Doing something wrong with VRF's
Nigel Kukard
nkukard at LBSD.net
Thu Sep 28 17:29:23 CEST 2023
Hi there,
I'm wondering if someone could point out what I'm doing wrong here? all
my routes are being added to the system main table and not my VRF.
I could swear I had this working 100% (I took my config and added vrf
"vrf0" to each protocol), i then regenerated my config file using my
software, rebooted and its not worked since. I can't seem to find what I
broke.
Here is my interfaces... the t0p0 and t0p1 are ip6gretap's, dummy0 is
just a loopback dummy interface. All are slave to vrf0. lgtm.
4: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue master
vrf0 state UNKNOWN mode DEFAULT group default qlen 1000
link/ether fe:dc:20:04:15:27 brd ff:ff:ff:ff:ff:ff
5: vrf0: <NOARP,MASTER,UP,LOWER_UP> mtu 65575 qdisc noqueue state UP
mode DEFAULT group default qlen 1000
link/ether 8a:8e:21:3d:c4:c9 brd ff:ff:ff:ff:ff:ff
8: t0p0 at e0p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1430 qdisc fq_codel
master vrf0 state UNKNOWN mode DEFAULT group default qlen 1000
link/ether b2:da:ee:78:04:1f brd ff:ff:ff:ff:ff:ff
9: t0p1 at e0p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1430 qdisc fq_codel
master vrf0 state UNKNOWN mode DEFAULT group default qlen 1000
link/ether fa:61:19:72:65:d8 brd ff:ff:ff:ff:ff:ff
the output from ip rule is this... lgtm.
1000: from all lookup [l3mdev-table]
The routes within the VRF look like this, lgtm ... ip route show vrf vrf0
X/30 dev t0p0 proto kernel scope link src A
Y/30 dev t0p1 proto kernel scope link src B
Z/27 dev dummy0 proto kernel scope link src C
My main routing table looks like this... lgtm, I don't even have the
interfaces or anything configured for them in the main table outside the
VRF.
default via 169.254.1.1 dev e0p0 proto static metric 1000
169.254.1.1 dev e0p0 proto kernel scope link src D metric 256
E dev e0p0 proto kernel metric 256 pref medium
F via fe80::1 dev e0p0 proto static metric 300 pref medium
G via fe80::1 dev e0p0 proto static metric 300 pref medium
fe80::/64 dev e0p0 proto kernel metric 256 pref medium
default via fe80::1 dev e0p0 proto static metric 1000 pref medium
My bird config is below ... I made sure to add vrf "vrf0" to all
protocols. I searched the mailing list and I can't see what I did wrong
here.
OSPF comes up fine, I can ping inside the VRF fine, but all my routes
are being added to the main system table.
I cut out the filters, they're not doing anything interesting. Despite
BGP being mentioned in the config below, I don't have it configured atm.
# Kernel Table
ipv4 table t_kernel4;
ipv6 table t_kernel6;
# Direct Tables:
ipv4 table t_direct4;
ipv6 table t_direct6;
# OSPF Tables
ipv4 table t_ospf4;
ipv6 table t_ospf6;
...
protocol kernel kernel4 {
vrf "vrf0";
description "Kernel protocol for IPv4";
metric 600; # Set the BIRD metric to be used when creating kernel
routes to fall in line with our OS
learn; # Learn routes from the kernel
persist; # Dont remove routes on BIRD shutdown
merge paths on; # Merge similar BGP paths into a multi-hop
ipv4 {
table t_kernel4;
export all;
import all;
};
};
protocol kernel kernel6 {
vrf "vrf0";
description "Kernel protocol for IPv6";
metric 600; # Set the BIRD metric to be used when creating kernel
routes to fall in line with our OS
learn; # Learn routes from the kernel
persist; # Dont remove routes on BIRD shutdown
merge paths on; # Merge similar BGP paths into a multi-hop
ipv6 {
table t_kernel6;
export all;
import all;
};
};
protocol pipe p_master4_to_kernel4 {
vrf "vrf0";
description "Pipe from master4 to t_kernel4";
table master4;
peer table t_kernel4;
export filter f_master4_kernel4_export;
import filter f_master4_kernel4_import;
};
protocol pipe p_master6_to_kernel6 {
vrf "vrf0";
description "Pipe from master6 to t_kernel6";
table master6;
peer table t_kernel6;
export filter f_master6_kernel6_export;
import filter f_master6_kernel6_import;
};
protocol device {
vrf "vrf0";
description "Device protocol";
scan time 10;
};
protocol direct direct4 {
vrf "vrf0";
description "Direct protocol for IPv4";
ipv4 {
table t_direct4;
export none;
import all;
};
};
protocol direct direct6 {
vrf "vrf0";
description "Direct protocol for IPv6";
ipv6 {
table t_direct6;
export none;
import all;
};
};
protocol pipe p_master4_to_direct4 {
vrf "vrf0";
description "Pipe from master4 to t_direct4";
table master4;
peer table t_direct4;
export none;
import all;
};
protocol pipe p_master6_to_direct6 {
vrf "vrf0";
description "Pipe from master6 to t_direct6";
table master6;
peer table t_direct6;
export none;
import all;
};
protocol ospf v2 ospf4 {
vrf "vrf0";
description "OSPF protocol for IPv4";
ipv4 {
table t_ospf4;
export filter f_ospf_export;
import filter f_ospf_import;
};
area 0 {
interface "dummy0" {
cost 10;
ecmp weight 1;
stub;
};
interface "t0p0" {
cost 1000;
ecmp weight 1;
};
interface "t0p1" {
cost 1000;
ecmp weight 1;
};
};
};
protocol ospf v3 ospf6 {
vrf "vrf0";
description "OSPF protocol for IPv6";
ipv6 {
table t_ospf6;
export filter f_ospf_export;
import filter f_ospf_import;
};
area 0 {
interface "dummy0" {
cost 10;
ecmp weight 1;
stub;
};
interface "t0p0" {
cost 1000;
ecmp weight 1;
};
interface "t0p1" {
cost 1000;
ecmp weight 1;
};
};
};
protocol pipe p_ospf4_to_master4 {
vrf "vrf0";
description "Pipe from t_ospf4 to master4";
table t_ospf4;
peer table master4;
export filter f_ospf_master_export;
import filter f_ospf_master_import;
};
protocol pipe p_ospf6_to_master6 {
vrf "vrf0";
description "Pipe from t_ospf6 to master6";
table t_ospf6;
peer table master6;
export filter f_ospf_master_export;
import filter f_ospf_master_import;
};
Kind Regards
Nigel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20230928/b86eda3f/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20230928/b86eda3f/attachment.sig>
More information about the Bird-users
mailing list