Re: VRF leaking doesn't work

2021-03-15 Thread Greesha Mikhalkin
> VRF is implemented via policy routing. did you re-order the FIB rules? Reordered. Output of `ip rule`: 1000: from all lookup [l3mdev-table] 32765: from all lookup local 32766: from all lookup main 32767: from all lookup default Unfortunately, that didn't help.

Re: VRF leaking doesn't work

2021-03-15 Thread David Ahern
On 3/15/21 11:10 AM, Greesha Mikhalkin wrote: >> That's the way the source address selection works -- it takes the fib >> lookup result and finds the best source address match for it. >> >> Try adding 'src a.b.c.d' to the leaked route. e.g., >> ip ro add 172.16.1.0/24 dev red vrf blue src 172.1

Re: VRF leaking doesn't work

2021-03-15 Thread Greesha Mikhalkin
> That's the way the source address selection works -- it takes the fib > lookup result and finds the best source address match for it. > > Try adding 'src a.b.c.d' to the leaked route. e.g., > ip ro add 172.16.1.0/24 dev red vrf blue src 172.16.2.1 > > where red and blue are VRFs, 172.16.2.1 i

Re: VRF leaking doesn't work

2021-03-12 Thread David Ahern
On 3/10/21 1:34 AM, Greesha Mikhalkin wrote: > I see. When i do `ping -I vrf2` to address that was leaked from vrf1 > it selects source address that's set as local in vrf1 routing table. > Is this expected behavior? I guess, forwarding packets from vrf1 to > vrf2 local address won't help here. >

Re: VRF leaking doesn't work

2021-03-10 Thread Greesha Mikhalkin
I see. When i do `ping -I vrf2` to address that was leaked from vrf1 it selects source address that's set as local in vrf1 routing table. Is this expected behavior? I guess, forwarding packets from vrf1 to vrf2 local address won't help here. 6 mar. 2021 - 17:12, David Ahern : > > On 3/2/21 3:57 A

Re: VRF leaking doesn't work

2021-03-06 Thread David Ahern
On 3/2/21 3:57 AM, Greesha Mikhalkin wrote: > Main goal is that 100.255.254.3 should be reachable from vrf2. But > after this setup it doesn’t work. When i run `ping -I vrf2 > 100.255.254.3` it sends packets from source address that belongs to > vlan1 enslaved by vrf1. I can see in tcpdump that ICM

Re: VRF leaking doesn't work

2021-03-05 Thread Greesha Mikhalkin
Hi David! Thanks for your answer. Currently kernel version that i use is 5.4.0-54-generic. I tried to upgrade to 5.11.3-051103-generic but that didn't help. пт, 5 мар. 2021 г. в 16:37, David Ahern : > > What kernel version? If you have not tried 5.10 or 5.11, please do.

Re: VRF leaking doesn't work

2021-03-05 Thread David Ahern
On 3/2/21 3:57 AM, Greesha Mikhalkin wrote: > Hi. I need a help to understand why VRF leaking doesn’t work in my situation. > I want to set up leaking between 2 VRFs, that are set up by following > commands: > > # Setup bridge > sudo ip link add bridge type bridge > > # Setup V