From: David Ahern <dsahern@gmail.com>
To: Stephen Suryaputra <ssuryaextr@gmail.com>, netdev@vger.kernel.org
Subject: Re: ip rule iif oif and vrf
Date: Tue, 22 Sep 2020 09:39:36 -0600 [thread overview]
Message-ID: <2bea9311-e6b6-91ea-574a-4aa7838d53ea@gmail.com> (raw)
In-Reply-To: <20200922131122.GB1601@ICIPI.localdomain>
On 9/22/20 7:11 AM, Stephen Suryaputra wrote:
> Hi,
>
> We have a use case where there are multiple user VRFs being leak routed
> to and from tunnels that are on the core VRF. Traffic from user VRF to a
> tunnel can be done the normal way by specifying the netdev directly on
> the route entry on the user VRF route table:
>
> ip route add <prefix> via <tunnel_end_point_addr> dev <tunnel_netdev>
>
> But traffic received on the tunnel must be leak routed directly to the
> respective a specific user VRF because multiple user VRFs can have
> duplicate address spaces. I am thinking of using ip rule but when the
> iif is an enslaved device, the rule doesn't get matched because the
> ifindex in the skb is the master.
>
> My question is: is this a bug, or is there anything else that can be
> done to make sure that traffic from a tunnel being routed directly to a
> user VRF? If it is the later, I can work on a patch.
>
Might be a side effect of the skb dev change. I would like to remove
that but it is going to be challenge at this point.
take a look at:
perf record -a -e fib:* -g
<packets through the tunnel>
<Ctrl-C>
perf script
What does it say for the lookups - input arguments, table, etc?
Any chance you can re-recreate this using namespaces as the different nodes?
next prev parent reply other threads:[~2020-09-22 15:39 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-22 13:11 ip rule iif oif and vrf Stephen Suryaputra
2020-09-22 15:39 ` David Ahern [this message]
2020-09-23 23:50 ` Stephen Suryaputra
2020-09-24 1:47 ` David Ahern
2020-09-24 13:48 ` Stephen Suryaputra
2020-09-24 14:41 ` David Ahern
2020-10-01 2:23 ` Stephen Suryaputra
2020-10-12 0:06 ` David Ahern
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2bea9311-e6b6-91ea-574a-4aa7838d53ea@gmail.com \
--to=dsahern@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=ssuryaextr@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.