Ip route vrf oob_mgnt 0.0.0.0 0.0.0.0 là gì

The default route specifies a route to all networks for which there are no explicit routes in the forwarding information base or the routing table. This route has a prefix length of zero [RFC 1812]. You can configure the switch with a static default route, or they can learn it through a dynamic routing protocol.

To create a default static route, you configure the destination address and subnet mask to 0.0.0.0.

Note

When you configure a static route with a next-hop-vrf context, you can specify a next-hop IP address that is a locally owned VRRP IP address of the system itself. However, this is not a supported configuration. The best practice is to implement an alternative method of inter-vrf route sharing, such as route redistribution or ISIS accept polices.

Note

As a best practice, do not configure static routes on a DvR Leaf node unless the configuration is for reachability to a management network using a Brouter port.

You cannot configure the preference of static routes on a Leaf node.

Procedure

1. Enter either Global Configuration mode or VRF Router Configuration mode for a specific VRF context: enable configure terminal Optional: router vrf WORD
2. Create a default static route: ip route 0.0.0.0 0.0.0.0 weight Enable a default static route: ip route 0.0.0.0 0.0.0.0 enable [next-hop-vrf WORD]

Virtual routing and forwarding [VRF] enables you to use multiple independent routing tables that work simultaneously on the same switch. Other implementations call this feature VRF-Lite.

You typically use VRFs in the data center to carry multiple isolated traffic streams for multi-tenant environments. The traffic streams can cross over only at configured boundary points, such as a firewall or . You can also use VRFs to burst traffic from private clouds to enterprise networks where the burst point is at layer 3.

VRF is fully supported in the Linux kernel and has the following characteristics:

• The VRF is a layer 3 master network device with its own associated routing table.
• You can associate any layer 3 interface with a VRF, such as an SVI, swp port or bond, or a VLAN subinterface of a swp port or bond.
• The layer 3 interfaces associated with the VRF belong to that VRF; IP rules direct lookups to the routing table for the VRF device.
• The VRF device can have its own IP address, known as a VRF-local loopback.
• By default, applications on the switch run against the default VRF. Services started by cumulus@switch:$ sudo ifdown BLUE cumulus@switch:$ sudo ifup --with-depends BLUE 6 run in the default VRF unless you use the VRF instance.
• Connected and local routes go in appropriate VRF tables.
• Neighbor entries continue to be per-interface. You can view all entries for a VRF device.
• A VRF does not map to its own network namespace; however, you can nest VRFs in a network namespace.
• You can use existing Linux tools, such as cumulus@switch:$ sudo ifdown BLUE cumulus@switch:$ sudo ifup --with-depends BLUE 7, to interact with a VRF.

Configure a VRF

Cumulus Linux calls each routing table a VRF table, which has its own table ID.

To configure VRF, you associate a subset of interfaces to a VRF routing table and configure an instance of the routing protocol [BGP or OSPFv2] for each routing table. Configuring a VRF is similar to configuring other network interfaces. Keep in mind the following:

• A VRF table can have an IP address, which is a loopback interface for the VRF.
• Cumulus Linux adds the associated rules automatically.
• You can add a default route to avoid skipping across tables when the kernel forwards a packet.
• VRF table names can be a maximum of 15 characters. However, you cannot use the name mgmt; Cumulus Linux uses this name for the .
• Cumulus Linux supports up to 255 VRFs on a switch.

The following example commands configure VRF BLUE and assigns a table ID automatically.

NVUE Commands

cumulus@switch:~$ nv set vrf BLUE table auto
cumulus@switch:~$ nv set interface swp1 ip vrf BLUE
cumulus@switch:~$ nv config apply

Linux Commands

Edit the

cumulus@switch:~$ sudo ifdown BLUE
cumulus@switch:~$ sudo ifup --with-depends BLUE

8 file to add the VRF and assign a table ID automatically:

...
auto swp1
iface swp1
  vrf BLUE
auto BLUE
iface BLUE
  vrf-table auto
...

To load the new configuration, run

cumulus@switch:~$ sudo ifdown BLUE
cumulus@switch:~$ sudo ifup --with-depends BLUE

9:

cumulus@switch:~$ sudo ifreload -a

Specify a Table ID

Instead of assigning a table ID for the VRF automatically, you can specify your own table ID in the configuration. Cumulus Linux saves the table ID to name mapping in the

cumulus@switch:~$ vrf list
VRF              Table

BLUE            1016

0 directory. Instead of using the

cumulus@switch:~$ vrf list
VRF              Table

BLUE            1016

1 option as shown above, specify the table ID. For example:

NVUE Commands

cumulus@switch:~$ nv set vrf BLUE table 1016
cumulus@switch:~$ nv config apply

Linux Commands

Edit the

cumulus@switch:~$ sudo ifdown BLUE
cumulus@switch:~$ sudo ifup --with-depends BLUE

8 file:

...
auto swp1
iface swp1
  vrf BLUE
auto BLUE
iface BLUE
  vrf-table 1016
...

