summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2020-03-04 21:30:13 +0100
committerChristian Poessinger <christian@poessinger.com>2020-03-04 21:45:41 +0100
commit3d231292c8beaa00d40f922c01ca4191b2b89da1 (patch)
tree5293cbb832c3973f1839d5b6a38153d1a34ee471
parent5b69a581831ba431d6b56077ad6340925a73a371 (diff)
downloadvyos-1x-3d231292c8beaa00d40f922c01ca4191b2b89da1.tar.gz
vyos-1x-3d231292c8beaa00d40f922c01ca4191b2b89da1.zip
vrf: T31: reorder routing table lookups
Linux routing uses rules to find tables - routing targets are then looked up in those tables. If the lookup got a matching route, the process ends. TL;DR; first table with a matching entry wins! You can see your routing table lookup rules using "ip rule", sadly the local lookup is hit before any VRF lookup. Pinging an addresses from the VRF will usually find a hit in the local table, and never reach the VRF routing table - this is usually not what you want. Thus we will re-arrange the tables and move the local lookup furhter down once VRFs are enabled.
-rwxr-xr-xsrc/conf_mode/vrf.py28
1 files changed, 28 insertions, 0 deletions
diff --git a/src/conf_mode/vrf.py b/src/conf_mode/vrf.py
index 242fc7ccb..a39366126 100755
--- a/src/conf_mode/vrf.py
+++ b/src/conf_mode/vrf.py
@@ -196,6 +196,34 @@ def apply(vrf_config):
with open(f'/sys/class/net/{name}/ifalias', 'w') as f:
f.write(vrf['description'])
+ # Linux routing uses rules to find tables - routing targets are then
+ # looked up in those tables. If the lookup got a matching route, the
+ # process ends.
+ #
+ # TL;DR; first table with a matching entry wins!
+ #
+ # You can see your routing table lookup rules using "ip rule", sadly the
+ # local lookup is hit before any VRF lookup. Pinging an addresses from the
+ # VRF will usually find a hit in the local table, and never reach the VRF
+ # routing table - this is usually not what you want. Thus we will
+ # re-arrange the tables and move the local lookup furhter down once VRFs
+ # are enabled.
+
+ # set "normal" non VRF table lookups
+ add_pref = '0'
+ del_pref = '32765'
+
+ # Lookup table is adjusted if we are in VRF mode
+ if vrf_config['vrf_add']:
+ add_pref = '32765'
+ del_pref = '0'
+
+ # Configure table lookups
+ _cmd(f'ip -4 rule add pref {add_pref} table local')
+ _cmd(f'ip -4 rule del pref {del_pref}')
+ _cmd(f'ip -6 rule add pref {add_pref} table local')
+ _cmd(f'ip -6 rule del pref {del_pref}')
+
return None
if __name__ == '__main__':