|
NAME | SYNOPSIS | DESCRIPTION | CAVEATS | EXAMPLES | SEE ALSO | AUTHOR | COLOPHON |
IP-VRF(8) Linux IP-VRF(8)
ip-vrf - run a command against a vrf
ip vrf { COMMAND | help }
ip vrf show [ NAME ]
ip vrf identify [ PID ]
ip vrf pids NAME
ip vrf exec [ NAME ] command...
A VRF provides traffic isolation at layer 3 for routing, similar to
how a VLAN is used to isolate traffic at layer 2. Fundamentally, a
VRF is a separate routing table. Network devices are associated with
a VRF by enslaving the device to the VRF. At that point network
addresses assigned to the device are local to the VRF with host and
connected routes moved to the table associated with the VRF.
A process can specify a VRF using several APIs -- binding the socket
to the VRF device using SO_BINDTODEVICE, setting the VRF association
using IP_UNICAST_IF or IPV6_UNICAST_IF, or specifying the VRF for a
specific message using IP_PKTINFO or IPV6_PKTINFO.
By default a process is not bound to any VRF. An association can be
set explicitly by making the program use one of the APIs mentioned
above or implicitly using a helper to set SO_BINDTODEVICE for all
IPv4 and IPv6 sockets (AF_INET and AF_INET6) when the socket is
created. This ip-vrf command is a helper to run a command against a
specific VRF with the VRF association inherited parent to child.
ip vrf show [ NAME ] - Show all configured VRF
This command lists all VRF and their corresponding table ids.
If NAME is given, then only that VRF and table id is shown.
The latter command is useful for scripting where the table id
for a VRF is needed.
ip vrf exec [ NAME ] cmd ... - Run cmd against the named VRF
This command allows applications that are VRF unaware to be
run against a VRF other than the default VRF (main table). A
command can be run against the default VRF by passing the
"default" as the VRF name. This is useful if the current shell
is associated with another VRF (e.g, Management VRF).
ip vrf identify [PID] - Report VRF association for process
This command shows the VRF association of the specified
process. If PID is not specified then the id of the current
process is used.
ip vrf pids NAME - Report processes associated with the named VRF
This command shows all process ids that are associated with
the given VRF.
This command requires a kernel compiled with CGROUPS and CGROUP_BPF
enabled.
The VRF helper *only* affects network layer sockets.
ip vrf exec red ssh 10.100.1.254
Executes ssh to 10.100.1.254 against the VRF red table.
ip(8), ip-link(8), ip-address(8), ip-route(8), ip-neighbor(8)
Original Manpage by David Ahern
This page is part of the iproute2 (utilities for controlling TCP/IP
networking and traffic) project. Information about the project can
be found at
⟨http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2⟩.
If you have a bug report for this manual page, send it to
netdev@vger.kernel.org, shemminger@osdl.org. This page was obtained
from the project's upstream Git repository
⟨git://git.kernel.org/pub/scm/linux/kernel/git/shemminger/iproute2.git⟩
on 2017-07-05. If you discover any rendering problems in this HTML
version of the page, or you believe there is a better or more up-to-
date source for the page, or you have corrections or improvements to
the information in this COLOPHON (which is not part of the original
manual page), send a mail to man-pages@man7.org
iproute2 7 Dec 2016 IP-VRF(8)