To load the new configuration, run

cumulus@switch:~$ sudo ifdown BLUE
cumulus@switch:~$ sudo ifup --with-depends BLUE

9:

cumulus@switch:~$ sudo ifreload -a

The table ID range must be between 1001 to 1255. Cumulus Linux reserves this range for VRF table IDs.

Bring a VRF Up After You Run ifdown

If you take down a VRF using

cumulus@switch:~$ vrf list
VRF              Table

BLUE            1016

4, run one of the following commands to bring the VRF back up:

• cumulus@switch:~$ vrf list VRF Table

  ---- -

  BLUE 1016

  5
• cumulus@switch:$ sudo ifdown BLUE cumulus@switch:$ sudo ifup --with-depends BLUE 9

For example:

cumulus@switch:~$ sudo ifdown BLUE
cumulus@switch:~$ sudo ifup --with-depends BLUE

Use the vrf Command

Run the

cumulus@switch:~$ vrf list
VRF              Table

BLUE            1016

7 command to show information about VRF tables not available in other Linux commands, such as

cumulus@switch:~$ vrf list
VRF              Table

BLUE            1016

8.

To show a list of VRF tables, run the

cumulus@switch:~$ vrf list
VRF              Table

BLUE            1016

9 command:

cumulus@switch:~$ vrf list
VRF              Table

BLUE            1016

To show a list of processes and PIDs for a specific VRF table, run the

cumulus@switch:~$ ip vrf pids BLUE
VRF: BLUE

dhclient           2508
sshd               2659
bash               2681
su                 2702
bash               2720
vrf                2829

0 command. For example:

cumulus@switch:~$ ip vrf pids BLUE
VRF: BLUE

dhclient           2508
sshd               2659
bash               2681
su                 2702
bash               2720
vrf                2829

To determine which VRF table associates with a particular PID, run the

cumulus@switch:~$ ip vrf pids BLUE
VRF: BLUE

dhclient           2508
sshd               2659
bash               2681
su                 2702
bash               2720
vrf                2829

1 command. For example:

cumulus@switch:~$ ip vrf identify 2829
BLUE

IPv4 and IPv6 Commands in a VRF Context

You can execute non-VRF-specific Linux commands and perform other tasks against a given VRF table. This typically applies to single-use commands started from a login shell, as they affect only AF_INET and AF_INET6 sockets opened by the command that executes; it has no impact on netlink sockets, associated with the

cumulus@switch:~$ ip vrf pids BLUE
VRF: BLUE

dhclient           2508
sshd               2659
bash               2681
su                 2702
bash               2720
vrf                2829

2 command.

To execute such a command against a VRF table, run

cumulus@switch:~$ ip vrf pids BLUE
VRF: BLUE

dhclient           2508
sshd               2659
bash               2681
su                 2702
bash               2720
vrf                2829

3. For example, to SSH from the switch to a device accessible through VRF BLUE:

...
auto swp1
iface swp1
  vrf BLUE
auto BLUE
iface BLUE
  vrf-table auto
...

0

Services in VRFs

For services that need to run against a specific VRF, Cumulus Linux uses

cumulus@switch:~$ sudo ifdown BLUE
cumulus@switch:~$ sudo ifup --with-depends BLUE

6 instances, where the instance is the VRF. You start a service within a VRF with the

cumulus@switch:~$ ip vrf pids BLUE
VRF: BLUE

dhclient           2508
sshd               2659
bash               2681
su                 2702
bash               2720
vrf                2829

5 command. For example, to run the

cumulus@switch:~$ ip vrf pids BLUE
VRF: BLUE

dhclient           2508
sshd               2659
bash               2681
su                 2702
bash               2720
vrf                2829

6 service in the BLUE VRF:

...
auto swp1
iface swp1
  vrf BLUE
auto BLUE
iface BLUE
  vrf-table auto
...

