Linux中iproute实现VRF
目录
1.Ubuntu系统实现VRF
2.CentOS系统实现VRF
3.Linux中VRF实现命令
3.1 创建VRF
3.2 罗列所有VRFs
3.3 给VRF分配网络接口
3.4显示被分配给VRF的设备
3.5显示VRF的邻居条目
3.6 显示VRF中地址
3.7 显示VRF路由
3.8 VRF的路由查询
3.9 将网络接口从VRF中删除
VRF (Virtual Routing and Forwarding)使同一系统下拥有多种且独立的路由表。在LINUX的内核中,从4.3版本已开始支持VRF。如下将展示如何创建两个不同VRF,其中一个专用于虚拟桥,可参看文章:
http://www.routereflector.com/2016/11/working-with-vrf-on-linux/
https://blog.csdn.net/armlinuxww/article/details/84075629
iproute2源码路径 https://mirrors.edge.kernel.org/pub/linux/utils/net/iproute2/
1.Ubuntu系统实现VRF
参考文档:https://feisky.gitbooks.io/sdn/linux/vrf.html
Ubuntu默认不包括vrf内核模块,需要额外安装:
解决方法:
apt-get install linux-headers-4.10.0-14-generic linux-image-extra-4.10.0-14-generic
reboot
apt-get install linux-image-extra-$(uname -r)
modprobe vrf2.CentOS系统实现VRF
参考文档:https://forums.centos.org/viewtopic.php?t=57943
https://www.kernel.org/doc/Documentation/networking/vrf.txt
本人CentOS 7.6 版本,内核3.10版本不支持vrf模块,需要更新内核,建议升级内核4.8以上。如果直接用命令 ip link 创建vrf会出现问题 RTNETLINK answers: Operation not supported 。
解决方法:
#首先升级内核
yum --enablerepo=elrepo-kernel install kernel-ml
reboot
#进入系统前选择内核版本5.4.12,即可创建vrf
ip link add vrf-blue type vrf table 103.Linux中VRF实现命令
3.1 创建VRF
To instantiate a VRF device and associate it with a table: $ ip link add dev NAME type vrf table ID
As of v4.8 the kernel supports the l3mdev FIB rule where a single rule covers all VRFs. The l3mdev rule is created for IPv4 and IPv6 on first device create.
# ip link add red type vrf table 1
# ip link add green type vrf table 2
同时启动两个vrf
# ip link set dev red up
# ip link set dev green up
3.2 罗列所有VRFs
##简要查看采用-br参数
# ip -br link show type vrf
red UNKNOWN 9a:ca:96:75:f8:f5 <NOARP,MASTER,UP,LOWER_UP>
green UNKNOWN 8e:b6:6f:25:64:10 <NOARP,MASTER,UP,LOWER_UP>
##查看所有vrf,-d参数可以显示ID号
# ip link show type vrfTo list VRFs that have been created:
$ ip [-d] link show type vrf
NOTE: The -d option is needed to show the table id
For example:
$ ip -d link show type vrf
11: mgmt: <NOARP,MASTER,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether 72:b3:ba:91:e2:24 brd ff:ff:ff:ff:ff:ff promiscuity 0
vrf table 1 addrgenmode eui64
12: red: <NOARP,MASTER,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether b6:6f:6e:f6:da:73 brd ff:ff:ff:ff:ff:ff promiscuity 0
vrf table 10 addrgenmode eui64
13: blue: <NOARP,MASTER,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether 36:62:e8:7d:bb:8c brd ff:ff:ff:ff:ff:ff promiscuity 0
vrf table 66 addrgenmode eui64
14: green: <NOARP,MASTER,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether e6:28:b8:63:70:bb brd ff:ff:ff:ff:ff:ff promiscuity 0
vrf table 81 addrgenmode eui64
Or in brief output:
$ ip -br link show type vrf
mgmt UP 72:b3:ba:91:e2:24 <NOARP,MASTER,UP,LOWER_UP>
red UP b6:6f:6e:f6:da:73 <NOARP,MASTER,UP,LOWER_UP>
blue UP 36:62:e8:7d:bb:8c <NOARP,MASTER,UP,LOWER_UP>
green UP e6:28:b8:63:70:bb <NOARP,MASTER,UP,LOWER_UP>
3.3 给VRF分配网络接口
为VRF分配接口
# ip link set ens37 vrf red
# ip link set ens38 vrf green
Network interfaces are assigned to a VRF by enslaving the netdevice to a
VRF device:$ ip link set dev NAME master NAME
On enslavement connected and local routes are automatically moved to thetable associated with the VRF device.
