On 7/9/15 11:28 AM, Sowmini Varadhan wrote:
On Thu, Jul 9, 2015 at 7:19 PM, David Ahern <d...@cumulusnetworks.com> wrote:
On the to-do list to use cmsg to specify a VRF for outbound packets using
non-connected sockets. I do not believe it is going to work, but need to
look into it.
What about setting ipsec policy for interfaces in the vrf?
From a purely parochial standpoint, how would rds sockets work in this model?
Would the tcp encaps happen before or after the the vrf "driver" output?
Same problem for NFS.
If I set the VRF context (ie., set the SO_BINDTODEVICE for all sockets)
of any RDS, NFS or any other socket app it runs in that VRF context and
works just fine.
From a non-parochial standpoint. There are a *lot* of routing apps that
actually
need more visibility into many details about the "slave" interface: e.g., OSPF,
ARP snoop, IPSLA.. the list is pretty long.
I think it's a bad idea to use a "driver" to represent a table lookup. Too many
hacks will become necessary.
Most of the changes needed to the networking stack are to address which
table is used for FIB lookups. The stack has a strong preference to the
local and main tables. I have a new patch set which better explains
patch 4 in this version. I'll send it out in the next few days, but you
can get a preview here:
https://github.com/dsahern/linux.git, vrf-dev-4.1-v2 branch
David
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
