From 3d231292c8beaa00d40f922c01ca4191b2b89da1 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Wed, 4 Mar 2020 21:30:13 +0100 Subject: vrf: T31: reorder routing table lookups Linux routing uses rules to find tables - routing targets are then looked up in those tables. If the lookup got a matching route, the process ends. TL;DR; first table with a matching entry wins! You can see your routing table lookup rules using "ip rule", sadly the local lookup is hit before any VRF lookup. Pinging an addresses from the VRF will usually find a hit in the local table, and never reach the VRF routing table - this is usually not what you want. Thus we will re-arrange the tables and move the local lookup furhter down once VRFs are enabled. --- src/conf_mode/vrf.py | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) (limited to 'src') diff --git a/src/conf_mode/vrf.py b/src/conf_mode/vrf.py index 242fc7ccb..a39366126 100755 --- a/src/conf_mode/vrf.py +++ b/src/conf_mode/vrf.py @@ -196,6 +196,34 @@ def apply(vrf_config): with open(f'/sys/class/net/{name}/ifalias', 'w') as f: f.write(vrf['description']) + # Linux routing uses rules to find tables - routing targets are then + # looked up in those tables. If the lookup got a matching route, the + # process ends. + # + # TL;DR; first table with a matching entry wins! + # + # You can see your routing table lookup rules using "ip rule", sadly the + # local lookup is hit before any VRF lookup. Pinging an addresses from the + # VRF will usually find a hit in the local table, and never reach the VRF + # routing table - this is usually not what you want. Thus we will + # re-arrange the tables and move the local lookup furhter down once VRFs + # are enabled. + + # set "normal" non VRF table lookups + add_pref = '0' + del_pref = '32765' + + # Lookup table is adjusted if we are in VRF mode + if vrf_config['vrf_add']: + add_pref = '32765' + del_pref = '0' + + # Configure table lookups + _cmd(f'ip -4 rule add pref {add_pref} table local') + _cmd(f'ip -4 rule del pref {del_pref}') + _cmd(f'ip -6 rule add pref {add_pref} table local') + _cmd(f'ip -6 rule del pref {del_pref}') + return None if __name__ == '__main__': -- cgit v1.2.3