diff options
author | Christian Poessinger <christian@poessinger.com> | 2020-03-04 21:30:13 +0100 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2020-03-04 21:45:41 +0100 |
commit | 3d231292c8beaa00d40f922c01ca4191b2b89da1 (patch) | |
tree | 5293cbb832c3973f1839d5b6a38153d1a34ee471 /src/conf_mode | |
parent | 5b69a581831ba431d6b56077ad6340925a73a371 (diff) | |
download | vyos-1x-3d231292c8beaa00d40f922c01ca4191b2b89da1.tar.gz vyos-1x-3d231292c8beaa00d40f922c01ca4191b2b89da1.zip |
vrf: T31: reorder routing table lookups
Linux routing uses rules to find tables - routing targets are then looked up in
those tables. If the lookup got a matching route, the process ends.
TL;DR; first table with a matching entry wins!
You can see your routing table lookup rules using "ip rule", sadly the local
lookup is hit before any VRF lookup. Pinging an addresses from the VRF will
usually find a hit in the local table, and never reach the VRF routing table -
this is usually not what you want. Thus we will re-arrange the tables and move
the local lookup furhter down once VRFs are enabled.
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-x | src/conf_mode/vrf.py | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/src/conf_mode/vrf.py b/src/conf_mode/vrf.py index 242fc7ccb..a39366126 100755 --- a/src/conf_mode/vrf.py +++ b/src/conf_mode/vrf.py @@ -196,6 +196,34 @@ def apply(vrf_config): with open(f'/sys/class/net/{name}/ifalias', 'w') as f: f.write(vrf['description']) + # Linux routing uses rules to find tables - routing targets are then + # looked up in those tables. If the lookup got a matching route, the + # process ends. + # + # TL;DR; first table with a matching entry wins! + # + # You can see your routing table lookup rules using "ip rule", sadly the + # local lookup is hit before any VRF lookup. Pinging an addresses from the + # VRF will usually find a hit in the local table, and never reach the VRF + # routing table - this is usually not what you want. Thus we will + # re-arrange the tables and move the local lookup furhter down once VRFs + # are enabled. + + # set "normal" non VRF table lookups + add_pref = '0' + del_pref = '32765' + + # Lookup table is adjusted if we are in VRF mode + if vrf_config['vrf_add']: + add_pref = '32765' + del_pref = '0' + + # Configure table lookups + _cmd(f'ip -4 rule add pref {add_pref} table local') + _cmd(f'ip -4 rule del pref {del_pref}') + _cmd(f'ip -6 rule add pref {add_pref} table local') + _cmd(f'ip -6 rule del pref {del_pref}') + return None if __name__ == '__main__': |