1

In most cases, you need to stop the instance running in the default VRF before a VRF instance can start. This is because the instance running in the default VRF owns the port across all VRFs [it is VRF global]. Cumulus Linux stops

cumulus@switch:~$ sudo ifdown BLUE
cumulus@switch:~$ sudo ifup --with-depends BLUE

6-based services when you restart networking or run an

cumulus@switch:~$ vrf list
VRF              Table

BLUE            1016

4/

cumulus@switch:~$ ip vrf pids BLUE
VRF: BLUE

dhclient           2508
sshd               2659
bash               2681
su                 2702
bash               2720
vrf                2829

9 sequence. Refer to for details.

The following services work with VRF instances:

• cumulus@switch:~$ ip vrf identify 2829 BLUE

  0

• cumulus@switch:~$ ip vrf identify 2829 BLUE

  1

• cumulus@switch:~$ ip vrf pids BLUE VRF: BLUE

  ---

  dhclient 2508 sshd 2659 bash 2681 su 2702 bash 2720 vrf 2829

  6

• cumulus@switch:~$ ip vrf identify 2829 BLUE

  3

• cumulus@switch:~$ ip vrf identify 2829 BLUE

  4

• cumulus@switch:~$ ip vrf identify 2829 BLUE

  5

• cumulus@switch:~$ ip vrf identify 2829 BLUE

  6 [can only run in the default or management VRF]

• cumulus@switch:~$ ip vrf identify 2829 BLUE

  7

• cumulus@switch:~$ ip vrf identify 2829 BLUE

  8

• cumulus@switch:~$ ip vrf identify 2829 BLUE

  9

• ... auto swp1 iface swp1

   vrf BLUE  
  

  auto BLUE iface BLUE

   vrf-table auto  
  

  ...
  00

If

cumulus@switch:~$ sudo ifdown BLUE
cumulus@switch:~$ sudo ifup --with-depends BLUE

6 instances do not work; use a service-specific configuration option instead. For example, to configure

...
auto swp1
iface swp1
  vrf BLUE
auto BLUE
iface BLUE
  vrf-table auto
...

02 to send messages to remote systems over a VRF:

...
auto swp1
iface swp1
  vrf BLUE
auto BLUE
iface BLUE
  vrf-table auto
...

2

VRF Route Leaking

You typically use VRFs when you want multiple independent routing and forwarding tables; however, you might want to reach destinations in one VRF from another VRF, as in the following cases:

• To make a service, such as a firewall available to multiple VRFs.
• To enable routing to external networks or the Internet for multiple VRFs, where the external network itself is reachable through a specific VRF.

Cumulus Linux supports dynamic VRF route leaking [not static route leaking].

• You can assign an interface to only one VRF; Cumulus Linux routes any packets arriving on that interface using the associated VRF routing table.
• You cannot route leak overlapping addresses.
• You can use VRF route leaking with EVPN in a symmetric routing configuration only.
• You cannot use VRF route leaking between the tenant VRF and the default VRF with onlink next hops [BGP unnumbered].

Configure Route Leaking

With route leaking, a destination VRF wants to know the routes of a source VRF. As routes come and go in the source VRF, they dynamically leak to the destination VRF through BGP. If BGP learns the routes in the source VRF, you do not need to perform any additional configuration. If OSPF learns the routes in the source VRF, if you configure the routes statically, or you need to reach directly connected networks, you need to redistribute the routes first into BGP [in the source VRF].

You can also use route leaking to reach remote destinations as well as directly connected destinations in another VRF. Multiple VRFs can import routes from a single source VRF and a VRF can import routes from multiple source VRFs. You can use this method when a single VRF provides connectivity to external networks or a shared service for other VRFs. You can control the routes leaked dynamically across VRFs with a route map.

Because route leaking happens through BGP, the underlying mechanism relies on the BGP constructs of the Route Distinguisher [RD] and Route Targets [RTs]. However, you do not need to configure these parameters; Cumulus Linux derives them automatically when you enable route leaking between a pair of VRFs.

When you use route leaking:

• You cannot reach the loopback address of a VRF [the address assigned to the VRF device] from another VRF.
• You must use the

  ... auto swp1 iface swp1

   vrf BLUE  
  

  auto BLUE iface BLUE

   vrf-table auto  
  

  ...

  03 command in BGP to leak non-BGP routes [connected or static routes]; you cannot use the

  ... auto swp1 iface swp1

   vrf BLUE  
  

  auto BLUE iface BLUE

   vrf-table auto  
  

  ...
  04 command.
• Cumulus Linux does not leak routes in the management VRF with the next hop as eth0 or the management interface.
• You can leak routes in a VRF that iBGP or multi-hop eBGP learns even if their next hops become unreachable. NVIDIA recommends route leaking for routes that BGP learns through single-hop eBGP.
• You cannot configure VRF instances of BGP in multiple autonomous systems [AS] or an AS that is not the same as the global AS.
• Do not use the default VRF as a shared service VRF. Create another VRF for shared services.
• Cumulus Linux does not copy extended communities to the destination VRF.
• An EVPN symmetric routing configuration has certain limitations when leaking routes between the default VRF and non-default VRFs. The default VRF has routes to VTEP addresses that you cannot leak to any tenant VRFs. If you need to leak routes between the default VRF and a non-default VRF, you must filter out routes to the VTEP addresses to prevent leaking these routes. Use caution with such a configuration. Run common services in a separate VRF [service VRF] instead of the default VRF to simplify configuration and avoid using route maps for filtering.

In the following example commands, routes in the BGP routing table of VRF

...
auto swp1
iface swp1
  vrf BLUE
auto BLUE
iface BLUE
  vrf-table auto
...

05 dynamically leak into VRF

...
auto swp1
iface swp1
  vrf BLUE
auto BLUE
iface BLUE
  vrf-table auto
...

06.

NVUE Commands

...
auto swp1
iface swp1
  vrf BLUE
auto BLUE
iface BLUE
  vrf-table auto
...

3

vtysh Commands

...
auto swp1
iface swp1
  vrf BLUE
auto BLUE
iface BLUE
  vrf-table auto
...

4

The vtysh commands save the configuration in the

...
auto swp1
iface swp1
  vrf BLUE
auto BLUE
iface BLUE
  vrf-table auto
...

07 file. For example:

...
auto swp1
iface swp1
  vrf BLUE
auto BLUE
iface BLUE
  vrf-table auto
...

5

Exclude Certain Prefixes

To exclude certain prefixes from the import process, configure the prefixes in a route map.

The following example configures a route map to match the source protocol BGP and imports the routes from VRF BLUE to VRF RED. For the imported routes, the community is 11:11 in VRF RED.

NVUE Commands

...
auto swp1
iface swp1
  vrf BLUE
auto BLUE
iface BLUE
  vrf-table auto
...

6

vtysh Commands

...
auto swp1
iface swp1
  vrf BLUE
auto BLUE
iface BLUE
  vrf-table auto
...

7

Verify Route Leaking Configuration

To check the status of VRF route leaking, run the NVUE

...
auto swp1
iface swp1
  vrf BLUE
auto BLUE
iface BLUE
  vrf-table auto
...

08 command or the vtysh

...
auto swp1
iface swp1
  vrf BLUE
auto BLUE
iface BLUE
  vrf-table auto
...

09 command. For example:

...
auto swp1
iface swp1
  vrf BLUE
auto BLUE
iface BLUE
  vrf-table auto
...

8

To show more detailed status information, you can run the following NVUE commands:

• ... auto swp1 iface swp1

   vrf BLUE  
  

  auto BLUE iface BLUE

   vrf-table auto  
  

  ...
  10

• ... auto swp1 iface swp1

   vrf BLUE  
  

  auto BLUE iface BLUE

   vrf-table auto  
  

  ...
  11

• ... auto swp1 iface swp1

   vrf BLUE  
  

  auto BLUE iface BLUE

   vrf-table auto  
  

  ...
  12

To view the BGP routing table, run the NVUE

...
auto swp1
iface swp1
  vrf BLUE
auto BLUE
iface BLUE
  vrf-table auto
...

13 command or the vtysh

...
auto swp1
iface swp1
  vrf BLUE
auto BLUE
iface BLUE
  vrf-table auto
...

14 command.

To view the FRR IP routing table, run the vtysh

...
auto swp1
iface swp1
  vrf BLUE
auto BLUE
iface BLUE
  vrf-table auto
...

15 command or the

...
auto swp1
iface swp1
  vrf BLUE
auto BLUE
iface BLUE
  vrf-table auto
...

16 command. These commands show all routes, including routes leaked from other VRFs.

The following example commands show all routes in VRF

...
auto swp1
iface swp1
  vrf BLUE
auto BLUE
iface BLUE
  vrf-table auto
...

06, including routes leaked from VRF

...
auto swp1
iface swp1
  vrf BLUE
auto BLUE
iface BLUE
  vrf-table auto
...

05:

...
auto swp1
iface swp1
  vrf BLUE
auto BLUE
iface BLUE
  vrf-table auto
...

9

Delete Route Leaking Configuration

The following example commands delete leaked routes from VRF

...
auto swp1
iface swp1
  vrf BLUE
auto BLUE
iface BLUE
  vrf-table auto
...

05 to VRF

...
auto swp1
iface swp1
  vrf BLUE
auto BLUE
iface BLUE
  vrf-table auto
...

06:

NVUE Commands

cumulus@switch:~$ sudo ifreload -a

0

vtysh Commands

cumulus@switch:~$ sudo ifreload -a

1

Cumulus Linux no longer supports kernel commands. To avoid issues with VRF route leaking in FRR, do not use the kernel commands.

FRRouting in a VRF

Cumulus Linux supports , and for both IPv4 and IPv6 within a VRF context. Various “FRRouting”] routing constructs, such as routing tables, nexthops, router-id, and related processing are also VRF-aware.

learns of VRFs on the system as well as interface attachment to a VRF through notifications from the kernel.

The following sections show example VRF configurations with BGP and OSPF. For an example VRF configuration with static routing, see .

BGP

Because BGP is VRF-aware, Cumulus Linux supports per-VRF neighbors, both iBGP and eBGP, as well as numbered and unnumbered interfaces. Non-interface-based VRF neighbors bind to the VRF, so you can have overlapping address spaces in different VRFs. Each VRF can have its own parameters, such as address families and redistribution. Incoming connections rely on the Linux kernel for VRF-global sockets. You can track BGP neighbors with , both for single and multiple hops. You can configure multiple BGP instances, associating each with a VRF.

The following example shows a in VRF RED. In BGP unnumbered, there are no addresses on any interface. However, debugging tools like

...
auto swp1
iface swp1
  vrf BLUE
auto BLUE
iface BLUE
  vrf-table auto
...

21 need at least a single IP address per node as the source IP address. Typically, this address is the loopback device. With VRF, you can associate an IP address with the VRF device, which acts as the loopback interface for that VRF.

NVUE Commands

cumulus@switch:~$ sudo ifreload -a

2

Linux and vtysh Commands

cumulus@switch:~$ sudo ifdown BLUE
cumulus@switch:~$ sudo ifup --with-depends BLUE

8 file configuration:

cumulus@switch:~$ sudo ifreload -a

3

vtysh commands:

cumulus@switch:~$ sudo ifreload -a

4

The vtysh commands save the configuration in the

...
auto swp1
iface swp1
  vrf BLUE
auto BLUE
iface BLUE
  vrf-table auto
...

07 file. For example:

cumulus@switch:~$ sudo ifreload -a

5

OSPF

A VRF-aware OSPFv2 configuration supports numbered and unnumbered interfaces, and layer 3 interfaces such as SVIs, subinterfaces and physical interfaces. The VRF supports types 1 through 5 [ABR and ASBR - external LSAs] and types 9 through 11 [opaque LSAs] link state advertisements, redistribution of other routing protocols, connected and static routes, and route maps. You can track OSPF neighbors with .

Cumulus Linux does not support multiple VRFs in multi-instance OSPF.

The following example shows an OSPF configuration in VRF RED.

NVUE Commands

cumulus@switch:~$ sudo ifreload -a

6

Linux and vtysh Commands

The

cumulus@switch:~$ sudo ifdown BLUE
cumulus@switch:~$ sudo ifup --with-depends BLUE

8 file configuration:

cumulus@switch:~$ sudo ifreload -a

7

vtysh commands:

cumulus@switch:~$ sudo ifreload -a

8

The vtysh commands save the configuration in the

...
auto swp1
iface swp1
  vrf BLUE
auto BLUE
iface BLUE
  vrf-table auto
...

07 file. For example:

cumulus@switch:~$ sudo ifreload -a

9

DHCP with VRF

Because you can use VRF to bind IPv4 and IPv6 sockets to non-default VRF tables, you can start DHCP servers and relays in any non-default VRF table using the

cumulus@switch:~$ ip vrf pids BLUE
VRF: BLUE

dhclient           2508
sshd               2659
bash               2681
su                 2702
bash               2720
vrf                2829

6 and

cumulus@switch:~$ ip vrf identify 2829
BLUE

3 services.

cumulus@switch:~$ sudo ifdown BLUE
cumulus@switch:~$ sudo ifup --with-depends BLUE

6 must manage these services and the

...
auto swp1
iface swp1
  vrf BLUE
auto BLUE
iface BLUE
  vrf-table auto
...

29 file must list the services. By default, this file already lists these two services, as well as others. You can add more services as needed, such as

...
auto swp1
iface swp1
  vrf BLUE
auto BLUE
iface BLUE
  vrf-table auto
...

