[143933] in North American Network Operators' Group
Re: VRF/MPLS on Linux
daemon@ATHENA.MIT.EDU (Mike Jones)
Tue Aug 23 12:19:19 2011
In-Reply-To: <20110823134543.GA31360@Oslo>
From: Mike Jones <mike@mikejones.in>
Date: Tue, 23 Aug 2011 17:18:26 +0100
To: nanog@rhemasound.org, nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 23 August 2011 14:45, <nanog@rhemasound.org> wrote:
> While I have found some information on a project called linux-mpls I am h=
aving a hard time finding any solid VRF framework for Linux. =A0I have a mo=
nitoring system that needs check devices that sit in overlapping private ip=
space, and I was wondering if there is anyway I could use some kind or VRF=
type solution that would allow me to label the "site" the traffic is inten=
ded for. =A0The upstream router supports VRF/MPLS, but I need to know how I=
can get the server to label the traffic. =A0I would appreciate any input.
I would probably go for the suggestion of (ab)using QoS tags for the
routing table selection, but just to throw this alternate idea out
there:
1.0.0.0/8 1:1 NATed to 10.0.0.0/8 marked to use routing table 1, which
routes to network 1
2.0.0.0/8 1:1 NATed to 10.0.0.0/8 marked to use routing table 2, which
routes to network 2
etc
That way your application layer won't need any additional logic and
can just deal with them as separate non-overlapping IP spaces, this
won't work if you have too many overlapping networks (but then linux
only supports 252 additional routing tables anyway afaik) or if you
need external connectivity that can't be proxied.
In a similar manner if your tools support IPv6 you could have a /96
that is NAT64'ed on to each different network, i'm not sure about this
for a production setup although it would have the added benefit that
you can expose these routes to your management network to provide
easier access from your other machines if you wanted to.
- Mike
