* node2
386
387----
388auto eno1
389iface eno1 inet manual
47cf2d10 390 mtu 1550
445822a9
DM		 391
392auto vmbr0
393iface vmbr0 inet static
394 address 192.168.0.2
395 netmask 255.255.255.0
396 bridge_ports eno1
397 bridge_stp off
398 bridge_fd 0
399
400auto vxlan2
401iface vxlan2 inet manual
edcf2118 402 vxlan-id 2
445822a9
DM		 403 vxlan-local-tunnelip 192.168.0.2
404 bridge-learning off
405 bridge-arp-nd-suppress on
406 bridge-unicast-flood off
407 bridge-multicast-flood off
408
409
410auto vmbr2
411iface vmbr2 inet manual
412 bridge_ports vxlan2
413 bridge_stp off
414 bridge_fd 0
415
416auto vxlan3
417iface vxlan3 inet manual
edcf2118 418 vxlan-id 3
445822a9
DM		 419 vxlan-local-tunnelip 192.168.0.2
420 bridge-learning off
421 bridge-arp-nd-suppress on
422 bridge-unicast-flood off
423 bridge-multicast-flood off
424
425
426auto vmbr3
427iface vmbr3 inet manual
428 bridge_ports vxlan3
429 bridge_stp off
430 bridge_fd 0
431----
432
433
434/etc/frr/frr.conf
435
436----
437router bgp 1234
438 no bgp default ipv4-unicast
439 coalesce-time 1000
440 neighbor 192.168.0.1 remote-as 1234
441 neighbor 192.168.0.3 remote-as 1234
442 !
443 address-family l2vpn evpn
444 neighbor 192.168.0.1 activate
445 neighbor 192.168.0.3 activate
446 advertise-all-vni
447 exit-address-family
448!
449line vty
450!
451----
452
453
454* node3
455
456----
457auto eno1
458iface eno1 inet manual
47cf2d10 459 mtu 1550
445822a9
DM		 460
461auto vmbr0
462iface vmbr0 inet static
463 address 192.168.0.2
464 netmask 255.255.255.0
465 bridge_ports eno1
466 bridge_stp off
467 bridge_fd 0
468
469auto vxlan2
470iface vxlan2 inet manual
edcf2118 471 vxlan-id 2
445822a9
DM		 472 vxlan-local-tunnelip 192.168.0.3
473 bridge-learning off
474 bridge-arp-nd-suppress on
475 bridge-unicast-flood off
476 bridge-multicast-flood off
477
478
479auto vmbr2
480iface vmbr2 inet manual
481 bridge_ports vxlan2
482 bridge_stp off
483 bridge_fd 0
484
485auto vxlan3
486iface vxlan3 inet manual
edcf2118 487 vxlan-id 3
445822a9
DM		 488 vxlan-local-tunnelip 192.168.0.3
489 bridge-learning off
490 bridge-arp-nd-suppress on
491 bridge-unicast-flood off
492 bridge-multicast-flood off
493
494
495auto vmbr3
496iface vmbr3 inet manual
497 bridge_ports vxlan3
498 bridge_stp off
499 bridge_fd 0
500----
501
502
503/etc/frr/frr.conf
504
505
506----
507router bgp 1234
508 no bgp default ipv4-unicast
509 coalesce-time 1000
510 neighbor 192.168.0.1 remote-as 1234
511 neighbor 192.168.0.2 remote-as 1234
512 !
513 address-family l2vpn evpn
514 neighbor 192.168.0.1 activate
515 neighbor 192.168.0.2 activate
516 advertise-all-vni
517 exit-address-family
518!
519line vty
520!
521----
522
1821b137
AD		 523VXLAN layer3 routing with anycast gateway
524~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
525
526With this need, each vmbr bridge will be the gateway for the vm.
527Same vmbr on different node, will have same ip address and same mac address,
528to have working vm live migration and no network disruption.
529
530VXLAN layer3 routing only work with FRR and non-aware bridge.
531(vlan aware bridge support is buggy currently).
532
1821b137
AD		 533asymmetric model
534^^^^^^^^^^^^^^^^
535
536This is the simplest mode. To get it work, all vxlan need to be defined on all nodes.
537
538The asymmetric model allows routing and bridging on the VXLAN tunnel ingress,
539but only bridging on the egress.
540This results in bi-directional VXLAN traffic traveling on different VNIs
541in each direction (always the destination VNI) across the routed infrastructure.
542
543image::images/vxlan-l3-asymmetric.svg["vxlan l3 asymmetric",align="center"]
544
545
ccecb4f9
AD		 546sysctl.conf tuning
547
548----
549#enable routing
550net.ipv4.ip_forward=1
551net.ipv6.conf.all.forwarding=1
552----
553
1821b137
AD		 554* node1
555
556----
557auto eno1
558iface eno1 inet manual
47cf2d10 559 mtu 1550
1821b137
AD		 560
561auto vmbr0
562iface vmbr0 inet static
563 address 192.168.0.1
564 netmask 255.255.255.0
565 bridge_ports eno1
566 bridge_stp off
567 bridge_fd 0
568
569auto vxlan2
570iface vxlan2 inet manual
edcf2118 571 vxlan-id 2
1821b137
AD		 572 vxlan-local-tunnelip 192.168.0.1
573 bridge-learning off
574 bridge-arp-nd-suppress on
575 bridge-unicast-flood off
576 bridge-multicast-flood off
577
578
579auto vmbr2
580iface vmbr2 inet static
581 address 10.0.2.254
582 netmask 255.255.255.0
583 hwaddress 44:39:39:FF:40:94
584 bridge_ports vxlan2
585 bridge_stp off
586 bridge_fd 0
587
588
589auto vxlan3
590iface vxlan3 inet manual
edcf2118 591 vxlan-id 3
1821b137
AD		 592 vxlan-local-tunnelip 192.168.0.1
593 bridge-learning off
594 bridge-arp-nd-suppress on
595 bridge-unicast-flood off
596 bridge-multicast-flood off
597
598
599auto vmbr3
600iface vmbr3 inet static
601 address 10.0.3.254
602 netmask 255.255.255.0
603 hwaddress 44:39:39:FF:40:94
604 bridge_ports vxlan3
605 bridge_stp off
606 bridge_fd 0
607----
608
609
610frr.conf
611
612----
613router bgp 1234
614 bgp router-id 192.168.0.1
615 no bgp default ipv4-unicast
616 coalesce-time 1000
617 neighbor 192.168.0.2 remote-as 1234
618 neighbor 192.168.0.3 remote-as 1234
619 !
