From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from dispatch1-us1.ppe-hosted.com (dispatch1-us1.ppe-hosted.com [148.163.129.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0CA251E884F for ; Mon, 18 Nov 2024 19:48:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.129.52 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731959339; cv=none; b=kxUALOTvmGNOTpUhnBvHAFxmkRffRAd0VtbgQyqB53XekBadW8FHDlC1uZM/me29pwFNxCiO1acw1Le9JlETbad2oSB+KP1tTtUbXHuKfPy4zEUqcTCiYXRTgV07U8hz2xaEZ7c01d16vPPH0cNcfuuIqDqS4LpBXeuDNcdI/+I= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731959339; c=relaxed/simple; bh=yBX5N+9//W2xVv2JaRA75drvXz2yEwJ1eXsNwFDP0mc=; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From: In-Reply-To:Content-Type; b=EajqrMsAhZQjkPxGT9Cy5rfsmuTSd0Xxsy85RCvd0X5ufGipkvXca/wCFcxB5zFCJ5eFaZgiCo7ucmV01F65Kpn2mfFn3ZHXqnbox0CNegozlPnsNNTHRUrnKMfxnYm9yoWBlt70t9+yO77me/UhdZnqmWidQSdLixei0hHJOqo= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=candelatech.com; spf=pass smtp.mailfrom=candelatech.com; dkim=pass (1024-bit key) header.d=candelatech.com header.i=@candelatech.com header.b=UBzFkcdS; arc=none smtp.client-ip=148.163.129.52 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=candelatech.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=candelatech.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=candelatech.com header.i=@candelatech.com header.b="UBzFkcdS" X-Virus-Scanned: Proofpoint Essentials engine Received: from mail3.candelatech.com (mail.candelatech.com [208.74.158.173]) by mx1-us1.ppe-hosted.com (PPE Hosted ESMTP Server) with ESMTP id F41B2400072; Mon, 18 Nov 2024 19:48:54 +0000 (UTC) Received: from [IPV6:2607:fb90:7393:a63:d3b5:d0bd:6d1f:8490] (unknown [172.56.241.70]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail3.candelatech.com (Postfix) with ESMTPSA id B4CD413C2B0; Mon, 18 Nov 2024 11:48:52 -0800 (PST) DKIM-Filter: OpenDKIM Filter v2.11.0 mail3.candelatech.com B4CD413C2B0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=candelatech.com; s=default; t=1731959333; bh=yBX5N+9//W2xVv2JaRA75drvXz2yEwJ1eXsNwFDP0mc=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=UBzFkcdScO467TlhK+AtNr5yWrQAFtx8EI4mJkT3xrfS5y/ImT//c48yJiCCKU7Y0 JGqUgAVhIWW0knCBmncWK+1FEz0gAgXT+djPs2wrzDEfSF0IT9AQL7fjrRAfdrC6IU ymYcG8cmf9estOy4pOg0T8ltWMdpSf1mI1Uu33Bs= Message-ID: Date: Mon, 18 Nov 2024 11:48:49 -0800 Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: GRE tunnels bound to VRF To: Ido Schimmel Cc: netdev References: <86264c3a-d3f7-467b-b9d2-bdc43d185220@candelatech.com> Content-Language: en-MW From: Ben Greear Organization: Candela Technologies In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-MDID: 1731959335-0wO8PpPw3nAS X-MDID-O: us5;ut7;1731959335;0wO8PpPw3nAS;;a7e0f01e4f1a90fc9a5deb2f83c822d4 X-PPE-TRUSTED: V=1;DIR=OUT; On 11/18/24 1:00 AM, Ido Schimmel wrote: > On Sun, Nov 17, 2024 at 10:40:18AM -0800, Ben Greear wrote: >> Hello, >> >> Is there any (sane) way to tell a GRE tunnel to use a VRF for its >> underlying traffic? >> >> For instance, if I have eth1 in a VRF, and eth2 in another VRF, I'd like gre0 to be bound >> to the eth1 VRF and gre1 to the eth2 VRF, with ability to send traffic between the two >> gre interfaces and have that go out whatever the ethernet VRFs route to... > > You can set eth{1,2} as the "physical device" of gre{0,1} > > ip link add name gre0 up type gre [...] dev eth1 > ip link add name gre1 up type gre [...] dev eth2 > > The "physical device" can be any interface in the VRF, not necessarily > eth{1,2}. Hello, Thanks for that suggestion. I'm trying to implement this, but not having much luck. My current approach is trying to put gre0 in one VRF, attached to a VETH device in a different VRF. Would you expect that to work? And also, is there any way to delete a gre netdev? ip link delete gre0 doesn't complain, and doesn't work. Thanks, Ben -- Ben Greear Candela Technologies Inc http://www.candelatech.com