[pbrd] How-to make ip rule without interface?

FRRouting / frr

The FRRouting Protocol Suite

https://frrouting.org/

Other

3.39k stars 1.26k forks source link

[pbrd] How-to make ip rule without interface? #3242

Open k0ste opened 6 years ago

k0ste commented 6 years ago

[x] Did you check if this is a duplicate issue?
[x] Did you test it on the latest FRRouting/frr master branch?

Description

How-to make ip rule with pbrd like this: ip rule add from 5.128.220.100 lookup ntk ip route add 0.0.0.0/0 via 5.128.220.1 table ntk

Steps to Reproduce

nexthop-group ntk
  nexthop 5.128.220.1
!
pbr-map ntk seq 10
  match src-ip 5.128.220.100/32
  set nexthop-group ntk
!

Expected behavior:

Possible to add pbr without interface definition.

Actual behavior:

pbr-policy only avaiable for interface. I don't need iif in this rule.

R1# sh pbr map
  pbr-map ntk valid: 0
    Seq: 10 rule: 309 Installed: 1(1) Reason: Invalid NH-group
        SRC Match: 5.128.220.100/32
        Nexthop-Group: ntk(10001) Installed: 0(1)
R1# sh pbr nexthop-groups 
Nexthop-Group: ntk Table: 10001 Valid: 0 Installed: 1
        Valid: 0 nexthop 5.128.220.1

Components

pbrd

Versions

OS: Archlinux
Kernel: Linux 4.17.13-arch1-1-nfcustom
FRR: 6.0

donaldsharp commented 6 years ago

PBR is designed to work with an incoming interface, if you do not want that we will need to modify PBR to do this.

k0ste commented 6 years ago

I was thinking that pbrd is Policy Based Routing daemon and I'll can replace my iproute scripts with this frr feature. My ip rule example, and lookup like this ip rule add from all fwmark 0x1e5b lookup this_table is a gentlemen's set. If this is not possible at this time - this issue is feature request.

donaldsharp commented 6 years ago

as a workaround you can add the pbr-policy to every interface, you'll end up with more rules but it will allow you to use it in the meantime.

n3wtype commented 5 years ago

Maybe there should be possibility to attach pbr-map globally, without referencing any interface (in addition to interfaced based pbr-maps). Internally global pbr rules should have higher sequence numbers than interface based (let's say above 20k) to guarantee that interface based rules are evaluated earlier and always override global rules. This way current behavior would be preserved and global map will provide means for direct translation of existing ip rule based configurations into pbrd.

donaldsharp commented 5 years ago

@n3wtype -> It would be a very simple matter of adding a pbr rule range .. command. Please feel free to do so

k0ste commented 1 month ago

The workaround for this, is use new frr lua scripting feature. The example of script can be found here https://github.com/FRRouting/frr/discussions/16727#discussioncomment-10981791