[VRF] Set unreachable default route to isolate user Vrf and default Vrf #2943

gord1306 · 2023-10-25T15:55:41Z

What I did
Set unreachable default route to isolate user Vrf and default Vrf

Why I did it
In cases where there is no next hop found in the user VRF in the software dataplane, the default behavior of the kernel switches to looking up the default VRF. This behavior is inconsistent with some ASICs.

How I verified it

Create Vrf1 and bind Ethernet0 to the Vrf1
Setup default route of default Vrf
Send a no nexthop packet to Ethernet0 and check if there is any packet egress from default Vrf

Details if related
To address this, we need to set an unreachable policy-based route to prevent this scenario ref:
ip route add table 10 unreachable default metric 4278198272

In cases where there is no next hop found in the user VRF in the software dataplane, the default behavior of the kernel switches to looking up the default VRF. This behavior is inconsistent with some ASICs. To address this, we need to set an unreachable policy-based route to prevent this scenario: ip route add table 10 unreachable default metric 4278198272 This commit will append this configuration during VRF creation and removal."

gord1306 requested a review from prsunny as a code owner October 25, 2023 15:55

gord1306 force-pushed the isolation_vrf branch from 2290cec to d38299a Compare October 25, 2023 16:24

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[VRF] Set unreachable default route to isolate user Vrf and default Vrf #2943

[VRF] Set unreachable default route to isolate user Vrf and default Vrf #2943

gord1306 commented Oct 25, 2023 •

edited

Loading

[VRF] Set unreachable default route to isolate user Vrf and default Vrf #2943

Are you sure you want to change the base?

[VRF] Set unreachable default route to isolate user Vrf and default Vrf #2943

Conversation

gord1306 commented Oct 25, 2023 • edited Loading

gord1306 commented Oct 25, 2023 •

edited

Loading