Skip to content

Instantly share code, notes, and snippets.

@FrankSpierings

FrankSpierings/Alpine-VRF-test-lab.md

Last active May 9, 2019 10:42
Show Gist options
  • Save FrankSpierings/072ded905a7276e0931c72c328de57a2 to your computer and use it in GitHub Desktop.
Save FrankSpierings/072ded905a7276e0931c72c328de57a2 to your computer and use it in GitHub Desktop.
Download ZIP
Alpine example of setting up a VRF. The same IPv4 address space is used inside the VRF's.
Raw
Alpine-VRF-test-lab.md

VM Setup

  • Virtualbox
  • 3x Alpine 3.9 Virtual Machine

Network

VirtualBox

  • Tools - Network
  • vboxnet0
    • 10.0.0.254/24
    • DHCP Enabled

Alpine 1

  • eth0: NAT
    • Used for internet
  • eth1: Host-Only Adapter: vboxnet0
    • Used to SSH into the machine from the host
  • eth2: Internal Network: VRF-2
    • Used to connect to Alpine 2
  • eth3: Internal Network: VRF-3
    • Used to connect to Alpine 3

Alpine 2

  • eth0: NAT
    • Used for internet
  • eth1: Host-Only Adapter: vboxnet0
    • Used to SSH into the machine from the host
  • eth2: Internal Network: VRF-2
    • Used to connect to Alpine 1

Alpine 3

  • eth0: NAT
    • Used for internet
  • eth1: Host-Only Adapter: vboxnet0
    • Used to SSH into the machine from the host
  • eth2: Internal Network: VRF-3
    • Used to connect to Alpine 1

All Alpines config

  • All Alpine virtual machines have this config:

/etc/network/interfaces:

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet dhcp

auto eth1
iface eth1 inet dhcp

install packages

# fixes a issue with dhcp not grabbing the DNS configuration.
echo nameserver 8.8.8.8 > /etc/resolv.conf
apk update && apk upgrade && apk add dhclient

# we want to see traffic
apk add tcpdump
  • Edit the hostname for the machine
vi /etc/hostname

VRF Test

Alpine 1

  • We create 2 loopback adapters, to simulate source traffic from 'VPN' clients
for NR in $(seq 1 2);
do
	DEV=loopback${NR}
	ip link add ${DEV} type dummy
	ip addr add dev ${DEV} 10.8.0.${NR}/24
	ip link set dev ${DEV} up
done
  • Next we setup the 2 VRF's, they will get table id 102 & 103
  • Both VRF interfaces will receive the same IP: 192.168.0.1/24
for NR in $(seq 2 3);
do
	VRF_NAME=VRF-${NR}
	VRF_ID=$((100 + $NR))
	SLAVE_DEV=eth${NR}
	# Define the VRF-<NR> and its table id
	ip link add dev ${VRF_NAME} type vrf table ${VRF_ID}
	# Add eth<NR> to VRF-<NR>
	ip link set dev ${SLAVE_DEV} master ${VRF_NAME}
	# Set the VRF-<NR> in its UP state
	ip link set dev ${VRF_NAME} up
	# Set the same IP address to the slave interface
	ip addr add dev ${SLAVE_DEV} 192.168.0.1/24
	# Set the slave interface in its UP state
	ip link set dev ${SLAVE_DEV} up
done
  • Now we can setup source routing rules.
    • Client 10.8.0.1/32 is only allowed to go into VRF-2
    • Client 10.8.0.2/32 is only allowed to go into VRF-3
VRF_ID=102
SOURCE_ADDR=10.8.0.1/32
ip rule add from ${SOURCE_ADDR} table ${VRF_ID}

VRF_ID=103
SOURCE_ADDR=10.8.0.2/32
ip rule add from ${SOURCE_ADDR} table ${VRF_ID}

Alpine 2 & Alpine 3

  • Alpine 2 & 3 need to know the way back to 10.8.0.0/24. We will add the same route to both machines.
ip route add 10.8.0.0/24 dev eth2

Testing

  • We should now be able to ping 192.168.0.2 from Alpine 1. By specifying a different source IP we can direct the traffic to either Alpine 2 or Alpine 3.
ping -c1 -I 10.8.0.1 192.168.0.2
ping -c1 -I 10.8.0.2 192.168.0.2
@AndDone-git
Copy link

Nice work!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment