From mboxrd@z Thu Jan 1 00:00:00 1970 From: David Ahern Subject: Re: question about vrf-lite Date: Wed, 6 Jan 2016 09:18:04 -0700 Message-ID: <568D3E3C.2030301@cumulusnetworks.com> References: <1452074022-11816-1-git-send-email-roy.qing.li@gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit To: roy.qing.li@gmail.com, netdev@vger.kernel.org Return-path: Received: from mail-ob0-f169.google.com ([209.85.214.169]:35349 "EHLO mail-ob0-f169.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751582AbcAFQSH (ORCPT ); Wed, 6 Jan 2016 11:18:07 -0500 Received: by mail-ob0-f169.google.com with SMTP id xn1so29353606obc.2 for ; Wed, 06 Jan 2016 08:18:07 -0800 (PST) In-Reply-To: <1452074022-11816-1-git-send-email-roy.qing.li@gmail.com> Sender: netdev-owner@vger.kernel.org List-ID: On 1/6/16 2:53 AM, roy.qing.li@gmail.com wrote: > Hi David Ahern: > > when I test vrf-lite, I meet a question, could you help me? > > the envirnment is below: > N2 > N1 (all configs here) +---------------+ > +--------------+ | | > | | | | > |eth0 :10.0.2.1+----------------------+eth0 :10.0.2.2 | > | | +---------------+ > | VRF 1 | > | table 5 | > | | > +---------------+ > | | > | VRF 2 | N3 > | table 6 | +---------------+ > | | | | > |eth1 :10.0.2.1+----------------------+eth0 :10.0.2.2 | > +--------------+ +---------------+ > > and configuration on N1 is below: > > ip link add vrf1 type vrf table 5 > ip link add vrf2 type vrf table 6 > ip rule add pref 200 oif vrf1 lookup 5 > ip rule add pref 200 iif vrf1 lookup 5 > ip rule add pref 200 oif vrf2 lookup 6 > ip rule add pref 200 iif vrf2 lookup 6 > ip link set vrf1 up > ip link set vrf2 up > ip link set eth0 master vrf1 > ip link set eth1 master vrf2 > > the route information is below: > > # ip route get 10.0.2.2 oif vrf1 > 10.0.2.2 dev eth0 table 5 src 10.0.2.1 > cache > # > # ip route get 10.0.2.2 oif vrf2 > 10.0.2.2 dev eth1 table 6 src 10.0.2.1 > cache > # > #uname -r > 4.4.0-rc5 > # > > when run the ping with different interfaces on N1, I expect > "ping -I vrf1 10.0.2.2" send to/receive from packets with N2, > "ping -I vrf2 10.0.2.2" send to/receive from packets with N3, > > but I found whether the interface is vrf1 or vrf2, the packets always > is sent out through eth0, N2 reply; and no packets sent out through > eth1. > > is it right? no. The above works fine for me. I literally copied and pasted all of the commands except the master ones which were adapted to my setup -- eth9 and eth11 for me instead of eth0 and eth1. tcpdump on N2, N3 show the right one is receiving packets based on which 'ping -I vrf' is run. Do tables 5 and 6 have the right routes?