30 and

...
auto swp1
iface swp1
  vrf BLUE
auto BLUE
iface BLUE
  vrf-table auto
...

31 for IPv6.

If you edit

...
auto swp1
iface swp1
  vrf BLUE
auto BLUE
iface BLUE
  vrf-table auto
...

29, run

...
auto swp1
iface swp1
  vrf BLUE
auto BLUE
iface BLUE
  vrf-table auto
...

33 to generate the

cumulus@switch:~$ sudo ifdown BLUE
cumulus@switch:~$ sudo ifup --with-depends BLUE

6 instance files for the newly added services. Then you can start the service in the VRF using

...
auto swp1
iface swp1
  vrf BLUE
auto BLUE
iface BLUE
  vrf-table auto
...

35, where

...
auto swp1
iface swp1
  vrf BLUE
auto BLUE
iface BLUE
  vrf-table auto
...

36 is the name of the service [such as

cumulus@switch:~$ ip vrf pids BLUE
VRF: BLUE

dhclient           2508
sshd               2659
bash               2681
su                 2702
bash               2720
vrf                2829

6 or

cumulus@switch:~$ ip vrf identify 2829
BLUE

1. and

...
auto swp1
iface swp1
  vrf BLUE
auto BLUE
iface BLUE
  vrf-table auto
...

39 is the name of the VRF.

For example, to start the

cumulus@switch:~$ ip vrf identify 2829
BLUE

3 service after you configure a VRF named BLUE, run:

cumulus@switch:~$ nv set vrf BLUE table 1016
cumulus@switch:~$ nv config apply

0

To enable the service at boot time, you must also enable the service:

cumulus@switch:~$ nv set vrf BLUE table 1016
cumulus@switch:~$ nv config apply

1

In addition, you need to create a separate default file in the

...
auto swp1
iface swp1
  vrf BLUE
auto BLUE
iface BLUE
  vrf-table auto
...

41 directory for every instance of a DHCP server or relay in a non-default VRF. To run multiple instances of any of these services, you need a separate file for each instance. The files must have the following names:

• ... auto swp1 iface swp1

   vrf BLUE  
  

  auto BLUE iface BLUE

   vrf-table auto  
  

  ...
  42

• ... auto swp1 iface swp1

   vrf BLUE  
  

  auto BLUE iface BLUE

   vrf-table auto  
  

  ...
  43

• ... auto swp1 iface swp1

   vrf BLUE  
  

  auto BLUE iface BLUE

   vrf-table auto  
  

  ...
  44

• ... auto swp1 iface swp1

   vrf BLUE  
  

  auto BLUE iface BLUE

   vrf-table auto  
  

  ...
  45

See the example configuration below for more details.

• Cumulus Linux does not support DHCP server and relay across VRFs; the server and host cannot be in different VRF tables. In addition, the server and relay cannot be in different VRF tables.
• Typically, a service running in the default VRF owns a port across all VRFs. If you prefer the VRF local instance, first disable and stop the global instance.
• VRF is a layer 3 routing feature; only run programs that use AF_INET and AF_INET6 sockets in a VRF. VRF context does not affect any other aspects of the operation of a program.
• This method only works with cumulus@switch:$ sudo ifdown BLUE cumulus@switch:$ sudo ifup --with-depends BLUE 6-based services.

Example Configuration

In the following example, there is one IPv4 network with a VRF named RED and one IPv6 network with a VRF named BLUE.

IPv4 DHCP Server/relay networkIPv6 DHCP Server/relay network

Configure each DHCP server and relay as follows:

DHCP Server

1. Create the file

   ... auto swp1 iface swp1

    vrf BLUE  
   

   auto BLUE iface BLUE

    vrf-table auto  
   

   ...

   47 in

   ... auto swp1 iface swp1

    vrf BLUE  
   

   auto BLUE iface BLUE

    vrf-table auto  
   

   ...

   48. Here is sample content:

   cumulus@switch:$ nv set vrf BLUE table 1016 cumulus@switch:$ nv config apply 2
2. Enable the DHCP server: cumulus@switch:$ nv set vrf BLUE table 1016 cumulus@switch:$ nv config apply 3
3. Start the DHCP server: cumulus@switch:$ nv set vrf BLUE table 1016 cumulus@switch:$ nv config apply 4
4. Check status: cumulus@switch:$ nv set vrf BLUE table 1016 cumulus@switch:$ nv config apply 5

You can create this configuration using the

cumulus@switch:~$ vrf list
VRF              Table

BLUE            1016

7 command [see above for more details]:

cumulus@switch:~$ nv set vrf BLUE table 1016
cumulus@switch:~$ nv config apply

6

DHCP6 Server

1. Create the file

   ... auto swp1 iface swp1

    vrf BLUE  
   

   auto BLUE iface BLUE

    vrf-table auto  
   

   ...