620 address-family l2vpn evpn
621 neighbor 192.168.0.2 activate
622 neighbor 192.168.0.3 activate
623 advertise-all-vni
624 exit-address-family
625!
626line vty
627!
628----
629
630
631* node2
632
633----
634auto eno1
635iface eno1 inet manual
47cf2d10 636 mtu 1550
1821b137
AD		 637
638auto vmbr0
639iface vmbr0 inet static
640 address 192.168.0.2
641 netmask 255.255.255.0
642 bridge_ports eno1
643 bridge_stp off
644 bridge_fd 0
645
646auto vxlan2
647iface vxlan2 inet manual
edcf2118 648 vxlan-id 2
1821b137
AD		 649 vxlan-local-tunnelip 192.168.0.2
650 bridge-learning off
651 bridge-arp-nd-suppress on
652 bridge-unicast-flood off
653 bridge-multicast-flood off
654
655
656auto vmbr2
657iface vmbr2 inet static
658 address 10.0.2.254
659 netmask 255.255.255.0
660 hwaddress 44:39:39:FF:40:94
661 bridge_ports vxlan2
662 bridge_stp off
663 bridge_fd 0
664
665
666auto vxlan3
667iface vxlan3 inet manual
edcf2118 668 vxlan-id 3
1821b137
AD		 669 vxlan-local-tunnelip 192.168.0.2
670 bridge-learning off
671 bridge-arp-nd-suppress on
672 bridge-unicast-flood off
673 bridge-multicast-flood off
674
675
676auto vmbr3
677iface vmbr3 inet static
678 address 10.0.3.254
679 netmask 255.255.255.0
680 hwaddress 44:39:39:FF:40:94
681 bridge_ports vxlan3
682 bridge_stp off
683 bridge_fd 0
684----
685
686
687frr.conf
688
689----
690router bgp 1234
691 bgp router-id 192.168.0.2
692 no bgp default ipv4-unicast
693 coalesce-time 1000
694 neighbor 192.168.0.1 remote-as 1234
695 neighbor 192.168.0.3 remote-as 1234
696 !
697 address-family l2vpn evpn
698 neighbor 192.168.0.1 activate
699 neighbor 192.168.0.3 activate
700 advertise-all-vni
701 exit-address-family
702!
703line vty
704!
705----
706
707
708* node3
709
710----
711auto eno1
712iface eno1 inet manual
47cf2d10 713 mtu 1550
1821b137
AD		 714
715auto vmbr0
716iface vmbr0 inet static
717 address 192.168.0.3
718 netmask 255.255.255.0
719 bridge_ports eno1
720 bridge_stp off
721 bridge_fd 0
722
723auto vxlan2
724iface vxlan2 inet manual
edcf2118 725 vxlan-id 2
1821b137
AD		 726 vxlan-local-tunnelip 192.168.0.3
727 bridge-learning off
728 bridge-arp-nd-suppress on
729 bridge-unicast-flood off
730 bridge-multicast-flood off
731
732
733auto vmbr2
734iface vmbr2 inet static
735 address 10.0.2.254
736 netmask 255.255.255.0
737 hwaddress 44:39:39:FF:40:94
738 bridge_ports vxlan2
739 bridge_stp off
740 bridge_fd 0
741
742
743auto vxlan3
744iface vxlan3 inet manual
edcf2118 745 vxlan-id 3
1821b137
AD		 746 vxlan-local-tunnelip 192.168.0.3
747 bridge-learning off
748 bridge-arp-nd-suppress on
749 bridge-unicast-flood off
750 bridge-multicast-flood off
751
752
753auto vmbr3
754iface vmbr3 inet static
755 address 10.0.3.254
756 netmask 255.255.255.0
757 hwaddress 44:39:39:FF:40:94
758 bridge_ports vxlan3
759 bridge_stp off
760 bridge_fd 0
761----
762
763
764frr.conf
765
766----
767router bgp 1234
768 bgp router-id 192.168.0.3
769 no bgp default ipv4-unicast
770 coalesce-time 1000
771 neighbor 192.168.0.1 remote-as 1234
772 neighbor 192.168.0.2 remote-as 1234
773 !
774 address-family l2vpn evpn
775 neighbor 192.168.0.1 activate
776 neighbor 192.168.0.2 activate
777 advertise-all-vni
778 exit-address-family
779!
780line vty
781!
782----
783
784
785symmetric model
786^^^^^^^^^^^^^^^
787
788With this model, you don't need to have all vxlan on all nodes.
789This model will also be needed to route traffic to an external router.
790
791The symmetric model routes and bridges on both the ingress and the egress leafs.
792This results in bi-directional traffic being able to travel on the same VNI, hence the symmetric name.
793However, a new specialty transit VNI is used for all routed VXLAN traffic, called the L3VNI.
794All traffic that needs to be routed will be routed onto the L3VNI, tunneled across the layer 3 Infrastructure,
795routed off the L3VNI to the appropriate VLAN and ultimately bridged to the destination.
796
797A vrf is needed for the L3VNI, so all vmbr bridge need to be in the vrf if they want to be able to reach each others.
