summaryrefslogtreecommitdiff
path: root/src/conf_mode/vrf.py
AgeCommit message (Collapse)Author
2020-03-07vrf: T31: properly set configuration level when parsingChristian Poessinger
2020-03-05vrf: T31: improve kernel rule lookup table codeChristian Poessinger
2020-03-05vrf: T31: modify kernel rule lookup table only onceChristian Poessinger
2020-03-05vrf: T31: add more documentation linksChristian Poessinger
2020-03-05vrf: T31: use subprocess check_output over check_callChristian Poessinger
2020-03-05vrf: T31: routing table IDs must be uniqueChristian Poessinger
2020-03-05vrf: T31: use vyos.ifconfig to set ifaliasChristian Poessinger
2020-03-05vrf: T31: table id is mandatoryChristian Poessinger
2020-03-04vrf: T31: remove pass in exception handlerChristian Poessinger
2020-03-04vrf: T31: reorder routing table lookupsChristian Poessinger
Linux routing uses rules to find tables - routing targets are then looked up in those tables. If the lookup got a matching route, the process ends. TL;DR; first table with a matching entry wins! You can see your routing table lookup rules using "ip rule", sadly the local lookup is hit before any VRF lookup. Pinging an addresses from the VRF will usually find a hit in the local table, and never reach the VRF routing table - this is usually not what you want. Thus we will re-arrange the tables and move the local lookup furhter down once VRFs are enabled.
2020-03-04vrf: T31: adding unreachable routes to the routing tablesChristian Poessinger
2020-03-04vrf: T31: prior to the v4.8 kernel iif and oif rules are neededChristian Poessinger
.. we run on 4.19 thus this is no longer needed.
2020-03-04vrf: T31: create iproute2 table to name mapping referenceChristian Poessinger
2020-03-04vrf: T31: rename 'vrf disable-bind-to-all ipv4' to 'vrf bind-to-all'Christian Poessinger
By default the scope of the port bindings for unbound sockets is limited to the default VRF. That is, it will not be matched by packets arriving on interfaces enslaved to an l3mdev and processes may bind to the same port if they bind to an l3mdev. TCP & UDP services running in the default VRF context (ie., not bound to any VRF device) can work across all VRF domains by enabling the 'vrf bind-to-all' option.
2020-03-04vrf: T31: support add/remove of interfaces from vrfChristian Poessinger
2020-03-04vrf: T31: remove superfluous vyos.vrf library functionsChristian Poessinger
vyos.vrf.list_vrfs() was only used in one function thus building a library is no longer needed. If it is needed in the future it should be placed into a library again.
2020-03-04vrf: T31: reduce script complexityChristian Poessinger
Keep it simple and stupid :)
2020-03-04vrf: T31: no need to use sudo calls in vrf.pyChristian Poessinger
All configuration mode scripts are already run with sudo.
2020-03-04vrf: T31: initial support for a VRF backend in XML/PythonThomas Mangin
This is a work in progress to complete T31 whoever thought it was less than 1 hour of work was ..... optimistic. Only VRF vreation and show is supported right now. No interface can be bound to any one VRF.