Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Virtual routing and forwarding(VRF) implementation in Linux #28

Open
JADAUN-SINGH opened this issue Dec 4, 2019 · 1 comment
Open

Virtual routing and forwarding(VRF) implementation in Linux #28

JADAUN-SINGH opened this issue Dec 4, 2019 · 1 comment

Comments

@JADAUN-SINGH
Copy link

Hello @torvalds ,
I search most of the place but i am unable to find out the services of VRF used in linux.
Can you please tell me the services of VRF and also the methods so I can integrate this VRF services in Linux.

Thanks
@Rqcker
Copy link

Rqcker commented Mar 23, 2021

@JADAUN-SINGH Hi, you can refer to the kernel documentation below.
Setup:

  1. VRF device is created with an association to a FIB table.
    e.g, ip link add vrf-blue type vrf table 10
    ip link set dev vrf-blue up

  2. An l3mdev FIB rule directs lookups to the table associated with the device.
    A single l3mdev rule is sufficient for all VRFs. The VRF device adds the
    l3mdev rule for IPv4 and IPv6 when the first device is created with a
    default preference of 1000. Users may delete the rule if desired and add
    with a different priority or install per-VRF rules.

    Prior to the v4.8 kernel iif and oif rules are needed for each VRF device:
    ip ru add oif vrf-blue table 10
    ip ru add iif vrf-blue table 10

  3. Set the default route for the table (and hence default route for the VRF).
    ip route add table 10 unreachable default metric 4278198272

    This high metric value ensures that the default unreachable route can
    be overridden by a routing protocol suite. FRRouting interprets
    kernel metrics as a combined admin distance (upper byte) and priority
    (lower 3 bytes). Thus the above metric translates to [255/8192].

  4. Enslave L3 interfaces to a VRF device.
    ip link set dev eth1 master vrf-blue

    Local and connected routes for enslaved devices are automatically moved to
    the table associated with VRF device. Any additional routes depending on
    the enslaved device are dropped and will need to be reinserted to the VRF
    FIB table following the enslavement.

    The IPv6 sysctl option keep_addr_on_down can be enabled to keep IPv6 global
    addresses as VRF enslavement changes.
    sysctl -w net.ipv6.conf.all.keep_addr_on_down=1

  5. Additional VRF routes are added to associated table.
    ip route add table 10 ...

More info check: VRF_Linux

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Rqcker @JADAUN-SINGH