798
799image::images/vxlan-l3-symmetric.svg["vxlan l3 symmetric",align="center"]
800
ccecb4f9
AD		 801sysctl.conf tuning
802
803----
804#enable routing
805net.ipv4.ip_forward=1
806net.ipv6.conf.all.forwarding=1
807#disable reverse path filtering
808net.ipv4.conf.default.rp_filter=0
809net.ipv4.conf.all.rp_filter=0
ccecb4f9 810----
1821b137
AD		 811
812* node1
813
814----
815auto vrf1
816iface vrf1
817 vrf-table auto
818
819auto eno1
820iface eno1 inet manual
47cf2d10 821 mtu 1550
1821b137
AD		 822
823auto vmbr0
824iface vmbr0 inet static
825 address 192.168.0.1
826 netmask 255.255.255.0
827 bridge_ports eno1
828 bridge_stp off
829 bridge_fd 0
830
831auto vxlan2
832iface vxlan2 inet manual
edcf2118 833 vxlan-id 2
1821b137
AD		 834 vxlan-local-tunnelip 192.168.0.1
835 bridge-learning off
836 bridge-arp-nd-suppress on
837 bridge-unicast-flood off
838 bridge-multicast-flood off
839
840auto vmbr2
841iface vmbr2 inet static
842 bridge_ports vxlan2
843 bridge_stp off
844 bridge_fd 0
845 address 10.0.2.254
846 netmask 255.255.255.0
847 hwaddress 44:39:39:FF:40:94 #must be same on each node vmbr2
848 vrf vrf1
849
850auto vxlan3
851iface vxlan3 inet manual
edcf2118 852 vxlan-id 3
1821b137
AD		 853 vxlan-local-tunnelip 192.168.0.1
854 bridge-learning off
855 bridge-arp-nd-suppress on
856 bridge-unicast-flood off
857 bridge-multicast-flood off
858
859auto vmbr3
860iface vmbr3 inet static
861 bridge_ports vxlan3
862 bridge_stp off
863 bridge_fd 0
864 address 10.0.3.254
865 netmask 255.255.255.0
866 hwaddress 44:39:39:FF:40:94 #must be same on each node vmbr3
867 vrf vrf1
868
869#interconnect vxlan-vfr l3vni
870auto vxlan4000
871iface vxlan4000 inet manual
edcf2118 872 vxlan-id 4000
1821b137
AD		 873 vxlan-local-tunnelip 192.168.0.1
874 bridge-learning off
875 bridge-arp-nd-suppress on
876 bridge-unicast-flood off
877 bridge-multicast-flood off
878
879
880auto vmbr4000
881iface vmbr4000 inet manual
882 bridge_ports vxlan4000
883 bridge_stp off
884 bridge_fd 0
885 hwaddress 44:39:39:FF:40:90 #must be different on each node
886 vrf vrf1
887----
888
889frr.conf
890
891----
892vrf vrf1
893 vni 4000
894!
895router bgp 1234
896 bgp router-id 192.168.0.1
897 no bgp default ipv4-unicast
898 coalesce-time 1000
899 neighbor 192.168.0.2 remote-as 1234
900 neighbor 192.168.0.3 remote-as 1234
901 !
902 address-family l2vpn evpn
903 neighbor 192.168.0.2 activate
904 neighbor 192.168.0.3 activate
905 advertise-all-vni
906 exit-address-family
907!
908router bgp 1234 vrf vrf1
909!
910 bgp router-id 192.168.0.1
911 !
912 address-family ipv4 unicast
913 redistribute connected
914 exit-address-family
915 !
916 address-family l2vpn evpn
917 advertise ipv4 unicast
918 exit-address-family
919!
920line vty
921!
922----
923
924
925* node2
926
927----
928auto vrf1
929iface vrf1
930 vrf-table auto
931
932auto eno1
933iface eno1 inet manual
47cf2d10 934 mtu 1550
1821b137
AD		 935
936auto vmbr0
937iface vmbr0 inet static
938 address 192.168.0.2
939 netmask 255.255.255.0
940 bridge_ports eno1
941 bridge_stp off
942 bridge_fd 0
943
944auto vxlan2
945iface vxlan2 inet manual
edcf2118 946 vxlan-id 2
1821b137
AD		 947 vxlan-local-tunnelip 192.168.0.2
948 bridge-learning off
949 bridge-arp-nd-suppress on
950 bridge-unicast-flood off
951 bridge-multicast-flood off
952
953auto vmbr2
954iface vmbr2 inet static
955 bridge_ports vxlan2
956 bridge_stp off
957 bridge_fd 0
958 address 10.0.2.254
959 netmask 255.255.255.0
960 hwaddress 44:39:39:FF:40:94 #must be same on each node vmbr2
961 vrf vrf1
962
963auto vxlan3
964iface vxlan3 inet manual
edcf2118 965 vxlan-id 3
1821b137
AD		 966 vxlan-local-tunnelip 192.168.0.2
967 bridge-learning off
968 bridge-arp-nd-suppress on
969 bridge-unicast-flood off
970 bridge-multicast-flood off
971
972auto vmbr3
973iface vmbr3 inet static
974 bridge_ports vxlan3
975 bridge_stp off
976 bridge_fd 0
977 address 10.0.3.254
978 netmask 255.255.255.0
979 hwaddress 44:39:39:FF:40:94 #must be same on each node vmbr3
980 vrf vrf1
981
982#interconnect vxlan-vfr l3vni
983auto vxlan4000
984iface vxlan4000 inet manual
edcf2118 985 vxlan-id 4000
1821b137
AD		 986 vxlan-local-tunnelip 192.168.0.2
987 bridge-learning off
988 bridge-arp-nd-suppress on
989 bridge-unicast-flood off
990 bridge-multicast-flood off
991
992
993auto vmbr4000
994iface vmbr4000 inet manual
995 bridge_ports vxlan4000
996 bridge_stp off
997 bridge_fd 0
998 hwaddress 44:39:39:FF:40:91 #must be different on each node
999 vrf vrf1
1000----
1001
1002
1003frr.conf
1004
1005----
1006vrf vrf1
1007 vni 4000
1008!
