diff options
| author | Christian Breunig <christian@breunig.cc> | 2023-12-20 22:25:47 +0100 |
|---|---|---|
| committer | Christian Breunig <christian@breunig.cc> | 2023-12-20 22:25:47 +0100 |
| commit | 10701108fecb36f7be7eb7ef5f1e54e63da5fb4e (patch) | |
| tree | 6d0c6cceb090a7b22242e862c22f619aeabd2397 /src | |
| parent | b873112dd7253b64d323e183758dbabaa0f28b6e (diff) | |
| download | vyos-1x-10701108fecb36f7be7eb7ef5f1e54e63da5fb4e.tar.gz vyos-1x-10701108fecb36f7be7eb7ef5f1e54e63da5fb4e.zip | |
vrf: T591: define sysctl setting for net.vrf.strict_mode
Enable/Disable VRF strict mode, when net.vrf.strict_mode=0 (default) it is
possible to associate multiple VRF devices to the same table. Conversely, when
net.vrf.strict_mode=1 a table can be associated to a single VRF device.
A VRF table can be used by the VyOS CLI only once (ensured by verify()), this
simply adds an additional Kernel safety net, but a requirement for IPv6 segment
routing headers.
Diffstat (limited to 'src')
| -rwxr-xr-x | src/conf_mode/vrf.py | 12 | ||||
| -rw-r--r-- | src/etc/sysctl.d/30-vyos-router.conf | 8 |
2 files changed, 12 insertions, 8 deletions
diff --git a/src/conf_mode/vrf.py b/src/conf_mode/vrf.py index 37625142c..9b1b6355f 100755 --- a/src/conf_mode/vrf.py +++ b/src/conf_mode/vrf.py @@ -214,6 +214,18 @@ def apply(vrf): # Delete the VRF Kernel interface call(f'ip link delete dev {tmp}') + # Enable/Disable VRF strict mode + # When net.vrf.strict_mode=0 (default) it is possible to associate multiple + # VRF devices to the same table. Conversely, when net.vrf.strict_mode=1 a + # table can be associated to a single VRF device. + # + # A VRF table can be used by the VyOS CLI only once (ensured by verify()), + # this simply adds an additional Kernel safety net + strict_mode = '0' + # Set to 1 if any VRF is defined + if 'name' in vrf: strict_mode = '1' + sysctl_write('net.vrf.strict_mode', strict_mode) + if 'name' in vrf: # Separate VRFs in conntrack table # check if table already exists diff --git a/src/etc/sysctl.d/30-vyos-router.conf b/src/etc/sysctl.d/30-vyos-router.conf index 67d96969e..1c9b8999f 100644 --- a/src/etc/sysctl.d/30-vyos-router.conf +++ b/src/etc/sysctl.d/30-vyos-router.conf @@ -105,11 +105,3 @@ net.core.rps_sock_flow_entries = 32768 net.core.default_qdisc=fq_codel net.ipv4.tcp_congestion_control=bbr -# VRF - Virtual routing and forwarding -# When net.vrf.strict_mode=0 (default) it is possible to associate multiple -# VRF devices to the same table. Conversely, when net.vrf.strict_mode=1 a -# table can be associated to a single VRF device. -# -# A VRF table can be used by the VyOS CLI only once (ensured by verify()), -# this simply adds an additional Kernel safety net -net.vrf.strict_mode=1 |