1:"$Sreact.fragment"
2:I[98330,["/_next/static/chunks/0cbd4-fpc0eki.js","/_next/static/chunks/1137n~0gehrrs.js","/_next/static/chunks/0qid5lwcbx9s0.js","/_next/static/chunks/00-7jy2t-e8a-.js","/_next/static/chunks/0sbbx7yy15r75.js","/_next/static/chunks/0j-09bllz5f6w.js","/_next/static/chunks/12m0m0j7d46qj.js","/_next/static/chunks/14p4cft_3sa16.js","/_next/static/chunks/0oq-lzu4y7kl2.js","/_next/static/chunks/0ltwiwej14-88.js"],"DocsPage"]
18:I[98330,["/_next/static/chunks/0cbd4-fpc0eki.js","/_next/static/chunks/1137n~0gehrrs.js","/_next/static/chunks/0qid5lwcbx9s0.js","/_next/static/chunks/00-7jy2t-e8a-.js","/_next/static/chunks/0sbbx7yy15r75.js","/_next/static/chunks/0j-09bllz5f6w.js","/_next/static/chunks/12m0m0j7d46qj.js","/_next/static/chunks/14p4cft_3sa16.js","/_next/static/chunks/0oq-lzu4y7kl2.js","/_next/static/chunks/0ltwiwej14-88.js"],"DocsTitle"]
19:I[98330,["/_next/static/chunks/0cbd4-fpc0eki.js","/_next/static/chunks/1137n~0gehrrs.js","/_next/static/chunks/0qid5lwcbx9s0.js","/_next/static/chunks/00-7jy2t-e8a-.js","/_next/static/chunks/0sbbx7yy15r75.js","/_next/static/chunks/0j-09bllz5f6w.js","/_next/static/chunks/12m0m0j7d46qj.js","/_next/static/chunks/14p4cft_3sa16.js","/_next/static/chunks/0oq-lzu4y7kl2.js","/_next/static/chunks/0ltwiwej14-88.js"],"DocsDescription"]
1a:I[98330,["/_next/static/chunks/0cbd4-fpc0eki.js","/_next/static/chunks/1137n~0gehrrs.js","/_next/static/chunks/0qid5lwcbx9s0.js","/_next/static/chunks/00-7jy2t-e8a-.js","/_next/static/chunks/0sbbx7yy15r75.js","/_next/static/chunks/0j-09bllz5f6w.js","/_next/static/chunks/12m0m0j7d46qj.js","/_next/static/chunks/14p4cft_3sa16.js","/_next/static/chunks/0oq-lzu4y7kl2.js","/_next/static/chunks/0ltwiwej14-88.js"],"MarkdownCopyButton"]
1b:I[98330,["/_next/static/chunks/0cbd4-fpc0eki.js","/_next/static/chunks/1137n~0gehrrs.js","/_next/static/chunks/0qid5lwcbx9s0.js","/_next/static/chunks/00-7jy2t-e8a-.js","/_next/static/chunks/0sbbx7yy15r75.js","/_next/static/chunks/0j-09bllz5f6w.js","/_next/static/chunks/12m0m0j7d46qj.js","/_next/static/chunks/14p4cft_3sa16.js","/_next/static/chunks/0oq-lzu4y7kl2.js","/_next/static/chunks/0ltwiwej14-88.js"],"ViewOptionsPopover"]
1c:I[98330,["/_next/static/chunks/0cbd4-fpc0eki.js","/_next/static/chunks/1137n~0gehrrs.js","/_next/static/chunks/0qid5lwcbx9s0.js","/_next/static/chunks/00-7jy2t-e8a-.js","/_next/static/chunks/0sbbx7yy15r75.js","/_next/static/chunks/0j-09bllz5f6w.js","/_next/static/chunks/12m0m0j7d46qj.js","/_next/static/chunks/14p4cft_3sa16.js","/_next/static/chunks/0oq-lzu4y7kl2.js","/_next/static/chunks/0ltwiwej14-88.js"],"DocsBody"]
1d:I[58541,["/_next/static/chunks/0cbd4-fpc0eki.js","/_next/static/chunks/1137n~0gehrrs.js","/_next/static/chunks/0qid5lwcbx9s0.js","/_next/static/chunks/00-7jy2t-e8a-.js","/_next/static/chunks/0sbbx7yy15r75.js","/_next/static/chunks/0j-09bllz5f6w.js","/_next/static/chunks/12m0m0j7d46qj.js","/_next/static/chunks/14p4cft_3sa16.js","/_next/static/chunks/0oq-lzu4y7kl2.js","/_next/static/chunks/0ltwiwej14-88.js"],"default"]
1e:I[47873,["/_next/static/chunks/0cbd4-fpc0eki.js","/_next/static/chunks/1137n~0gehrrs.js","/_next/static/chunks/0qid5lwcbx9s0.js","/_next/static/chunks/00-7jy2t-e8a-.js","/_next/static/chunks/0sbbx7yy15r75.js","/_next/static/chunks/0j-09bllz5f6w.js","/_next/static/chunks/12m0m0j7d46qj.js","/_next/static/chunks/14p4cft_3sa16.js","/_next/static/chunks/0oq-lzu4y7kl2.js","/_next/static/chunks/0ltwiwej14-88.js"],"default"]
ab:I[97367,["/_next/static/chunks/0cbd4-fpc0eki.js","/_next/static/chunks/1137n~0gehrrs.js","/_next/static/chunks/0qid5lwcbx9s0.js","/_next/static/chunks/00-7jy2t-e8a-.js","/_next/static/chunks/0sbbx7yy15r75.js","/_next/static/chunks/0j-09bllz5f6w.js"],"OutletBoundary"]
ac:"$Sreact.suspense"
ba:I[44324,["/_next/static/chunks/0cbd4-fpc0eki.js","/_next/static/chunks/1137n~0gehrrs.js","/_next/static/chunks/0qid5lwcbx9s0.js","/_next/static/chunks/00-7jy2t-e8a-.js","/_next/static/chunks/0sbbx7yy15r75.js","/_next/static/chunks/0j-09bllz5f6w.js","/_next/static/chunks/12m0m0j7d46qj.js","/_next/static/chunks/14p4cft_3sa16.js","/_next/static/chunks/0oq-lzu4y7kl2.js","/_next/static/chunks/0ltwiwej14-88.js"],"CodeBlock"]
bb:I[44324,["/_next/static/chunks/0cbd4-fpc0eki.js","/_next/static/chunks/1137n~0gehrrs.js","/_next/static/chunks/0qid5lwcbx9s0.js","/_next/static/chunks/00-7jy2t-e8a-.js","/_next/static/chunks/0sbbx7yy15r75.js","/_next/static/chunks/0j-09bllz5f6w.js","/_next/static/chunks/12m0m0j7d46qj.js","/_next/static/chunks/14p4cft_3sa16.js","/_next/static/chunks/0oq-lzu4y7kl2.js","/_next/static/chunks/0ltwiwej14-88.js"],"Pre"]
0:{"rsc":["$","$1","c",{"children":[["$","$L2",null,{"toc":[{"depth":1,"url":"#proxmox-networking-patterns--complete-tutorial","title":"Proxmox Networking Patterns — Complete Tutorial"},{"depth":2,"url":"#table-of-contents","title":"Table of Contents"},{"depth":2,"url":"#01--linux-bridge--ovs--proxmox-sdn","title":"01 — Linux Bridge · OVS · Proxmox SDN"},{"depth":3,"url":"#theory","title":"Theory"},{"depth":3,"url":"#architecture-comparison","title":"Architecture Comparison"},{"depth":3,"url":"#step-1--inspect-your-existing-linux-bridges","title":"Step 1 — Inspect your existing Linux Bridges"},{"depth":3,"url":"#step-2--create-a-second-isolated-bridge-for-experiments","title":"Step 2 — Create a second isolated bridge for experiments"},{"depth":3,"url":"#step-3--install-open-vswitch","title":"Step 3 — Install Open vSwitch"},{"depth":3,"url":"#step-4--enable-proxmox-sdn-and-create-a-simple-zone","title":"Step 4 — Enable Proxmox SDN and create a Simple Zone"},{"depth":3,"url":"#step-5--try-ovs-flow-tables-traffic-inspection","title":"Step 5 — Try OVS Flow Tables (traffic inspection)"},{"depth":2,"url":"#02--vlan-segmentation","title":"02 — VLAN Segmentation"},{"depth":3,"url":"#theory-1","title":"Theory"},{"depth":3,"url":"#vlan-aware-bridge-topology","title":"VLAN-Aware Bridge Topology"},{"depth":3,"url":"#step-1--enable-vlan-awareness-on-the-bridge","title":"Step 1 — Enable VLAN-awareness on the bridge"},{"depth":3,"url":"#step-2--create-three-vms-and-assign-them-to-different-vlans","title":"Step 2 — Create three VMs and assign them to different VLANs"},{"depth":3,"url":"#step-3--configure-ips-inside-each-vm","title":"Step 3 — Configure IPs inside each VM"},{"depth":3,"url":"#step-4--add-inter-vlan-routing-on-the-proxmox-host","title":"Step 4 — Add inter-VLAN routing on the Proxmox host"},{"depth":2,"url":"#03--vxlan-overlay-networks","title":"03 — VXLAN Overlay Networks"},{"depth":3,"url":"#theory-2","title":"Theory"},{"depth":3,"url":"#vxlan-encapsulation--two-proxmox-vms","title":"VXLAN Encapsulation — Two Proxmox VMs"},{"depth":3,"url":"#step-1--spin-up-two-lightweight-vms","title":"Step 1 — Spin up two lightweight VMs"},{"depth":3,"url":"#step-2--create-the-vxlan-interface-on-vm-a","title":"Step 2 — Create the VXLAN interface on VM-A"},{"depth":3,"url":"#step-3--create-the-vxlan-interface-on-vm-b","title":"Step 3 — Create the VXLAN interface on VM-B"},{"depth":3,"url":"#step-4--test-and-observe-the-encapsulation","title":"Step 4 — Test and observe the encapsulation"},{"depth":3,"url":"#step-5--upgrade-to-fdb-based-discovery","title":"Step 5 — Upgrade to FDB-based discovery"},{"depth":2,"url":"#04--bgp-with-frr","title":"04 — BGP with FRR"},{"depth":3,"url":"#theory-3","title":"Theory"},{"depth":3,"url":"#bgp-topology--route-reflector-pattern","title":"BGP Topology — Route Reflector Pattern"},{"depth":3,"url":"#step-1--install-frr-on-all-vms","title":"Step 1 — Install FRR on all VMs"},{"depth":3,"url":"#step-2--configure-the-route-reflector-router-vm","title":"Step 2 — Configure the Route Reflector (router-vm)"},{"depth":3,"url":"#step-3--configure-each-node-to-advertise-its-pod-cidr","title":"Step 3 — Configure each node to advertise its pod CIDR"},{"depth":3,"url":"#step-4--verify-bgp-sessions-and-route-propagation","title":"Step 4 — Verify BGP sessions and route propagation"},{"depth":2,"url":"#05--network-namespaces--cni-primitives","title":"05 — Network Namespaces & CNI Primitives"},{"depth":3,"url":"#theory-4","title":"Theory"},{"depth":3,"url":"#manual-pod-network-setup--veth-pair--bridge","title":"Manual Pod Network Setup — veth pair + bridge"},{"depth":3,"url":"#step-1--create-two-network-namespaces","title":"Step 1 — Create two network namespaces"},{"depth":3,"url":"#step-2--create-a-bridge-and-veth-pairs","title":"Step 2 — Create a bridge and veth pairs"},{"depth":3,"url":"#step-3--assign-ips-and-bring-up-interfaces-inside-namespaces","title":"$L3"},{"depth":3,"url":"#step-4--apply-network-policy-with-iptables","title":"$L4"},{"depth":3,"url":"#step-5--enable-external-access-via-nat","title":"$L5"},{"depth":2,"url":"#06--multi-cluster-networking-lab","title":"$L6"},{"depth":3,"url":"#theory-5","title":"$L7"},{"depth":3,"url":"#full-lab-topology","title":"$L8"},{"depth":3,"url":"#step-1--set-up-the-network-topology","title":"$L9"},{"depth":3,"url":"#step-2--deploy-k3s-on-each-cluster","title":"$La"},{"depth":3,"url":"#step-3--install-cilium-with-bgp-control-plane-enabled","title":"$Lb"},{"depth":3,"url":"#step-4--configure-cilium-bgp-peering-with-frr-router","title":"$Lc"},{"depth":3,"url":"#step-5--configure-frr-on-router-vm-to-accept-both-clusters","title":"$Ld"},{"depth":3,"url":"#step-6--verify-cross-cluster-pod-routing","title":"$Le"},{"depth":3,"url":"#step-7-bonus--enable-cilium-cluster-mesh","title":"$Lf"},{"depth":2,"url":"#what-you-built","title":"$L10"}],"children":["$L11","$L12","$L13","$L14"]}],["$L15","$L16"],"$L17"]}],"isPartial":false,"staleTime":300,"varyParams":null,"buildId":"cFWc6eqgrwvh8TdOY_D8Y"}
3:"Step 3 — Assign IPs and bring up interfaces inside namespaces"
4:"Step 4 — Apply Network Policy with iptables"
5:"Step 5 — Enable external access via NAT"
6:"06 — Multi-Cluster Networking Lab"
7:"Theory"
8:"Full Lab Topology"
9:"Step 1 — Set up the network topology"
a:"Step 2 — Deploy k3s on each cluster"
b:"Step 3 — Install Cilium with BGP Control Plane enabled"
c:"Step 4 — Configure Cilium BGP peering with FRR router"
d:"Step 5 — Configure FRR on router-vm to accept both clusters"
e:"Step 6 — Verify cross-cluster pod routing"
f:"Step 7 (Bonus) — Enable Cilium Cluster Mesh"
10:"What You Built"
11:["$","$L18",null,{"children":"Proxmox Networking Patterns — Complete Tutorial"}]
12:["$","$L19",null,{"className":"mb-0"}]
13:["$","div",null,{"className":"flex flex-row gap-2 items-center border-b pb-6","children":[["$","$L1a",null,{"markdownUrl":"/llms.mdx/docs/networking/content.md"}],["$","$L1b",null,{"markdownUrl":"/llms.mdx/docs/networking/content.md","githubUrl":"https://github.com/fuma-nama/fumadocs/blob/main/content/docs/networking.mdx"}]]}]
14:["$","$L1c",null,{"children":[["$","h1",null,{"className":"flex scroll-m-28 flex-row items-center gap-2","id":"proxmox-networking-patterns--complete-tutorial","children":[["$","a",null,{"data-card":"","href":"#proxmox-networking-patterns--complete-tutorial","className":"peer","children":"Proxmox Networking Patterns — Complete Tutorial"}],["$","$L1d",null,{"iconNode":[["path",{"d":"M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71","key":"1cjeqo"}],["path",{"d":"M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71","key":"19qd67"}]],"className":"lucide-link size-3.5 shrink-0 text-fd-muted-foreground opacity-0 transition-opacity peer-hover:opacity-100","aria-hidden":true}]]}],"\n",["$","blockquote",null,{"children":["\n",["$","p",null,{"children":"A progressive lab guide from raw Linux bridges to production-grade multi-cluster networking.\nEach exercise builds on the previous one, ending with a Kubernetes multi-cluster topology\nthat mirrors real CAPI deployments."}],"\n"]}],"\n",["$","p",null,{"children":[["$","strong",null,{"children":"Requirements:"}]," Proxmox VE 7+ · Linux / FRR / Cilium · 6 Exercises"]}],"\n",["$","hr",null,{}],"\n",["$","h2",null,{"className":"flex scroll-m-28 flex-row items-center gap-2","id":"table-of-contents","children":[["$","a",null,{"data-card":"","href":"#table-of-contents","className":"peer","children":"Table of Contents"}],["$","$L1d",null,{"iconNode":"$14:props:children:0:props:children:1:props:iconNode","className":"lucide-link size-3.5 shrink-0 text-fd-muted-foreground opacity-0 transition-opacity peer-hover:opacity-100","aria-hidden":true}]]}],"\n",["$","ol",null,{"children":["\n",["$","li",null,{"children":["$","$L1e",null,{"href":"#01--linux-bridge--ovs--proxmox-sdn","children":"Linux Bridge · OVS · Proxmox SDN"}]}],"\n",["$","li",null,{"children":["$","$L1e",null,{"href":"#02--vlan-segmentation","children":"VLAN Segmentation"}]}],"\n",["$","li",null,{"children":["$","$L1e",null,{"href":"#03--vxlan-overlay-networks","children":"VXLAN Overlay Networks"}]}],"\n",["$","li",null,{"children":["$","$L1e",null,{"href":"#04--bgp-with-frr","children":"BGP with FRR"}]}],"\n",["$","li",null,{"children":["$","$L1e",null,{"href":"#05--network-namespaces--cni-primitives","children":"Network Namespaces & CNI Primitives"}]}],"\n",["$","li",null,{"children":["$","$L1e",null,{"href":"#06--multi-cluster-networking-lab","children":"Multi-Cluster Networking Lab"}]}],"\n"]}],"\n",["$","hr",null,{}],"\n",["$","h2",null,{"className":"flex scroll-m-28 flex-row items-center gap-2","id":"01--linux-bridge--ovs--proxmox-sdn","children":[["$","a",null,{"data-card":"","href":"#01--linux-bridge--ovs--proxmox-sdn","className":"peer","children":"01 — Linux Bridge · OVS · Proxmox SDN"}],["$","$L1d",null,{"iconNode":"$14:props:children:0:props:children:1:props:iconNode","className":"lucide-link size-3.5 shrink-0 text-fd-muted-foreground opacity-0 transition-opacity peer-hover:opacity-100","aria-hidden":true}]]}],"\n",["$","blockquote",null,{"children":["\n",["$","p",null,{"children":"Understand the three networking layers available in Proxmox and when to use each."}],"\n"]}],"\n",["$","h3",null,{"className":"flex scroll-m-28 flex-row items-center gap-2","id":"theory","children":[["$","a",null,{"data-card":"","href":"#theory","className":"peer","children":"Theory"}],["$","$L1d",null,{"iconNode":"$14:props:children:0:props:children:1:props:iconNode","className":"lucide-link size-3.5 shrink-0 text-fd-muted-foreground opacity-0 transition-opacity peer-hover:opacity-100","aria-hidden":true}]]}],"\n",["$","p",null,{"children":["Proxmox gives you three distinct ways to connect VMs to networks. ",["$","strong",null,{"children":"Linux Bridge"}]," is the default: a simple L2 switch implemented in the kernel. It's reliable, well-understood, and sufficient for most cases. ",["$","strong",null,{"children":"Open vSwitch (OVS)"}]," adds programmable flow tables, port mirroring, and VXLAN tunneling at the interface level — this is what OpenStack Neutron uses under the hood. ",["$","strong",null,{"children":"Proxmox SDN"}]," is a management layer built on top of either bridges or OVS that brings a declarative API, VNets, zones, and EVPN routing via FRR."]}],"\n",["$","p",null,{"children":"The conceptual leap matters: Linux Bridge operates at L2 in a single host; OVS adds programmability and multi-host L2; SDN adds L3 routing and network lifecycle management across your cluster."}],"\n","$L1f","\n","$L20","\n","$L21","\n","$L22","\n","$L23","\n","$L24","\n","$L25","\n","$L26","\n","$L27","\n","$L28","\n","$L29","\n","$L2a","\n","$L2b","\n","$L2c","\n","$L2d","\n","$L2e","\n","$L2f","\n","$L30","\n","$L31","\n","$L32","\n","$L33","\n","$L34","\n","$L35","\n","$L36","\n","$L37","\n","$L38","\n","$L39","\n","$L3a","\n","$L3b","\n","$L3c","\n","$L3d","\n","$L3e","\n","$L3f","\n","$L40","\n","$L41","\n","$L42","\n","$L43","\n","$L44","\n","$L45","\n","$L46","\n","$L47","\n","$L48","\n","$L49","\n","$L4a","\n","$L4b","\n","$L4c","\n","$L4d","\n","$L4e","\n","$L4f","\n","$L50","\n","$L51","\n","$L52","\n","$L53","\n","$L54","\n","$L55","\n","$L56","\n","$L57","\n","$L58","\n","$L59","\n","$L5a","\n","$L5b","\n","$L5c","\n","$L5d","\n","$L5e","\n","$L5f","\n","$L60","\n","$L61","\n","$L62","\n","$L63","\n","$L64","\n","$L65","\n","$L66","\n","$L67","\n","$L68","\n","$L69","\n","$L6a","\n","$L6b","\n","$L6c","\n","$L6d","\n","$L6e","\n","$L6f","\n","$L70","\n","$L71","\n","$L72","\n","$L73","\n","$L74","\n","$L75","\n","$L76","\n","$L77","\n","$L78","\n","$L79","\n","$L7a","\n","$L7b","\n","$L7c","\n","$L7d","\n","$L7e","\n","$L7f","\n","$L80","\n","$L81","\n","$L82","\n","$L83","\n","$L84","\n","$L85","\n","$L86","\n","$L87","\n","$L88","\n","$L89","\n","$L8a","\n","$L8b","\n","$L8c","\n","$L8d","\n","$L8e","\n","$L8f","\n","$L90","\n","$L91","\n","$L92","\n","$L93","\n","$L94","\n","$L95","\n","$L96","\n","$L97","\n","$L98","\n","$L99","\n","$L9a","\n","$L9b","\n","$L9c","\n","$L9d","\n","$L9e","\n","$L9f","\n","$La0","\n","$La1","\n","$La2","\n","$La3","\n","$La4","\n","$La5","\n","$La6","\n","$La7","\n","$La8","\n","$La9","\n","$Laa"]}]
15:["$","script","script-0",{"src":"/_next/static/chunks/0oq-lzu4y7kl2.js","async":true}]
16:["$","script","script-1",{"src":"/_next/static/chunks/0ltwiwej14-88.js","async":true}]
17:["$","$Lab",null,{"children":["$","$ac",null,{"name":"Next.MetadataOutlet","children":"$@ad"}]}]
1f:["$","h3",null,{"className":"flex scroll-m-28 flex-row items-center gap-2","id":"architecture-comparison","children":[["$","a",null,{"data-card":"","href":"#architecture-comparison","className":"peer","children":"Architecture Comparison"}],["$","$L1d",null,{"iconNode":"$14:props:children:0:props:children:1:props:iconNode","className":"lucide-link size-3.5 shrink-0 text-fd-muted-foreground opacity-0 transition-opacity peer-hover:opacity-100","aria-hidden":true}]]}]
20:["$","svg",null,{"viewBox":"0 0 820 340","xmlns":"http://www.w3.org/2000/svg","font-family":"JetBrains Mono, monospace","children":[["$","defs",null,{"children":[["$","marker",null,{"id":"arr","markerWidth":"8","markerHeight":"8","refX":"6","refY":"3","orient":"auto","children":["$","path",null,{"d":"M0,0 L0,6 L8,3 z","fill":"#39d353"}]}],["$","marker",null,{"id":"arr2","markerWidth":"8","markerHeight":"8","refX":"6","refY":"3","orient":"auto","children":["$","path",null,{"d":"M0,0 L0,6 L8,3 z","fill":"#58a6ff"}]}],["$","marker",null,{"id":"arr3","markerWidth":"8","markerHeight":"8","refX":"6","refY":"3","orient":"auto","children":["$","path",null,{"d":"M0,0 L0,6 L8,3 z","fill":"#bc8cff"}]}]]}],["$","rect",null,{"x":"10","y":"10","width":"240","height":"30","rx":"5","fill":"rgba(57,211,83,0.1)","stroke":"rgba(57,211,83,0.3)","stroke-width":"1"}],["$","text",null,{"x":"130","y":"30","text-anchor":"middle","fill":"#39d353","font-size":"12","font-weight":"700","children":"Linux Bridge"}],["$","rect",null,{"x":"290","y":"10","width":"240","height":"30","rx":"5","fill":"rgba(88,166,255,0.1)","stroke":"rgba(88,166,255,0.3)","stroke-width":"1"}],["$","text",null,{"x":"410","y":"30","text-anchor":"middle","fill":"#58a6ff","font-size":"12","font-weight":"700","children":"Open vSwitch"}],["$","rect",null,{"x":"570","y":"10","width":"240","height":"30","rx":"5","fill":"rgba(188,140,255,0.1)","stroke":"rgba(188,140,255,0.3)","stroke-width":"1"}],["$","text",null,{"x":"690","y":"30","text-anchor":"middle","fill":"#bc8cff","font-size":"12","font-weight":"700","children":"Proxmox SDN"}],["$","rect",null,{"x":"30","y":"60","width":"90","height":"36","rx":"5","fill":"#161e28","stroke":"#1e2d3d","stroke-width":"1"}],["$","text",null,{"x":"75","y":"83","text-anchor":"middle","fill":"#cdd9e5","font-size":"11","children":"VM 1"}],["$","rect",null,{"x":"140","y":"60","width":"90","height":"36","rx":"5","fill":"#161e28","stroke":"#1e2d3d","stroke-width":"1"}],["$","text",null,{"x":"185","y":"83","text-anchor":"middle","fill":"#cdd9e5","font-size":"11","children":"VM 2"}],["$","rect",null,{"x":"310","y":"60","width":"90","height":"36","rx":"5","fill":"#161e28","stroke":"#1e2d3d","stroke-width":"1"}],["$","text",null,{"x":"355","y":"83","text-anchor":"middle","fill":"#cdd9e5","font-size":"11","children":"VM 1"}],["$","rect",null,{"x":"420","y":"60","width":"90","height":"36","rx":"5","fill":"#161e28","stroke":"#1e2d3d","stroke-width":"1"}],["$","text",null,{"x":"465","y":"83","text-anchor":"middle","fill":"#cdd9e5","font-size":"11","children":"VM 2"}],["$","rect",null,{"x":"590","y":"60","width":"90","height":"36","rx":"5","fill":"#161e28","stroke":"#1e2d3d","stroke-width":"1"}],["$","text",null,{"x":"635","y":"83","text-anchor":"middle","fill":"#cdd9e5","font-size":"11","children":"VM 1"}],["$","rect",null,{"x":"700","y":"60","width":"90","height":"36","rx":"5","fill":"#161e28","stroke":"#1e2d3d","stroke-width":"1"}],["$","text",null,{"x":"745","y":"83","text-anchor":"middle","fill":"#cdd9e5","font-size":"11","children":"VM 2"}],["$","line",null,{"x1":"75","y1":"96","x2":"75","y2":"138","stroke":"#39d353","stroke-width":"1.5"}],["$","line",null,{"x1":"185","y1":"96","x2":"185","y2":"138","stroke":"#39d353","stroke-width":"1.5"}],["$","rect",null,{"x":"30","y":"138","width":"200","height":"40","rx":"6","fill":"rgba(57,211,83,0.08)","stroke":"rgba(57,211,83,0.3)","stroke-width":"1.5"}],["$","text",null,{"x":"130","y":"155","text-anchor":"middle","fill":"#39d353","font-size":"11","font-weight":"700","children":"vmbr0"}],["$","text",null,{"x":"130","y":"169","text-anchor":"middle","fill":"#768390","font-size":"10","children":"Linux Bridge (L2)"}],["$","line",null,{"x1":"355","y1":"96","x2":"355","y2":"138","stroke":"#58a6ff","stroke-width":"1.5"}],["$","line",null,{"x1":"465","y1":"96","x2":"465","y2":"138","stroke":"#58a6ff","stroke-width":"1.5"}],["$","rect",null,{"x":"310","y":"138","width":"200","height":"40","rx":"6","fill":"rgba(88,166,255,0.08)","stroke":"rgba(88,166,255,0.3)","stroke-width":"1.5"}],["$","text",null,{"x":"410","y":"155","text-anchor":"middle","fill":"#58a6ff","font-size":"11","font-weight":"700","children":"ovsbr0"}],["$","text",null,{"x":"410","y":"169","text-anchor":"middle","fill":"#768390","font-size":"10","children":"OVS Bridge + Flow Tables"}],["$","line",null,{"x1":"635","y1":"96","x2":"635","y2":"138","stroke":"#bc8cff","stroke-width":"1.5"}],["$","line",null,{"x1":"745","y1":"96","x2":"745","y2":"138","stroke":"#bc8cff","stroke-width":"1.5"}],["$","rect",null,{"x":"570","y":"138","width":"200","height":"40","rx":"6","fill":"rgba(188,140,255,0.08)","stroke":"rgba(188,140,255,0.3)","stroke-width":"1.5"}],["$","text",null,{"x":"670","y":"155","text-anchor":"middle","fill":"#bc8cff","font-size":"11","font-weight":"700","children":"VNet (SDN zone)"}],["$","text",null,{"x":"670","y":"169","text-anchor":"middle","fill":"#768390","font-size":"10","children":"Declarative L2/L3 config"}],["$","line",null,{"x1":"130","y1":"178","x2":"130","y2":"218","stroke":"#39d353","stroke-width":"1.5"}],["$","rect",null,{"x":"50","y":"218","width":"160","height":"36","rx":"5","fill":"#0d1117","stroke":"#1e2d3d","stroke-width":"1"}],["$","text",null,{"x":"130","y":"240","text-anchor":"middle","fill":"#768390","font-size":"11","children":"eth0 / bond0"}],"$Lae","$Laf","$Lb0","$Lb1","$Lb2","$Lb3","$Lb4","$Lb5","$Lb6","$Lb7","$Lb8","$Lb9"]}]
