You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
VRFs are quite recent in the Linux kernel that's probably why the current "routed mode" only uses distinct routing tables between VMs "realms" (eg. private vs. public).
VRFs offers better and easier separation than routing tables, without having the downsides of using namespaces and without requiring specific ip rules.
They're created and managed in a very similar way than Linux bridges: sudo ip link add private type vrf table 100, ip link set dev tap0 master private
I'm not familar with Ganeti's codebase but maybe the VRF implementation could re-use the current bridge support as well as the routed more code (add the static route in the VRF's routing table).
Hi,
VRFs are quite recent in the Linux kernel that's probably why the current "routed mode" only uses distinct routing tables between VMs "realms" (eg. private vs. public).
VRFs offers better and easier separation than routing tables, without having the downsides of using namespaces and without requiring specific
ip rules.They're created and managed in a very similar way than Linux bridges:
sudo ip link add private type vrf table 100,ip link set dev tap0 master privateI'm not familar with Ganeti's codebase but maybe the VRF implementation could re-use the current bridge support as well as the routed more code (add the static route in the VRF's routing table).
Thanks!
See more information: http://www.dasblinkenlichten.com/working-with-linux-vrfs/
The text was updated successfully, but these errors were encountered: