Home page logo

nanog logo nanog mailing list archives

Re: VRF/MPLS on Linux
From: Jussi Peltola <pelzi () pelzi net>
Date: Wed, 24 Aug 2011 20:37:45 +0300

On Wed, Aug 24, 2011 at 09:18:29AM -0400, Simon Perreault wrote:
On 2011-08-24 06:06, Brian Raaen wrote:
The only issue with this is that the Linux box is not acting as a
router, but as the egress devices.  I'm trying to figure out how to
properly get my application to 'color' the traffic.  standard BSD
sockets appear to have no concept of 'Labels'.

Just FYI: on OpenBSD you can set the VRF (aka "routing table" or
"routing domain") per socket with code like this:

  int s, table;
  s = socket(...);
  table = 123;
  setsockopt(s, IPPROTO_IP, SO_RTABLE, &table, sizeof(table));

Or exec your commands wrapped in route -T$TABLE exec $*

Caveat: ipv6 vrf's did not work the last time I tried, and I think they
still don't.

OpenBSD should also do MPLS VPNs with the VRF's, but it's also pretty
much experimental. It worked fine in a quick lab test at my last try, I
should dig my lab notes and document it...

Some things, like /etc/resolv.conf, still need some attention with VRFs.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]