On 3/2/21 3:57 AM, Greesha Mikhalkin wrote: > Hi. I need a help to understand why VRF leaking doesn’t work in my situation. > I want to set up leaking between 2 VRFs, that are set up by following > commands: > > # Setup bridge > sudo ip link add bridge type bridge > > # Setup VLANs > ip link add link bridge name vlan1 type vlan id 1 > ip link add link bridge name vlan2 type vlan id 2 > ip addr add 10.0.0.31/32 dev vlan1 > ip addr add 10.0.0.32/32 dev vlan2 > ip link set vlan1 up > ip link set vlan2 up > > # Setup VXLANs > ip link add vni1 type vxlan id 1 local 10.1.0.1 dev lan1 srcport > 0 0 dstport 4789 nolearning > ip link add vni2 type vxlan id 2 local 10.1.0.1 dev lan1 srcport > 0 0 dstport 4789 nolearning > ip link set vni1 master bridge > ip link set vni2 master bridge > bridge vlan add dev vni1 vid 1 pvid untagged > bridge vlan add dev vni2 vid 2 pvid untagged > ip link set vni1 up > ip link set vni2 up > > # Setup VRFs > ip link add vrf1 type vrf table 1000 > ip link set dev vrf1 up > ip link add vrf2 type vrf table 1001 > ip link set dev vrf2 up > > Setting routes: > > # Unreachable default routes > ip route add table 1000 unreachable default metric 4278198272 > ip route add table 1001 unreachable default metric 4278198272 > > # Nexthop > ip route add table 1000 100.255.254.3 proto bgp metric 20 > nexthop via 10.0.0.11 dev vlan1 weight 1 onlink > > I'm trying to setup VRF leaking in following way: > > ip r a vrf vrf2 100.255.254.3/32 dev vrf1 > ip r a vrf vrf2 10.0.0.31/32 dev vrf1 > ip r a vrf vrf1 10.0.0.32/32 dev vrf2 > > Main goal is that 100.255.254.3 should be reachable from vrf2. But > after this setup it doesn’t work. When i run `ping -I vrf2 > 100.255.254.3` it sends packets from source address that belongs to > vlan1 enslaved by vrf1. I can see in tcpdump that ICMP packets are > sent and then returned to source address but they're not returned to > ping command for some reason. To be clear `ping -I vrf1 …` works fine. >
What kernel version? If you have not tried 5.10 or 5.11, please do.