21:["$","div",null,{"className":"relative overflow-auto prose-no-margin my-6","children":["$","table",null,{"children":[["$","thead",null,{"children":["$","tr",null,{"children":[["$","th",null,{"children":"Mode"}],["$","th",null,{"children":"Description"}]]}]}],["$","tbody",null,{"children":[["$","tr",null,{"children":[["$","td",null,{"children":[["$","strong",null,{"children":"Linux Bridge"}]," (default)"]}],["$","td",null,{"children":"Kernel-native, zero config overhead. VMs connect like ports on a dumb switch."}]]}],["$","tr",null,{"children":[["$","td",null,{"children":[["$","strong",null,{"children":"Open vSwitch"}]," (advanced)"]}],["$","td",null,{"children":"Programmable via OpenFlow. Port mirroring, QoS, VXLAN tunnels. Used by OpenStack Neutron/OVN."}]]}],["$","tr",null,{"children":[["$","td",null,{"children":[["$","strong",null,{"children":"Proxmox SDN"}]," (cluster)"]}],["$","td",null,{"children":"Built-in since PVE 7. Zones, VNets, subnets. Backed by Linux bridges or OVS."}]]}]]}]]}]}]
22:["$","h3",null,{"className":"flex scroll-m-28 flex-row items-center gap-2","id":"step-1--inspect-your-existing-linux-bridges","children":[["$","a",null,{"data-card":"","href":"#step-1--inspect-your-existing-linux-bridges","className":"peer","children":"Step 1 — Inspect your existing Linux Bridges"}],["$","$L1d",null,{"iconNode":"$14:props:children:0:props:children:1:props:iconNode","className":"lucide-link size-3.5 shrink-0 text-fd-muted-foreground opacity-0 transition-opacity peer-hover:opacity-100","aria-hidden":true}]]}]
23:["$","$Lba",null,{"className":"shiki shiki-themes github-light github-dark","style":{"--shiki-light":"#24292e","--shiki-dark":"#e1e4e8","--shiki-light-bg":"#fff","--shiki-dark-bg":"#24292e"},"tabIndex":"0","icon":"","children":["$","$Lbb",null,{"children":["$","code",null,{"children":[["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# Show all bridges and their members"}]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"brctl"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" show"}]]}],"\n",["$","span",null,{"className":"line"}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# More detailed: see the bridge in ip link context"}]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"ip"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" -d"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" link"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" show"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" type"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" bridge"}]]}],"\n",["$","span",null,{"className":"line"}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# See which VMs tap interfaces are attached"}]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"bridge"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" link"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" show"}]]}]]}]}]}]
24:["$","h3",null,{"className":"flex scroll-m-28 flex-row items-center gap-2","id":"step-2--create-a-second-isolated-bridge-for-experiments","children":[["$","a",null,{"data-card":"","href":"#step-2--create-a-second-isolated-bridge-for-experiments","className":"peer","children":"Step 2 — Create a second isolated bridge for experiments"}],["$","$L1d",null,{"iconNode":"$14:props:children:0:props:children:1:props:iconNode","className":"lucide-link size-3.5 shrink-0 text-fd-muted-foreground opacity-0 transition-opacity peer-hover:opacity-100","aria-hidden":true}]]}]
25:["$","p",null,{"children":["Add a new bridge in ",["$","code",null,{"children":"/etc/network/interfaces"}]," that has no upstream NIC — useful as an internal lab network where VMs can talk to each other without leaving the host."]}]
26:["$","$Lba",null,{"className":"shiki shiki-themes github-light github-dark","style":{"--shiki-light":"#24292e","--shiki-dark":"#e1e4e8","--shiki-light-bg":"#fff","--shiki-dark-bg":"#24292e"},"tabIndex":"0","icon":"","children":["$","$Lbb",null,{"children":["$","code",null,{"children":[["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# Add to /etc/network/interfaces"}]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"auto"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" vmbr1"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"iface"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" vmbr1"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" inet"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" static"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":" address"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" 10.10.0.1/24"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":" bridge-ports"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" none"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":" bridge-stp"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" off"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":" bridge-fd"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" 0"}]]}],"\n",["$","span",null,{"className":"line"}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# Apply without rebooting"}]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"ifreload"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" -a"}]]}]]}]}]}]
27:["$","blockquote",null,{"children":["\n",["$","p",null,{"children":[["$","strong",null,{"children":"Note:"}]," Set VMs to use ",["$","code",null,{"children":"vmbr1"}]," for their network interface. They'll be isolated from the outside world but can reach each other and the host at ",["$","code",null,{"children":"10.10.0.1"}],"."]}],"\n"]}]
28:["$","h3",null,{"className":"flex scroll-m-28 flex-row items-center gap-2","id":"step-3--install-open-vswitch","children":[["$","a",null,{"data-card":"","href":"#step-3--install-open-vswitch","className":"peer","children":"Step 3 — Install Open vSwitch"}],["$","$L1d",null,{"iconNode":"$14:props:children:0:props:children:1:props:iconNode","className":"lucide-link size-3.5 shrink-0 text-fd-muted-foreground opacity-0 transition-opacity peer-hover:opacity-100","aria-hidden":true}]]}]
29:["$","p",null,{"children":"OVS is not installed by default on Proxmox. Install it and create your first OVS bridge alongside the existing Linux bridge."}]
2a:["$","$Lba",null,{"className":"shiki shiki-themes github-light github-dark","style":{"--shiki-light":"#24292e","--shiki-dark":"#e1e4e8","--shiki-light-bg":"#fff","--shiki-dark-bg":"#24292e"},"tabIndex":"0","icon":"","children":["$","$Lbb",null,{"children":["$","code",null,{"children":[["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"apt"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" install"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" openvswitch-switch"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" -y"}]]}],"\n",["$","span",null,{"className":"line"}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# Create an OVS bridge"}]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"ovs-vsctl"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" add-br"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" ovsbr0"}]]}],"\n",["$","span",null,{"className":"line"}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# Verify"}]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"ovs-vsctl"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" show"}]]}],"\n",["$","span",null,{"className":"line"}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# Add a port (e.g. a second NIC if available)"}]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"ovs-vsctl"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" add-port"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" ovsbr0"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" enp2s0"}]]}],"\n",["$","span",null,{"className":"line"}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# List all OVS bridges and ports"}]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"ovs-vsctl"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" list-br"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"ovs-vsctl"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" list-ports"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" ovsbr0"}]]}]]}]}]}]
2b:["$","h3",null,{"className":"flex scroll-m-28 flex-row items-center gap-2","id":"step-4--enable-proxmox-sdn-and-create-a-simple-zone","children":[["$","a",null,{"data-card":"","href":"#step-4--enable-proxmox-sdn-and-create-a-simple-zone","className":"peer","children":"Step 4 — Enable Proxmox SDN and create a Simple Zone"}],["$","$L1d",null,{"iconNode":"$14:props:children:0:props:children:1:props:iconNode","className":"lucide-link size-3.5 shrink-0 text-fd-muted-foreground opacity-0 transition-opacity peer-hover:opacity-100","aria-hidden":true}]]}]
2c:["$","p",null,{"children":["In the Proxmox web UI, navigate to ",["$","strong",null,{"children":"Datacenter → SDN"}],". Start with a Simple zone (a standard Linux bridge managed by SDN) and add a VNet to it."]}]
2d:["$","$Lba",null,{"className":"shiki shiki-themes github-light github-dark","style":{"--shiki-light":"#24292e","--shiki-dark":"#e1e4e8","--shiki-light-bg":"#fff","--shiki-dark-bg":"#24292e"},"tabIndex":"0","icon":"","children":["$","$Lbb",null,{"children":["$","code",null,{"children":[["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# Via pvesh CLI (alternative to UI)"}]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"pvesh"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" create"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" /cluster/sdn/zones"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" \\"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" --zone"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" lab-zone"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" \\"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" --type"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" simple"}]]}],"\n",["$","span",null,{"className":"line"}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"pvesh"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" create"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" /cluster/sdn/vnets"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" \\"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" --vnet"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" lab-net"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" \\"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" --zone"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" lab-zone"}]]}],"\n",["$","span",null,{"className":"line"}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# Apply the SDN config"}]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"pvesh"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" set"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" /cluster/sdn"}]]}],"\n",["$","span",null,{"className":"line"}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# Verify generated bridge"}]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"ip"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" link"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" show"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" lab-net"}]]}]]}]}]}]
2e:["$","blockquote",null,{"children":["\n",["$","p",null,{"children":[["$","strong",null,{"children":"Tip:"}]," After applying, Proxmox generates a Linux bridge named after your VNet. Attach VMs to this VNet from their network settings in the UI."]}],"\n"]}]
2f:["$","h3",null,{"className":"flex scroll-m-28 flex-row items-center gap-2","id":"step-5--try-ovs-flow-tables-traffic-inspection","children":[["$","a",null,{"data-card":"","href":"#step-5--try-ovs-flow-tables-traffic-inspection","className":"peer","children":"Step 5 — Try OVS Flow Tables (traffic inspection)"}],["$","$L1d",null,{"iconNode":"$14:props:children:0:props:children:1:props:iconNode","className":"lucide-link size-3.5 shrink-0 text-fd-muted-foreground opacity-0 transition-opacity peer-hover:opacity-100","aria-hidden":true}]]}]
30:["$","p",null,{"children":"This is where OVS gets interesting. You can view and insert flow rules that govern how packets are forwarded — the foundation of SDN controllers."}]
31:["$","$Lba",null,{"className":"shiki shiki-themes github-light github-dark","style":{"--shiki-light":"#24292e","--shiki-dark":"#e1e4e8","--shiki-light-bg":"#fff","--shiki-dark-bg":"#24292e"},"tabIndex":"0","icon":"","children":["$","$Lbb",null,{"children":["$","code",null,{"children":[["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# View the current flow table (by default: normal forwarding)"}]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"ovs-ofctl"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" dump-flows"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" ovsbr0"}]]}],"\n",["$","span",null,{"className":"line"}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# Insert a rule: drop all ARP from a specific MAC"}]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"ovs-ofctl"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" add-flow"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" ovsbr0"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" \\"}]]}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" \"dl_type=0x0806,dl_src=52:54:00:aa:bb:cc,action=drop\""}]}],"\n",["$","span",null,{"className":"line"}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# Mirror all traffic to a monitoring port"}]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"ovs-vsctl"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" add-port"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" ovsbr0"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" mirror0"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" --"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" set"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" Interface"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" mirror0"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" type=internal"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"ovs-vsctl"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" --"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" --id=@m"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" create"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" Mirror"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" name=m0"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" \\"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" select-all="}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":"true"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" output-port=mirror0"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" \\"}]]}],"\n","$Lbc"]}]}]}]
32:["$","hr",null,{}]
33:["$","h2",null,{"className":"flex scroll-m-28 flex-row items-center gap-2","id":"02--vlan-segmentation","children":[["$","a",null,{"data-card":"","href":"#02--vlan-segmentation","className":"peer","children":"02 — VLAN Segmentation"}],["$","$L1d",null,{"iconNode":"$14:props:children:0:props:children:1:props:iconNode","className":"lucide-link size-3.5 shrink-0 text-fd-muted-foreground opacity-0 transition-opacity peer-hover:opacity-100","aria-hidden":true}]]}]
34:["$","blockquote",null,{"children":["\n",["$","p",null,{"children":"Segment traffic across multiple isolated networks on a single physical interface."}],"\n"]}]
35:["$","h3",null,{"className":"flex scroll-m-28 flex-row items-center gap-2","id":"theory-1","children":[["$","a",null,{"data-card":"","href":"#theory-1","className":"peer","children":"Theory"}],["$","$L1d",null,{"iconNode":"$14:props:children:0:props:children:1:props:iconNode","className":"lucide-link size-3.5 shrink-0 text-fd-muted-foreground opacity-0 transition-opacity peer-hover:opacity-100","aria-hidden":true}]]}]
36:["$","p",null,{"children":["VLANs (802.1Q) let you carry multiple isolated L2 networks over a single physical cable. Tagged frames carry a VLAN ID (1-4094); untagged frames belong to the native VLAN. A ",["$","strong",null,{"children":"trunk port"}]," carries multiple VLANs (tagged); an ",["$","strong",null,{"children":"access port"}]," carries one VLAN (untagged, towards a VM or end device)."]}]
37:["$","p",null,{"children":"In a real Kubernetes cluster deployment, this is how you separate management traffic, storage replication traffic, and workload traffic — each gets a dedicated VLAN, preventing broadcast storms and enabling QoS policies per segment. CAPI and OpenStack use exactly this model for their internal networks."}]
38:["$","h3",null,{"className":"flex scroll-m-28 flex-row items-center gap-2","id":"vlan-aware-bridge-topology","children":[["$","a",null,{"data-card":"","href":"#vlan-aware-bridge-topology","className":"peer","children":"VLAN-Aware Bridge Topology"}],["$","$L1d",null,{"iconNode":"$14:props:children:0:props:children:1:props:iconNode","className":"lucide-link size-3.5 shrink-0 text-fd-muted-foreground opacity-0 transition-opacity peer-hover:opacity-100","aria-hidden":true}]]}]
39:["$","svg",null,{"viewBox":"0 0 760 320","xmlns":"http://www.w3.org/2000/svg","font-family":"JetBrains Mono, monospace","children":[["$","rect",null,{"x":"280","y":"270","width":"200","height":"38","rx":"6","fill":"#0d1117","stroke":"#1e2d3d","stroke-width":"1.5"}],["$","text",null,{"x":"380","y":"290","text-anchor":"middle","fill":"#768390","font-size":"12","children":"eth0 (trunk)"}],["$","text",null,{"x":"380","y":"303","text-anchor":"middle","fill":"#444c56","font-size":"10","children":"all VLANs tagged"}],["$","line",null,{"x1":"380","y1":"270","x2":"380","y2":"220","stroke":"#f0883e","stroke-width":"2","stroke-dasharray":"4 2"}],["$","rect",null,{"x":"220","y":"180","width":"320","height":"40","rx":"6","fill":"rgba(240,136,62,0.08)","stroke":"rgba(240,136,62,0.35)","stroke-width":"1.5"}],["$","text",null,{"x":"380","y":"198","text-anchor":"middle","fill":"#f0883e","font-size":"12","font-weight":"700","children":"vmbr0 (VLAN-aware bridge)"}],["$","text",null,{"x":"380","y":"212","text-anchor":"middle","fill":"#768390","font-size":"10","children":"bridge-vlan-aware yes"}],["$","line",null,{"x1":"300","y1":"180","x2":"160","y2":"130","stroke":"#39d353","stroke-width":"1.5"}],["$","text",null,{"x":"205","y":"162","fill":"#39d353","font-size":"10","transform":"rotate(-30,205,162)","children":"VLAN 10"}],["$","line",null,{"x1":"360","y1":"180","x2":"380","y2":"130","stroke":"#58a6ff","stroke-width":"1.5"}],["$","text",null,{"x":"342","y":"162","fill":"#58a6ff","font-size":"10","children":"VLAN 20"}],["$","line",null,{"x1":"450","y1":"180","x2":"580","y2":"130","stroke":"#bc8cff","stroke-width":"1.5"}],["$","text",null,{"x":"487","y":"162","fill":"#bc8cff","font-size":"10","transform":"rotate(30,487,162)","children":"VLAN 30"}],["$","rect",null,{"x":"40","y":"60","width":"110","height":"70","rx":"8","fill":"rgba(57,211,83,0.07)","stroke":"rgba(57,211,83,0.25)","stroke-width":"1.5"}],["$","text",null,{"x":"95","y":"85","text-anchor":"middle","fill":"#39d353","font-size":"10","font-weight":"700","children":"VLAN 10"}],["$","text",null,{"x":"95","y":"99","text-anchor":"middle","fill":"#cdd9e5","font-size":"11","children":"VM: k8s-cp"}],["$","text",null,{"x":"95","y":"113","text-anchor":"middle","fill":"#768390","font-size":"10","children":"10.0.10.x/24"}],["$","text",null,{"x":"95","y":"124","text-anchor":"middle","fill":"#444c56","font-size":"9","children":"Management"}],["$","line",null,{"x1":"95","y1":"130","x2":"160","y2":"130","stroke":"#39d353","stroke-width":"1"}],["$","rect",null,{"x":"320","y":"60","width":"110","height":"70","rx":"8","fill":"rgba(88,166,255,0.07)","stroke":"rgba(88,166,255,0.25)","stroke-width":"1.5"}],["$","text",null,{"x":"375","y":"85","text-anchor":"middle","fill":"#58a6ff","font-size":"10","font-weight":"700","children":"VLAN 20"}],["$","text",null,{"x":"375","y":"99","text-anchor":"middle","fill":"#cdd9e5","font-size":"11","children":"VM: k8s-wk1"}],["$","text",null,{"x":"375","y":"113","text-anchor":"middle","fill":"#768390","font-size":"10","children":"10.0.20.x/24"}],["$","text",null,{"x":"375","y":"124","text-anchor":"middle","fill":"#444c56","font-size":"9","children":"Workload"}],["$","rect",null,{"x":"610","y":"60","width":"110","height":"70","rx":"8","fill":"rgba(188,140,255,0.07)","stroke":"rgba(188,140,255,0.25)","stroke-width":"1.5"}],["$","text",null,{"x":"665","y":"85","text-anchor":"middle","fill":"#bc8cff","font-size":"10","font-weight":"700","children":"VLAN 30"}],["$","text",null,{"x":"665","y":"99","text-anchor":"middle","fill":"#cdd9e5","font-size":"11","children":"VM: storage"}],["$","text",null,{"x":"665","y":"113","text-anchor":"middle","fill":"#768390","font-size":"10","children":"10.0.30.x/24"}],["$","text",null,{"x":"665","y":"124","text-anchor":"middle","fill":"#444c56","font-size":"9","children":"Storage / Ceph"}],["$","line",null,{"x1":"665","y1":"130","x2":"580","y2":"130","stroke":"#bc8cff","stroke-width":"1"}],["$","rect",null,{"x":"560","y":"270","width":"180","height":"38","rx":"6","fill":"rgba(57,211,83,0.05)","stroke":"rgba(57,211,83,0.2)","stroke-width":"1"}],["$","text",null,{"x":"650","y":"293","text-anchor":"middle","fill":"#39d353","font-size":"11","children":"Router / uplink"}]]}]
