OpenVZ Forum


Home » Mailing lists » Users » VRF within containers
VRF within containers [message #48456] Thu, 18 October 2012 08:31 Go to next message
Vincent JARDIN is currently offline  Vincent JARDIN
Messages: 2
Registered: October 2012
Junior Member
From: *parallels.com
Hi,

When physical routers are used, they allow VRF based forwarding. They
can be made of Linux namespace.

However, when a container is being used to virtualize routers, it
prevents from running within each containers some VRF based packet
processing. For instance, assume that you have 10 containers running
MP-BGP into each containers; using MP-BGP, each container can manage 1
to few thousands of VRF (routing table).

With the current assumptions, assuming than MP-BGP uses namespace to
index the routing table, then it cannot support the combination of VRF
forwarding within each container/namespace.

A workaround can be to add a VRF attribute into each namespace so any
packet processing can be prefixed by an VR index (routing table, IPsec
SAD/SPD lookup, etc.).

Have you ever considered any other options like adding a VRF index into
each namespace?

Thank you,
Vincent



--
Multicore Packet Processing Forum:
http://multicorepacketprocessing.com
Re: VRF within containers [message #48562 is a reply to message #48456] Mon, 22 October 2012 20:34 Go to previous message
Vincent JARDIN is currently offline  Vincent JARDIN
Messages: 2
Registered: October 2012
Junior Member
From: *parallels.com
As anyone any concerns about VRF exclusivity versus containers? Or
should I send it on devel@ mailing list instead?

Thank you,
Vincent
On 18/10/2012 10:31, Vincent JARDIN wrote:
> Hi,
>
> When physical routers are used, they allow VRF based forwarding. They
> can be made of Linux namespace.
>
> However, when a container is being used to virtualize routers, it
> prevents from running within each containers some VRF based packet
> processing. For instance, assume that you have 10 containers running
> MP-BGP into each containers; using MP-BGP, each container can manage 1
> to few thousands of VRF (routing table).
>
> With the current assumptions, assuming than MP-BGP uses namespace to
> index the routing table, then it cannot support the combination of VRF
> forwarding within each container/namespace.
>
> A workaround can be to add a VRF attribute into each namespace so any
> packet processing can be prefixed by an VR index (routing table, IPsec
> SAD/SPD lookup, etc.).
>
> Have you ever considered any other options like adding a VRF index into
> each namespace?
Previous Topic: using iptables geoip in openvz container
Next Topic: samba and openvz
Goto Forum:
  


Current Time: Mon Dec 11 02:19:34 GMT 2017