1009router bgp 1234
1010 bgp router-id 192.168.0.2
1011 no bgp default ipv4-unicast
1012 coalesce-time 1000
1013 neighbor 192.168.0.1 remote-as 1234
1014 neighbor 192.168.0.3 remote-as 1234
1015 !
1016 address-family l2vpn evpn
1017 neighbor 192.168.0.1 activate
1018 neighbor 192.168.0.3 activate
1019 advertise-all-vni
1020 exit-address-family
1021!
1022router bgp 1234 vrf vrf1
1023!
1024 bgp router-id 192.168.0.2
1025 !
1026 address-family ipv4 unicast
1027 redistribute connected
1028 exit-address-family
1029 !
1030 address-family l2vpn evpn
1031 advertise ipv4 unicast
1032 exit-address-family
1033!
1034line vty
1035!
1036----
1037
1038
1039* node3
1040
1041----
1042auto vrf1
1043iface vrf1
1044 vrf-table auto
1045
1046auto eno1
1047iface eno1 inet manual
47cf2d10 1048 mtu 1550
1821b137
AD		 1049
1050auto vmbr0
1051iface vmbr0 inet static
1052 address 192.168.0.3
1053 netmask 255.255.255.0
1054 bridge_ports eno1
1055 bridge_stp off
1056 bridge_fd 0
1057
1058auto vxlan2
1059iface vxlan2 inet manual
edcf2118 1060 vxlan-id 2
1821b137
AD		 1061 vxlan-local-tunnelip 192.168.0.3
1062 bridge-learning off
1063 bridge-arp-nd-suppress on
1064 bridge-unicast-flood off
1065 bridge-multicast-flood off
1066
1067auto vmbr2
1068iface vmbr2 inet static
1069 bridge_ports vxlan2
1070 bridge_stp off
1071 bridge_fd 0
1072 address 10.0.2.254
1073 netmask 255.255.255.0
1074 hwaddress 44:39:39:FF:40:94 #must be same on each node vmbr2
1075 vrf vrf1
1076
1077auto vxlan3
1078iface vxlan3 inet manual
edcf2118 1079 vxlan-id 3
1821b137
AD		 1080 vxlan-local-tunnelip 192.168.0.3
1081 bridge-learning off
1082 bridge-arp-nd-suppress on
1083 bridge-unicast-flood off
1084 bridge-multicast-flood off
1085
1086auto vmbr3
1087iface vmbr3 inet static
1088 bridge_ports vxlan3
1089 bridge_stp off
1090 bridge_fd 0
1091 address 10.0.3.254
1092 netmask 255.255.255.0
1093 hwaddress 44:39:39:FF:40:94 #must be same on each node vmbr3
1094 vrf vrf1
1095
1096#interconnect vxlan-vfr l3vni
1097auto vxlan4000
1098iface vxlan4000 inet manual
edcf2118 1099 vxlan-id 4000
1821b137
AD		 1100 vxlan-local-tunnelip 192.168.0.3
1101 bridge-learning off
1102 bridge-arp-nd-suppress on
1103 bridge-unicast-flood off
1104 bridge-multicast-flood off
1105
1106
1107auto vmbr4000
1108iface vmbr4000 inet manual
1109 bridge_ports vxlan4000
1110 bridge_stp off
1111 bridge_fd 0
1112 hwaddress 44:39:39:FF:40:92 #must be different on each node
1113 vrf vrf1
1114----
1115
1116
1117frr.conf
1118
1119----
1120vrf vrf1
1121 vni 4000
1122!
1123router bgp 1234
1124 bgp router-id 192.168.0.3
1125 no bgp default ipv4-unicast
1126 coalesce-time 1000
1127 neighbor 192.168.0.1 remote-as 1234
1128 neighbor 192.168.0.2 remote-as 1234
1129 !
1130 address-family l2vpn evpn
1131 neighbor 192.168.0.1 activate
1132 neighbor 192.168.0.2 activate
1133 advertise-all-vni
1134 exit-address-family
1135!
1136router bgp 1234 vrf vrf1
1137!
1138 bgp router-id 192.168.0.3
1139 !
1140 address-family ipv4 unicast
1141 redistribute connected
1142 exit-address-family
1143 !
1144 address-family l2vpn evpn
1145 advertise ipv4 unicast
1146 exit-address-family
1147!
1148line vty
1149!
1150----
76b6e857
AD		 1151
1152VXLAN layer3 routing with anycast gateway + routing to outside with external router
1153~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1154Routing to outside need the symmetric model.
1155
11561 gateway node
1157^^^^^^^^^^^^^^
1158In this example, we'll use only 1 proxmox node as exit gateway. (node1)
1159This node have a simple default gw in the vrf to the external router (no bgp between router and node1)
1160and announce this default gw to other proxmox nodes.
