2

On a ubuntu host I have two identical ip addresses configured on two interfaces enslaved to two different kernel vrfs. Here they are:

mikle@LabHost:~$ ip link show vrf VRF1401
7: enp3s0f0.1401@enp3s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master VRF1401 state UP mode DEFAULT group default qlen 1000
    link/ether c0:3f:d5:e9:76:c6 brd ff:ff:ff:ff:ff:ff
10: Lo1401: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue master VRF1401 state UNKNOWN mode DEFAULT group default qlen 1000
    link/ether a6:45:5b:d6:bf:43 brd ff:ff:ff:ff:ff:ff

mikle@LabHost:~$ ip link show vrf VRF1402
8: enp3s0f0.1402@enp3s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master VRF1402 state UP mode DEFAULT group default qlen 1000
    link/ether c0:3f:d5:e9:76:c6 brd ff:ff:ff:ff:ff:ff
11: Lo1402: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue master VRF1402 state UNKNOWN mode DEFAULT group default qlen 1000
    link/ether 1a:7b:13:3a:5b:19 brd ff:ff:ff:ff:ff:ff

mikle@LabHost:~$ ip addr show vrf VRF1401
7: enp3s0f0.1401@enp3s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master VRF1401 state UP group default qlen 1000
    link/ether c0:3f:d5:e9:76:c6 brd ff:ff:ff:ff:ff:ff
    inet 10.14.0.1/24 scope global enp3s0f0.1401
       valid_lft forever preferred_lft forever
    inet6 fe80::c23f:d5ff:fee9:76c6/64 scope link
       valid_lft forever preferred_lft forever
10: Lo1401: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue master VRF1401 state UNKNOWN group default qlen 1000
    link/ether a6:45:5b:d6:bf:43 brd ff:ff:ff:ff:ff:ff
    inet 10.14.100.100/32 scope global Lo1401
       valid_lft forever preferred_lft forever
    inet6 fe80::a445:5bff:fed6:bf43/64 scope link
       valid_lft forever preferred_lft forever

mikle@LabHost:~$ ip addr show vrf VRF1402
8: enp3s0f0.1402@enp3s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master VRF1402 state UP group default qlen 1000
    link/ether c0:3f:d5:e9:76:c6 brd ff:ff:ff:ff:ff:ff
    inet 10.14.0.1/24 scope global enp3s0f0.1402
       valid_lft forever preferred_lft forever
    inet6 fe80::c23f:d5ff:fee9:76c6/64 scope link
       valid_lft forever preferred_lft forever
11: Lo1402: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue master VRF1402 state UNKNOWN group default qlen 1000
    link/ether 1a:7b:13:3a:5b:19 brd ff:ff:ff:ff:ff:ff
    inet 10.14.100.100/32 scope global Lo1402
       valid_lft forever preferred_lft forever
    inet6 fe80::187b:13ff:fe3a:5b19/64 scope link
       valid_lft forever preferred_lft forever

mikle@LabHost:~$ ip route show vrf VRF1401
10.14.0.0/24 dev enp3s0f0.1401 proto kernel scope link src 10.14.0.1

mikle@LabHost:~$ ip route show vrf VRF1402
default via 10.14.0.11 dev enp3s0f0.1402 proto 186 metric 20
10.14.0.0/24 dev enp3s0f0.1402 proto kernel scope link src 10.14.0.1

Ubuntu is LTS 16.04 with updated kernel and ip utility mikle@LabHost:~$ ip -V ip utility, iproute2-ss161212 mikle@LabHost:~$ dpkg -s iproute2 Package: iproute2 Version: 4.9.0-1ubuntu1 mikle@LabHost:~$ uname -r 4.9.51-040951-lowlatency Vrfs are working, you can see bgp route from the external peer in vrf VRF1402.

Now I would like to set up two distinct unmanaged l2tpv3 tunnels sourcing each one from the specific interface. "ip" utility I use provides binding to local ip address only, but ip addresses are not unique in my setup. "ip l2tp add tunnel" command does not provide an option to bind a tunnel to a device, so I do not see how the specific tunnel could be configured to use local ip address of the second vrf, not the first vrf, for example.

My question #1: how can the ip lt2pv3 tunnel be made "vrf aware" by binding its socket to the vrf device, to use the routing table associated with that vrf device?

2. I've aslo tried to just create a tunnel, going to enslave the local tunnel session interface to the specific vrf after that, but the "ip l2tp add tunnel" fails:

mikle@LabHost:~$ sudo ip l2tp add tunnel tunnel_id 14011 peer_tunnel_id 1401 encap ip local 10.14.100.100 remote 10.14.0.11 RTNETLINK answers: Cannot assign requested address mikle@LabHost:~$ sudo ip l2tp add tunnel tunnel_id 14011 peer_tunnel_id 1401 encap ip local 10.14.0.1 remote 10.14.0.11 RTNETLINK answers: Cannot assign requested address

It seems ip l2tp add tunnel tries to find the local IP address in global routing table and fails? (I've checked with the local ip interface in grt, it works)

Does ip utility need to be patched to support binding a tunnel source to a specific vrf-ip-interface? Or is it just my configuration problem?

off-on
  • 21
  • 4

0 Answers0