Last active
April 28, 2019 23:40
-
-
Save ilyaevseev/9dcc2b11a0e4a7d30439ccd5744653bd to your computer and use it in GitHub Desktop.
VRF in Linux using namespaces
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # 2017-feb-13 | |
| NSNAME="vrf1" | |
| LINK1="${NSNAME}_10" # ..my link to VRF | |
| LINK2="${NSNAME}_11" # ..VRF link to me | |
| IP1="10.20.30.10" | |
| IP2="10.20.30.11" | |
| MASK="24" | |
| GATE="10.20.30.1" | |
| EXT_IFACE="eth0" | |
| RTABLE="123" | |
| VrfExec() { ip netns exec "$NSNAME" ip "$@"; } | |
| VrfCreate() { | |
| ip netns add "$NSNAME" | |
| ip link add name "$LINK1" type veth peer name "$LINK2" | |
| ip link set dev "$LINK2" netns "$NSNAME" | |
| ip link set dev "$LINK1" up | |
| VrfExec link set dev "$LINK2" up | |
| VrfExec link set dev lo up | |
| ip addr add "$IP1/32" dev "$LINK1" | |
| ip route add "$IP2/32" dev "$LINK1" | |
| VrfExec addr add "$IP2/$MASK" dev "$LINK2" | |
| VrfExec route add default via "$GATE" | |
| ip rule add iif "$LINK1" table "$RTABLE" | |
| ip route add default via "$GATE" table "$RTABLE" | |
| sysctl "net.ipv4.conf.$EXT_IFACE.proxy_arp"=1 | |
| sysctl "net.ipv4.conf.$LINK1.proxy_arp"=1 | |
| } | |
| VrfDelete() { | |
| ip netns delete "$NSNAME" | |
| ip route delete default via "$GATE" table "$RTABLE" | |
| ip rule delete iif "$LINK1" table "$RTABLE" | |
| ip link delete "$LINK1" | |
| sysctl "net.ipv4.conf.$EXT_IFACE.proxy_arp"=0 | |
| } | |
| case "$1" in | |
| create|add ) VrfCreate ;; | |
| delete|del ) VrfDelete ;; | |
| exec|run|r ) shift; ip netns exec "$NSNAME" "$@" ;; | |
| test ) ip netns exec "$NSNAME" ping 8.8.8.8 ;; | |
| * ) echo "Usage: ${0##*/} cmd ..cmd = create, delete, run" ;; | |
| esac | |
| ## END ## |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh -e | |
| EXT_IFACE="$(ip route get 1.2.3.4 | awk '$4 == "dev" {print $5}')" | |
| EXT_IPADDR="$(ip route get 1.2.3.4 | awk '$6 == "src" {print $7}')" | |
| VRF_NET="10.250" | |
| test -n "$1" && VRFNUM="$1" || VRFNUM="1" | |
| VRF="vrf$VRFNUM" | |
| VrfExec() { ip netns exec "${VRF}" ip "$@"; } | |
| ip netns add "${VRF}" | |
| ip link add name "${VRF}a" type veth peer name "${VRF}b" | |
| ip link set dev "${VRF}b" netns "${VRF}" | |
| ip link set dev "${VRF}a" up | |
| VrfExec link set dev "${VRF}b" up | |
| VrfExec link set dev lo up | |
| ip addr add "$VRF_NET.$VRFNUM.1/30" dev "${VRF}a" | |
| VrfExec addr add "$VRF_NET.$VRFNUM.2/30" dev "${VRF}b" | |
| VrfExec route add default via "$VRF_NET.${VRFNUM}.1" | |
| iptables-save | grep -q -- "-A POSTROUTING -s $VRF_NET.${VRFNUM}.2 -o $EXT_IFACE -j SNAT --to-source $EXT_IPADDR" || | |
| iptables -t nat -A POSTROUTING -s "$VRF_NET.${VRFNUM}.2" -o "$EXT_IFACE" -j SNAT --to-source "$EXT_IPADDR" | |
| sysctl net.ipv4.ip_forward=1 | |
| ## END ## |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment