Ability to use a VRF instead of the main routing table

[jlixfeld]

Feature enhancement to add support for making looking-glass VRF aware when running against IOS-XR devices.

[gmazoyer]

I'd like to see that feature on more routers than just IOS-XR. Most routers have a support for VRF so we could extend this to Juniper, etc…

Maybe we could work on something more "complex" in some way. We could add a new field in the main form to select a VRF. In this way, we could use multiple VRFs defined on a per-router basis like the following:

$config['routers']['router1']['routing_tables'][] = array(
  'internet-vrf' => 'Internet VRF',
  'peering-vrf' => 'Peering VRF'
);

Of course this would require some javascript code to change the form field based on the routing tables defined. If no routing tables are defined the behavior would just follow the current one.

What do you think about that?

[jlixfeld]

My point of view for a looking-glass is from that of a service provider, and from my experience running service provider networks, I can't say that I've seen a use case that would require a separate VRF for Internet vs. Peering, or a separate VRF(s) per router.

Is there a use case that I'm not familiar with that would require this feature as a more complex implementation?

[gmazoyer]

That was just an example, not a relevant one I agree (working for a service provider as well).

Maybe selecting multiple VRFs isn't useful in that case we could just introduce a config option (per router) like:

$config['routers']['router1']['routing_table'] = 'internet-vrf';

If not defined, we just use the command without the VRF argument.

[jlixfeld]

If there are use cases where one or more routers would be in a VRF and one or more routers wouldn't, then that would definitely work. I'm not familiar with such a use case. In the networks I operate, Internet is always either in a VRF or not in a VRF, never both at the same time.

[gmazoyer]

Indeed that's why I'd like the config option to be per-router. In this way you would specify the VRF when you need it, or left the option unused when the Internet is not in a VRF.

[jlixfeld]

Great!

When I was testing this, I made the flag vrf_cmd with the idea being that the config option would include all the syntax required to run the command inside the VRF, meaning less code written in the router modules.

Example:

$ping = 'ping ipv6 '.(isset($hostname) ? $hostname : $destination).' '.$this->global_config['tools']['vrf_cmd'].' repeat 10';

If $config['tools']['vrf_cmd'] = 'vrf foo' then the command would be expanded to:

ping ipv6 1.1.1.1 vrf foo repeat 10

If $config['tools']['vrf_cmd'] = '' then the command would be expanded to:

ping ipv6 1.1.1.1 repeat 10

I don't know if that's a dumb idea though.

[rfminelli]

I'd like to see that feature on more routers than just IOS-XR. Most routers have a support for VRF so we could extend this to Juniper, etc…

Maybe we could work on something more "complex" in some way. We could add a new field in the main form to select a VRF. In this way, we could use multiple VRFs defined on a per-router basis like the following:

$config['routers']['router1']['routing_tables'][] = array(
  'internet-vrf' => 'Internet VRF',
  'peering-vrf' => 'Peering VRF'
);

Of course this would require some javascript code to change the form field based on the routing tables defined. If no routing tables are defined the behavior would just follow the current one.

What do you think about that?

I think that would be an excellent option. Operate VRF on RouterOS (Mikrotik) and I can provide the ones to be added to Looking Glass.

[jlixfeld]

@rfminelli To be clear, are you saying that you have a use case for selecting from multiple VRFs?

[rfminelli]

@jlixfeld I have a case where I select 2 vfrs. But only 1 case.

[gmazoyer]

It can make sens if you isolate routes per VRFs, like peering and transit in two different VRFs, for example. I'm currently working on the feature using a single VRF.

Building commands to pass to routers is starting to be a bit to cumbersome IMHO, so I might need to rework that part in the first place.

[jlixfeld]

If this feature turns into support for multiple VRFs per device, I think the current behaviour should still be available somehow. That is, if only one VRF (or no VRFs) is configured, don't give any indication in the UI that an option exists to choose some other VRF. I can see that being a security issue if a public user thinks there are VRFs on the network and tries to find ways to poke them.

[yapjackson]

Hi!

How can we use VRF for Cisco IOS?