From: David Ahern <dsa@cumulusnetworks.com>
To: roy.qing.li@gmail.com, netdev@vger.kernel.org
Subject: Re: question about vrf-lite
Date: Wed, 6 Jan 2016 09:18:04 -0700 [thread overview]
Message-ID: <568D3E3C.2030301@cumulusnetworks.com> (raw)
In-Reply-To: <1452074022-11816-1-git-send-email-roy.qing.li@gmail.com>
On 1/6/16 2:53 AM, roy.qing.li@gmail.com wrote:
> Hi David Ahern:
>
> when I test vrf-lite, I meet a question, could you help me?
>
> the envirnment is below:
> N2
> N1 (all configs here) +---------------+
> +--------------+ | |
> | | | |
> |eth0 :10.0.2.1+----------------------+eth0 :10.0.2.2 |
> | | +---------------+
> | VRF 1 |
> | table 5 |
> | |
> +---------------+
> | |
> | VRF 2 | N3
> | table 6 | +---------------+
> | | | |
> |eth1 :10.0.2.1+----------------------+eth0 :10.0.2.2 |
> +--------------+ +---------------+
>
> and configuration on N1 is below:
>
> ip link add vrf1 type vrf table 5
> ip link add vrf2 type vrf table 6
> ip rule add pref 200 oif vrf1 lookup 5
> ip rule add pref 200 iif vrf1 lookup 5
> ip rule add pref 200 oif vrf2 lookup 6
> ip rule add pref 200 iif vrf2 lookup 6
> ip link set vrf1 up
> ip link set vrf2 up
> ip link set eth0 master vrf1
> ip link set eth1 master vrf2
>
> the route information is below:
>
> # ip route get 10.0.2.2 oif vrf1
> 10.0.2.2 dev eth0 table 5 src 10.0.2.1
> cache
> #
> # ip route get 10.0.2.2 oif vrf2
> 10.0.2.2 dev eth1 table 6 src 10.0.2.1
> cache
> #
> #uname -r
> 4.4.0-rc5
> #
>
> when run the ping with different interfaces on N1, I expect
> "ping -I vrf1 10.0.2.2" send to/receive from packets with N2,
> "ping -I vrf2 10.0.2.2" send to/receive from packets with N3,
>
> but I found whether the interface is vrf1 or vrf2, the packets always
> is sent out through eth0, N2 reply; and no packets sent out through
> eth1.
>
> is it right?
no. The above works fine for me. I literally copied and pasted all of
the commands except the master ones which were adapted to my setup --
eth9 and eth11 for me instead of eth0 and eth1. tcpdump on N2, N3 show
the right one is receiving packets based on which 'ping -I vrf<N>' is run.
Do tables 5 and 6 have the right routes?
next prev parent reply other threads:[~2016-01-06 16:18 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-01-06 9:53 question about vrf-lite roy.qing.li
2016-01-06 16:18 ` David Ahern [this message]
2016-01-07 1:04 ` Li RongQing
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=568D3E3C.2030301@cumulusnetworks.com \
--to=dsa@cumulusnetworks.com \
--cc=netdev@vger.kernel.org \
--cc=roy.qing.li@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.