From mboxrd@z Thu Jan 1 00:00:00 1970 From: David Ahern Subject: Re: [PATCH net-next v2 00/10] vrf: allow simultaneous service instances in default and other VRFs Date: Tue, 2 Oct 2018 14:16:46 -0600 Message-ID: <4b9bf1c2-b157-f93c-7380-d5437d8eae7b@gmail.com> References: <20181001084320.32453-1-mmanning@vyatta.att-mail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit To: Mike Manning , netdev@vger.kernel.org Return-path: Received: from mail-pf1-f194.google.com ([209.85.210.194]:37378 "EHLO mail-pf1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726789AbeJCDBy (ORCPT ); Tue, 2 Oct 2018 23:01:54 -0400 Received: by mail-pf1-f194.google.com with SMTP id j23-v6so513527pfi.4 for ; Tue, 02 Oct 2018 13:16:49 -0700 (PDT) In-Reply-To: <20181001084320.32453-1-mmanning@vyatta.att-mail.com> Content-Language: en-US Sender: netdev-owner@vger.kernel.org List-ID: On 10/1/18 2:43 AM, Mike Manning wrote: > Services currently have to be VRF-aware if they are using an unbound > socket. One cannot have multiple service instances running in the > default and other VRFs for services that are not VRF-aware and listen > on an unbound socket. This is because there is no way of isolating > packets received in the default VRF from those arriving in other VRFs. > > This series provides this isolation subject to the existing kernel > parameter net.ipv4.tcp_l3mdev_accept not being set, given that this is > documented as allowing a single service instance to work across all > VRF domains. The functionality applies to UDP & TCP services, for IPv4 > and IPv6, in particular adding VRF table handling for IPv6 multicast. > I see 1 failure caused by this patch set: IPv6/UDP send to a peer's linklocal address with no server on port in the peer. An ICMP unreachable is expected since there is no server and it is not received. Happens with or without net.ipv4.udp_l3mdev_accept set.