1161
1162
1163*node1
1164
1165----
1166auto vrf1
1167iface vrf1
1168 vrf-table auto
1169
1170auto eno1
1171iface eno1 inet manual
47cf2d10 1172 mtu 1550
76b6e857
AD		 1173
1174auto vmbr0
1175iface vmbr0 inet static
1176 address 192.168.0.1
1177 netmask 255.255.255.0
1178 bridge_ports eno1
1179 bridge_stp off
1180 bridge_fd 0
1181
1182auto eno2
1183iface eno2
1184 address 172.16.0.1
1185 netmask 255.255.255.0
1186 vrf vrf1
1187 post-up ip route add default via 172.16.0.254 dev eno2 vrf vrf1
1188 #if you have multiple external routers, you can use ecmp balancing
1189 #post-up route add default nexthop via 172.16.0.253 dev eno2 vrf vrf1 nexthop via 172.16.0.254 dev eno2 vrf vrf1
1190
1191auto vxlan2
1192iface vxlan2 inet manual
edcf2118 1193 vxlan-id 2
76b6e857
AD		 1194 vxlan-local-tunnelip 192.168.0.1
1195 bridge-learning off
1196 bridge-arp-nd-suppress on
1197 bridge-unicast-flood off
1198 bridge-multicast-flood off
1199
1200auto vmbr2
1201iface vmbr2 inet static
1202 bridge_ports vxlan2
1203 bridge_stp off
1204 bridge_fd 0
1205 address 10.0.2.254
1206 netmask 255.255.255.0
1207 hwaddress 44:39:39:FF:40:94 #must be same on each node vmbr2
1208 vrf vrf1
1209
1210auto vxlan3
1211iface vxlan3 inet manual
edcf2118 1212 vxlan-id 3
76b6e857
AD		 1213 vxlan-local-tunnelip 192.168.0.1
1214 bridge-learning off
1215 bridge-arp-nd-suppress on
1216 bridge-unicast-flood off
1217 bridge-multicast-flood off
1218
1219auto vmbr3
1220iface vmbr3 inet static
1221 bridge_ports vxlan3
1222 bridge_stp off
1223 bridge_fd 0
1224 address 10.0.3.254
1225 netmask 255.255.255.0
1226 hwaddress 44:39:39:FF:40:94 #must be same on each node vmbr3
1227 vrf vrf1
1228
1229#interconnect vxlan-vfr l3vni
1230auto vxlan4000
1231iface vxlan4000 inet manual
edcf2118 1232 vxlan-id 4000
76b6e857
AD		 1233 vxlan-local-tunnelip 192.168.0.1
1234 bridge-learning off
1235 bridge-arp-nd-suppress on
1236 bridge-unicast-flood off
1237 bridge-multicast-flood off
1238
1239auto vmbr4000
1240iface vmbr4000 inet manual
1241 bridge_ports vxlan4000
1242 bridge_stp off
1243 bridge_fd 0
1244 hwaddress 44:39:39:FF:40:90 #must be different on each node
1245 vrf vrf1
1246----
1247
1248
1249frr.conf
1250
1251----
1252vrf vrf1
1253 vni 4000
1254!
1255router bgp 1234
1256 bgp router-id 192.168.0.1
1257 no bgp default ipv4-unicast
1258 coalesce-time 1000
1259 neighbor 192.168.0.2 remote-as 1234
1260 neighbor 192.168.0.3 remote-as 1234
1261 !
1262 address-family l2vpn evpn
1263 neighbor 192.168.0.2 activate
1264 neighbor 192.168.0.3 activate
1265 advertise-all-vni
1266 exit-address-family
1267!
1268router bgp 1234 vrf vrf1
1269!
1270 bgp router-id 172.16.0.1
1271 !
1272 address-family ipv4 unicast
1273 redistribute connected
1274 redistribute kernel !announce your default gw to all nodes
1275 exit-address-family
1276 !
1277 address-family l2vpn evpn
1278 advertise ipv4 unicast
1279 exit-address-family
1280!
1281line vty
1282!
1283----
1284
1285
1286* node2
1287
1288----
1289auto vrf1
1290iface vrf1
1291 vrf-table auto
1292
1293auto eno1
1294iface eno1 inet manual
47cf2d10 1295 mtu 1550
76b6e857
AD		 1296
1297auto vmbr0
1298iface vmbr0 inet static
1299 address 192.168.0.2
1300 netmask 255.255.255.0
1301 bridge_ports eno1
1302 bridge_stp off
1303 bridge_fd 0
1304
1305auto vxlan2
1306iface vxlan2 inet manual
edcf2118 1307 vxlan-id 2
76b6e857
AD		 1308 vxlan-local-tunnelip 192.168.0.2
1309 bridge-learning off
1310 bridge-arp-nd-suppress on
1311 bridge-unicast-flood off
1312 bridge-multicast-flood off
1313
1314auto vmbr2
1315iface vmbr2 inet static
1316 bridge_ports vxlan2
1317 bridge_stp off
1318 bridge_fd 0
1319 address 10.0.2.254
1320 netmask 255.255.255.0
1321 hwaddress 44:39:39:FF:40:94 #must be same on each node vmbr2
1322 vrf vrf1
1323
1324auto vxlan3
1325iface vxlan3 inet manual
edcf2118 1326 vxlan-id 3
76b6e857
AD		 1327 vxlan-local-tunnelip 192.168.0.2
1328 bridge-learning off
1329 bridge-arp-nd-suppress on
1330 bridge-unicast-flood off
1331 bridge-multicast-flood off
1332
1333auto vmbr3
1334iface vmbr3 inet static
1335 bridge_ports vxlan3
1336 bridge_stp off
1337 bridge_fd 0
1338 address 10.0.3.254
1339 netmask 255.255.255.0
1340 hwaddress 44:39:39:FF:40:94 #must be same on each node vmbr3
1341 vrf vrf1
1342
1343#interconnect vxlan-vfr l3vni
1344auto vxlan4000
1345iface vxlan4000 inet manual
edcf2118 1346 vxlan-id 4000
76b6e857
AD		 1347 vxlan-local-tunnelip 192.168.0.2
1348 bridge-learning off
1349 bridge-arp-nd-suppress on
1350 bridge-unicast-flood off
1351 bridge-multicast-flood off
1352
1353
1354auto vmbr4000
1355iface vmbr4000 inet manual
1356 bridge_ports vxlan4000
1357 bridge_stp off
1358 bridge_fd 0
1359 hwaddress 44:39:39:FF:40:91 #must be different on each node
1360 vrf vrf1
1361----
1362
1363
1364frr.conf
1365
1366----
1367vrf vrf1
1368 vni 4000
1369!
1370router bgp 1234
1371 bgp router-id 192.168.0.2
1372 no bgp default ipv4-unicast
1373 coalesce-time 1000
1374 neighbor 192.168.0.1 remote-as 1234
1375 neighbor 192.168.0.3 remote-as 1234
1376 !
1377 address-family l2vpn evpn
1378 neighbor 192.168.0.1 activate
1379 neighbor 192.168.0.3 activate
1380 advertise-all-vni
1381 exit-address-family
1382!
1383router bgp 1234 vrf vrf1
1384!
