| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <47e25c7c-1dd4-25ee-1d7b-f8c4c0783573@gmail.com>
Date: Sat, 25 May 2019 09:13:13 -0600
From: David Ahern <dsahern@...il.com>
To: George Wilkie <gwilkie@...tta.att-mail.com>
Cc: Shrijeet Mukherjee <shrijeet@...il.com>,
"David S. Miller" <davem@...emloft.net>,
Alexey Kuznetsov <kuznet@....inr.ac.ru>,
Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>,
netdev@...r.kernel.org
Subject: Re: [PATCH net-next] vrf: local route leaking
On 5/25/19 1:09 AM, George Wilkie wrote:
>
> That was my initial thought, although it needs a 2nd lookup.
> The problem I hit though was I couldn't figure out how to make it work
> when leaking from global into a VRF. I couldn't see how to indicate
> a lookup in the global table. Is there a way to do this?
> Using a loopback doesn't work, e.g. if 10.1.1.0/24 was on a global interface:
> ip ro add vrf vrf-a 10.1.1.0/24 dev lo
That works for MPLS when you exit the LSP and deliver locally, so it
should work here as well. I'll take a look early next week.
>
> It seemed if something new was needed, leaking the locals was neater approach?
>
I would prefer to avoid it if possible. VRF route leaking for forwarding
does not have the second lookup and that is the primary use case. VRL
with local delivery is a 1-off use case and you could just easily argue
that the connection should not rely on the leaked route. ie., the
control plane is aware of both VRFs, and the userspace process could use
the VRF-B path.
Powered by blists - more mailing lists