Lines Matching +full:route +full:- +full:up
1 .. SPDX-License-Identifier: GPL-2.0
11 routing and forwarding domains (aka VRFs, VRF-lite to be specific) in the
12 Linux network stack. One use case is the multi-tenancy problem where each
30 ------
31 A VRF device is created with an associated route table. Network interfaces
34 +-----------------------------+
35 | vrf-blue | ===> route table 10
36 +-----------------------------+
38 +------+ +------+ +-------------+
40 +------+ +------+ +-------------+
42 +------+ +------+
44 +------+ +------+
59 .. [2] Iptables on ingress supports PREROUTING with skb->dev set to the real
60 ingress device and both INPUT and PREROUTING rules with skb->dev set to
65 -----
69 ip link add vrf-blue type vrf table 10
70 ip link set dev vrf-blue up
76 with a different priority or install per-VRF rules.
80 ip ru add oif vrf-blue table 10
81 ip ru add iif vrf-blue table 10
83 3. Set the default route for the table (and hence default route for the VRF)::
85 ip route add table 10 unreachable default metric 4278198272
87 This high metric value ensures that the default unreachable route can
94 ip link set dev eth1 master vrf-blue
104 sysctl -w net.ipv6.conf.all.keep_addr_on_down=1
108 ip route add table 10 ...
112 ------------
129 sysctl -w net.ipv4.tcp_l3mdev_accept=1
130 sysctl -w net.ipv4.udp_l3mdev_accept=1
142 sysctl -w net.ipv4.raw_l3mdev_accept=0
147 Using VRF-aware applications (applications which simultaneously create sockets
160 --------------------------------------------------------------------------------
165 section lists both commands where appropriate -- with the vrf keyword and the
182 $ ip [-d] link show type vrf
183 NOTE: The -d option is needed to show the table id
187 $ ip -d link show type vrf
188 …11: mgmt: <NOARP,MASTER,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default…
191 …12: red: <NOARP,MASTER,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default …
194 …13: blue: <NOARP,MASTER,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default…
197 …14: green: <NOARP,MASTER,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group defaul…
204 $ ip -br link show type vrf
205 mgmt UP 72:b3:ba:91:e2:24 <NOARP,MASTER,UP,LOWER_UP>
206 red UP b6:6f:6e:f6:da:73 <NOARP,MASTER,UP,LOWER_UP>
207 blue UP 36:62:e8:7d:bb:8c <NOARP,MASTER,UP,LOWER_UP>
208 green UP e6:28:b8:63:70:bb <NOARP,MASTER,UP,LOWER_UP>
237 …3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master red state UP mode DEFA…
239 …4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master red state UP mode DEFA…
247 $ ip -br link show vrf red
248 eth1 UP 02:00:00:00:02:02 <BROADCAST,MULTICAST,UP,LOWER_UP>
249 eth2 UP 02:00:00:00:02:03 <BROADCAST,MULTICAST,UP,LOWER_UP>
258 $ ip [-6] neigh show vrf NAME
259 $ ip [-6] neigh show master NAME
267 $ ip -6 neigh show vrf red
282 …3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master red state UP group def…
290 …4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master red state UP group def…
303 $ ip -br addr show vrf red
304 eth1 UP 10.2.1.2/24 2002:1::2/120 fe80::ff:fe00:202/64
305 eth2 UP 10.2.2.2/24 2002:2::2/120 fe80::ff:fe00:203/64
314 $ ip [-6] route show vrf NAME
315 $ ip [-6] route show table ID
319 $ ip route show vrf red
330 $ ip -6 route show vrf red
346 unreachable default dev lo metric 4278198272 error -101 pref medium
348 8. Route Lookup for a VRF
350 A test route lookup can be done for a VRF::
352 $ ip [-6] route get vrf NAME ADDRESS
353 $ ip [-6] route get oif NAME ADDRESS
357 $ ip route get 10.2.1.40 vrf red
361 $ ip -6 route get 2002:1::32 vrf red
379 --------------------------------------------------------------------------------
399 ip route add table ${TBID} unreachable default metric 4278198272
401 ip link set dev ${VRF} up