Solved

Ubuntu an d VRF in Azure


Hello,

This is a question on the functionality in Ubuntu, but seeing as you wrote the code I thought I'd ask you here.

I followed the guide https://www.kernel.org/doc/Documentation/networking/vrf.txt and have all the outputs to show the master device is up and the slaves are attached, I used the following shell commands:

code:
sudo ip link add prod-vrf type vrf table 20
sudo ip link set dev prod-vrf up
ip route add table 20 unreachable default metric 4278198272
sudo ip link set dev eth1 master prod-vrf
sudo ip link set dev eth2 master prod-vrf
sudo ip route add table 20 10.26.0.0/18 via 10.40.0.1
sudo ip route add table 20 10.24.0.0/18 via 10.40.0.1
sudo ip route add table 20 10.26.194.0/23 via 10.40.1.1


I want the device to function as a router, which is does just fine when the eth1 and eth2 interfaces are in global VRF (iptables, routes, ip_forward all work as expected), but as soon as I put them into prod-vrf then the device no longer passes traffic. A tcpdump shows traffic coming in to eth1 but not leaving eth2.

The only concerning debug output I can see is:

code:
ip neigh show vrf prod-vrf


which returns no output at all

This device is in Azure and I had to run linux-modules-extra-4.18.0-1018-azure to get the vrf modprobe - not sure if that makes a difference

Thanks for any help you can give me
icon

Best answer by owensteam 7 June 2019, 10:45

This was the same issue in another configuration I had

https://serverfault.com/questions/970363/linux-vrf-aware-ssh/970514#970514

turns out I needed to accept the mgmt-vrf in iptables:

code:
sudo iptables -A INPUT -i mgmt-vrf -j ACCEPT


thanks
View original

2 replies

This was the same issue in another configuration I had

https://serverfault.com/questions/970363/linux-vrf-aware-ssh/970514#970514

turns out I needed to accept the mgmt-vrf in iptables:

code:
sudo iptables -A INPUT -i mgmt-vrf -j ACCEPT


thanks
Userlevel 4
Thanks for letting us know you figured it out @owensteam !

Reply