3a:["$","blockquote",null,{"children":["\n",["$","p",null,{"children":[["$","strong",null,{"children":"Warning:"}]," Make sure your upstream switch port (or home router port) is configured as a trunk if you want tagged traffic to leave the host. For a pure single-Proxmox-box lab, you don't need a real switch — the bridge handles it internally."]}],"\n"]}]
3b:["$","h3",null,{"className":"flex scroll-m-28 flex-row items-center gap-2","id":"step-1--enable-vlan-awareness-on-the-bridge","children":[["$","a",null,{"data-card":"","href":"#step-1--enable-vlan-awareness-on-the-bridge","className":"peer","children":"Step 1 — Enable VLAN-awareness on the bridge"}],["$","$L1d",null,{"iconNode":"$14:props:children:0:props:children:1:props:iconNode","className":"lucide-link size-3.5 shrink-0 text-fd-muted-foreground opacity-0 transition-opacity peer-hover:opacity-100","aria-hidden":true}]]}]
3c:["$","p",null,{"children":["Edit ",["$","code",null,{"children":"/etc/network/interfaces"}]," to mark ",["$","code",null,{"children":"vmbr0"}]," as VLAN-aware. This lets the bridge process 802.1Q tags instead of treating them as unknown traffic."]}]
3d:["$","$Lba",null,{"className":"shiki shiki-themes github-light github-dark","style":{"--shiki-light":"#24292e","--shiki-dark":"#e1e4e8","--shiki-light-bg":"#fff","--shiki-dark-bg":"#24292e"},"tabIndex":"0","icon":"","children":["$","$Lbb",null,{"children":["$","code",null,{"children":[["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"auto"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" vmbr0"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"iface"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" vmbr0"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" inet"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" static"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":" address"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" 192.168.1.10/24"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":" gateway"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" 192.168.1.1"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":" bridge-ports"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" eth0"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":" bridge-stp"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" off"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":" bridge-fd"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" 0"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":" bridge-vlan-aware"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" yes"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":" bridge-vids"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" 2-4094"}],["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":" # allow all VLAN IDs"}]]}],"\n",["$","span",null,{"className":"line"}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"ifreload"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" -a"}]]}]]}]}]}]
3e:["$","h3",null,{"className":"flex scroll-m-28 flex-row items-center gap-2","id":"step-2--create-three-vms-and-assign-them-to-different-vlans","children":[["$","a",null,{"data-card":"","href":"#step-2--create-three-vms-and-assign-them-to-different-vlans","className":"peer","children":"Step 2 — Create three VMs and assign them to different VLANs"}],["$","$L1d",null,{"iconNode":"$14:props:children:0:props:children:1:props:iconNode","className":"lucide-link size-3.5 shrink-0 text-fd-muted-foreground opacity-0 transition-opacity peer-hover:opacity-100","aria-hidden":true}]]}]
3f:["$","p",null,{"children":"In the Proxmox UI, edit each VM's network device. Set the \"VLAN Tag\" field to 10, 20, or 30 respectively. This adds the tag to the tap interface connecting the VM to the bridge."}]
40:["$","$Lba",null,{"className":"shiki shiki-themes github-light github-dark","style":{"--shiki-light":"#24292e","--shiki-dark":"#e1e4e8","--shiki-light-bg":"#fff","--shiki-dark-bg":"#24292e"},"tabIndex":"0","icon":"","children":["$","$Lbb",null,{"children":["$","code",null,{"children":[["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# Verify VLAN assignments on the bridge"}]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"bridge"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" vlan"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" show"}]]}],"\n",["$","span",null,{"className":"line"}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# Expected output shows tap interfaces tagged with their VLANs:"}]}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# tap100i0 10 PVID Egress Untagged"}]}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# tap101i0 20 PVID Egress Untagged"}]}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# tap102i0 30 PVID Egress Untagged"}]}]]}]}]}]
41:["$","h3",null,{"className":"flex scroll-m-28 flex-row items-center gap-2","id":"step-3--configure-ips-inside-each-vm","children":[["$","a",null,{"data-card":"","href":"#step-3--configure-ips-inside-each-vm","className":"peer","children":"Step 3 — Configure IPs inside each VM"}],["$","$L1d",null,{"iconNode":"$14:props:children:0:props:children:1:props:iconNode","className":"lucide-link size-3.5 shrink-0 text-fd-muted-foreground opacity-0 transition-opacity peer-hover:opacity-100","aria-hidden":true}]]}]
42:["$","p",null,{"children":"Each VM should have an IP in its designated subnet. VMs in the same VLAN can ping each other; VMs in different VLANs cannot (yet) — that's the isolation working correctly."}]
43:["$","$Lba",null,{"className":"shiki shiki-themes github-light github-dark","style":{"--shiki-light":"#24292e","--shiki-dark":"#e1e4e8","--shiki-light-bg":"#fff","--shiki-dark-bg":"#24292e"},"tabIndex":"0","icon":"","children":["$","$Lbb",null,{"children":["$","code",null,{"children":[["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# On VM in VLAN 10 (k8s-cp)"}]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"ip"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" addr"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" add"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" 10.0.10.2/24"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" dev"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" eth0"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"ip"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" link"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" set"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" eth0"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" up"}]]}],"\n",["$","span",null,{"className":"line"}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# On VM in VLAN 20 (k8s-wk1)"}]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"ip"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" addr"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" add"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" 10.0.20.2/24"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" dev"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" eth0"}]]}],"\n",["$","span",null,{"className":"line"}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# Test: ping within same VLAN (should work)"}]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"ping"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" 10.0.10.3"}],["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":" # from 10.0.10.2, another VLAN 10 VM"}]]}],"\n",["$","span",null,{"className":"line"}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# Test: ping across VLANs (should FAIL — no router yet)"}]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"ping"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" 10.0.20.2"}],["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":" # from 10.0.10.2"}]]}]]}]}]}]
44:["$","h3",null,{"className":"flex scroll-m-28 flex-row items-center gap-2","id":"step-4--add-inter-vlan-routing-on-the-proxmox-host","children":[["$","a",null,{"data-card":"","href":"#step-4--add-inter-vlan-routing-on-the-proxmox-host","className":"peer","children":"Step 4 — Add inter-VLAN routing on the Proxmox host"}],["$","$L1d",null,{"iconNode":"$14:props:children:0:props:children:1:props:iconNode","className":"lucide-link size-3.5 shrink-0 text-fd-muted-foreground opacity-0 transition-opacity peer-hover:opacity-100","aria-hidden":true}]]}]
45:["$","p",null,{"children":"Create sub-interfaces on the bridge for each VLAN. This turns the Proxmox host into a router, enabling controlled inter-VLAN traffic."}]
46:["$","$Lba",null,{"className":"shiki shiki-themes github-light github-dark","style":{"--shiki-light":"#24292e","--shiki-dark":"#e1e4e8","--shiki-light-bg":"#fff","--shiki-dark-bg":"#24292e"},"tabIndex":"0","icon":"","children":["$","$Lbb",null,{"children":["$","code",null,{"children":[["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# Add to /etc/network/interfaces"}]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"auto"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" vmbr0.10"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"iface"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" vmbr0.10"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" inet"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" static"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":" address"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" 10.0.10.1/24"}]]}],"\n",["$","span",null,{"className":"line"}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"auto"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" vmbr0.20"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"iface"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" vmbr0.20"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" inet"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" static"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":" address"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" 10.0.20.1/24"}]]}],"\n",["$","span",null,{"className":"line"}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"auto"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" vmbr0.30"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"iface"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" vmbr0.30"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" inet"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" static"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":" address"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" 10.0.30.1/24"}]]}],"\n",["$","span",null,{"className":"line"}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"ifreload"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" -a"}]]}],"\n",["$","span",null,{"className":"line"}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# Enable IP forwarding"}]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":"echo"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" 1"}],["$","span",null,{"style":{"--shiki-light":"#D73A49","--shiki-dark":"#F97583"},"children":" >"}],"$Lbd"]}],"\n","$Lbe","\n","$Lbf","\n","$Lc0"]}]}]}]
47:["$","hr",null,{}]
48:["$","h2",null,{"className":"flex scroll-m-28 flex-row items-center gap-2","id":"03--vxlan-overlay-networks","children":[["$","a",null,{"data-card":"","href":"#03--vxlan-overlay-networks","className":"peer","children":"03 — VXLAN Overlay Networks"}],["$","$L1d",null,{"iconNode":"$14:props:children:0:props:children:1:props:iconNode","className":"lucide-link size-3.5 shrink-0 text-fd-muted-foreground opacity-0 transition-opacity peer-hover:opacity-100","aria-hidden":true}]]}]
49:["$","blockquote",null,{"children":["\n",["$","p",null,{"children":"Build L2 tunnels over an L3 network — the foundation of every container CNI plugin."}],"\n"]}]
4a:["$","h3",null,{"className":"flex scroll-m-28 flex-row items-center gap-2","id":"theory-2","children":[["$","a",null,{"data-card":"","href":"#theory-2","className":"peer","children":"Theory"}],["$","$L1d",null,{"iconNode":"$14:props:children:0:props:children:1:props:iconNode","className":"lucide-link size-3.5 shrink-0 text-fd-muted-foreground opacity-0 transition-opacity peer-hover:opacity-100","aria-hidden":true}]]}]
4b:["$","p",null,{"children":"VXLAN (Virtual eXtensible LAN) encapsulates L2 Ethernet frames inside UDP packets (port 4789). This lets you create a virtual L2 network that spans multiple physical hosts connected only by L3 routing. Each VXLAN network is identified by a 24-bit VNI (VXLAN Network Identifier), giving you up to 16 million isolated segments — far more than 4094 VLANs."}]
4c:["$","p",null,{"children":"This is exactly what Flannel (VXLAN backend), Cilium (in VXLAN mode), and Calico use to build pod networks. The VTEP (VXLAN Tunnel Endpoint) is the local IP that sends and receives encapsulated traffic. Understanding VXLAN manually first makes the CNI layer far less magical."}]
4d:["$","h3",null,{"className":"flex scroll-m-28 flex-row items-center gap-2","id":"vxlan-encapsulation--two-proxmox-vms","children":[["$","a",null,{"data-card":"","href":"#vxlan-encapsulation--two-proxmox-vms","className":"peer","children":"VXLAN Encapsulation — Two Proxmox VMs"}],["$","$L1d",null,{"iconNode":"$14:props:children:0:props:children:1:props:iconNode","className":"lucide-link size-3.5 shrink-0 text-fd-muted-foreground opacity-0 transition-opacity peer-hover:opacity-100","aria-hidden":true}]]}]
4e:["$","svg",null,{"viewBox":"0 0 800 380","xmlns":"http://www.w3.org/2000/svg","font-family":"JetBrains Mono, monospace","children":[["$","defs",null,{"children":["$","marker",null,{"id":"arr-vx","markerWidth":"8","markerHeight":"8","refX":"6","refY":"3","orient":"auto","children":["$","path",null,{"d":"M0,0 L0,6 L8,3 z","fill":"#f0883e"}]}]}],["$","rect",null,{"x":"20","y":"20","width":"330","height":"280","rx":"10","fill":"rgba(57,211,83,0.03)","stroke":"rgba(57,211,83,0.15)","stroke-width":"1.5"}],["$","text",null,{"x":"185","y":"45","text-anchor":"middle","fill":"#39d353","font-size":"11","font-weight":"700","children":"VM-A (10.10.0.2)"}],["$","rect",null,{"x":"50","y":"60","width":"130","height":"50","rx":"6","fill":"#161e28","stroke":"#243447","stroke-width":"1"}],["$","text",null,{"x":"115","y":"81","text-anchor":"middle","fill":"#cdd9e5","font-size":"10","children":"Container / Pod"}],["$","text",null,{"x":"115","y":"96","text-anchor":"middle","fill":"#768390","font-size":"9","children":"172.20.0.2/24"}],["$","line",null,{"x1":"115","y1":"110","x2":"115","y2":"138","stroke":"#39d353","stroke-width":"1.5"}],["$","rect",null,{"x":"50","y":"138","width":"130","height":"36","rx":"5","fill":"rgba(57,211,83,0.08)","stroke":"rgba(57,211,83,0.25)","stroke-width":"1"}],["$","text",null,{"x":"115","y":"157","text-anchor":"middle","fill":"#39d353","font-size":"10","font-weight":"700","children":"vxlan10"}],["$","text",null,{"x":"115","y":"168","text-anchor":"middle","fill":"#768390","font-size":"9","children":"172.20.0.1/24 VNI=10"}],["$","line",null,{"x1":"115","y1":"174","x2":"115","y2":"204","stroke":"#f0883e","stroke-width":"1.5","stroke-dasharray":"4 2"}],["$","rect",null,{"x":"40","y":"204","width":"270","height":"60","rx":"6","fill":"rgba(240,136,62,0.06)","stroke":"rgba(240,136,62,0.25)","stroke-width":"1"}],["$","text",null,{"x":"175","y":"225","text-anchor":"middle","fill":"#f0883e","font-size":"10","font-weight":"700","children":"VXLAN Encapsulation"}],["$","text",null,{"x":"175","y":"242","text-anchor":"middle","fill":"#768390","font-size":"9","children":"[ UDP | VNI=10 | Eth | IP | Payload ]"}],["$","text",null,{"x":"175","y":"255","text-anchor":"middle","fill":"#444c56","font-size":"9","children":"outer src: 10.10.0.2 dst: 10.10.0.3"}],["$","line",null,{"x1":"115","y1":"264","x2":"115","y2":"286","stroke":"#f0883e","stroke-width":"1.5"}],["$","rect",null,{"x":"50","y":"286","width":"130","height":"36","rx":"5","fill":"#0d1117","stroke":"#1e2d3d","stroke-width":"1"}],["$","text",null,{"x":"115","y":"305","text-anchor":"middle","fill":"#768390","font-size":"10","children":"eth0"}],["$","text",null,{"x":"115","y":"317","text-anchor":"middle","fill":"#444c56","font-size":"9","children":"10.10.0.2"}],["$","rect",null,{"x":"450","y":"20","width":"330","height":"280","rx":"10","fill":"rgba(88,166,255,0.03)","stroke":"rgba(88,166,255,0.15)","stroke-width":"1.5"}],["$","text",null,{"x":"615","y":"45","text-anchor":"middle","fill":"#58a6ff","font-size":"11","font-weight":"700","children":"VM-B (10.10.0.3)"}],["$","rect",null,{"x":"620","y":"60","width":"130","height":"50","rx":"6","fill":"#161e28","stroke":"#243447","stroke-width":"1"}],["$","text",null,{"x":"685","y":"81","text-anchor":"middle","fill":"#cdd9e5","font-size":"10","children":"Container / Pod"}],["$","text",null,{"x":"685","y":"96","text-anchor":"middle","fill":"#768390","font-size":"9","children":"172.20.1.2/24"}],["$","line",null,{"x1":"685","y1":"110","x2":"685","y2":"138","stroke":"#58a6ff","stroke-width":"1.5"}],["$","rect",null,{"x":"620","y":"138","width":"130","height":"36","rx":"5","fill":"rgba(88,166,255,0.08)","stroke":"rgba(88,166,255,0.25)","stroke-width":"1"}],["$","text",null,{"x":"685","y":"157","text-anchor":"middle","fill":"#58a6ff","font-size":"10","font-weight":"700","children":"vxlan10"}],["$","text",null,{"x":"685","y":"168","text-anchor":"middle","fill":"#768390","font-size":"9","children":"172.20.1.1/24 VNI=10"}],["$","line",null,{"x1":"685","y1":"174","x2":"685","y2":"204","stroke":"#f0883e","stroke-width":"1.5","stroke-dasharray":"4 2"}],["$","rect",null,{"x":"490","y":"204","width":"270","height":"60","rx":"6","fill":"rgba(240,136,62,0.06)","stroke":"rgba(240,136,62,0.25)","stroke-width":"1"}],["$","text",null,{"x":"625","y":"225","text-anchor":"middle","fill":"#f0883e","font-size":"10","font-weight":"700","children":"VXLAN Decapsulation"}],["$","text",null,{"x":"625","y":"242","text-anchor":"middle","fill":"#768390","font-size":"9","children":"Strip UDP header → forward inner frame"}],["$","text",null,{"x":"625","y":"255","text-anchor":"middle","fill":"#444c56","font-size":"9","children":"VTEP: 10.10.0.3 VNI match: 10"}],["$","line",null,{"x1":"685","y1":"264","x2":"685","y2":"286","stroke":"#f0883e","stroke-width":"1.5"}],["$","rect",null,{"x":"620","y":"286","width":"130","height":"36","rx":"5","fill":"#0d1117","stroke":"#1e2d3d","stroke-width":"1"}],["$","text",null,{"x":"685","y":"305","text-anchor":"middle","fill":"#768390","font-size":"10","children":"eth0"}],["$","text",null,{"x":"685","y":"317","text-anchor":"middle","fill":"#444c56","font-size":"9","children":"10.10.0.3"}],"$Lc1","$Lc2","$Lc3"]}]
4f:["$","h3",null,{"className":"flex scroll-m-28 flex-row items-center gap-2","id":"step-1--spin-up-two-lightweight-vms","children":[["$","a",null,{"data-card":"","href":"#step-1--spin-up-two-lightweight-vms","className":"peer","children":"Step 1 — Spin up two lightweight VMs"}],["$","$L1d",null,{"iconNode":"$14:props:children:0:props:children:1:props:iconNode","className":"lucide-link size-3.5 shrink-0 text-fd-muted-foreground opacity-0 transition-opacity peer-hover:opacity-100","aria-hidden":true}]]}]
50:["$","p",null,{"children":["Create two Alpine Linux or Debian VMs in Proxmox, both connected to ",["$","code",null,{"children":"vmbr1"}]," (internal bridge from Exercise 1). Assign them IPs on the ",["$","code",null,{"children":"10.10.0.0/24"}]," underlay network."]}]
51:["$","$Lba",null,{"className":"shiki shiki-themes github-light github-dark","style":{"--shiki-light":"#24292e","--shiki-dark":"#e1e4e8","--shiki-light-bg":"#fff","--shiki-dark-bg":"#24292e"},"tabIndex":"0","icon":"","children":["$","$Lbb",null,{"children":["$","code",null,{"children":[["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# VM-A: 10.10.0.2/24 — VM-B: 10.10.0.3/24"}]}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# Verify underlay connectivity first — from VM-A:"}]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"ping"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" 10.10.0.3"}],["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":" # must succeed before VXLAN setup"}]]}]]}]}]}]
