On Jun 29, 2018, at 11:04 AM, Donald Sharp <sharpd@cumulusnetworks.com> wrote:
Brandon -
You'll want to read this:
https://www.netdevconf.org/1.1/proceedings/slides/ahern-vrf-tutorial.pdf
FRR does not create VRF's. There are other subsystems which do it better than FRR.
Thanks again. I wasn’t aware of the VRF specific work that had been done from Cumulus and in the kernel. In my head I (naively) thought that rt_tables were “VRFs”. Very enlightening. I got the basic VRF interface enslavement working, but getting things to bind to it (i.e. sshd) is entirely another trick. Digging there I see ‘ip vrf exec’, but from it’s notes: — This command requires the system to be booted with cgroup v2 (e.g. with systemd, add systemd.unified_cgroup_hierarchy=1 to the kernel command line). — I think this rabbit hole might be a bit too deep for me at the moment, but at least (I think) I see the bits and pieces required to put it all together. -- Brandon Applegate - CCIE 10273 PGP Key fingerprint: 0641 D285 A36F 533A 73E5 2541 4920 533C C616 703A "For thousands of years men dreamed of pacts with demons. Only now are such things possible."