1385 bgp router-id 192.168.0.2
1386 !
1387 address-family ipv4 unicast
1388 redistribute connected
1389 exit-address-family
1390 !
1391 address-family l2vpn evpn
1392 advertise ipv4 unicast
1393 exit-address-family
1394!
1395line vty
1396!
1397----
1398
1399
1400* node3
1401
1402----
1403auto vrf1
1404iface vrf1
1405 vrf-table auto
1406
1407auto eno1
1408iface eno1 inet manual
47cf2d10 1409 mtu 1550
76b6e857
AD		 1410
1411auto vmbr0
1412iface vmbr0 inet static
1413 address 192.168.0.3
1414 netmask 255.255.255.0
1415 bridge_ports eno1
1416 bridge_stp off
1417 bridge_fd 0
1418
1419auto vxlan2
1420iface vxlan2 inet manual
edcf2118 1421 vxlan-id 2
76b6e857
AD		 1422 vxlan-local-tunnelip 192.168.0.3
1423 bridge-learning off
1424 bridge-arp-nd-suppress on
1425 bridge-unicast-flood off
1426 bridge-multicast-flood off
1427
1428auto vmbr2
1429iface vmbr2 inet static
1430 bridge_ports vxlan2
1431 bridge_stp off
1432 bridge_fd 0
1433 address 10.0.2.254
1434 netmask 255.255.255.0
1435 hwaddress 44:39:39:FF:40:94 #must be same on each node vmbr2
1436 vrf vrf1
1437
1438auto vxlan3
1439iface vxlan3 inet manual
edcf2118 1440 vxlan-id 3
76b6e857
AD		 1441 vxlan-local-tunnelip 192.168.0.3
1442 bridge-learning off
1443 bridge-arp-nd-suppress on
1444 bridge-unicast-flood off
1445 bridge-multicast-flood off
1446
1447auto vmbr3
1448iface vmbr3 inet static
1449 bridge_ports vxlan3
1450 bridge_stp off
1451 bridge_fd 0
1452 address 10.0.3.254
1453 netmask 255.255.255.0
1454 hwaddress 44:39:39:FF:40:94 #must be same on each node vmbr3
1455 vrf vrf1
1456
1457#interconnect vxlan-vfr l3vni
1458auto vxlan4000
1459iface vxlan4000 inet manual
edcf2118 1460 vxlan-id 4000
76b6e857
AD		 1461 vxlan-local-tunnelip 192.168.0.3
1462 bridge-learning off
1463 bridge-arp-nd-suppress on
1464 bridge-unicast-flood off
1465 bridge-multicast-flood off
1466
1467
1468auto vmbr4000
1469iface vmbr4000 inet manual
1470 bridge_ports vxlan4000
1471 bridge_stp off
1472 bridge_fd 0
1473 hwaddress 44:39:39:FF:40:92 #must be different on each node
1474 vrf vrf1
1475----
1476
1477
1478frr.conf
1479
1480----
1481vrf vrf1
1482 vni 4000
1483!
1484router bgp 1234
1485 bgp router-id 192.168.0.3
1486 no bgp default ipv4-unicast
1487 coalesce-time 1000
1488 neighbor 192.168.0.1 remote-as 1234
1489 neighbor 192.168.0.2 remote-as 1234
1490 !
1491 address-family l2vpn evpn
1492 neighbor 192.168.0.1 activate
1493 neighbor 192.168.0.2 activate
1494 advertise-all-vni
1495 exit-address-family
1496!
1497router bgp 1234 vrf vrf1
1498!
1499 bgp router-id 192.168.0.3
1500 !
1501 address-family ipv4 unicast
1502 redistribute connected
1503 exit-address-family
1504 !
1505 address-family l2vpn evpn
1506 advertise ipv4 unicast
1507 exit-address-family
1508!
1509line vty
1510!
1511----
1512
1513multiple gateway nodes
1514^^^^^^^^^^^^^^^^^^^^^^
1515In this example, all nodes will be used as exit gateway. (But you can use only 2 nodes if you want)
1516All nodes have a simple default gw in the vrf to the external router (no bgp between router and node1)
1517and announce this default gw.
1518The external router have ecmp routes to all proxmox nodes.(balancing).
1519If the router send the packet to a wrong node (vm is not on this node), this node will route through
1520vxlan the packet to final destination.
1521
1522*node1
1523
1524----
1525auto vrf1
1526iface vrf1
1527 vrf-table auto
1528
1529auto eno1
1530iface eno1 inet manual
47cf2d10 1531 mtu 1550
76b6e857
AD		 1532
1533auto vmbr0
1534iface vmbr0 inet static
1535 address 192.168.0.1
1536 netmask 255.255.255.0
1537 bridge_ports eno1
1538 bridge_stp off
1539 bridge_fd 0
1540
1541auto eno2
1542iface eno2
1543 address 172.16.0.1
1544 netmask 255.255.255.0
1545 vrf vrf1
47cf2d10 1546 mtu 1550
76b6e857
AD		 1547 post-up ip route add default via 172.16.0.254 dev eno2 vrf vrf1
1548 #if you have multiple external routers, you can use ecmp balancing
1549 #post-up route add default nexthop via 172.16.0.253 dev eno2 vrf vrf1 nexthop via 172.16.0.254 dev eno2 vrf vrf1
1550
1551auto vxlan2
1552iface vxlan2 inet manual
edcf2118 1553 vxlan-id 2
76b6e857
AD		 1554 vxlan-local-tunnelip 192.168.0.1
1555 bridge-learning off
1556 bridge-arp-nd-suppress on
1557 bridge-unicast-flood off
1558 bridge-multicast-flood off
1559
1560auto vmbr2
1561iface vmbr2 inet static
1562 bridge_ports vxlan2
1563 bridge_stp off
1564 bridge_fd 0
1565 address 10.0.2.254
1566 netmask 255.255.255.0
1567 hwaddress 44:39:39:FF:40:94 #must be same on each node vmbr2
1568 vrf vrf1
1569
1570auto vxlan3
1571iface vxlan3 inet manual
edcf2118 1572 vxlan-id 3
76b6e857
AD		 1573 vxlan-local-tunnelip 192.168.0.1
1574 bridge-learning off
1575 bridge-arp-nd-suppress on
1576 bridge-unicast-flood off
1577 bridge-multicast-flood off
1578
1579auto vmbr3
1580iface vmbr3 inet static
1581 bridge_ports vxlan3
1582 bridge_stp off
1583 bridge_fd 0
1584 address 10.0.3.254
1585 netmask 255.255.255.0
1586 hwaddress 44:39:39:FF:40:94 #must be same on each node vmbr3
1587 vrf vrf1
1588
1589#interconnect vxlan-vfr l3vni
1590auto vxlan4000
1591iface vxlan4000 inet manual
edcf2118 1592 vxlan-id 4000
76b6e857
AD		 1593 vxlan-local-tunnelip 192.168.0.1
1594 bridge-learning off
1595 bridge-arp-nd-suppress on
1596 bridge-unicast-flood off
1597 bridge-multicast-flood off
1598
1599auto vmbr4000
1600iface vmbr4000 inet manual
1601 bridge_ports vxlan4000
1602 bridge_stp off
1603 bridge_fd 0
1604 hwaddress 44:39:39:FF:40:90 #must be different on each node
1605 vrf vrf1
1606----
1607
1608
1609frr.conf
1610
1611----
1612vrf vrf1
1613 vni 4000
1614!
