Hello Is possible to run ospf instance over an interface which is part of an VRF?I make a config but I see I see no package from local instance on VRF interfaceThe log shows the Hello package are sent out using physical interface Config is like ipv4 table vrf_private; protocol kernel kernel_vrf_private { scan time 1; vrf "vrf-private"; #kernel table 200; ipv4 { table vrf_private; import all; export all; }; } protocol direct direct_vrf_private { vrf "vrf-private"; ipv4 { table vrf_private; }; } protocol ospf ospf_local_core { vrf "vrf-private"; ipv4 { table vrf_private; import all; export all; }; disabled off; instance id 0; debug { states, routes, filters, interfaces, events, packets }; area 0.0.0.0 { interface 1.2.3.0/24, "ens256", "vrf-private" , 172.31.254.0/24 { type broadcast; check link on; tx dscp 0x1a; bfd off; }; }; In log I see 2018-03-08 23:52:31.962 <TRACE> ospf_local_core: HELLO packet sent via ens256 tcpdump shows the packets from the neighbor coming into ens256
On Thu, Mar 08, 2018 at 09:55:03PM +0000, Ticlea Alexandru wrote:
Hello Is possible to run ospf instance over an interface which is part of an VRF?I make a config but I see I see no package from local instance on VRF interfaceThe log shows the Hello package are sent out using physical interface Config is like
Hello It should work, but require recent kernel. Works for me on 4.14.13, i think (but not sure) it would work on 4.13, but not older.
ipv4 table vrf_private;
protocol kernel kernel_vrf_private { scan time 1; vrf "vrf-private"; #kernel table 200;
You should specify the kernel table associated with the VRF.
protocol ospf ospf_local_core { vrf "vrf-private"; ipv4 { table vrf_private; import all; export all; }; disabled off; instance id 0; debug { states, routes, filters, interfaces, events, packets }; area 0.0.0.0 { interface 1.2.3.0/24, "ens256", "vrf-private" , 172.31.254.0/24 {
I would not add "vrf-private" interface as an active OSPF interface. Just the regular interfaces that are a part of the VRF. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
Indeed, with 4.15 it worksIn my former kernel 4.9, the net.ipv4.tcp_l3mdev_accept was missing. That's the cause or 4.15 has another vrf implementation? On Friday, March 9, 2018, 12:31:12 AM GMT+2, Ondrej Zajicek <santiago@crfreenet.org> wrote: On Thu, Mar 08, 2018 at 09:55:03PM +0000, Ticlea Alexandru wrote:
Hello Is possible to run ospf instance over an interface which is part of an VRF?I make a config but I see I see no package from local instance on VRF interfaceThe log shows the Hello package are sent out using physical interface Config is like
Hello It should work, but require recent kernel. Works for me on 4.14.13, i think (but not sure) it would work on 4.13, but not older.
ipv4 table vrf_private;
protocol kernel kernel_vrf_private { scan time 1; vrf "vrf-private"; #kernel table 200;
You should specify the kernel table associated with the VRF.
protocol ospf ospf_local_core { vrf "vrf-private"; ipv4 { table vrf_private; import all; export all; }; disabled off; instance id 0; debug { states, routes, filters, interfaces, events, packets }; area 0.0.0.0 { interface 1.2.3.0/24, "ens256", "vrf-private" , 172.31.254.0/24 {
I would not add "vrf-private" interface as an active OSPF interface. Just the regular interfaces that are a part of the VRF. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
On Fri, Mar 09, 2018 at 10:02:08AM +0000, Ticlea Alexandru wrote:
Indeed, with 4.15 it worksIn my former kernel 4.9, the net.ipv4.tcp_l3mdev_accept was missing. That's the cause or 4.15 has another vrf implementation?
The Linux kernel VRF implementation was implemented by several successive patches, the first were merged to earlier kernels, while the latest patches (necessary for OSPF in BIRD) were merged to 4.14 or 4.15. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
participants (2)
-
Ondrej Zajicek -
Ticlea Alexandru