Re: Inter-VRF routing on a single machine

All of lore.kernel.org
 help / color / mirror / Atom feed

From: David Ahern <dsa@cumulusnetworks.com>
To: Darwin Dingel <darwin.dingel@gmail.com>, netdev@vger.kernel.org
Subject: Re: Inter-VRF routing on a single machine
Date: Tue, 12 Apr 2016 10:48:44 -0600	[thread overview]
Message-ID: <570D26EC.2000802@cumulusnetworks.com> (raw)
In-Reply-To: <CAAJwJQkfVWkdL+tOvcu5C9XBwTpNKcB8qvGeDUO32Tq6nW=xMw@mail.gmail.com>

On 4/12/16 4:09 AM, Darwin Dingel wrote:
> Hi All,
>
> Have anyone tried the following setup on a single machine with 2 TCP
> sockets on different VRF's and succeeded?
>
> - client_socket on VRF1
> - server_socket on VRF2
> - ip rules and iproutes for inter-VRF set up
> - client_socket sends TCP connect to server_socket. skb was sent using
> VRF1 interface
> - skb received in loopback interface

That is the key problem there.

> - TCP code got SYN but cannot route back to VRF1 to send ACK.
>
> I was wondering if this is a known limitation of VRF as of the moment,
> or could work with proper iprules/iproute.

In general local (within a single system) routing does not work with top 
of tree. e.g., within a VRF you can not connect sockets or ping a VRF 
local address. Inter-vrf connections within a system also do not work.

I have patches from our 4.1 kernel that I have rebased to top of tree. I 
hope to test and send those out in the next week or so. It addresses the 
first problem -- connections within a VRF. While it does not resolve 
your problem of connecting across VRFs within a system I think it is the 
foundation for how to fix it.

     prev parent reply	other threads:[~2016-04-12 16:48 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-04-12 10:09 Inter-VRF routing on a single machine Darwin Dingel
2016-04-12 16:48 ` David Ahern [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=570D26EC.2000802@cumulusnetworks.com \
    --to=dsa@cumulusnetworks.com \
    --cc=darwin.dingel@gmail.com \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.