1615router bgp 1234
1616 bgp router-id 192.168.0.1
1617 no bgp default ipv4-unicast
1618 coalesce-time 1000
1619 neighbor 192.168.0.2 remote-as 1234
1620 neighbor 192.168.0.3 remote-as 1234
1621 !
1622 address-family l2vpn evpn
1623 neighbor 192.168.0.2 activate
1624 neighbor 192.168.0.3 activate
1625 advertise-all-vni
1626 exit-address-family
1627!
1628router bgp 1234 vrf vrf1
1629!
1630 bgp router-id 172.16.0.1
1631 !
1632 address-family ipv4 unicast
1633 redistribute connected
1634 redistribute kernel !announce your default gw to all nodes
1635 exit-address-family
1636 !
1637 address-family l2vpn evpn
1638 advertise ipv4 unicast
1639 exit-address-family
1640!
1641line vty
1642!
1643----
1644
1645
1646* node2
1647
1648----
1649auto vrf1
1650iface vrf1
1651 vrf-table auto
1652
1653auto eno1
1654iface eno1 inet manual
47cf2d10 1655 mtu 1550
76b6e857
AD		 1656
1657auto vmbr0
1658iface vmbr0 inet static
1659 address 192.168.0.2
1660 netmask 255.255.255.0
1661 bridge_ports eno1
1662 bridge_stp off
1663 bridge_fd 0
1664
1665auto eno2
1666iface eno2
1667 address 172.16.0.3
1668 netmask 255.255.255.0
1669 vrf vrf1
47cf2d10 1670 mtu 1550
76b6e857
AD		 1671 post-up ip route add default via 172.16.0.254 dev eno2 vrf vrf1
1672 #if you have multiple external routers, you can use ecmp balancing
1673 #post-up route add default nexthop via 172.16.0.253 dev eno2 vrf vrf1 nexthop via 172.16.0.254 dev eno2 vrf vrf1
1674
1675auto vxlan2
1676iface vxlan2 inet manual
edcf2118 1677 vxlan-id 2
76b6e857
AD		 1678 vxlan-local-tunnelip 192.168.0.2
1679 bridge-learning off
1680 bridge-arp-nd-suppress on
1681 bridge-unicast-flood off
1682 bridge-multicast-flood off
1683
1684auto vmbr2
1685iface vmbr2 inet static
1686 bridge_ports vxlan2
1687 bridge_stp off
1688 bridge_fd 0
1689 address 10.0.2.254
1690 netmask 255.255.255.0
1691 hwaddress 44:39:39:FF:40:94 #must be same on each node vmbr2
1692 vrf vrf1
1693
1694auto vxlan3
1695iface vxlan3 inet manual
edcf2118 1696 vxlan-id 3
76b6e857
AD		 1697 vxlan-local-tunnelip 192.168.0.2
1698 bridge-learning off
1699 bridge-arp-nd-suppress on
1700 bridge-unicast-flood off
1701 bridge-multicast-flood off
1702
1703auto vmbr3
1704iface vmbr3 inet static
1705 bridge_ports vxlan3
1706 bridge_stp off
1707 bridge_fd 0
1708 address 10.0.3.254
1709 netmask 255.255.255.0
1710 hwaddress 44:39:39:FF:40:94 #must be same on each node vmbr3
1711 vrf vrf1
1712
1713#interconnect vxlan-vfr l3vni
1714auto vxlan4000
1715iface vxlan4000 inet manual
edcf2118 1716 vxlan-id 4000
76b6e857
AD		 1717 vxlan-local-tunnelip 192.168.0.2
1718 bridge-learning off
1719 bridge-arp-nd-suppress on
1720 bridge-unicast-flood off
1721 bridge-multicast-flood off
1722
1723
1724auto vmbr4000
1725iface vmbr4000 inet manual
1726 bridge_ports vxlan4000
1727 bridge_stp off
1728 bridge_fd 0
1729 hwaddress 44:39:39:FF:40:91 #must be different on each node
1730 vrf vrf1
1731----
1732
1733
1734frr.conf
1735
1736----
1737vrf vrf1
1738 vni 4000
1739!
1740router bgp 1234
1741 bgp router-id 192.168.0.2
1742 no bgp default ipv4-unicast
1743 coalesce-time 1000
1744 neighbor 192.168.0.1 remote-as 1234
1745 neighbor 192.168.0.3 remote-as 1234
1746 !
