Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[pbrd] How-to make ip rule without interface? #3242

Open
2 tasks done
k0ste opened this issue Oct 25, 2018 · 6 comments
Open
2 tasks done

[pbrd] How-to make ip rule without interface? #3242

k0ste opened this issue Oct 25, 2018 · 6 comments
Labels
enhancement pbr

Comments

@k0ste
Copy link
Contributor

k0ste commented Oct 25, 2018

  • Did you check if this is a duplicate issue?
  • Did you test it on the latest FRRouting/frr master branch?

Description

How-to make ip rule with pbrd like this:
ip rule add from 5.128.220.100 lookup ntk
ip route add 0.0.0.0/0 via 5.128.220.1 table ntk

Steps to Reproduce

nexthop-group ntk
  nexthop 5.128.220.1
!
pbr-map ntk seq 10
  match src-ip 5.128.220.100/32
  set nexthop-group ntk
!

Expected behavior:

Possible to add pbr without interface definition.

Actual behavior:

pbr-policy only avaiable for interface. I don't need iif in this rule.

R1# sh pbr map
  pbr-map ntk valid: 0
    Seq: 10 rule: 309 Installed: 1(1) Reason: Invalid NH-group
        SRC Match: 5.128.220.100/32
        Nexthop-Group: ntk(10001) Installed: 0(1)
R1# sh pbr nexthop-groups 
Nexthop-Group: ntk Table: 10001 Valid: 0 Installed: 1
        Valid: 0 nexthop 5.128.220.1

Components

pbrd

Versions

  • OS: Archlinux
  • Kernel: Linux 4.17.13-arch1-1-nfcustom
  • FRR: 6.0
@donaldsharp
Copy link
Member

PBR is designed to work with an incoming interface, if you do not want that we will need to modify PBR to do this.

@k0ste
Copy link
Contributor Author

k0ste commented Oct 30, 2018
edited
Loading

I was thinking that pbrd is Policy Based Routing daemon and I'll can replace my iproute scripts with this frr feature. My ip rule example, and lookup like this ip rule add from all fwmark 0x1e5b lookup this_table is a gentlemen's set. If this is not possible at this time - this issue is feature request.

@donaldsharp
Copy link
Member

as a workaround you can add the pbr-policy to every interface, you'll end up with more rules but it will allow you to use it in the meantime.

@n3wtype n3wtype mentioned this issue Jun 5, 2019
Closed
@n3wtype
Copy link

n3wtype commented Jun 5, 2019
edited
Loading

Maybe there should be possibility to attach pbr-map globally, without referencing any interface (in addition to interfaced based pbr-maps). Internally global pbr rules should have higher sequence numbers than interface based (let's say above 20k) to guarantee that interface based rules are evaluated earlier and always override global rules. This way current behavior would be preserved and global map will provide means for direct translation of existing ip rule based configurations into pbrd.

@donaldsharp
Copy link
Member

@n3wtype -> It would be a very simple matter of adding a pbr rule range .. command. Please feel free to do so

@riw777 riw777 closed this as completed Aug 15, 2023
@qlyoung qlyoung reopened this Sep 4, 2024
@k0ste
Copy link
Contributor Author

k0ste commented Oct 29, 2024

The workaround for this, is use new frr lua scripting feature. The example of script can be found here #16727 (comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement pbr
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@n3wtype @riw777 @qlyoung @k0ste @donaldsharp