52:["$","h3",null,{"className":"flex scroll-m-28 flex-row items-center gap-2","id":"step-2--create-the-vxlan-interface-on-vm-a","children":[["$","a",null,{"data-card":"","href":"#step-2--create-the-vxlan-interface-on-vm-a","className":"peer","children":"Step 2 — Create the VXLAN interface on VM-A"}],["$","$L1d",null,{"iconNode":"$14:props:children:0:props:children:1:props:iconNode","className":"lucide-link size-3.5 shrink-0 text-fd-muted-foreground opacity-0 transition-opacity peer-hover:opacity-100","aria-hidden":true}]]}]
53:["$","p",null,{"children":["The ",["$","code",null,{"children":"vxlan"}]," device is the local VTEP. It knows the remote VTEP IP (VM-B) and the VNI to use."]}]
54:["$","$Lba",null,{"className":"shiki shiki-themes github-light github-dark","style":{"--shiki-light":"#24292e","--shiki-dark":"#e1e4e8","--shiki-light-bg":"#fff","--shiki-dark-bg":"#24292e"},"tabIndex":"0","icon":"","children":["$","$Lbb",null,{"children":["$","code",null,{"children":[["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# On VM-A (10.10.0.2)"}]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"ip"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" link"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" add"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" vxlan10"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" type"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" vxlan"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" \\"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" id"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" 10"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" \\"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" dstport"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" 4789"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" \\"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" remote"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" 10.10.0.3"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" \\"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" local"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" 10.10.0.2"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" \\"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" dev"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" eth0"}]]}],"\n",["$","span",null,{"className":"line"}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"ip"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" addr"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" add"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" 172.20.0.1/24"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" dev"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" vxlan10"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"ip"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" link"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" set"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" vxlan10"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" up"}]]}],"\n",["$","span",null,{"className":"line"}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# Verify"}]}],"\n","$Lc4"]}]}]}]
55:["$","h3",null,{"className":"flex scroll-m-28 flex-row items-center gap-2","id":"step-3--create-the-vxlan-interface-on-vm-b","children":[["$","a",null,{"data-card":"","href":"#step-3--create-the-vxlan-interface-on-vm-b","className":"peer","children":"Step 3 — Create the VXLAN interface on VM-B"}],["$","$L1d",null,{"iconNode":"$14:props:children:0:props:children:1:props:iconNode","className":"lucide-link size-3.5 shrink-0 text-fd-muted-foreground opacity-0 transition-opacity peer-hover:opacity-100","aria-hidden":true}]]}]
56:["$","p",null,{"children":"Mirror the setup on VM-B with reversed local/remote addresses and a different overlay subnet."}]
57:["$","$Lba",null,{"className":"shiki shiki-themes github-light github-dark","style":{"--shiki-light":"#24292e","--shiki-dark":"#e1e4e8","--shiki-light-bg":"#fff","--shiki-dark-bg":"#24292e"},"tabIndex":"0","icon":"","children":["$","$Lbb",null,{"children":["$","code",null,{"children":[["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# On VM-B (10.10.0.3)"}]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"ip"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" link"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" add"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" vxlan10"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" type"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" vxlan"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" \\"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" id"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" 10"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" \\"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" dstport"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" 4789"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" \\"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" remote"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" 10.10.0.2"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" \\"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" local"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" 10.10.0.3"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" \\"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" dev"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" eth0"}]]}],"\n",["$","span",null,{"className":"line"}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"ip"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" addr"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" add"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" 172.20.1.1/24"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" dev"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" vxlan10"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"ip"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" link"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" set"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" vxlan10"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" up"}]]}]]}]}]}]
58:["$","h3",null,{"className":"flex scroll-m-28 flex-row items-center gap-2","id":"step-4--test-and-observe-the-encapsulation","children":[["$","a",null,{"data-card":"","href":"#step-4--test-and-observe-the-encapsulation","className":"peer","children":"Step 4 — Test and observe the encapsulation"}],["$","$L1d",null,{"iconNode":"$14:props:children:0:props:children:1:props:iconNode","className":"lucide-link size-3.5 shrink-0 text-fd-muted-foreground opacity-0 transition-opacity peer-hover:opacity-100","aria-hidden":true}]]}]
59:["$","p",null,{"children":"Ping across the tunnel and capture packets on the underlay interface to see VXLAN encapsulation in action."}]
5a:["$","$Lba",null,{"className":"shiki shiki-themes github-light github-dark","style":{"--shiki-light":"#24292e","--shiki-dark":"#e1e4e8","--shiki-light-bg":"#fff","--shiki-dark-bg":"#24292e"},"tabIndex":"0","icon":"","children":["$","$Lbb",null,{"children":["$","code",null,{"children":[["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# From VM-A, ping VM-B's overlay address"}]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"ping"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" 172.20.1.1"}]]}],"\n",["$","span",null,{"className":"line"}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# On VM-A, capture underlay to see encapsulation"}]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"tcpdump"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" -i"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" eth0"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" -n"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" udp"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" port"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" 4789"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" -v"}]]}],"\n",["$","span",null,{"className":"line"}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# You'll see packets like:"}]}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# IP 10.10.0.2.PORT > 10.10.0.3.4789: VXLAN, flags [I], vni 10"}]}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# IP 172.20.0.1 > 172.20.1.1: ICMP echo"}]}],"\n",["$","span",null,{"className":"line"}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# Check MTU — VXLAN adds 50 bytes of overhead"}]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"ip"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" link"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" show"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" vxlan10"}],["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":" # MTU should be ~1450"}]]}]]}]}]}]
5b:["$","blockquote",null,{"children":["\n",["$","p",null,{"children":[["$","strong",null,{"children":"Warning:"}]," MTU matters. VXLAN encapsulation adds ~50 bytes. If your underlay MTU is 1500, set ",["$","code",null,{"children":"vxlan10"}]," MTU to 1450 to avoid fragmentation — the same issue CNI plugins handle automatically."]}],"\n"]}]
5c:["$","h3",null,{"className":"flex scroll-m-28 flex-row items-center gap-2","id":"step-5--upgrade-to-fdb-based-discovery","children":[["$","a",null,{"data-card":"","href":"#step-5--upgrade-to-fdb-based-discovery","className":"peer","children":"Step 5 — Upgrade to FDB-based discovery"}],["$","$L1d",null,{"iconNode":"$14:props:children:0:props:children:1:props:iconNode","className":"lucide-link size-3.5 shrink-0 text-fd-muted-foreground opacity-0 transition-opacity peer-hover:opacity-100","aria-hidden":true}]]}]
5d:["$","p",null,{"children":"The static remote IP works for 2 nodes. For more, manage the Forwarding Database (FDB) manually — exactly what a CNI control plane does."}]
5e:["$","$Lba",null,{"className":"shiki shiki-themes github-light github-dark","style":{"--shiki-light":"#24292e","--shiki-dark":"#e1e4e8","--shiki-light-bg":"#fff","--shiki-dark-bg":"#24292e"},"tabIndex":"0","icon":"","children":["$","$Lbb",null,{"children":["$","code",null,{"children":[["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# Create VXLAN without static remote (learning mode)"}]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"ip"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" link"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" add"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" vxlan10"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" type"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" vxlan"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" \\"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" id"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" 10"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" dstport"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" 4789"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" \\"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" local"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" 10.10.0.2"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" dev"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" eth0"}]]}],"\n",["$","span",null,{"className":"line"}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# Manually add remote VTEP entries in FDB"}]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"bridge"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" fdb"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" append"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" 00:00:00:00:00:00"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" dev"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" vxlan10"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" dst"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" 10.10.0.3"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"bridge"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" fdb"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" append"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" 00:00:00:00:00:00"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" dev"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" vxlan10"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" dst"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" 10.10.0.4"}]]}],"\n",["$","span",null,{"className":"line"}],"\n","$Lc5","\n","$Lc6"]}]}]}]
5f:["$","hr",null,{}]
60:["$","h2",null,{"className":"flex scroll-m-28 flex-row items-center gap-2","id":"04--bgp-with-frr","children":[["$","a",null,{"data-card":"","href":"#04--bgp-with-frr","className":"peer","children":"04 — BGP with FRR"}],["$","$L1d",null,{"iconNode":"$14:props:children:0:props:children:1:props:iconNode","className":"lucide-link size-3.5 shrink-0 text-fd-muted-foreground opacity-0 transition-opacity peer-hover:opacity-100","aria-hidden":true}]]}]
61:["$","blockquote",null,{"children":["\n",["$","p",null,{"children":"Advertise routes between cluster nodes the way Cilium BGP Control Plane does."}],"\n"]}]
62:["$","h3",null,{"className":"flex scroll-m-28 flex-row items-center gap-2","id":"theory-3","children":[["$","a",null,{"data-card":"","href":"#theory-3","className":"peer","children":"Theory"}],["$","$L1d",null,{"iconNode":"$14:props:children:0:props:children:1:props:iconNode","className":"lucide-link size-3.5 shrink-0 text-fd-muted-foreground opacity-0 transition-opacity peer-hover:opacity-100","aria-hidden":true}]]}]
63:["$","p",null,{"children":"BGP (Border Gateway Protocol) is the routing protocol of the Internet, but it's increasingly used inside Kubernetes clusters. Cilium's BGP Control Plane uses BGP to advertise pod CIDRs and LoadBalancer IPs to upstream routers, enabling bare-metal load balancing without a cloud provider. FRR (Free Range Routing) is the open-source routing suite that both Cilium and Proxmox SDN use underneath."}]
64:["$","p",null,{"children":"In this exercise, you'll set up a simple iBGP (internal BGP, same AS number) topology with a route reflector, then advertise a \"pod CIDR\" from one node and verify another node learns the route. This is the exact pattern Cilium uses."}]
65:["$","h3",null,{"className":"flex scroll-m-28 flex-row items-center gap-2","id":"bgp-topology--route-reflector-pattern","children":[["$","a",null,{"data-card":"","href":"#bgp-topology--route-reflector-pattern","className":"peer","children":"BGP Topology — Route Reflector Pattern"}],["$","$L1d",null,{"iconNode":"$14:props:children:0:props:children:1:props:iconNode","className":"lucide-link size-3.5 shrink-0 text-fd-muted-foreground opacity-0 transition-opacity peer-hover:opacity-100","aria-hidden":true}]]}]
66:["$","svg",null,{"viewBox":"0 0 700 320","xmlns":"http://www.w3.org/2000/svg","font-family":"JetBrains Mono, monospace","children":[["$","rect",null,{"x":"270","y":"120","width":"160","height":"70","rx":"8","fill":"rgba(240,136,62,0.08)","stroke":"rgba(240,136,62,0.35)","stroke-width":"2"}],["$","text",null,{"x":"350","y":"148","text-anchor":"middle","fill":"#f0883e","font-size":"11","font-weight":"700","children":"router-vm"}],["$","text",null,{"x":"350","y":"162","text-anchor":"middle","fill":"#768390","font-size":"10","children":"FRR AS 65000"}],["$","text",null,{"x":"350","y":"175","text-anchor":"middle","fill":"#444c56","font-size":"9","children":"Route Reflector"}],["$","text",null,{"x":"350","y":"185","text-anchor":"middle","fill":"#444c56","font-size":"9","children":"10.10.0.1"}],["$","rect",null,{"x":"40","y":"40","width":"140","height":"70","rx":"8","fill":"rgba(57,211,83,0.07)","stroke":"rgba(57,211,83,0.25)","stroke-width":"1.5"}],["$","text",null,{"x":"110","y":"65","text-anchor":"middle","fill":"#39d353","font-size":"11","font-weight":"700","children":"node-1"}],["$","text",null,{"x":"110","y":"79","text-anchor":"middle","fill":"#768390","font-size":"10","children":"FRR AS 65000"}],["$","text",null,{"x":"110","y":"93","text-anchor":"middle","fill":"#444c56","font-size":"9","children":"10.10.0.2"}],["$","text",null,{"x":"110","y":"105","text-anchor":"middle","fill":"#39d353","font-size":"9","children":"pod CIDR: 172.16.1.0/24"}],["$","rect",null,{"x":"280","y":"40","width":"140","height":"70","rx":"8","fill":"rgba(57,211,83,0.07)","stroke":"rgba(57,211,83,0.25)","stroke-width":"1.5"}],["$","text",null,{"x":"350","y":"65","text-anchor":"middle","fill":"#39d353","font-size":"11","font-weight":"700","children":"node-2"}],["$","text",null,{"x":"350","y":"79","text-anchor":"middle","fill":"#768390","font-size":"10","children":"FRR AS 65000"}],["$","text",null,{"x":"350","y":"93","text-anchor":"middle","fill":"#444c56","font-size":"9","children":"10.10.0.3"}],["$","text",null,{"x":"350","y":"105","text-anchor":"middle","fill":"#39d353","font-size":"9","children":"pod CIDR: 172.16.2.0/24"}],["$","rect",null,{"x":"520","y":"40","width":"140","height":"70","rx":"8","fill":"rgba(57,211,83,0.07)","stroke":"rgba(57,211,83,0.25)","stroke-width":"1.5"}],["$","text",null,{"x":"590","y":"65","text-anchor":"middle","fill":"#39d353","font-size":"11","font-weight":"700","children":"node-3"}],["$","text",null,{"x":"590","y":"79","text-anchor":"middle","fill":"#768390","font-size":"10","children":"FRR AS 65000"}],["$","text",null,{"x":"590","y":"93","text-anchor":"middle","fill":"#444c56","font-size":"9","children":"10.10.0.4"}],["$","text",null,{"x":"590","y":"105","text-anchor":"middle","fill":"#39d353","font-size":"9","children":"pod CIDR: 172.16.3.0/24"}],["$","line",null,{"x1":"160","y1":"75","x2":"270","y2":"145","stroke":"#f0883e","stroke-width":"1.5","stroke-dasharray":"5 3"}],["$","text",null,{"x":"195","y":"100","fill":"#f0883e","font-size":"9","transform":"rotate(25,195,100)","children":"iBGP session"}],["$","line",null,{"x1":"350","y1":"110","x2":"350","y2":"120","stroke":"#f0883e","stroke-width":"1.5","stroke-dasharray":"5 3"}],["$","line",null,{"x1":"520","y1":"75","x2":"430","y2":"145","stroke":"#f0883e","stroke-width":"1.5","stroke-dasharray":"5 3"}],["$","text",null,{"x":"485","y":"100","fill":"#f0883e","font-size":"9","transform":"rotate(-25,485,100)","children":"iBGP session"}],["$","path",null,{"d":"M 110 110 Q 110 240 350 240 Q 590 240 590 110","fill":"none","stroke":"#58a6ff","stroke-width":"1.5","stroke-dasharray":"4 2"}],["$","text",null,{"x":"350","y":"262","text-anchor":"middle","fill":"#58a6ff","font-size":"10","children":"Routes reflected to all peers"}],["$","text",null,{"x":"350","y":"275","text-anchor":"middle","fill":"#444c56","font-size":"9","children":"172.16.1.0/24 via 10.10.0.2 / 172.16.2.0/24 via 10.10.0.3 ..."}],["$","rect",null,{"x":"270","y":"230","width":"160","height":"36","rx":"6","fill":"rgba(88,166,255,0.05)","stroke":"rgba(88,166,255,0.15)","stroke-width":"1"}],["$","text",null,{"x":"350","y":"252","text-anchor":"middle","fill":"#58a6ff","font-size":"10","children":"Upstream / eBGP peer"}],["$","line",null,{"x1":"350","y1":"190","x2":"350","y2":"230","stroke":"#58a6ff","stroke-width":"1","stroke-dasharray":"3 2"}]]}]
67:["$","h3",null,{"className":"flex scroll-m-28 flex-row items-center gap-2","id":"step-1--install-frr-on-all-vms","children":[["$","a",null,{"data-card":"","href":"#step-1--install-frr-on-all-vms","className":"peer","children":"Step 1 — Install FRR on all VMs"}],["$","$L1d",null,{"iconNode":"$14:props:children:0:props:children:1:props:iconNode","className":"lucide-link size-3.5 shrink-0 text-fd-muted-foreground opacity-0 transition-opacity peer-hover:opacity-100","aria-hidden":true}]]}]
68:["$","p",null,{"children":"FRR (Free Range Routing) is the successor to Quagga. Install it on your router VM and your node VMs."}]
