vrf.rst - OpenGrok cross reference for /Documentation/networking/vrf.rst

Lines Matching +full:multi +full:- +full:socket
1 .. SPDX-License-Identifier: GPL-2.0
11 routing and forwarding domains (aka VRFs, VRF-lite to be specific) in the
12 Linux network stack. One use case is the multi-tenancy problem where each
16 Processes can be "VRF aware" by binding a socket to the VRF device. Packets
17 through the socket then use the routing table associated with the VRF
30 ------
34 	 +-----------------------------+
35 	 |           vrf-blue          |  ===> route table 10
36 	 +-----------------------------+
38 	 +------+ +------+     +-------------+
40 	 +------+ +------+     +-------------+
42 			      +------+ +------+
44 			      +------+ +------+
59 .. [2] Iptables on ingress supports PREROUTING with skb->dev set to the real
60        ingress device and both INPUT and PREROUTING rules with skb->dev set to
65 -----
69 	ip link add vrf-blue type vrf table 10
70 	ip link set dev vrf-blue up
76    with a different priority or install per-VRF rules.
80        ip ru add oif vrf-blue table 10
81        ip ru add iif vrf-blue table 10
94        ip link set dev eth1 master vrf-blue
104        sysctl -w net.ipv6.conf.all.keep_addr_on_down=1
112 ------------
113 Applications that are to work within a VRF need to bind their socket to the
129     sysctl -w net.ipv4.tcp_l3mdev_accept=1
130     sysctl -w net.ipv4.udp_l3mdev_accept=1
132 These options are disabled by default so that a socket in a VRF is only
136 using a socket not bound to the corresponding VRF. This allows e.g. older ping
139 context are only handled by a raw socket bound to the VRF, and packets in the
140 default VRF are only handled by a socket not bound to any VRF::
142     sysctl -w net.ipv4.raw_l3mdev_accept=0
147 --------------------------------------------------------------------------------
152 section lists both commands where appropriate -- with the vrf keyword and the
169        $ ip [-d] link show type vrf
170 	 NOTE: The -d option is needed to show the table id
174        $ ip -d link show type vrf
191        $ ip -br link show type vrf
234        $ ip -br link show vrf red
245        $ ip [-6] neigh show vrf NAME
246        $ ip [-6] neigh show master NAME
254        $ ip -6 neigh show vrf red
290 	$ ip -br addr show vrf red
301        $ ip [-6] route show vrf NAME
302        $ ip [-6] route show table ID
317 	$ ip -6 route show vrf red
333 	unreachable default dev lo  metric 4278198272  error -101 pref medium
339        $ ip [-6] route get vrf NAME ADDRESS
340        $ ip [-6] route get oif NAME ADDRESS
348 	$ ip -6 route get 2002:1::32 vrf red
366 --------------------------------------------------------------------------------