内核VRF

Linux内核的Virtual Routing and Forwarding (VRF) 是由路由表和一组网络设备组成的路由实例。
VRF安装
Ubuntu默认不包括vrf内核模块，需要额外安装:
1
apt-get install linux-headers-4.10.0-14-generic linux-image-extra-4.10.0-14-generic
2
reboot
3
apt-get install linux-image-extra-$(uname -r)
4
modprobe vrf
Copied!
VRF示例
1
# create vrf device
2
ip link add vrf-blue type vrf table 10
3
ip link set dev vrf-blue up
4
​
5
# An l3mdev FIB rule directs lookups to the table associated with the device.
6
# A single l3mdev rule is sufficient for all VRFs.
7
# Prior to the v4.8 kernel iif and oif rules are needed for each VRF device:
8
ip ru add oif vrf-blue table 10
9
ip ru add iif vrf-blue table 10
10
​
11
#Set the default route for the table (and hence default route for the VRF).
12
ip route add table 10 unreachable default
13
​
14
# Enslave L3 interfaces to a VRF device.
15
# Local and connected routes for enslaved devices are automatically moved to
16
# the table associated with VRF device. Any additional routes depending on
17
# the enslaved device are dropped and will need to be reinserted to the VRF
18
# FIB table following the enslavement.
19
ip link set dev eth1 master vrf-blue
20
​
21
# The IPv6 sysctl option keep_addr_on_down can be enabled to keep IPv6 global
22
# addresses as VRF enslavement changes.
23
sysctl -w net.ipv6.conf.all.keep_addr_on_down=1
24
​
25
# Additional VRF routes are added to associated table.
26
ip route add table 10 ...
Copied!
进程绑定VRF
Linux进程可以通过在VRF设备上监听socket来绑定VRF：
1
setsockopt(sd, SOL_SOCKET, SO_BINDTODEVICE, dev, strlen(dev)+1);
Copied!
TCP & UDP services running in the default VRF context (ie., not bound to any VRF device) can work across all VRF domains by enabling the tcp_l3mdev_accept and udp_l3mdev_accept sysctl options:
1
sysctl -w net.ipv4.tcp_l3mdev_accept=1
2
sysctl -w net.ipv4.udp_l3mdev_accept=1
Copied!
VRF操作
创建VRF
1
ip link add dev NAME type vrf table ID
Copied!
查询VRF列表
1
# ip -d link show type vrf
2
16: vrf-blue: <NOARP,MASTER,UP,LOWER_UP> mtu 65536 qdisc noqueue state UP mode DEFAULT group default qlen 1000
3
    link/ether 9e:9c:8e:7b:32:a4 brd ff:ff:ff:ff:ff:ff promiscuity 0
4
    vrf table 10 addrgenmode eui64
Copied!
添加网卡到VRF
1
ip link set dev eth0 master vrf-blue
Copied!
查询VRF邻接表和路由
1
ip neigh show vrf vrf-blue
2
ip addr show vrf vrf-blue
3
ip -br addr show vrf vrf-blue
4
ip route show vrf vrf-blue
Copied!
从VRF中删除网卡
1
ip link set dev eth0 nomaster
Copied!
参考文档
​Linux kernel documentation​

以前

SR-IOV

下一个

eBPF

最近更新 3yr ago

复制链接

内容