69:["$","$Lba",null,{"className":"shiki shiki-themes github-light github-dark","style":{"--shiki-light":"#24292e","--shiki-dark":"#e1e4e8","--shiki-light-bg":"#fff","--shiki-dark-bg":"#24292e"},"tabIndex":"0","icon":"","children":["$","$Lbb",null,{"children":["$","code",null,{"children":[["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# On Debian/Ubuntu VMs"}]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"curl"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" -s"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" https://deb.frrouting.org/frr/keys.gpg"}],["$","span",null,{"style":{"--shiki-light":"#D73A49","--shiki-dark":"#F97583"},"children":" |"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" \\"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":" gpg"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" --dearmor"}],["$","span",null,{"style":{"--shiki-light":"#D73A49","--shiki-dark":"#F97583"},"children":" >"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" /usr/share/keyrings/frr.gpg"}]]}],"\n",["$","span",null,{"className":"line"}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":"echo"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" \"deb [signed-by=/usr/share/keyrings/frr.gpg] "}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":"\\"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" https://deb.frrouting.org/frr $("}],["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"lsb_release"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" -sc"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":") frr-stable\""}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" \\"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#D73A49","--shiki-dark":"#F97583"},"children":" >"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" /etc/apt/sources.list.d/frr.list"}]]}],"\n",["$","span",null,{"className":"line"}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"apt"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" update"}],["$","span",null,{"style":{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},"children":" && "}],["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"apt"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" install"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" frr"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" frr-pythontools"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" -y"}]]}],"\n",["$","span",null,{"className":"line"}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# Enable BGP daemon"}]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"sed"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" -i"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" 's/bgpd=no/bgpd=yes/'"}],"$Lc7"]}],"\n","$Lc8"]}]}]}]
6a:["$","h3",null,{"className":"flex scroll-m-28 flex-row items-center gap-2","id":"step-2--configure-the-route-reflector-router-vm","children":[["$","a",null,{"data-card":"","href":"#step-2--configure-the-route-reflector-router-vm","className":"peer","children":"Step 2 — Configure the Route Reflector (router-vm)"}],["$","$L1d",null,{"iconNode":"$14:props:children:0:props:children:1:props:iconNode","className":"lucide-link size-3.5 shrink-0 text-fd-muted-foreground opacity-0 transition-opacity peer-hover:opacity-100","aria-hidden":true}]]}]
6b:["$","p",null,{"children":"The route reflector accepts iBGP sessions from all nodes and re-advertises (reflects) their routes to all other peers — avoiding the O(n²) full mesh problem."}]
6c:["$","$Lba",null,{"className":"shiki shiki-themes github-light github-dark","style":{"--shiki-light":"#24292e","--shiki-dark":"#e1e4e8","--shiki-light-bg":"#fff","--shiki-dark-bg":"#24292e"},"tabIndex":"0","icon":"","children":["$","$Lbb",null,{"children":["$","code",null,{"children":[["$","span",null,{"className":"line","children":["$","span",null,{"children":"# /etc/frr/frr.conf on router-vm"}]}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"children":"frr defaults traditional"}]}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"children":"hostname router-vm"}]}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{}]}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"children":"router bgp 65000"}]}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"children":" bgp router-id 10.10.0.1"}]}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"children":" bgp cluster-id 10.10.0.1"}]}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{}]}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"children":" # Define each node as a neighbor"}]}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"children":" neighbor 10.10.0.2 remote-as 65000"}]}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"children":" neighbor 10.10.0.3 remote-as 65000"}]}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"children":" neighbor 10.10.0.4 remote-as 65000"}]}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{}]}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"children":" address-family ipv4 unicast"}]}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"children":" # Enable route reflection for all peers"}]}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"children":" neighbor 10.10.0.2 route-reflector-client"}]}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"children":" neighbor 10.10.0.3 route-reflector-client"}]}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"children":" neighbor 10.10.0.4 route-reflector-client"}]}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"children":" exit-address-family"}]}]]}]}]}]
6d:["$","h3",null,{"className":"flex scroll-m-28 flex-row items-center gap-2","id":"step-3--configure-each-node-to-advertise-its-pod-cidr","children":[["$","a",null,{"data-card":"","href":"#step-3--configure-each-node-to-advertise-its-pod-cidr","className":"peer","children":"Step 3 — Configure each node to advertise its pod CIDR"}],["$","$L1d",null,{"iconNode":"$14:props:children:0:props:children:1:props:iconNode","className":"lucide-link size-3.5 shrink-0 text-fd-muted-foreground opacity-0 transition-opacity peer-hover:opacity-100","aria-hidden":true}]]}]
6e:["$","p",null,{"children":["Each node connects to the route reflector and announces its assigned pod subnet. In Cilium BGP mode, this config is generated automatically from ",["$","code",null,{"children":"CiliumBGPPeeringPolicy"}],"."]}]
6f:["$","$Lba",null,{"className":"shiki shiki-themes github-light github-dark","style":{"--shiki-light":"#24292e","--shiki-dark":"#e1e4e8","--shiki-light-bg":"#fff","--shiki-dark-bg":"#24292e"},"tabIndex":"0","icon":"","children":["$","$Lbb",null,{"children":["$","code",null,{"children":[["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# /etc/frr/frr.conf on node-1 (10.10.0.2)"}]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"frr"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" defaults"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" traditional"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"hostname"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" node-1"}]]}],"\n",["$","span",null,{"className":"line"}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"router"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" bgp"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" 65000"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":" bgp"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" router-id"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" 10.10.0.2"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":" neighbor"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" 10.10.0.1"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" remote-as"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" 65000"}],["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":" # route reflector"}]]}],"\n",["$","span",null,{"className":"line"}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":" address-family"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" ipv4"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" unicast"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":" network"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" 172.16.1.0/24"}],["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":" # advertise pod CIDR"}]]}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":" exit-address-family"}]}]]}]}]}]
70:["$","$Lba",null,{"className":"shiki shiki-themes github-light github-dark","style":{"--shiki-light":"#24292e","--shiki-dark":"#e1e4e8","--shiki-light-bg":"#fff","--shiki-dark-bg":"#24292e"},"tabIndex":"0","icon":"","children":["$","$Lbb",null,{"children":["$","code",null,{"children":[["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# Add a local dummy route so BGP has something to advertise"}]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"ip"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" link"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" add"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" dummy0"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" type"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" dummy"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"ip"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" addr"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" add"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" 172.16.1.0/24"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" dev"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" dummy0"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"ip"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" link"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" set"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" dummy0"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" up"}]]}]]}]}]}]
71:["$","h3",null,{"className":"flex scroll-m-28 flex-row items-center gap-2","id":"step-4--verify-bgp-sessions-and-route-propagation","children":[["$","a",null,{"data-card":"","href":"#step-4--verify-bgp-sessions-and-route-propagation","className":"peer","children":"Step 4 — Verify BGP sessions and route propagation"}],["$","$L1d",null,{"iconNode":"$14:props:children:0:props:children:1:props:iconNode","className":"lucide-link size-3.5 shrink-0 text-fd-muted-foreground opacity-0 transition-opacity peer-hover:opacity-100","aria-hidden":true}]]}]
72:["$","p",null,{"children":["Use ",["$","code",null,{"children":"vtysh"}]," (FRR's interactive CLI) to inspect sessions and routes — like ",["$","code",null,{"children":"kubectl"}]," but for your routing layer."]}]
73:["$","$Lba",null,{"className":"shiki shiki-themes github-light github-dark","style":{"--shiki-light":"#24292e","--shiki-dark":"#e1e4e8","--shiki-light-bg":"#fff","--shiki-dark-bg":"#24292e"},"tabIndex":"0","icon":"","children":["$","$Lbb",null,{"children":["$","code",null,{"children":[["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# Enter FRR interactive shell"}]}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"vtysh"}]}],"\n",["$","span",null,{"className":"line"}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# Check BGP neighbors"}]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"show"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" bgp"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" neighbors"}]]}],"\n",["$","span",null,{"className":"line"}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# See BGP routing table"}]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"show"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" bgp"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" ipv4"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" unicast"}]]}],"\n",["$","span",null,{"className":"line"}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# On node-2, verify it learned node-1's route"}]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"show"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" ip"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" route"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" 172.16.1.0/24"}]]}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# Should show: B> 172.16.1.0/24 via 10.10.0.2"}]}],"\n",["$","span",null,{"className":"line"}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# Test reachability"}]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"ping"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" -I"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" 172.16.2.1"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" 172.16.1.1"}],["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":" # from node-2 pod CIDR to node-1"}]]}]]}]}]}]
74:["$","blockquote",null,{"children":["\n",["$","p",null,{"children":[["$","strong",null,{"children":"Tip:"}]," The ",["$","code",null,{"children":"B>"}]," prefix in the route table means the route was learned via BGP and selected as the best path. This is exactly the output you'd see on a physical router connected to a Cilium-managed cluster."]}],"\n"]}]
75:["$","hr",null,{}]
76:["$","h2",null,{"className":"flex scroll-m-28 flex-row items-center gap-2","id":"05--network-namespaces--cni-primitives","children":[["$","a",null,{"data-card":"","href":"#05--network-namespaces--cni-primitives","className":"peer","children":"05 — Network Namespaces & CNI Primitives"}],["$","$L1d",null,{"iconNode":"$14:props:children:0:props:children:1:props:iconNode","className":"lucide-link size-3.5 shrink-0 text-fd-muted-foreground opacity-0 transition-opacity peer-hover:opacity-100","aria-hidden":true}]]}]
77:["$","blockquote",null,{"children":["\n",["$","p",null,{"children":"Manually replicate what a CNI plugin does when setting up a pod network."}],"\n"]}]
78:["$","h3",null,{"className":"flex scroll-m-28 flex-row items-center gap-2","id":"theory-4","children":[["$","a",null,{"data-card":"","href":"#theory-4","className":"peer","children":"Theory"}],["$","$L1d",null,{"iconNode":"$14:props:children:0:props:children:1:props:iconNode","className":"lucide-link size-3.5 shrink-0 text-fd-muted-foreground opacity-0 transition-opacity peer-hover:opacity-100","aria-hidden":true}]]}]
79:["$","p",null,{"children":["Every container runtime isolates network using Linux ",["$","strong",null,{"children":"network namespaces"}]," — a kernel feature that gives each namespace its own interfaces, routing table, and iptables rules. When a pod starts, the CNI plugin: creates a new netns, creates a veth pair, moves one end into the pod netns, assigns an IP, and connects the other end to a bridge or directly to the host. You'll do all of this manually to demystify the process."]}]
7a:["$","p",null,{"children":"This exercise also covers iptables/nftables rules for pod-level network policy — which is what Calico and the iptables backend of Cilium operate on. After this, Cilium's eBPF path will feel like a natural evolution of the same concept."}]
7b:["$","h3",null,{"className":"flex scroll-m-28 flex-row items-center gap-2","id":"manual-pod-network-setup--veth-pair--bridge","children":[["$","a",null,{"data-card":"","href":"#manual-pod-network-setup--veth-pair--bridge","className":"peer","children":"Manual Pod Network Setup — veth pair + bridge"}],["$","$L1d",null,{"iconNode":"$14:props:children:0:props:children:1:props:iconNode","className":"lucide-link size-3.5 shrink-0 text-fd-muted-foreground opacity-0 transition-opacity peer-hover:opacity-100","aria-hidden":true}]]}]
7c:["$","svg",null,{"viewBox":"0 0 720 320","xmlns":"http://www.w3.org/2000/svg","font-family":"JetBrains Mono, monospace","children":[["$","rect",null,{"x":"10","y":"10","width":"700","height":"300","rx":"10","fill":"rgba(88,166,255,0.02)","stroke":"rgba(88,166,255,0.1)","stroke-width":"1"}],["$","text",null,{"x":"20","y":"32","fill":"#58a6ff","font-size":"10","font-weight":"700","children":"HOST NAMESPACE"}],["$","rect",null,{"x":"270","y":"180","width":"180","height":"40","rx":"6","fill":"rgba(240,136,62,0.07)","stroke":"rgba(240,136,62,0.3)","stroke-width":"1.5"}],["$","text",null,{"x":"360","y":"197","text-anchor":"middle","fill":"#f0883e","font-size":"11","font-weight":"700","children":"cni0 bridge"}],["$","text",null,{"x":"360","y":"210","text-anchor":"middle","fill":"#768390","font-size":"9","children":"10.244.0.1/24"}],["$","rect",null,{"x":"310","y":"255","width":"100","height":"36","rx":"5","fill":"#0d1117","stroke":"#1e2d3d","stroke-width":"1"}],["$","text",null,{"x":"360","y":"274","text-anchor":"middle","fill":"#768390","font-size":"10","children":"eth0"}],["$","text",null,{"x":"360","y":"285","text-anchor":"middle","fill":"#444c56","font-size":"9","children":"host uplink"}],["$","line",null,{"x1":"360","y1":"220","x2":"360","y2":"255","stroke":"#f0883e","stroke-width":"1.5"}],["$","rect",null,{"x":"160","y":"148","width":"80","height":"32","rx":"5","fill":"#161e28","stroke":"#243447","stroke-width":"1"}],["$","text",null,{"x":"200","y":"165","text-anchor":"middle","fill":"#cdd9e5","font-size":"9","children":"veth0a"}],["$","text",null,{"x":"200","y":"177","text-anchor":"middle","fill":"#444c56","font-size":"9","children":"(host end)"}],["$","line",null,{"x1":"200","y1":"180","x2":"270","y2":"195","stroke":"#39d353","stroke-width":"1.5"}],["$","line",null,{"x1":"200","y1":"148","x2":"200","y2":"116","stroke":"#39d353","stroke-width":"1.5","stroke-dasharray":"4 2"}],["$","rect",null,{"x":"480","y":"148","width":"80","height":"32","rx":"5","fill":"#161e28","stroke":"#243447","stroke-width":"1"}],["$","text",null,{"x":"520","y":"165","text-anchor":"middle","fill":"#cdd9e5","font-size":"9","children":"veth1a"}],["$","text",null,{"x":"520","y":"177","text-anchor":"middle","fill":"#444c56","font-size":"9","children":"(host end)"}],["$","line",null,{"x1":"520","y1":"180","x2":"450","y2":"195","stroke":"#39d353","stroke-width":"1.5"}],["$","line",null,{"x1":"520","y1":"148","x2":"520","y2":"116","stroke":"#39d353","stroke-width":"1.5","stroke-dasharray":"4 2"}],["$","rect",null,{"x":"80","y":"40","width":"240","height":"80","rx":"8","fill":"rgba(57,211,83,0.05)","stroke":"rgba(57,211,83,0.2)","stroke-width":"1.5"}],["$","text",null,{"x":"100","y":"62","fill":"#39d353","font-size":"9","font-weight":"700","children":"netns: pod-1"}],["$","rect",null,{"x":"130","y":"72","width":"90","height":"32","rx":"5","fill":"#161e28","stroke":"#243447","stroke-width":"1"}],["$","text",null,{"x":"175","y":"89","text-anchor":"middle","fill":"#cdd9e5","font-size":"9","children":"eth0 (veth0b)"}],["$","text",null,{"x":"175","y":"101","text-anchor":"middle","fill":"#39d353","font-size":"9","children":"10.244.0.2/24"}],["$","line",null,{"x1":"175","y1":"104","x2":"200","y2":"116","stroke":"#39d353","stroke-width":"1.5"}],["$","rect",null,{"x":"400","y":"40","width":"240","height":"80","rx":"8","fill":"rgba(57,211,83,0.05)","stroke":"rgba(57,211,83,0.2)","stroke-width":"1.5"}],["$","text",null,{"x":"420","y":"62","fill":"#39d353","font-size":"9","font-weight":"700","children":"netns: pod-2"}],["$","rect",null,{"x":"460","y":"72","width":"90","height":"32","rx":"5","fill":"#161e28","stroke":"#243447","stroke-width":"1"}],["$","text",null,{"x":"505","y":"89","text-anchor":"middle","fill":"#cdd9e5","font-size":"9","children":"eth0 (veth1b)"}],["$","text",null,{"x":"505","y":"101","text-anchor":"middle","fill":"#39d353","font-size":"9","children":"10.244.0.3/24"}],["$","line",null,{"x1":"505","y1":"104","x2":"520","y2":"116","stroke":"#39d353","stroke-width":"1.5"}],["$","text",null,{"x":"360","y":"295","text-anchor":"middle","fill":"#444c56","font-size":"9","children":"iptables / nftables rules applied on cni0 and veth interfaces"}]]}]
7d:["$","h3",null,{"className":"flex scroll-m-28 flex-row items-center gap-2","id":"step-1--create-two-network-namespaces","children":[["$","a",null,{"data-card":"","href":"#step-1--create-two-network-namespaces","className":"peer","children":"Step 1 — Create two network namespaces"}],["$","$L1d",null,{"iconNode":"$14:props:children:0:props:children:1:props:iconNode","className":"lucide-link size-3.5 shrink-0 text-fd-muted-foreground opacity-0 transition-opacity peer-hover:opacity-100","aria-hidden":true}]]}]
7e:["$","p",null,{"children":"These simulate two pods. Each gets its own isolated network stack."}]
7f:["$","$Lba",null,{"className":"shiki shiki-themes github-light github-dark","style":{"--shiki-light":"#24292e","--shiki-dark":"#e1e4e8","--shiki-light-bg":"#fff","--shiki-dark-bg":"#24292e"},"tabIndex":"0","icon":"","children":["$","$Lbb",null,{"children":["$","code",null,{"children":[["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"ip"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" netns"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" add"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" pod-1"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"ip"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" netns"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" add"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" pod-2"}]]}],"\n",["$","span",null,{"className":"line"}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# List them"}]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"ip"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" netns"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" list"}]]}],"\n",["$","span",null,{"className":"line"}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# Execute commands inside a namespace"}]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"ip"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" netns"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" exec"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" pod-1"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" ip"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" link"}],["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":" # only sees loopback by default"}]]}]]}]}]}]
80:["$","h3",null,{"className":"flex scroll-m-28 flex-row items-center gap-2","id":"step-2--create-a-bridge-and-veth-pairs","children":[["$","a",null,{"data-card":"","href":"#step-2--create-a-bridge-and-veth-pairs","className":"peer","children":"Step 2 — Create a bridge and veth pairs"}],["$","$L1d",null,{"iconNode":"$14:props:children:0:props:children:1:props:iconNode","className":"lucide-link size-3.5 shrink-0 text-fd-muted-foreground opacity-0 transition-opacity peer-hover:opacity-100","aria-hidden":true}]]}]
81:["$","p",null,{"children":["The bridge simulates the CNI bridge plugin. Each veth pair connects a namespace to the bridge — one end in the namespace (like ",["$","code",null,{"children":"eth0"}]," in a pod), one end on the bridge."]}]