   50 in

   ... auto swp1 iface swp1

    vrf BLUE  
   

   auto BLUE iface BLUE

    vrf-table auto  
   

   ...

   48. Here is sample content:

   cumulus@switch:$ nv set vrf BLUE table 1016 cumulus@switch:$ nv config apply 7
2. Enable the DHCP server: cumulus@switch:$ nv set vrf BLUE table 1016 cumulus@switch:$ nv config apply 8
3. Start the DHCP server: cumulus@switch:$ nv set vrf BLUE table 1016 cumulus@switch:$ nv config apply 9
4. Check status:

   ... auto swp1 iface swp1

    vrf BLUE  
   

   auto BLUE iface BLUE

    vrf-table 1016  
   

   ...
   0

You can create this configuration using the

cumulus@switch:~$ vrf list
VRF              Table

BLUE            1016

7 command [see above for more details]:

...
auto swp1
iface swp1
  vrf BLUE
auto BLUE
iface BLUE
  vrf-table 1016
...

1

DHCP Relay

1. Create the file

   ... auto swp1 iface swp1

    vrf BLUE  
   

   auto BLUE iface BLUE

    vrf-table auto  
   

   ...

   53 in

   ... auto swp1 iface swp1

    vrf BLUE  
   

   auto BLUE iface BLUE

    vrf-table auto  
   

   ...

   48. Here is sample content:

   ... auto swp1 iface swp1

    vrf BLUE  
   

   auto BLUE iface BLUE

    vrf-table 1016  
   

   ...
   2
2. Enable the DHCP relay:

   ... auto swp1 iface swp1

    vrf BLUE  
   

   auto BLUE iface BLUE

    vrf-table 1016  
   

   ...
   3
3. Start the DHCP relay:

   ... auto swp1 iface swp1

    vrf BLUE  
   

   auto BLUE iface BLUE

    vrf-table 1016  
   

   ...
   4
4. Check status:

   ... auto swp1 iface swp1

    vrf BLUE  
   

   auto BLUE iface BLUE

    vrf-table 1016  
   

   ...
   5

You can create this configuration using the

cumulus@switch:~$ vrf list
VRF              Table

BLUE            1016

7 command [see above for more details]:

...
auto swp1
iface swp1
  vrf BLUE
auto BLUE
iface BLUE
  vrf-table 1016
...

6

DHCP6 Relay

1. Create the file

   ... auto swp1 iface swp1

    vrf BLUE  
   

   auto BLUE iface BLUE

    vrf-table auto  
   

   ...

   56 in

   ... auto swp1 iface swp1

    vrf BLUE  
   

   auto BLUE iface BLUE

    vrf-table auto  
   

   ...

   48. Here is sample content:

   ... auto swp1 iface swp1

    vrf BLUE  
   

   auto BLUE iface BLUE

    vrf-table 1016  
   

   ...
   7
2. Enable the DHCP relay:

   ... auto swp1 iface swp1

    vrf BLUE  
   

   auto BLUE iface BLUE

    vrf-table 1016  
   

   ...
   8
3. Start the DHCP relay:

   ... auto swp1 iface swp1

    vrf BLUE  
   

   auto BLUE iface BLUE

    vrf-table 1016  
   

   ...
   9
4. Check status:

   cumulus@switch:~$ sudo ifreload -a

   0

You can create this configuration using the

cumulus@switch:~$ vrf list
VRF              Table

BLUE            1016

7 command [see above for more details]:

cumulus@switch:~$ sudo ifreload -a

1

Use ping or traceroute on a VRF

You can run

...
auto swp1
iface swp1
  vrf BLUE
auto BLUE
iface BLUE
  vrf-table auto
...

59 or

...
auto swp1
iface swp1
  vrf BLUE
auto BLUE
iface BLUE
  vrf-table auto
...

21 on a VRF from the default VRF.

To ping a VRF from the default VRF, run the

...
auto swp1
iface swp1
  vrf BLUE
auto BLUE
iface BLUE
  vrf-table auto
...

59

...
auto swp1
iface swp1
  vrf BLUE
auto BLUE
iface BLUE
  vrf-table auto
...

