diff options
Diffstat (limited to 'src')
| -rwxr-xr-x | src/conf_mode/vrf.py | 12 | ||||
| -rw-r--r-- | src/etc/sysctl.d/30-vyos-router.conf | 8 |
2 files changed, 12 insertions, 8 deletions
diff --git a/src/conf_mode/vrf.py b/src/conf_mode/vrf.py index 37625142c..9b1b6355f 100755 --- a/src/conf_mode/vrf.py +++ b/src/conf_mode/vrf.py @@ -214,6 +214,18 @@ def apply(vrf): # Delete the VRF Kernel interface call(f'ip link delete dev {tmp}') + # Enable/Disable VRF strict mode + # When net.vrf.strict_mode=0 (default) it is possible to associate multiple + # VRF devices to the same table. Conversely, when net.vrf.strict_mode=1 a + # table can be associated to a single VRF device. + # + # A VRF table can be used by the VyOS CLI only once (ensured by verify()), + # this simply adds an additional Kernel safety net + strict_mode = '0' + # Set to 1 if any VRF is defined + if 'name' in vrf: strict_mode = '1' + sysctl_write('net.vrf.strict_mode', strict_mode) + if 'name' in vrf: # Separate VRFs in conntrack table # check if table already exists diff --git a/src/etc/sysctl.d/30-vyos-router.conf b/src/etc/sysctl.d/30-vyos-router.conf index 67d96969e..1c9b8999f 100644 --- a/src/etc/sysctl.d/30-vyos-router.conf +++ b/src/etc/sysctl.d/30-vyos-router.conf @@ -105,11 +105,3 @@ net.core.rps_sock_flow_entries = 32768 net.core.default_qdisc=fq_codel net.ipv4.tcp_congestion_control=bbr -# VRF - Virtual routing and forwarding -# When net.vrf.strict_mode=0 (default) it is possible to associate multiple -# VRF devices to the same table. Conversely, when net.vrf.strict_mode=1 a -# table can be associated to a single VRF device. -# -# A VRF table can be used by the VyOS CLI only once (ensured by verify()), -# this simply adds an additional Kernel safety net -net.vrf.strict_mode=1 |