82:["$","$Lba",null,{"className":"shiki shiki-themes github-light github-dark","style":{"--shiki-light":"#24292e","--shiki-dark":"#e1e4e8","--shiki-light-bg":"#fff","--shiki-dark-bg":"#24292e"},"tabIndex":"0","icon":"","children":["$","$Lbb",null,{"children":["$","code",null,{"children":[["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# Create bridge"}]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"ip"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" link"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" add"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" cni0"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" type"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" bridge"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"ip"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" addr"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" add"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" 10.244.0.1/24"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" dev"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" cni0"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"ip"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" link"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" set"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" cni0"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" up"}]]}],"\n",["$","span",null,{"className":"line"}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# Veth pair for pod-1"}]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"ip"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" link"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" add"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" veth0a"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" type"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" veth"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" peer"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" name"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" veth0b"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"ip"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" link"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" set"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" veth0b"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" netns"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" pod-1"}],["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":" # move one end into pod-1"}]]}],"\n",["$","span",null,{"className":"line","children":["$Lc9","$Lca","$Lcb","$Lcc","$Lcd","$Lce","$Lcf"]}],"\n","$Ld0","\n","$Ld1","\n","$Ld2","\n","$Ld3","\n","$Ld4","\n","$Ld5","\n","$Ld6"]}]}]}]
83:["$","h3",null,{"className":"flex scroll-m-28 flex-row items-center gap-2","id":"step-3--assign-ips-and-bring-up-interfaces-inside-namespaces","children":[["$","a",null,{"data-card":"","href":"#step-3--assign-ips-and-bring-up-interfaces-inside-namespaces","className":"peer","children":"Step 3 — Assign IPs and bring up interfaces inside namespaces"}],["$","$L1d",null,{"iconNode":"$14:props:children:0:props:children:1:props:iconNode","className":"lucide-link size-3.5 shrink-0 text-fd-muted-foreground opacity-0 transition-opacity peer-hover:opacity-100","aria-hidden":true}]]}]
84:["$","$Lba",null,{"className":"shiki shiki-themes github-light github-dark","style":{"--shiki-light":"#24292e","--shiki-dark":"#e1e4e8","--shiki-light-bg":"#fff","--shiki-dark-bg":"#24292e"},"tabIndex":"0","icon":"","children":["$","$Lbb",null,{"children":["$","code",null,{"children":[["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# Inside pod-1"}]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"ip"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" netns"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" exec"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" pod-1"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" ip"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" addr"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" add"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" 10.244.0.2/24"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" dev"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" veth0b"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"ip"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" netns"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" exec"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" pod-1"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" ip"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" link"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" set"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" veth0b"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" up"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"ip"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" netns"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" exec"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" pod-1"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" ip"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" link"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" set"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" lo"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" up"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"ip"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" netns"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" exec"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" pod-1"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" ip"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" route"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" add"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" default"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" via"}],"$Ld7"]}],"\n","$Ld8","\n","$Ld9","\n","$Lda","\n","$Ldb","\n","$Ldc","\n","$Ldd","\n","$Lde","\n","$Ldf","\n","$Le0"]}]}]}]
85:["$","h3",null,{"className":"flex scroll-m-28 flex-row items-center gap-2","id":"step-4--apply-network-policy-with-iptables","children":[["$","a",null,{"data-card":"","href":"#step-4--apply-network-policy-with-iptables","className":"peer","children":"Step 4 — Apply Network Policy with iptables"}],["$","$L1d",null,{"iconNode":"$14:props:children:0:props:children:1:props:iconNode","className":"lucide-link size-3.5 shrink-0 text-fd-muted-foreground opacity-0 transition-opacity peer-hover:opacity-100","aria-hidden":true}]]}]
86:["$","p",null,{"children":["Simulate a ",["$","code",null,{"children":"NetworkPolicy"}]," that denies traffic from pod-2 to pod-1 on port 80 — what Calico or the iptables backend does for you automatically."]}]
87:["$","$Lba",null,{"className":"shiki shiki-themes github-light github-dark","style":{"--shiki-light":"#24292e","--shiki-dark":"#e1e4e8","--shiki-light-bg":"#fff","--shiki-dark-bg":"#24292e"},"tabIndex":"0","icon":"","children":["$","$Lbb",null,{"children":["$","code",null,{"children":[["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# Drop traffic from pod-2 (10.244.0.3) to pod-1 port 80"}]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"iptables"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" -I"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" FORWARD"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" \\"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" -s"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" 10.244.0.3"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" -d"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" 10.244.0.2"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" \\"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" -p"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" tcp"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" --dport"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" 80"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" \\"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" -j"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" DROP"}]]}],"\n",["$","span",null,{"className":"line"}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# Verify: start a listener in pod-1"}]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"ip"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" netns"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" exec"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" pod-1"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" nc"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" -lp"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" 80"}],["$","span",null,{"style":{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},"children":" &"}]]}],"\n",["$","span",null,{"className":"line"}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# This should be blocked (timeout)"}]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"ip"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" netns"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" exec"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" pod-2"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" nc"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" -w"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" 2"}],"$Le1","$Le2"]}],"\n","$Le3","\n","$Le4","\n","$Le5","\n","$Le6","\n","$Le7"]}]}]}]
88:["$","blockquote",null,{"children":["\n",["$","p",null,{"children":[["$","strong",null,{"children":"Note:"}]," Cilium replaces iptables with eBPF programs attached to the veth interfaces for much better performance, but the logical model is identical — you're just doing it by hand here."]}],"\n"]}]
89:["$","h3",null,{"className":"flex scroll-m-28 flex-row items-center gap-2","id":"step-5--enable-external-access-via-nat","children":[["$","a",null,{"data-card":"","href":"#step-5--enable-external-access-via-nat","className":"peer","children":"Step 5 — Enable external access via NAT"}],["$","$L1d",null,{"iconNode":"$14:props:children:0:props:children:1:props:iconNode","className":"lucide-link size-3.5 shrink-0 text-fd-muted-foreground opacity-0 transition-opacity peer-hover:opacity-100","aria-hidden":true}]]}]
8a:["$","p",null,{"children":"Allow pods to reach the outside world — exactly what kube-proxy's masquerade rule does for pod traffic leaving the cluster."}]
8b:["$","$Lba",null,{"className":"shiki shiki-themes github-light github-dark","style":{"--shiki-light":"#24292e","--shiki-dark":"#e1e4e8","--shiki-light-bg":"#fff","--shiki-dark-bg":"#24292e"},"tabIndex":"0","icon":"","children":["$","$Lbb",null,{"children":["$","code",null,{"children":[["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# Enable forwarding"}]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":"echo"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" 1"}],["$","span",null,{"style":{"--shiki-light":"#D73A49","--shiki-dark":"#F97583"},"children":" >"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" /proc/sys/net/ipv4/ip_forward"}]]}],"\n",["$","span",null,{"className":"line"}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# Masquerade outbound traffic from pod CIDR"}]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"iptables"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" -t"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" nat"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" -A"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" POSTROUTING"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" \\"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" -s"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" 10.244.0.0/24"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" !"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" -d"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" 10.244.0.0/24"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" \\"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" -j"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" MASQUERADE"}]]}],"\n",["$","span",null,{"className":"line"}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# Test from pod-1"}]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"ip"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" netns"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" exec"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" pod-1"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" ping"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" 8.8.8.8"}]]}]]}]}]}]
8c:["$","hr",null,{}]
8d:["$","h2",null,{"className":"flex scroll-m-28 flex-row items-center gap-2","id":"06--multi-cluster-networking-lab","children":[["$","a",null,{"data-card":"","href":"#06--multi-cluster-networking-lab","className":"peer","children":"06 — Multi-Cluster Networking Lab"}],["$","$L1d",null,{"iconNode":"$14:props:children:0:props:children:1:props:iconNode","className":"lucide-link size-3.5 shrink-0 text-fd-muted-foreground opacity-0 transition-opacity peer-hover:opacity-100","aria-hidden":true}]]}]
8e:["$","blockquote",null,{"children":["\n",["$","p",null,{"children":"Build a full two-cluster topology mirroring a real CAPI multi-region deployment."}],"\n"]}]
8f:["$","h3",null,{"className":"flex scroll-m-28 flex-row items-center gap-2","id":"theory-5","children":[["$","a",null,{"data-card":"","href":"#theory-5","className":"peer","children":"Theory"}],["$","$L1d",null,{"iconNode":"$14:props:children:0:props:children:1:props:iconNode","className":"lucide-link size-3.5 shrink-0 text-fd-muted-foreground opacity-0 transition-opacity peer-hover:opacity-100","aria-hidden":true}]]}]
90:["$","p",null,{"children":"This is where all previous exercises converge. You'll create two isolated k3s clusters (simulating CAPI-provisioned clusters), separated by a virtual router running FRR with BGP. Each cluster runs Cilium with BGP Control Plane enabled. Cilium will advertise pod CIDRs and LoadBalancer IPs to the FRR router, which distributes them to the other cluster — enabling direct cross-cluster pod routing."}]
91:["$","p",null,{"children":"This is functionally equivalent to a multi-region Cluster API setup where each cluster lives in a different OpenStack tenant or availability zone, connected by a transit network. It also sets the foundation for Cilium Cluster Mesh, which adds cross-cluster service discovery on top of this routing layer."}]
92:["$","h3",null,{"className":"flex scroll-m-28 flex-row items-center gap-2","id":"full-lab-topology","children":[["$","a",null,{"data-card":"","href":"#full-lab-topology","className":"peer","children":"Full Lab Topology"}],["$","$L1d",null,{"iconNode":"$14:props:children:0:props:children:1:props:iconNode","className":"lucide-link size-3.5 shrink-0 text-fd-muted-foreground opacity-0 transition-opacity peer-hover:opacity-100","aria-hidden":true}]]}]
93:["$","svg",null,{"viewBox":"0 0 820 400","xmlns":"http://www.w3.org/2000/svg","font-family":"JetBrains Mono, monospace","children":[["$","defs",null,{"children":["$","marker",null,{"id":"arr-mc","markerWidth":"8","markerHeight":"8","refX":"6","refY":"3","orient":"auto","children":["$","path",null,{"d":"M0,0 L0,6 L8,3 z","fill":"#bc8cff"}]}]}],["$","rect",null,{"x":"10","y":"50","width":"290","height":"310","rx":"10","fill":"rgba(57,211,83,0.03)","stroke":"rgba(57,211,83,0.15)","stroke-width":"1.5"}],["$","text",null,{"x":"155","y":"76","text-anchor":"middle","fill":"#39d353","font-size":"12","font-weight":"700","children":"Cluster A (VLAN 10)"}],["$","text",null,{"x":"155","y":"91","text-anchor":"middle","fill":"#768390","font-size":"10","children":"pod CIDR: 10.42.0.0/16"}],["$","rect",null,{"x":"30","y":"105","width":"120","height":"60","rx":"6","fill":"#161e28","stroke":"#243447","stroke-width":"1"}],["$","text",null,{"x":"90","y":"127","text-anchor":"middle","fill":"#cdd9e5","font-size":"10","font-weight":"700","children":"cp-a"}],["$","text",null,{"x":"90","y":"141","text-anchor":"middle","fill":"#768390","font-size":"9","children":"10.10.10.2"}],["$","text",null,{"x":"90","y":"154","text-anchor":"middle","fill":"#39d353","font-size":"9","children":"Cilium BGP"}],["$","rect",null,{"x":"160","y":"105","width":"120","height":"60","rx":"6","fill":"#161e28","stroke":"#243447","stroke-width":"1"}],["$","text",null,{"x":"220","y":"127","text-anchor":"middle","fill":"#cdd9e5","font-size":"10","font-weight":"700","children":"worker-a1"}],["$","text",null,{"x":"220","y":"141","text-anchor":"middle","fill":"#768390","font-size":"9","children":"10.10.10.3"}],["$","text",null,{"x":"220","y":"154","text-anchor":"middle","fill":"#39d353","font-size":"9","children":"Cilium BGP"}],["$","rect",null,{"x":"30","y":"195","width":"250","height":"50","rx":"6","fill":"rgba(57,211,83,0.05)","stroke":"rgba(57,211,83,0.15)","stroke-width":"1"}],["$","text",null,{"x":"155","y":"215","text-anchor":"middle","fill":"#39d353","font-size":"10","children":"svc: nginx-a LB IP: 10.0.1.10"}],["$","text",null,{"x":"155","y":"230","text-anchor":"middle","fill":"#768390","font-size":"9","children":"advertised via Cilium BGP"}],["$","rect",null,{"x":"30","y":"270","width":"250","height":"40","rx":"5","fill":"rgba(240,136,62,0.05)","stroke":"rgba(240,136,62,0.15)","stroke-width":"1"}],["$","text",null,{"x":"155","y":"289","text-anchor":"middle","fill":"#f0883e","font-size":"10","children":"Cilium VXLAN overlay"}],["$","text",null,{"x":"155","y":"302","text-anchor":"middle","fill":"#768390","font-size":"9","children":"inter-node pod routing"}],["$","line",null,{"x1":"155","y1":"310","x2":"155","y2":"340","stroke":"#39d353","stroke-width":"1.5"}],["$","rect",null,{"x":"90","y":"340","width":"130","height":"30","rx":"5","fill":"#0d1117","stroke":"#1e2d3d","stroke-width":"1"}],["$","text",null,{"x":"155","y":"359","text-anchor":"middle","fill":"#768390","font-size":"10","children":"VLAN 10 trunk"}],["$","rect",null,{"x":"325","y":"140","width":"170","height":"120","rx":"10","fill":"rgba(240,136,62,0.08)","stroke":"rgba(240,136,62,0.4)","stroke-width":"2"}],["$","text",null,{"x":"410","y":"168","text-anchor":"middle","fill":"#f0883e","font-size":"12","font-weight":"700","children":"router-vm"}],["$","text",null,{"x":"410","y":"184","text-anchor":"middle","fill":"#768390","font-size":"10","children":"FRR AS 65000"}],["$","text",null,{"x":"410","y":"200","text-anchor":"middle","fill":"#444c56","font-size":"9","children":"BGP Route Reflector"}],["$","text",null,{"x":"410","y":"215","text-anchor":"middle","fill":"#444c56","font-size":"9","children":"eth0: 10.10.10.1 (VLAN10)"}],["$","text",null,{"x":"410","y":"228","text-anchor":"middle","fill":"#444c56","font-size":"9","children":"eth1: 10.10.20.1 (VLAN20)"}],["$","text",null,{"x":"410","y":"241","text-anchor":"middle","fill":"#444c56","font-size":"9","children":"10.0.1.0/24 to 10.0.2.0/24"}],["$","line",null,{"x1":"300","y1":"360","x2":"325","y2":"200","stroke":"#f0883e","stroke-width":"1.5","stroke-dasharray":"5 3"}],["$","text",null,{"x":"310","y":"290","fill":"#f0883e","font-size":"9","transform":"rotate(-70,310,290)","children":"BGP"}],["$","rect",null,{"x":"520","y":"50","width":"290","height":"310","rx":"10","fill":"rgba(88,166,255,0.03)","stroke":"rgba(88,166,255,0.15)","stroke-width":"1.5"}],["$","text",null,{"x":"665","y":"76","text-anchor":"middle","fill":"#58a6ff","font-size":"12","font-weight":"700","children":"Cluster B (VLAN 20)"}],["$","text",null,{"x":"665","y":"91","text-anchor":"middle","fill":"#768390","font-size":"10","children":"pod CIDR: 10.43.0.0/16"}],["$","rect",null,{"x":"540","y":"105","width":"120","height":"60","rx":"6","fill":"#161e28","stroke":"#243447","stroke-width":"1"}],["$","text",null,{"x":"600","y":"127","text-anchor":"middle","fill":"#cdd9e5","font-size":"10","font-weight":"700","children":"cp-b"}],["$","text",null,{"x":"600","y":"141","text-anchor":"middle","fill":"#768390","font-size":"9","children":"10.10.20.2"}],["$","text",null,{"x":"600","y":"154","text-anchor":"middle","fill":"#58a6ff","font-size":"9","children":"Cilium BGP"}],"$Le8","$Le9","$Lea","$Leb","$Lec","$Led","$Lee","$Lef","$Lf0","$Lf1","$Lf2","$Lf3","$Lf4","$Lf5","$Lf6","$Lf7","$Lf8"]}]
94:["$","h3",null,{"className":"flex scroll-m-28 flex-row items-center gap-2","id":"step-1--set-up-the-network-topology","children":[["$","a",null,{"data-card":"","href":"#step-1--set-up-the-network-topology","className":"peer","children":"Step 1 — Set up the network topology"}],["$","$L1d",null,{"iconNode":"$14:props:children:0:props:children:1:props:iconNode","className":"lucide-link size-3.5 shrink-0 text-fd-muted-foreground opacity-0 transition-opacity peer-hover:opacity-100","aria-hidden":true}]]}]
95:["$","p",null,{"children":["Use the VLAN setup from Exercise 2. Create VLAN 10 for Cluster A and VLAN 20 for Cluster B, with the ",["$","code",null,{"children":"router-vm"}]," having a leg in each VLAN."]}]