62 command. For example:

cumulus@switch:~$ sudo ifreload -a

2

To run

...
auto swp1
iface swp1
  vrf BLUE
auto BLUE
iface BLUE
  vrf-table auto
...

21 on a VRF from the default VRF, run the

...
auto swp1
iface swp1
  vrf BLUE
auto BLUE
iface BLUE
  vrf-table auto
...

64 command. For example:

cumulus@switch:~$ sudo ifreload -a

3

Troubleshooting

You can use vtysh or Linux show commands to troubleshoot VRFs.

vtysh Commands

To show all VRFs learned by FRR from the kernel, run the

...
auto swp1
iface swp1
  vrf BLUE
auto BLUE
iface BLUE
  vrf-table auto
...

65 command. The table ID shows the corresponding routing table in the kernel.

cumulus@switch:~$ sudo ifreload -a

4

To show the VRFs configured in BGP [including the default VRF], run the

...
auto swp1
iface swp1
  vrf BLUE
auto BLUE
iface BLUE
  vrf-table auto
...

66 command. A non-zero ID is a VRF that you define in the

cumulus@switch:~$ sudo ifdown BLUE
cumulus@switch:~$ sudo ifup --with-depends BLUE

8 file.

cumulus@switch:~$ sudo ifreload -a

5

To show interfaces known to FRR and attached to a specific VRF, run the

...
auto swp1
iface swp1
  vrf BLUE
auto BLUE
iface BLUE
  vrf-table auto
...

68 command. For example:

cumulus@switch:~$ sudo ifreload -a

6

To show VRFs configured in OSPF, run the

...
auto swp1
iface swp1
  vrf BLUE
auto BLUE
iface BLUE
  vrf-table auto
...

69 command. For example:

cumulus@switch:~$ sudo ifreload -a

7

To show all OSPF routes in a VRF, run the

...
auto swp1
iface swp1
  vrf BLUE
auto BLUE
iface BLUE
  vrf-table auto
...

70 command. For example:

cumulus@switch:~$ sudo ifreload -a

8

To see the routing table for each VRF, use the

...
auto swp1
iface swp1
  vrf BLUE
auto BLUE
iface BLUE
  vrf-table auto
...

71 command. The OSPF route is in the row that starts with O.

cumulus@switch:~$ sudo ifreload -a

9

Linux Commands

To list all VRFs, and include the VRF ID and table ID, run the

...
auto swp1
iface swp1
  vrf BLUE
auto BLUE
iface BLUE
  vrf-table auto
...

72 command. For example:

cumulus@switch:~$ sudo ifdown BLUE
cumulus@switch:~$ sudo ifup --with-depends BLUE

0

To show the interfaces attached to a specific VRF, run the

...
auto swp1
iface swp1
  vrf BLUE
auto BLUE
iface BLUE
  vrf-table auto
...

73 command. For example:

cumulus@switch:~$ sudo ifdown BLUE
cumulus@switch:~$ sudo ifup --with-depends BLUE

1

To show IPv4 routes in a VRF, run the

...
auto swp1
iface swp1
  vrf BLUE
auto BLUE
iface BLUE
  vrf-table auto
...

74 command. For example:

cumulus@switch:~$ sudo ifdown BLUE
cumulus@switch:~$ sudo ifup --with-depends BLUE

2

To show IPv6 routes in a VRF, run the

...
auto swp1
iface swp1
  vrf BLUE
auto BLUE
iface BLUE
  vrf-table auto
...

75 command. For example:

cumulus@switch:~$ sudo ifdown BLUE
cumulus@switch:~$ sudo ifup --with-depends BLUE

3

To see a list of links associated with a particular VRF table, run the

...
auto swp1
iface swp1
  vrf BLUE
auto BLUE
iface BLUE
  vrf-table auto
...

76 command. For example:

cumulus@switch:~$ sudo ifdown BLUE
cumulus@switch:~$ sudo ifup --with-depends BLUE

4

To see a list of routes associated with a particular VRF table, run the

...
auto swp1
iface swp1
  vrf BLUE
auto BLUE
iface BLUE
  vrf-table auto
...

77 command. For example:

cumulus@switch:~$ sudo ifdown BLUE
cumulus@switch:~$ sudo ifup --with-depends BLUE

5

You can also show routes in a VRF using the

...
auto swp1
iface swp1
  vrf BLUE
auto BLUE
iface BLUE
  vrf-table auto
...

78 command. This command omits local and broadcast routes, which can clutter the output.