vrf - Hangbin Liu's blog

Virtual Routing and Forwarding (VRF) impacts only Layer 3.

Setup

VRF device is created with an association to a FIB table.

1
2
ip link add vrf-blue type vrf table 10
ip link set dev vrf-blue up

Set the default route for the table (and hence default route for the VRF):

1
ip route add table 10 unreachable default metric 4278198272

Enslave L3 interfaces to a VRF device:

1
ip link set dev veth1 master vrf-blue

Add additional VRF routers:

1
2
3
ip route add table 10 ...
or
ip route add vrf vrf-blue ...

Example

netns topo

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 ns1           sw0           ns2
veth0 -|- veth1   veth2 -|- veth0

# add netns
ip netns add ns1
ip netns add ns2
ip netns add sw0

# add links
ip link add veth0 netns ns1 type veth peer name veth1 netns sw0
ip link add veth0 netns ns2 type veth peer name veth2 netns sw0

# set links up
ip -n ns1 link set veth0 up
ip -n ns2 link set veth0 up
ip -n sw0 link set veth1 up
ip -n sw0 link set veth2 up

# add ip address
ip -n ns1 addr add 192.168.1.1/24 dev veth0
ip -n ns2 addr add 192.168.2.1/24 dev veth0
ip -n sw0 addr add 192.168.1.254/24 dev veth1
ip -n sw0 addr add 192.168.2.254/24 dev veth2

# add route
ip -n ns1 route add default via 192.168.1.254 dev veth0
ip -n ns2 route add default via 192.168.2.254 dev veth0
ip netns exec sw0 sysctl -w net.ipv4.conf.all.forwarding=1

# check connection
ip netns exec ns1 ping 192.168.2.1 -c1

vrf topo

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
 vrf1          sw0          vrf2
veth0 -|- veth1   veth2 -|- veth3

# add links
ip link add type veth
ip link add type veth
ip link add vrf1 type vrf table 10
ip link add vrf2 type vrf table 20
ip link add sw0 type vrf table 100

# set link up
ip link set veth0 up
ip link set veth1 up
ip link set veth2 up
ip link set veth3 up
ip link set vrf1 up
ip link set vrf2 up
ip link set sw0 up

# enslave devices
ip link set veth0 master vrf1
ip link set veth1 master sw0
ip link set veth2 master sw0
ip link set veth3 master vrf2

# add ip addrs
ip addr add 192.168.1.1/24 dev veth0
ip addr add 192.168.1.254/24 dev veth1
ip addr add 192.168.2.254/24 dev veth2
ip addr add 192.168.2.1/24 dev veth3

# add route
ip route add table 10 unreachable default metric 4278198272
ip route add table 20 unreachable default metric 4278198272
ip route add table 100 unreachable default metric 4278198272
ip route add vrf vrf1 default via 192.168.1.254 dev veth0
ip route add vrf vrf2 default via 192.168.2.254 dev veth3
sysctl -w net.ipv4.conf.all.forwarding=1

# Check connection
ip vrf exec vrf1 ping 192.168.2.1 -c 1

Contents

Setup

Example