96:["$","$Lba",null,{"className":"shiki shiki-themes github-light github-dark","style":{"--shiki-light":"#24292e","--shiki-dark":"#e1e4e8","--shiki-light-bg":"#fff","--shiki-dark-bg":"#24292e"},"tabIndex":"0","icon":"","children":["$","$Lbb",null,{"children":["$","code",null,{"children":[["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# router-vm: two NICs, one in VLAN 10, one in VLAN 20"}]}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# In Proxmox VM config:"}]}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# net0: vmbr0, tag=10 → eth0: 10.10.10.1/24"}]}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# net1: vmbr0, tag=20 → eth1: 10.10.20.1/24"}]}],"\n",["$","span",null,{"className":"line"}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# Cluster A VMs: VLAN tag 10, IPs 10.10.10.2, 10.10.10.3"}]}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# Cluster B VMs: VLAN tag 20, IPs 10.10.20.2, 10.10.20.3"}]}],"\n",["$","span",null,{"className":"line"}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# On router-vm: enable IP forwarding"}]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":"echo"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" \"net.ipv4.ip_forward=1\""}],["$","span",null,{"style":{"--shiki-light":"#D73A49","--shiki-dark":"#F97583"},"children":" >>"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" /etc/sysctl.conf"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"sysctl"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" -p"}]]}]]}]}]}]
97:["$","h3",null,{"className":"flex scroll-m-28 flex-row items-center gap-2","id":"step-2--deploy-k3s-on-each-cluster","children":[["$","a",null,{"data-card":"","href":"#step-2--deploy-k3s-on-each-cluster","className":"peer","children":"Step 2 — Deploy k3s on each cluster"}],["$","$L1d",null,{"iconNode":"$14:props:children:0:props:children:1:props:iconNode","className":"lucide-link size-3.5 shrink-0 text-fd-muted-foreground opacity-0 transition-opacity peer-hover:opacity-100","aria-hidden":true}]]}]
98:["$","p",null,{"children":"Install k3s without its default CNI (Flannel) and with custom pod/service CIDRs so the two clusters don't overlap."}]
99:["$","$Lba",null,{"className":"shiki shiki-themes github-light github-dark","style":{"--shiki-light":"#24292e","--shiki-dark":"#e1e4e8","--shiki-light-bg":"#fff","--shiki-dark-bg":"#24292e"},"tabIndex":"0","icon":"","children":["$","$Lbb",null,{"children":["$","code",null,{"children":[["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# On cp-a (10.10.10.2) — Cluster A"}]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"curl"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" -sfL"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" https://get.k3s.io"}],["$","span",null,{"style":{"--shiki-light":"#D73A49","--shiki-dark":"#F97583"},"children":" |"}],["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":" sh"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" -s"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" -"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" server"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" \\"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" --flannel-backend=none"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" \\"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" --disable-network-policy"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" \\"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" --cluster-cidr=10.42.0.0/16"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" \\"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" --service-cidr=10.96.0.0/12"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" \\"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" --disable=traefik"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" \\"}]]}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" --node-ip=10.10.10.2"}]}],"\n",["$","span",null,{"className":"line"}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# On cp-b (10.10.20.2) — Cluster B"}]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"curl"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" -sfL"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" https://get.k3s.io"}],["$","span",null,{"style":{"--shiki-light":"#D73A49","--shiki-dark":"#F97583"},"children":" |"}],["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":" sh"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" -s"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" -"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" server"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" \\"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" --flannel-backend=none"}],"$Lf9"]}],"\n","$Lfa","\n","$Lfb","\n","$Lfc","\n","$Lfd","\n","$Lfe"]}]}]}]
9a:["$","h3",null,{"className":"flex scroll-m-28 flex-row items-center gap-2","id":"step-3--install-cilium-with-bgp-control-plane-enabled","children":[["$","a",null,{"data-card":"","href":"#step-3--install-cilium-with-bgp-control-plane-enabled","className":"peer","children":"Step 3 — Install Cilium with BGP Control Plane enabled"}],["$","$L1d",null,{"iconNode":"$14:props:children:0:props:children:1:props:iconNode","className":"lucide-link size-3.5 shrink-0 text-fd-muted-foreground opacity-0 transition-opacity peer-hover:opacity-100","aria-hidden":true}]]}]
9b:["$","$Lba",null,{"className":"shiki shiki-themes github-light github-dark","style":{"--shiki-light":"#24292e","--shiki-dark":"#e1e4e8","--shiki-light-bg":"#fff","--shiki-dark-bg":"#24292e"},"tabIndex":"0","icon":"","children":["$","$Lbb",null,{"children":["$","code",null,{"children":[["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# Install Cilium CLI"}]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},"children":"CILIUM_CLI_VERSION"}],["$","span",null,{"style":{"--shiki-light":"#D73A49","--shiki-dark":"#F97583"},"children":"="}],["$","span",null,{"style":{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},"children":"$$("}],["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"curl"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" -s"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" https://raw.githubusercontent.com/cilium/cilium-cli/main/stable.txt"}],["$","span",null,{"style":{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},"children":")"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"curl"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" -L"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" --remote-name-all"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" \\"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" \"https://github.com/cilium/cilium-cli/releases/download/${"}],["$","span",null,{"style":{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},"children":"CILIUM_CLI_VERSION"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":"}/cilium-linux-amd64.tar.gz\""}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"tar"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" xf"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" cilium-linux-amd64.tar.gz"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" -C"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" /usr/local/bin"}]]}],"\n",["$","span",null,{"className":"line"}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# Install Cilium on Cluster A (run with KUBECONFIG pointing to cp-a)"}]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"cilium"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" install"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" \\"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" --version"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" 1.15.0"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" \\"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" --set"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" tunnel=vxlan"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" \\"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" --set"}],"$Lff","$L100","$L101"]}],"\n","$L102","\n","$L103","\n","$L104","\n","$L105","\n","$L106"]}]}]}]
9c:["$","h3",null,{"className":"flex scroll-m-28 flex-row items-center gap-2","id":"step-4--configure-cilium-bgp-peering-with-frr-router","children":[["$","a",null,{"data-card":"","href":"#step-4--configure-cilium-bgp-peering-with-frr-router","className":"peer","children":"Step 4 — Configure Cilium BGP peering with FRR router"}],["$","$L1d",null,{"iconNode":"$14:props:children:0:props:children:1:props:iconNode","className":"lucide-link size-3.5 shrink-0 text-fd-muted-foreground opacity-0 transition-opacity peer-hover:opacity-100","aria-hidden":true}]]}]
9d:["$","p",null,{"children":["Create a ",["$","code",null,{"children":"CiliumBGPPeeringPolicy"}]," that tells each cluster to peer with the FRR route reflector and advertise its pod CIDR and LoadBalancer IPs."]}]
9e:["$","$Lba",null,{"className":"shiki shiki-themes github-light github-dark","style":{"--shiki-light":"#24292e","--shiki-dark":"#e1e4e8","--shiki-light-bg":"#fff","--shiki-dark-bg":"#24292e"},"tabIndex":"0","icon":"","children":["$","$Lbb",null,{"children":["$","code",null,{"children":[["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# cluster-a-bgp.yaml"}]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#22863A","--shiki-dark":"#85E89D"},"children":"apiVersion"}],["$","span",null,{"style":{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},"children":": "}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":"cilium.io/v2alpha1"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#22863A","--shiki-dark":"#85E89D"},"children":"kind"}],["$","span",null,{"style":{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},"children":": "}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":"CiliumBGPPeeringPolicy"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#22863A","--shiki-dark":"#85E89D"},"children":"metadata"}],["$","span",null,{"style":{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},"children":":"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#22863A","--shiki-dark":"#85E89D"},"children":" name"}],["$","span",null,{"style":{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},"children":": "}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":"cluster-a-bgp"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#22863A","--shiki-dark":"#85E89D"},"children":"spec"}],["$","span",null,{"style":{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},"children":":"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#22863A","--shiki-dark":"#85E89D"},"children":" nodeSelector"}],["$","span",null,{"style":{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},"children":":"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#22863A","--shiki-dark":"#85E89D"},"children":" matchLabels"}],["$","span",null,{"style":{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},"children":": {}"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#22863A","--shiki-dark":"#85E89D"},"children":" virtualRouters"}],["$","span",null,{"style":{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},"children":":"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},"children":" - "}],["$","span",null,{"style":{"--shiki-light":"#22863A","--shiki-dark":"#85E89D"},"children":"localASN"}],["$","span",null,{"style":{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},"children":": "}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":"65000"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#22863A","--shiki-dark":"#85E89D"},"children":" exportPodCIDR"}],["$","span",null,{"style":{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},"children":": "}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":"true"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#22863A","--shiki-dark":"#85E89D"},"children":" neighbors"}],["$","span",null,{"style":{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},"children":":"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},"children":" - "}],["$","span",null,{"style":{"--shiki-light":"#22863A","--shiki-dark":"#85E89D"},"children":"peerAddress"}],"$L107","$L108","$L109"]}],"\n","$L10a","\n","$L10b","\n","$L10c","\n","$L10d","\n","$L10e","\n","$L10f"]}]}]}]
9f:["$","$Lba",null,{"className":"shiki shiki-themes github-light github-dark","style":{"--shiki-light":"#24292e","--shiki-dark":"#e1e4e8","--shiki-light-bg":"#fff","--shiki-dark-bg":"#24292e"},"tabIndex":"0","icon":"","children":["$","$Lbb",null,{"children":["$","code",null,{"children":["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"kubectl"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" apply"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" -f"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" cluster-a-bgp.yaml"}]]}]}]}]}]
a0:["$","h3",null,{"className":"flex scroll-m-28 flex-row items-center gap-2","id":"step-5--configure-frr-on-router-vm-to-accept-both-clusters","children":[["$","a",null,{"data-card":"","href":"#step-5--configure-frr-on-router-vm-to-accept-both-clusters","className":"peer","children":"Step 5 — Configure FRR on router-vm to accept both clusters"}],["$","$L1d",null,{"iconNode":"$14:props:children:0:props:children:1:props:iconNode","className":"lucide-link size-3.5 shrink-0 text-fd-muted-foreground opacity-0 transition-opacity peer-hover:opacity-100","aria-hidden":true}]]}]
a1:["$","$Lba",null,{"className":"shiki shiki-themes github-light github-dark","style":{"--shiki-light":"#24292e","--shiki-dark":"#e1e4e8","--shiki-light-bg":"#fff","--shiki-dark-bg":"#24292e"},"tabIndex":"0","icon":"","children":["$","$Lbb",null,{"children":["$","code",null,{"children":[["$","span",null,{"className":"line","children":["$","span",null,{"children":"# /etc/frr/frr.conf on router-vm"}]}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"children":"router bgp 65000"}]}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"children":" bgp router-id 10.10.10.1"}]}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{}]}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"children":" # Cluster A nodes"}]}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"children":" neighbor 10.10.10.2 remote-as 65000"}]}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"children":" neighbor 10.10.10.3 remote-as 65000"}]}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{}]}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"children":" # Cluster B nodes"}]}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"children":" neighbor 10.10.20.2 remote-as 65000"}]}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"children":" neighbor 10.10.20.3 remote-as 65000"}]}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{}]}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"children":" address-family ipv4 unicast"}]}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"children":" neighbor 10.10.10.2 route-reflector-client"}]}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"children":" neighbor 10.10.10.3 route-reflector-client"}]}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"children":" neighbor 10.10.20.2 route-reflector-client"}]}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"children":" neighbor 10.10.20.3 route-reflector-client"}]}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"children":" # Advertise routes between the two VLANs"}]}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"children":" redistribute connected"}]}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"children":" exit-address-family"}]}]]}]}]}]
a2:["$","h3",null,{"className":"flex scroll-m-28 flex-row items-center gap-2","id":"step-6--verify-cross-cluster-pod-routing","children":[["$","a",null,{"data-card":"","href":"#step-6--verify-cross-cluster-pod-routing","className":"peer","children":"Step 6 — Verify cross-cluster pod routing"}],["$","$L1d",null,{"iconNode":"$14:props:children:0:props:children:1:props:iconNode","className":"lucide-link size-3.5 shrink-0 text-fd-muted-foreground opacity-0 transition-opacity peer-hover:opacity-100","aria-hidden":true}]]}]
a3:["$","$Lba",null,{"className":"shiki shiki-themes github-light github-dark","style":{"--shiki-light":"#24292e","--shiki-dark":"#e1e4e8","--shiki-light-bg":"#fff","--shiki-dark-bg":"#24292e"},"tabIndex":"0","icon":"","children":["$","$Lbb",null,{"children":["$","code",null,{"children":[["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# On router-vm: verify both cluster's routes are known"}]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"vtysh"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" -c"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" \"show ip route\""}]]}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# Should show:"}]}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# B>* 10.42.0.0/16 via 10.10.10.2 (Cluster A pod CIDR)"}]}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# B>* 10.43.0.0/16 via 10.10.20.2 (Cluster B pod CIDR)"}]}],"\n",["$","span",null,{"className":"line"}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# Deploy a pod in Cluster A"}]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"kubectl"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" --context=cluster-a"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" run"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" test-a"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" --image=alpine"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" \\"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" --command"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" --"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" sleep"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" 3600"}]]}],"\n",["$","span",null,{"className":"line"}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# Get its IP"}]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"kubectl"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" --context=cluster-a"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" get"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" pod"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" test-a"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" -o"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" wide"}]]}],"\n",["$","span",null,{"className":"line"}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# From Cluster B, ping Cluster A pod IP directly"}]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"kubectl"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" --context=cluster-b"}],"$L110","$L111","$L112","$L113","$L114","$L115","$L116","$L117","$L118"]}]]}]}]}]
a4:["$","blockquote",null,{"children":["\n",["$","p",null,{"children":[["$","strong",null,{"children":"Tip:"}]," If this works, you have a functioning multi-cluster routed network — the same foundation used in production CAPI multi-region setups. The next step is adding ",["$","strong",null,{"children":"Cilium Cluster Mesh"}]," on top for cross-cluster service discovery and identity-aware policy."]}],"\n"]}]
a5:["$","h3",null,{"className":"flex scroll-m-28 flex-row items-center gap-2","id":"step-7-bonus--enable-cilium-cluster-mesh","children":[["$","a",null,{"data-card":"","href":"#step-7-bonus--enable-cilium-cluster-mesh","className":"peer","children":"Step 7 (Bonus) — Enable Cilium Cluster Mesh"}],["$","$L1d",null,{"iconNode":"$14:props:children:0:props:children:1:props:iconNode","className":"lucide-link size-3.5 shrink-0 text-fd-muted-foreground opacity-0 transition-opacity peer-hover:opacity-100","aria-hidden":true}]]}]
a6:["$","p",null,{"children":"Cluster Mesh adds a control plane overlay (etcd-based) that synchronizes service endpoints and identities between clusters, enabling cross-cluster Service access by DNS name."}]
a7:["$","$Lba",null,{"className":"shiki shiki-themes github-light github-dark","style":{"--shiki-light":"#24292e","--shiki-dark":"#e1e4e8","--shiki-light-bg":"#fff","--shiki-dark-bg":"#24292e"},"tabIndex":"0","icon":"","children":["$","$Lbb",null,{"children":["$","code",null,{"children":[["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# Enable Cluster Mesh on both clusters"}]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"cilium"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" clustermesh"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" enable"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" --context"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" cluster-a"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"cilium"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" clustermesh"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" enable"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" --context"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" cluster-b"}]]}],"\n",["$","span",null,{"className":"line"}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# Connect the two clusters"}]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"cilium"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" clustermesh"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" connect"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" \\"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" --context"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" cluster-a"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" \\"}]]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" --destination-context"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" cluster-b"}]]}],"\n",["$","span",null,{"className":"line"}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# Verify mesh status"}]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"cilium"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" clustermesh"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" status"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" --context"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" cluster-a"}]]}],"\n",["$","span",null,{"className":"line"}],"\n",["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# Annotate a service as global (visible across clusters)"}]}],"\n",["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"kubectl"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" --context=cluster-a"}],"$L119","$L11a","$L11b","$L11c"]}],"\n","$L11d","\n","$L11e","\n","$L11f","\n","$L120"]}]}]}]
