All of lore.kernel.org
 help / color / mirror / Atom feed
From: David Ahern <dsahern@gmail.com>
To: Stephen Suryaputra <ssuryaextr@gmail.com>, netdev@vger.kernel.org
Subject: Re: ip rule iif oif and vrf
Date: Tue, 22 Sep 2020 09:39:36 -0600	[thread overview]
Message-ID: <2bea9311-e6b6-91ea-574a-4aa7838d53ea@gmail.com> (raw)
In-Reply-To: <20200922131122.GB1601@ICIPI.localdomain>

On 9/22/20 7:11 AM, Stephen Suryaputra wrote:
> Hi,
> 
> We have a use case where there are multiple user VRFs being leak routed
> to and from tunnels that are on the core VRF. Traffic from user VRF to a
> tunnel can be done the normal way by specifying the netdev directly on
> the route entry on the user VRF route table:
> 
> ip route add <prefix> via <tunnel_end_point_addr> dev <tunnel_netdev>
> 
> But traffic received on the tunnel must be leak routed directly to the
> respective a specific user VRF because multiple user VRFs can have
> duplicate address spaces. I am thinking of using ip rule but when the
> iif is an enslaved device, the rule doesn't get matched because the
> ifindex in the skb is the master.
> 
> My question is: is this a bug, or is there anything else that can be
> done to make sure that traffic from a tunnel being routed directly to a
> user VRF? If it is the later, I can work on a patch.
> 

Might be a side effect of the skb dev change. I would like to remove
that but it is going to be challenge at this point.

take a look at:
perf record -a -e fib:* -g
<packets through the tunnel>
<Ctrl-C>
perf script

What does it say for the lookups - input arguments, table, etc?

Any chance you can re-recreate this using namespaces as the different nodes?

  reply	other threads:[~2020-09-22 15:39 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-09-22 13:11 ip rule iif oif and vrf Stephen Suryaputra
2020-09-22 15:39 ` David Ahern [this message]
2020-09-23 23:50   ` Stephen Suryaputra
2020-09-24  1:47     ` David Ahern
2020-09-24 13:48       ` Stephen Suryaputra
2020-09-24 14:41         ` David Ahern
2020-10-01  2:23           ` Stephen Suryaputra
2020-10-12  0:06             ` David Ahern

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=2bea9311-e6b6-91ea-574a-4aa7838d53ea@gmail.com \
    --to=dsahern@gmail.com \
    --cc=netdev@vger.kernel.org \
    --cc=ssuryaextr@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.