]> git.puffer.fish Git - matthieu/pve-network.git/commit
projects / matthieu / pve-network.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: dd510e8) | patch
zones: evpn: add a default unreachable, to prevent vrf leak
authorAlexandre Bruyelles <git@jack.fr.eu.org>
Thu, 8 Apr 2021 08:45:13 +0000 (10:45 +0200)
committerThomas Lamprecht <t.lamprecht@proxmox.com>
Fri, 9 Apr 2021 10:55:40 +0000 (12:55 +0200)
commitd9ee954447c0ea7ab99f68e42d5281282a38c588
tree599d909b8b68b74c8caedafb130771cfc0e754adtree | snapshot
parentdd510e8a11bc8107a4a5a803a7ac97e574a11875commit | diff
zones: evpn: add a default unreachable, to prevent vrf leak

On Linux, when no route is found in a vrf, it somehow fallback
to the default routing table. In our case, that means a leak
from the overlay to the underlay.
Adding a low priority unreachable catch-all route is the way to go, as
per the doc: https://www.kernel.org/doc/Documentation/networking/vrf.txt

Signed-off-by: Alexandre Bruyelles <git@jack.fr.eu.org>
PVE/Network/SDN/Zones/EvpnPlugin.pm diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.