a8:["$","hr",null,{}]
a9:["$","h2",null,{"className":"flex scroll-m-28 flex-row items-center gap-2","id":"what-you-built","children":[["$","a",null,{"data-card":"","href":"#what-you-built","className":"peer","children":"What You Built"}],["$","$L1d",null,{"iconNode":"$14:props:children:0:props:children:1:props:iconNode","className":"lucide-link size-3.5 shrink-0 text-fd-muted-foreground opacity-0 transition-opacity peer-hover:opacity-100","aria-hidden":true}]]}]
aa:["$","div",null,{"className":"relative overflow-auto prose-no-margin my-6","children":["$","table",null,{"children":[["$","thead",null,{"children":["$","tr",null,{"children":[["$","th",null,{"children":"Exercise"}],["$","th",null,{"children":"Skill"}]]}]}],["$","tbody",null,{"children":[["$","tr",null,{"children":[["$","td",null,{"children":["🔌 ",["$","strong",null,{"children":"Bridges"}]]}],["$","td",null,{"children":"Linux Bridge, OVS, and Proxmox SDN zones — the three layers of virtual networking in a PVE cluster."}]]}],["$","tr",null,{"children":[["$","td",null,{"children":["🏷 ",["$","strong",null,{"children":"VLANs"}]]}],["$","td",null,{"children":"VLAN-aware bridge with segmented management, workload, and storage networks — the production Kubernetes network model."}]]}],["$","tr",null,{"children":[["$","td",null,{"children":["🌐 ",["$","strong",null,{"children":"VXLAN"}]]}],["$","td",null,{"children":"Manual overlay tunnels with encapsulation visible via tcpdump — the primitive every CNI plugin uses."}]]}],["$","tr",null,{"children":[["$","td",null,{"children":["📡 ",["$","strong",null,{"children":"BGP"}]]}],["$","td",null,{"children":"FRR route reflector with pod CIDR advertisement — the exact mechanism Cilium BGP Control Plane automates."}]]}],["$","tr",null,{"children":[["$","td",null,{"children":["📦 ",["$","strong",null,{"children":"Namespaces"}]]}],["$","td",null,{"children":"Manual CNI simulation: netns, veth pairs, bridge, iptables — what every container runtime does at pod start."}]]}],["$","tr",null,{"children":[["$","td",null,{"children":["🔗 ",["$","strong",null,{"children":"Multi-Cluster"}]]}],["$","td",null,{"children":"Two k3s + Cilium clusters peered via BGP with optional Cluster Mesh — a working CAPI multi-region analog."}]]}]]}]]}]}]
ad:null
ae:["$","line",null,{"x1":"410","y1":"178","x2":"410","y2":"218","stroke":"#58a6ff","stroke-width":"1.5"}]
af:["$","rect",null,{"x":"330","y":"218","width":"160","height":"36","rx":"5","fill":"#0d1117","stroke":"#1e2d3d","stroke-width":"1"}]
b0:["$","text",null,{"x":"410","y":"240","text-anchor":"middle","fill":"#768390","font-size":"11","children":"eth0 (OVS port)"}]
b1:["$","line",null,{"x1":"670","y1":"178","x2":"670","y2":"218","stroke":"#bc8cff","stroke-width":"1.5"}]
b2:["$","rect",null,{"x":"570","y":"218","width":"200","height":"36","rx":"5","fill":"rgba(188,140,255,0.05)","stroke":"rgba(188,140,255,0.2)","stroke-width":"1"}]
b3:["$","text",null,{"x":"670","y":"237","text-anchor":"middle","fill":"#bc8cff","font-size":"10","children":"VXLAN zone / FRR EVPN"}]
b4:["$","line",null,{"x1":"670","y1":"254","x2":"670","y2":"276","stroke":"#bc8cff","stroke-width":"1.5"}]
b5:["$","rect",null,{"x":"590","y":"276","width":"160","height":"36","rx":"5","fill":"#0d1117","stroke":"#1e2d3d","stroke-width":"1"}]
b6:["$","text",null,{"x":"670","y":"298","text-anchor":"middle","fill":"#768390","font-size":"11","children":"eth0"}]
b7:["$","text",null,{"x":"130","y":"323","text-anchor":"middle","fill":"#444c56","font-size":"10","children":"Simple. Single host."}]
b8:["$","text",null,{"x":"410","y":"323","text-anchor":"middle","fill":"#444c56","font-size":"10","children":"Programmable. Multi-host."}]
b9:["$","text",null,{"x":"670","y":"323","text-anchor":"middle","fill":"#444c56","font-size":"10","children":"Declarative. Cluster-wide."}]
bc:["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" --"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" add"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" Bridge"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" ovsbr0"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" mirrors"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" @m"}]]}]
bd:["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" /proc/sys/net/ipv4/ip_forward"}]
be:["$","span",null,{"className":"line"}]
bf:["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# Now cross-VLAN pings work (via the host as gateway)"}]}]
c0:["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# Set gateway on each VM: 10.0.10.1, 10.0.20.1, etc."}]}]
c1:["$","line",null,{"x1":"180","y1":"320","x2":"450","y2":"320","stroke":"#f0883e","stroke-width":"2","marker-end":"url(#arr-vx)"}]
c2:["$","text",null,{"x":"390","y":"346","text-anchor":"middle","fill":"#f0883e","font-size":"11","children":"UDP/4789 — VNI 10"}]
c3:["$","text",null,{"x":"390","y":"360","text-anchor":"middle","fill":"#444c56","font-size":"10","children":"L3 underlay (10.10.0.0/24)"}]
c4:["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"ip"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" -d"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" link"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" show"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" vxlan10"}]]}]
c5:["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# This is what kube-proxy / Cilium does in the control plane"}]}]
c6:["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"bridge"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" fdb"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" show"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" dev"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" vxlan10"}]]}]
c7:["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" /etc/frr/daemons"}]
c8:["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"systemctl"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" restart"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" frr"}]]}]
c9:["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"ip"}]
ca:["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" link"}]
cb:["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" set"}]
cc:["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" veth0a"}]
cd:["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" master"}]
ce:["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" cni0"}]
cf:["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":" # attach host end to bridge"}]
d0:["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"ip"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" link"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" set"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" veth0a"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" up"}]]}]
d1:["$","span",null,{"className":"line"}]
d2:["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# Veth pair for pod-2"}]}]
d3:["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"ip"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" link"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" add"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" veth1a"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" type"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" veth"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" peer"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" name"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" veth1b"}]]}]
d4:["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"ip"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" link"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" set"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" veth1b"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" netns"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" pod-2"}]]}]
d5:["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"ip"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" link"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" set"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" veth1a"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" master"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" cni0"}]]}]
d6:["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"ip"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" link"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" set"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" veth1a"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" up"}]]}]
d7:["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" 10.244.0.1"}]
d8:["$","span",null,{"className":"line"}]
d9:["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# Inside pod-2"}]}]
da:["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"ip"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" netns"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" exec"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" pod-2"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" ip"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" addr"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" add"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" 10.244.0.3/24"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" dev"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" veth1b"}]]}]
db:["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"ip"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" netns"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" exec"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" pod-2"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" ip"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" link"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" set"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" veth1b"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" up"}]]}]
dc:["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"ip"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" netns"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" exec"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" pod-2"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" ip"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" link"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" set"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" lo"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" up"}]]}]
dd:["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"ip"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" netns"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" exec"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" pod-2"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" ip"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" route"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" add"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" default"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" via"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" 10.244.0.1"}]]}]
de:["$","span",null,{"className":"line"}]
df:["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# Test pod-to-pod connectivity"}]}]
e0:["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"ip"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" netns"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" exec"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" pod-1"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" ping"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" 10.244.0.3"}]]}]
e1:["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" 10.244.0.2"}]
e2:["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" 80"}]
e3:["$","span",null,{"className":"line"}]
e4:["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# Remove the rule"}]}]
e5:["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"iptables"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" -D"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" FORWARD"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" \\"}]]}]
e6:["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" -s"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" 10.244.0.3"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" -d"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" 10.244.0.2"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" \\"}]]}]
e7:["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" -p"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" tcp"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" --dport"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" 80"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" -j"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" DROP"}]]}]
e8:["$","rect",null,{"x":"670","y":"105","width":"120","height":"60","rx":"6","fill":"#161e28","stroke":"#243447","stroke-width":"1"}]
e9:["$","text",null,{"x":"730","y":"127","text-anchor":"middle","fill":"#cdd9e5","font-size":"10","font-weight":"700","children":"worker-b1"}]
ea:["$","text",null,{"x":"730","y":"141","text-anchor":"middle","fill":"#768390","font-size":"9","children":"10.10.20.3"}]
eb:["$","text",null,{"x":"730","y":"154","text-anchor":"middle","fill":"#58a6ff","font-size":"9","children":"Cilium BGP"}]
ec:["$","rect",null,{"x":"540","y":"195","width":"250","height":"50","rx":"6","fill":"rgba(88,166,255,0.05)","stroke":"rgba(88,166,255,0.15)","stroke-width":"1"}]
ed:["$","text",null,{"x":"665","y":"215","text-anchor":"middle","fill":"#58a6ff","font-size":"10","children":"svc: nginx-b LB IP: 10.0.2.10"}]
ee:["$","text",null,{"x":"665","y":"230","text-anchor":"middle","fill":"#768390","font-size":"9","children":"advertised via Cilium BGP"}]
ef:["$","rect",null,{"x":"540","y":"270","width":"250","height":"40","rx":"5","fill":"rgba(240,136,62,0.05)","stroke":"rgba(240,136,62,0.15)","stroke-width":"1"}]
f0:["$","text",null,{"x":"665","y":"289","text-anchor":"middle","fill":"#f0883e","font-size":"10","children":"Cilium VXLAN overlay"}]
f1:["$","text",null,{"x":"665","y":"302","text-anchor":"middle","fill":"#768390","font-size":"9","children":"inter-node pod routing"}]
f2:["$","line",null,{"x1":"665","y1":"310","x2":"665","y2":"340","stroke":"#58a6ff","stroke-width":"1.5"}]
f3:["$","rect",null,{"x":"600","y":"340","width":"130","height":"30","rx":"5","fill":"#0d1117","stroke":"#1e2d3d","stroke-width":"1"}]
f4:["$","text",null,{"x":"665","y":"359","text-anchor":"middle","fill":"#768390","font-size":"10","children":"VLAN 20 trunk"}]
f5:["$","line",null,{"x1":"520","y1":"360","x2":"495","y2":"200","stroke":"#f0883e","stroke-width":"1.5","stroke-dasharray":"5 3"}]
f6:["$","text",null,{"x":"513","y":"290","fill":"#f0883e","font-size":"9","transform":"rotate(70,513,290)","children":"BGP"}]
f7:["$","path",null,{"d":"M 155 380 Q 410 390 665 380","fill":"none","stroke":"#bc8cff","stroke-width":"1.5","stroke-dasharray":"6 3"}]
f8:["$","text",null,{"x":"410","y":"395","text-anchor":"middle","fill":"#bc8cff","font-size":"10","children":"Cross-cluster pod routing via BGP-learned routes"}]
f9:["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" \\"}]
fa:["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" --disable-network-policy"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" \\"}]]}]
fb:["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" --cluster-cidr=10.43.0.0/16"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" \\"}]]}]
fc:["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" --service-cidr=10.97.0.0/12"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" \\"}]]}]
fd:["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" --disable=traefik"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" \\"}]]}]
fe:["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" --node-ip=10.10.20.2"}]}]
ff:["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" bgpControlPlane.enabled="}]
100:["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":"true"}]
101:["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" \\"}]
102:["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" --set"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" k8sServiceHost="}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":"10.10.10.2"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" \\"}]]}]
103:["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" --set"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" k8sServicePort="}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":"6443"}]]}]
104:["$","span",null,{"className":"line"}]
105:["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# Verify"}]}]
106:["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},"children":"cilium"}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" status"}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" --wait"}]]}]
107:["$","span",null,{"style":{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},"children":": "}]
108:["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":"\"10.10.10.1/32\""}]
109:["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":" # router-vm eth0"}]
10a:["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#22863A","--shiki-dark":"#85E89D"},"children":" peerASN"}],["$","span",null,{"style":{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},"children":": "}],["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":"65000"}]]}]
10b:["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#22863A","--shiki-dark":"#85E89D"},"children":" serviceSelector"}],["$","span",null,{"style":{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},"children":":"}]]}]
10c:["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#22863A","--shiki-dark":"#85E89D"},"children":" matchExpressions"}],["$","span",null,{"style":{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},"children":":"}]]}]
10d:["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},"children":" - "}],["$","span",null,{"style":{"--shiki-light":"#22863A","--shiki-dark":"#85E89D"},"children":"key"}],["$","span",null,{"style":{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},"children":": "}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":"somekey"}]]}]
10e:["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#22863A","--shiki-dark":"#85E89D"},"children":" operator"}],["$","span",null,{"style":{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},"children":": "}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":"NotIn"}]]}]
10f:["$","span",null,{"className":"line","children":[["$","span",null,{"style":{"--shiki-light":"#22863A","--shiki-dark":"#85E89D"},"children":" values"}],["$","span",null,{"style":{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},"children":": ["}],["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":"\"\""}],["$","span",null,{"style":{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},"children":"] "}],["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# select all LB services"}]]}]
110:["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" exec"}]
111:["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" -it"}]
112:["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" test-b"}]
113:["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" --"}]
114:["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" ping"}]
115:["$","span",null,{"style":{"--shiki-light":"#D73A49","--shiki-dark":"#F97583"},"children":" <"}]
116:["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":"cluster-a-pod-i"}]
117:["$","span",null,{"style":{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},"children":"p"}]
118:["$","span",null,{"style":{"--shiki-light":"#D73A49","--shiki-dark":"#F97583"},"children":">"}]
119:["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" annotate"}]
11a:["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" svc"}]
11b:["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" nginx-a"}]
11c:["$","span",null,{"style":{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},"children":" \\"}]
11d:["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#032F62","--shiki-dark":"#9ECBFF"},"children":" service.cilium.io/global=\"true\""}]}]
11e:["$","span",null,{"className":"line"}]
11f:["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# Now from Cluster B, nginx-a is reachable by its ClusterIP"}]}]
120:["$","span",null,{"className":"line","children":["$","span",null,{"style":{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},"children":"# and Cilium handles load balancing across both clusters"}]}]