For example:$ ip link set dev eth0 master mgmt
3.4显示被分配给VRF的设备
##显示被分配给vrf的设备
$ ip link show vrf redTo show devices that have been assigned to a specific VRF add the master
option to the ip command:
$ ip link show vrf NAME
$ ip link show master NAME
For example:
$ ip link show vrf red
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master red state UP mode DEFAULT group default qlen 1000
link/ether 02:00:00:00:02:02 brd ff:ff:ff:ff:ff:ff
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master red state UP mode DEFAULT group default qlen 1000
link/ether 02:00:00:00:02:03 brd ff:ff:ff:ff:ff:ff
7: eth5: <BROADCAST,MULTICAST> mtu 1500 qdisc noop master red state DOWN mode DEFAULT group default qlen 1000
link/ether 02:00:00:00:02:06 brd ff:ff:ff:ff:ff:ff
Or using the brief output:
$ ip -br link show vrf red
eth1 UP 02:00:00:00:02:02 <BROADCAST,MULTICAST,UP,LOWER_UP>
eth2 UP 02:00:00:00:02:03 <BROADCAST,MULTICAST,UP,LOWER_UP>
eth5 DOWN 02:00:00:00:02:06 <BROADCAST,MULTICAST>
3.5显示VRF的邻居条目
# ip neigh show vrf green
To list neighbor entries associated with devices enslaved to a VRF device
add the master option to the ip command:
$ ip [-6] neigh show vrf NAME
$ ip [-6] neigh show master NAME
For example:
$ ip neigh show vrf red
10.2.1.254 dev eth1 lladdr a6:d9:c7:4f:06:23 REACHABLE
10.2.2.254 dev eth2 lladdr 5e:54:01:6a:ee:80 REACHABLE
$ ip -6 neigh show vrf red
2002:1::64 dev eth1 lladdr a6:d9:c7:4f:06:23 REACHABLE
3.6 显示VRF中地址
# ip addr show vrf green
To show addresses for interfaces associated with a VRF add the master option to the ip command:
$ ip addr show vrf NAME
$ ip addr show master NAME
For example:
$ ip addr show vrf red
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master red state UP group default qlen 1000
link/ether 02:00:00:00:02:02 brd ff:ff:ff:ff:ff:ff
inet 10.2.1.2/24 brd 10.2.1.255 scope global eth1
valid_lft forever preferred_lft forever
inet6 2002:1::2/120 scope global
valid_lft forever preferred_lft forever
inet6 fe80::ff:fe00:202/64 scope link
valid_lft forever preferred_lft forever
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master red state UP group default qlen 1000
link/ether 02:00:00:00:02:03 brd ff:ff:ff:ff:ff:ff
inet 10.2.2.2/24 brd 10.2.2.255 scope global eth2
valid_lft forever preferred_lft forever
inet6 2002:2::2/120 scope global
valid_lft forever preferred_lft forever
inet6 fe80::ff:fe00:203/64 scope link
valid_lft forever preferred_lft forever
7: eth5: <BROADCAST,MULTICAST> mtu 1500 qdisc noop master red state DOWN group default qlen 1000
link/ether 02:00:00:00:02:06 brd ff:ff:ff:ff:ff:ff
Or in brief format:
$ ip -br addr show vrf red
eth1 UP 10.2.1.2/24 2002:1::2/120 fe80::ff:fe00:202/64
eth2 UP 10.2.2.2/24 2002:2::2/120 fe80::ff:fe00:203/64
eth5 DOWN
3.7 显示VRF路由
To show routes for a VRF use the ip command to display the table associated with the VRF device:
$ ip [-6] route show vrf NAME
$ ip [-6] route show table ID
For example:
$ ip route show vrf red
unreachable default metric 4278198272
broadcast 10.2.1.0 dev eth1 proto kernel scope link src 10.2.1.2
10.2.1.0/24 dev eth1 proto kernel scope link src 10.2.1.2
local 10.2.1.2 dev eth1 proto kernel scope host src 10.2.1.2
broadcast 10.2.1.255 dev eth1 proto kernel scope link src 10.2.1.2
broadcast 10.2.2.0 dev eth2 proto kernel scope link src 10.2.2.2
10.2.2.0/24 dev eth2 proto kernel scope link src 10.2.2.2
local 10.2.2.2 dev eth2 proto kernel scope host src 10.2.2.2
broadcast 10.2.2.255 dev eth2 proto kernel scope link src 10.2.2.2
$ ip -6 route show vrf red
local 2002:1:: dev lo proto none metric 0 pref medium
local 2002:1::2 dev lo proto none metric 0 pref medium
2002:1::/120 dev eth1 proto kernel metric 256 pref medium
local 2002:2:: dev lo proto none metric 0 pref medium
local 2002:2::2 dev lo proto none metric 0 pref medium
2002:2::/120 dev eth2 proto kernel metric 256 pref medium
local fe80:: dev lo proto none metric 0 pref medium
local fe80:: dev lo proto none metric 0 pref medium
local fe80::ff:fe00:202 dev lo proto none metric 0 pref medium
local fe80::ff:fe00:203 dev lo proto none metric 0 pref medium
fe80::/64 dev eth1 proto kernel metric 256 pref medium
fe80::/64 dev eth2 proto kernel metric 256 pref medium
ff00::/8 dev red metric 256 pref medium
ff00::/8 dev eth1 metric 256 pref medium
ff00::/8 dev eth2 metric 256 pref medium
unreachable default dev lo metric 4278198272 error -101 pref medium
3.8 VRF的路由查询
A test route lookup can be done for a VRF:
$ ip [-6] route get vrf NAME ADDRESS
$ ip [-6] route get oif NAME ADDRESS
For example:
$ ip route get 10.2.1.40 vrf red
10.2.1.40 dev eth1 table red src 10.2.1.2
cache
$ ip -6 route get 2002:1::32 vrf red
2002:1::32 from :: dev eth1 table red proto kernel src 2002:1::2 metric 256 pref medium
3.9 将网络接口从VRF中删除
# ip link set dev ens37 nomaster
Network interfaces are removed from a VRF by breaking the enslavement to the VRF device:
$ ip link set dev NAME nomaster
Connected routes are moved back to the default table and local entries are
moved to the local table.
