From cbe9884684270bc65311ee56f3dbd8e0ca9c30f7 Mon Sep 17 00:00:00 2001
From: Timotej Lazar <timotej.lazar@fri.uni-lj.si>
Date: Wed, 25 Feb 2026 16:06:29 +0100
Subject: [PATCH] Note EVPN configuration for Proxmox clusters

---
 README.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/README.md b/README.md
index d9f2dbb..aeb3d24 100644
--- a/README.md
+++ b/README.md
@@ -125,6 +125,12 @@ Interfaces to L3 servers should have the tenant custom field defined:
 
 The tenant determines which prefixes can be received on this interface. It is important that all user‐facing ports either have a tenant defined or are disabled. Interfaces without a tenant are assumed to connect to fabric and allow all prefixes. TODO make previous sentence untrue and delete it
 
+By default L3 servers are not allowed to announce EVPN routes to fabric. To allow receiving EVPN routes from servers on certain interfaces (e.g. from Proxmox nodes), list them in config context on leaf switches:
+
+    {
+        ifaces_evpn: ["swp9s0", "swp9s1", "swp9s2", "swp21", "swp22", "swp23", "swp24"]
+    }
+
 #### L2 setup
 
 For leaf switches providing L2 access we must add a single `bridge` interface. If no VLANs are explicitly set, the bridge will allow any VLAN allowed on at least one of its ports. Otherwise it will only allow the specified VLANs.