Home page logo
/

nanog logo nanog mailing list archives

Re: VRF/MPLS on Linux
From: Mike Jones <mike () mikejones in>
Date: Tue, 23 Aug 2011 17:18:26 +0100

On 23 August 2011 14:45,  <nanog () rhemasound org> wrote:
While I have found some information on a project called linux-mpls I am having a hard time finding any solid VRF 
framework for Linux.  I have a monitoring system that needs check devices that sit in overlapping private ip space, 
and I was wondering if there is anyway I could use some kind or VRF type solution that would allow me to label the 
"site" the traffic is intended for.  The upstream router supports VRF/MPLS, but I need to know how I can get the 
server to label the traffic.  I would appreciate any input.

I would probably go for the suggestion of (ab)using QoS tags for the
routing table selection, but just to throw this alternate idea out
there:

1.0.0.0/8 1:1 NATed to 10.0.0.0/8 marked to use routing table 1, which
routes to network 1
2.0.0.0/8 1:1 NATed to 10.0.0.0/8 marked to use routing table 2, which
routes to network 2
etc

That way your application layer won't need any additional logic and
can just deal with them as separate non-overlapping IP spaces, this
won't work if you have too many overlapping networks (but then linux
only supports 252 additional routing tables anyway afaik) or if you
need external connectivity that can't be proxied.

In a similar manner if your tools support IPv6 you could have a /96
that is NAT64'ed on to each different network, i'm not sure about this
for a production setup although it would have the added benefit that
you can expose these routes to your management network to provide
easier access from your other machines if you wanted to.

- Mike


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault