Linux中iproute实现VRF

  VRF (Virtual Routing and Forwarding)使同一系统下拥有多种且独立的路由表。在LINUX的内核中,从4.3版本已开始支持VRF。如下将展示如何创建两个不同VRF,其中一个专用于虚拟桥,可参看文章:
http://www.routereflector.com/2016/11/working-with-vrf-on-linux/
https://blog.csdn.net/armlinuxww/article/details/84075629
iproute2源码路径 https://mirrors.edge.kernel.org/pub/linux/utils/net/iproute2/

1.Ubuntu系统实现VRF

参考文档:https://feisky.gitbooks.io/sdn/linux/vrf.html

Ubuntu默认不包括vrf内核模块,需要额外安装:

解决方法:

2.CentOS系统实现VRF

参考文档:https://forums.centos.org/viewtopic.php?t=57943
https://www.kernel.org/doc/Documentation/networking/vrf.txt
本人CentOS 7.6 版本,内核3.10版本不支持vrf模块,需要更新内核,建议升级内核4.8以上。如果直接用命令 ip link 创建vrf会出现问题 RTNETLINK answers: Operation not supported 。

解决方法:

3.Linux中VRF实现命令

3.1 创建VRF

  To instantiate a VRF device and associate it with a table: $ ip link add dev NAME type vrf table ID. As of v4.8 the kernel supports the l3mdev FIB rule where a single rule covers all VRFs. The l3mdev rule is created for IPv4 and IPv6 on first device create.

同时启动两个vrf

3.2 罗列所有VRFs

To list VRFs that have been created:
$ ip [-d] link show type vrf
NOTE: The -d option is needed to show the table id

For example:

Or in brief output:

3.3 给VRF分配网络接口

为VRF分配接口

    Network interfaces are assigned to a VRF by enslaving the netdevice to a VRF device: ip link set dev NAME master NAME .
    On enslavement connected and local routes are automatically moved to thetable associated with the VRF device.For example:$ ip link set dev eth0 master mgmt

3.4显示被分配给VRF的设备

To show devices that have been assigned to a specific VRF add the master
option to the ip command:

For example:

Or using the brief output:

3.5显示VRF的邻居条目

To list neighbor entries associated with devices enslaved to a VRF device
add the master option to the ip command:

For example:

3.6 显示VRF中地址

To show addresses for interfaces associated with a VRF add the master option to the ip command:

For example:

Or in brief format:

3.7 显示VRF路由

To show routes for a VRF use the ip command to display the table associated with the VRF device:

For example:

3.8 VRF的路由查询

A test route lookup can be done for a VRF:

For example:

3.9 将网络接口从VRF中删除

  Network interfaces are removed from a VRF by breaking the enslavement to the VRF device:$ ip link set dev NAME nomaster
  Connected routes are moved back to the default table and local entries are moved to the local table. For example:
$ ip link set dev eth0 nomaster

赞赏

微信赞赏支付宝赞赏

发表评论

邮箱地址不会被公开。 必填项已用*标注