[143969] in North American Network Operators' Group
Re: VRF/MPLS on Linux
daemon@ATHENA.MIT.EDU (Jussi Peltola)
Wed Aug 24 13:38:23 2011
Date: Wed, 24 Aug 2011 20:37:45 +0300
From: Jussi Peltola <pelzi@pelzi.net>
To: nanog@nanog.org
In-Reply-To: <4E54FA25.4090806@viagenie.ca>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Wed, Aug 24, 2011 at 09:18:29AM -0400, Simon Perreault wrote:
> On 2011-08-24 06:06, Brian Raaen wrote:
> > The only issue with this is that the Linux box is not acting as a
> > router, but as the egress devices. I'm trying to figure out how to
> > properly get my application to 'color' the traffic. standard BSD
> > sockets appear to have no concept of 'Labels'.
>
> Just FYI: on OpenBSD you can set the VRF (aka "routing table" or
> "routing domain") per socket with code like this:
>
> int s, table;
> s = socket(...);
> table = 123;
> setsockopt(s, IPPROTO_IP, SO_RTABLE, &table, sizeof(table));
>
Or exec your commands wrapped in route -T$TABLE exec $*
Caveat: ipv6 vrf's did not work the last time I tried, and I think they
still don't.
OpenBSD should also do MPLS VPNs with the VRF's, but it's also pretty
much experimental. It worked fine in a quick lab test at my last try, I
should dig my lab notes and document it...
Some things, like /etc/resolv.conf, still need some attention with VRFs.