1747 address-family l2vpn evpn
1748 neighbor 192.168.0.1 activate
1749 neighbor 192.168.0.3 activate
1750 advertise-all-vni
1751 exit-address-family
1752!
1753router bgp 1234 vrf vrf1
1754!
1755 bgp router-id 172.16.0.2
1756 !
1757 address-family ipv4 unicast
1758 redistribute connected
1759 redistribute kernel !announce your default gw to all nodes
1760 exit-address-family
1761 !
1762 address-family l2vpn evpn
1763 advertise ipv4 unicast
1764 exit-address-family
1765!
1766line vty
1767!
1768----
1769
1770
1771* node3
1772
1773----
1774auto vrf1
1775iface vrf1
1776 vrf-table auto
1777
1778auto eno1
1779iface eno1 inet manual
47cf2d10
AD		 1780 mtu 1550
1781
76b6e857
AD		 1782auto vmbr0
1783iface vmbr0 inet static
1784 address 192.168.0.3
1785 netmask 255.255.255.0
1786 bridge_ports eno1
1787 bridge_stp off
1788 bridge_fd 0
1789
1790auto eno2
1791iface eno2
1792 address 172.16.0.3
1793 netmask 255.255.255.0
1794 vrf vrf1
47cf2d10 1795 mtu 1550
76b6e857
AD		 1796 post-up ip route add default via 172.16.0.254 dev eno2 vrf vrf1
1797 #if you have multiple external routers, you can use ecmp balancing
1798 #post-up route add default nexthop via 172.16.0.253 dev eno2 vrf vrf1 nexthop via 172.16.0.254 dev eno2 vrf vrf1
1799
1800auto vxlan2
1801iface vxlan2 inet manual
edcf2118 1802 vxlan-id 2
76b6e857
AD		 1803 vxlan-local-tunnelip 192.168.0.3
1804 bridge-learning off
1805 bridge-arp-nd-suppress on
1806 bridge-unicast-flood off
1807 bridge-multicast-flood off
1808
1809auto vmbr2
1810iface vmbr2 inet static
1811 bridge_ports vxlan2
1812 bridge_stp off
1813 bridge_fd 0
1814 address 10.0.2.254
1815 netmask 255.255.255.0
1816 hwaddress 44:39:39:FF:40:94 #must be same on each node vmbr2
1817 vrf vrf1
1818
1819auto vxlan3
1820iface vxlan3 inet manual
edcf2118 1821 vxlan-id 3
76b6e857
AD		 1822 vxlan-local-tunnelip 192.168.0.3
1823 bridge-learning off
1824 bridge-arp-nd-suppress on
1825 bridge-unicast-flood off
1826 bridge-multicast-flood off
1827
1828auto vmbr3
1829iface vmbr3 inet static
1830 bridge_ports vxlan3
1831 bridge_stp off
1832 bridge_fd 0
1833 address 10.0.3.254
1834 netmask 255.255.255.0
1835 hwaddress 44:39:39:FF:40:94 #must be same on each node vmbr3
1836 vrf vrf1
1837
1838#interconnect vxlan-vfr l3vni
1839auto vxlan4000
1840iface vxlan4000 inet manual
edcf2118 1841 vxlan-id 4000
76b6e857
AD		 1842 vxlan-local-tunnelip 192.168.0.3
1843 bridge-learning off
1844 bridge-arp-nd-suppress on
1845 bridge-unicast-flood off
1846 bridge-multicast-flood off
1847
1848
1849auto vmbr4000
1850iface vmbr4000 inet manual
1851 bridge_ports vxlan4000
1852 bridge_stp off
1853 bridge_fd 0
1854 hwaddress 44:39:39:FF:40:92 #must be different on each node
1855 vrf vrf1
1856----
1857
1858
1859frr.conf
1860
1861----
1862vrf vrf1
1863 vni 4000
1864!
1865router bgp 1234
1866 bgp router-id 192.168.0.3
1867 no bgp default ipv4-unicast
1868 coalesce-time 1000
1869 neighbor 192.168.0.1 remote-as 1234
1870 neighbor 192.168.0.2 remote-as 1234
1871 !
1872 address-family l2vpn evpn
1873 neighbor 192.168.0.1 activate
1874 neighbor 192.168.0.2 activate
1875 advertise-all-vni
1876 exit-address-family
1877!
1878router bgp 1234 vrf vrf1
1879!
1880 bgp router-id 172.16.0.3
1881 !
1882 address-family ipv4 unicast
1883 redistribute connected
1884 redistribute kernel !announce your default gw to all nodes
1885 exit-address-family
1886 !
1887 address-family l2vpn evpn
1888 advertise ipv4 unicast
1889 exit-address-family
1890!
1891line vty
1892!
1893----
1894
1895Note
1896^^^^
1897
1898If your external router don't support ecmp to reach multiple proxmox nodes,
1899you can setup an HA floating vip on proxmox nodes with vrrp
1900
1901I this example, we will setup an floating 172.16.0.10 ip on node1 and node2.
1902Node1 is the primary and failover to node2 in case of failure.
1903
1904
1905* node1
1906
1907----
1908auto eno2
1909iface eno2
1910 address 172.16.0.1
1911 netmask 255.255.255.0
1912 vrf vrf1
47cf2d10 1913 mtu 1550
76b6e857
AD		 1914 post-up ip route add default via 172.16.0.254 dev eno2 vrf vrf1
1915 vrrp-id 1
1916 vrrp-priority 1
1917 vrrp-virtual-ip 172.16.0.10
1918----
1919
1920* node2
1921
1922----
1923auto eno2
1924iface eno2
1925 address 172.16.0.2
1926 netmask 255.255.255.0
47cf2d10 1927 mtu 1550
76b6e857
AD		 1928 vrf vrf1
1929 post-up ip route add default via 172.16.0.254 dev eno2 vrf vrf1
1930 vrrp-id 1
1931 vrrp-priority 2
1932 vrrp-virtual-ip 172.16.0.10
1933----
1934
1935
PVE Documentation