For example:
$ ip link set dev eth0 nomaster
Linux中iproute实现VRF相关推荐
- linux中的网络命名空间的使用
背景 项目中使用了网络命名空间,用来隔离不同空间中的应用. 命名空间的使用,类似虚拟化技术,在同一台物理机上,创建的多个命名空间相互独立,各个空间的进程独立运行,互不干扰. 在此作一总结,学习加深理解 ...
- Linux中一行命令查看网卡流量、统计网络流量的各种实现方法
Linux中一行命令查看网卡流量.统计网络流量的各种实现方法. 方法一.nload工具 源码包路径: wget http://heanet.dl.sourceforge.net/project/nlo ...
- Linux 中使用wondershaper限制网络带宽使用及iftop流量监控
wondershaper 文章来源:https://linux.cn/article-10084-1.html 以下内容将向你介绍如何轻松对网络带宽做出限制,并在类 Unix 操作系统中对网络流量进行 ...
- c++ 进程快照_如何在 Linux 中找出内存消耗最大的进程
很多次,你可能遇见过系统消耗了过多的内存.如果是这种情况,那么最好的办法是识别出 Linux 机器上消耗过多内存的进程. -- Magesh Maruthamuthu(作者) 很多次,你可能遇见过系统 ...
- linux的tar中ztvf,linux中的tar命令(2)
实例4:只将 /tar 内的 部分文件解压出来 命令: tar -zxvf /opt/soft/test/log30.tar.gz log2013.log 输出: [root@localhost te ...
- centos6.5 php5.2,Linux中PHP安装与配置(CentOS-6.5:php-5.2.13)
1 PHP简介 PHP(PHP: Hypertext Preprocessor的缩写,中文名:"超文本预处理器")是一种通用开源脚本语言.语法吸收了C语言.Java和Per ...
- java 外部类似_[求指点] 如何用java 实现类似linux中管道调用外部程序的功能
想写个小程序实现类似linux中管道的功能,创建一个外部子进程,然后主进程不断地写输入给子进程,而后把子进程的返回值取出. 如下的小代码就是从stdin读入一个字符串,调用子进程(cat)返回这个串, ...
- linux 修改java版本_Linux 有问必答:如何在 Linux 中改变默认的 Java 版本
提问:当我尝试在Linux中运行一个Java程序时,我遇到了一个错误.看上去像程序编译所使用的Java版本与我本地的不同.我该如何在Linux上切换默认的Java版本? 当Java程序编译时,编译环境 ...
- linux ls 命令 路径,使用ls命令在Linux中使用完整路径列出文件
许多人会发现,这是重复的问题,但我已经经历了所有问题,然后问及这个主题,但没有为我工作.使用ls命令在Linux中使用完整路径列出文件 我想打印使用ls命令的特定文件格式的完整路径名到目前为止,我发现 ...
最新文章
- php 面向对象开发 类的学习 一
- 五种线程池的对比与使用
- python getostime_python转换在os.utime中使用的datetime
- 2018智慧零售白皮书
- 没在今天以前就此沉沦下去纯属侥幸
- Android 布局
- 巧用EasyRecovery监控硬盘 为你的电脑保驾护航
- 聊聊FluxFlatMap的concurrency及prefetch参数
- 王码五笔98版forwin10_王码五笔98版-王码五笔98版64位 兼容王码五笔86版 - 快盘下载...
- pyecharts之参透神剧人物关系
- android 模拟器手机如何添加文件到sd卡?
- 高效拓客必备工具:采集工具助力,让你事半功倍
- Cloudreve离线下载Aria2安装教程
- Django数据库学习——定义用户模型(实例)
- 网页制作的一些素材整理(一)
- 启动“山城模式”,重庆能否经得起智能网联汽车的“考验”?
- abort()函数使用
- cogs 1487. 麻球繁衍(概率dp)
- [生存志] 第62节 圣人教子之术
- 更新Edge后打开网页失败问题