netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* question about vrf-lite
@ 2016-01-06  9:53 roy.qing.li
  2016-01-06 16:18 ` David Ahern
  0 siblings, 1 reply; 3+ messages in thread
From: roy.qing.li @ 2016-01-06  9:53 UTC (permalink / raw)
  To: netdev, dsa

Hi David Ahern:

when I test vrf-lite, I meet a question, could you help me?

the envirnment is below:
                                                 N2
           N1 (all configs here)          +---------------+
    +--------------+                      |               |
    |              |                      |               |
    |eth0 :10.0.2.1+----------------------+eth0 :10.0.2.2 |
    |              |                      +---------------+
    | VRF 1        |
    | table 5      |
    |              |
    +---------------+
    |              |
    | VRF 2        |                             N3
    | table 6      |                      +---------------+
    |              |                      |               |
    |eth1 :10.0.2.1+----------------------+eth0 :10.0.2.2 |
    +--------------+                      +---------------+

and configuration on N1 is below:

ip link add vrf1 type vrf table 5
ip link add vrf2 type vrf table 6
ip rule add pref 200 oif vrf1 lookup 5
ip rule add pref 200 iif vrf1 lookup 5
ip rule add pref 200 oif vrf2 lookup 6
ip rule add pref 200 iif vrf2 lookup 6
ip link set vrf1 up
ip link set vrf2 up
ip link set eth0 master vrf1
ip link set eth1 master vrf2

the route information is below:

# ip route get 10.0.2.2 oif vrf1
10.0.2.2 dev eth0  table 5  src 10.0.2.1 
    cache 
#
# ip route get 10.0.2.2 oif vrf2
10.0.2.2 dev eth1  table 6  src 10.0.2.1 
    cache 
#
#uname -r
4.4.0-rc5
# 

when run the ping with different interfaces on N1, I expect
"ping -I vrf1 10.0.2.2" send to/receive from packets with N2,
"ping -I vrf2 10.0.2.2" send to/receive from packets with N3,

but I found whether the interface is vrf1 or vrf2, the packets always
is sent out through eth0, N2 reply; and no packets sent out through
eth1.

is it right?

thanks

-Roy

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: question about vrf-lite
  2016-01-06  9:53 question about vrf-lite roy.qing.li
@ 2016-01-06 16:18 ` David Ahern
  2016-01-07  1:04   ` Li RongQing
  0 siblings, 1 reply; 3+ messages in thread
From: David Ahern @ 2016-01-06 16:18 UTC (permalink / raw)
  To: roy.qing.li, netdev

On 1/6/16 2:53 AM, roy.qing.li@gmail.com wrote:
> Hi David Ahern:
>
> when I test vrf-lite, I meet a question, could you help me?
>
> the envirnment is below:
>                                                   N2
>             N1 (all configs here)          +---------------+
>      +--------------+                      |               |
>      |              |                      |               |
>      |eth0 :10.0.2.1+----------------------+eth0 :10.0.2.2 |
>      |              |                      +---------------+
>      | VRF 1        |
>      | table 5      |
>      |              |
>      +---------------+
>      |              |
>      | VRF 2        |                             N3
>      | table 6      |                      +---------------+
>      |              |                      |               |
>      |eth1 :10.0.2.1+----------------------+eth0 :10.0.2.2 |
>      +--------------+                      +---------------+
>
> and configuration on N1 is below:
>
> ip link add vrf1 type vrf table 5
> ip link add vrf2 type vrf table 6
> ip rule add pref 200 oif vrf1 lookup 5
> ip rule add pref 200 iif vrf1 lookup 5
> ip rule add pref 200 oif vrf2 lookup 6
> ip rule add pref 200 iif vrf2 lookup 6
> ip link set vrf1 up
> ip link set vrf2 up
> ip link set eth0 master vrf1
> ip link set eth1 master vrf2
>
> the route information is below:
>
> # ip route get 10.0.2.2 oif vrf1
> 10.0.2.2 dev eth0  table 5  src 10.0.2.1
>      cache
> #
> # ip route get 10.0.2.2 oif vrf2
> 10.0.2.2 dev eth1  table 6  src 10.0.2.1
>      cache
> #
> #uname -r
> 4.4.0-rc5
> #
>
> when run the ping with different interfaces on N1, I expect
> "ping -I vrf1 10.0.2.2" send to/receive from packets with N2,
> "ping -I vrf2 10.0.2.2" send to/receive from packets with N3,
>
> but I found whether the interface is vrf1 or vrf2, the packets always
> is sent out through eth0, N2 reply; and no packets sent out through
> eth1.
>
> is it right?

no. The above works fine for me. I literally copied and pasted all of 
the commands except the master ones which were adapted to my setup -- 
eth9 and eth11 for me instead of eth0 and eth1. tcpdump on N2, N3 show 
the right one is receiving packets based on which 'ping -I vrf<N>' is run.

Do tables 5 and 6 have the right routes?

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: question about vrf-lite
  2016-01-06 16:18 ` David Ahern
@ 2016-01-07  1:04   ` Li RongQing
  0 siblings, 0 replies; 3+ messages in thread
From: Li RongQing @ 2016-01-07  1:04 UTC (permalink / raw)
  To: David Ahern; +Cc: netdev

>>
>> is it right?
>
>
> no. The above works fine for me. I literally copied and pasted all of the
> commands except the master ones which were adapted to my setup -- eth9 and
> eth11 for me instead of eth0 and eth1. tcpdump on N2, N3 show the right one
> is receiving packets based on which 'ping -I vrf<N>' is run.
>
> Do tables 5 and 6 have the right routes?


Thanks, David;

it is not VRF issue, it is my configuration issue about qemu;

I am testing VRF on qemu, and the issue/solution is same as issue
under below link

https://lists.gnu.org/archive/html/qemu-discuss/2014-06/msg00059.html

-Roy

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2016-01-07  1:04 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-01-06  9:53 question about vrf-lite roy.qing.li
2016-01-06 16:18 ` David Ahern
2016-01-07  1:04   ` Li RongQing

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).