question about vrf-lite
Hi David Ahern: when I test vrf-lite, I meet a question, could you help me? the envirnment is below: N2 N1 (all configs here) +---+ +--+ | | | | | | |eth0 :10.0.2.1+--+eth0 :10.0.2.2 | | | +---+ | VRF 1| | table 5 | | | +---+ | | | VRF 2| N3 | table 6 | +---+ | | | | |eth1 :10.0.2.1+--+eth0 :10.0.2.2 | +--+ +---+ and configuration on N1 is below: ip link add vrf1 type vrf table 5 ip link add vrf2 type vrf table 6 ip rule add pref 200 oif vrf1 lookup 5 ip rule add pref 200 iif vrf1 lookup 5 ip rule add pref 200 oif vrf2 lookup 6 ip rule add pref 200 iif vrf2 lookup 6 ip link set vrf1 up ip link set vrf2 up ip link set eth0 master vrf1 ip link set eth1 master vrf2 the route information is below: # ip route get 10.0.2.2 oif vrf1 10.0.2.2 dev eth0 table 5 src 10.0.2.1 cache # # ip route get 10.0.2.2 oif vrf2 10.0.2.2 dev eth1 table 6 src 10.0.2.1 cache # #uname -r 4.4.0-rc5 # when run the ping with different interfaces on N1, I expect "ping -I vrf1 10.0.2.2" send to/receive from packets with N2, "ping -I vrf2 10.0.2.2" send to/receive from packets with N3, but I found whether the interface is vrf1 or vrf2, the packets always is sent out through eth0, N2 reply; and no packets sent out through eth1. is it right? thanks -Roy -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: question about vrf-lite
On 1/6/16 2:53 AM, roy.qing...@gmail.com wrote: Hi David Ahern: when I test vrf-lite, I meet a question, could you help me? the envirnment is below: N2 N1 (all configs here) +---+ +--+ | | | | | | |eth0 :10.0.2.1+--+eth0 :10.0.2.2 | | | +---+ | VRF 1| | table 5 | | | +---+ | | | VRF 2| N3 | table 6 | +---+ | | | | |eth1 :10.0.2.1+--+eth0 :10.0.2.2 | +--+ +---+ and configuration on N1 is below: ip link add vrf1 type vrf table 5 ip link add vrf2 type vrf table 6 ip rule add pref 200 oif vrf1 lookup 5 ip rule add pref 200 iif vrf1 lookup 5 ip rule add pref 200 oif vrf2 lookup 6 ip rule add pref 200 iif vrf2 lookup 6 ip link set vrf1 up ip link set vrf2 up ip link set eth0 master vrf1 ip link set eth1 master vrf2 the route information is below: # ip route get 10.0.2.2 oif vrf1 10.0.2.2 dev eth0 table 5 src 10.0.2.1 cache # # ip route get 10.0.2.2 oif vrf2 10.0.2.2 dev eth1 table 6 src 10.0.2.1 cache # #uname -r 4.4.0-rc5 # when run the ping with different interfaces on N1, I expect "ping -I vrf1 10.0.2.2" send to/receive from packets with N2, "ping -I vrf2 10.0.2.2" send to/receive from packets with N3, but I found whether the interface is vrf1 or vrf2, the packets always is sent out through eth0, N2 reply; and no packets sent out through eth1. is it right? no. The above works fine for me. I literally copied and pasted all of the commands except the master ones which were adapted to my setup -- eth9 and eth11 for me instead of eth0 and eth1. tcpdump on N2, N3 show the right one is receiving packets based on which 'ping -I vrf' is run. Do tables 5 and 6 have the right routes? -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: question about vrf-lite
>> >> is it right? > > > no. The above works fine for me. I literally copied and pasted all of the > commands except the master ones which were adapted to my setup -- eth9 and > eth11 for me instead of eth0 and eth1. tcpdump on N2, N3 show the right one > is receiving packets based on which 'ping -I vrf' is run. > > Do tables 5 and 6 have the right routes? Thanks, David; it is not VRF issue, it is my configuration issue about qemu; I am testing VRF on qemu, and the issue/solution is same as issue under below link https://lists.gnu.org/archive/html/qemu-discuss/2014-06/msg00059.html -Roy -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
