Multiple default routes / Force external routing
sthaug at nethelp.no
sthaug at nethelp.no
Tue Apr 14 10:59:15 PDT 2009
> Perhaps the OP should rephrase his desire.
>
> To me, it sounds like he wants to turn the FBSD box into a VLAN
> aggregator, and then "trunk" the VLANs to an external router to route
> between the VLAN subnets.
It's more that I'd like my FreeBSD box to be able to handle multiple
routing tables completely, as seen from an L3VPN point of view (this
is what Cisco calls VRF-lite, which is obviously not a full fledged
MPLS L3VPN implementation):
- A box can have multiple routing tables. These are logically separate.
- Each interface is connected to one and only one routing table. Each
routing table may have zero or more interfaces connected to it. Cisco
and many other vendors call a routing table with interfaces connected
to it a VRF, Virtual Router and Forwarding instance, see for instance
http://en.wikipedia.org/wiki/VRF
- There is no traffic between VRFs within the box (and thus, if two
interfaces are in different routing tables, you can *not* get traffic
between them within the box). There is no "short-circuit" between
VRFs. If two interfaces are in the *same* routing table (same VRF)
you can of course have traffic between them.
- To go between VRFs you need to send the traffic to an external
device, for instance a firewall.
Thus if I have a box with the following routing tables/interfaces/
IP addresses:
Table Intf IP address
1 vlan0 192.168.1.1/30
2 vlan1 192.168.2.1/30
2 vlan2 192.168.3.1/30
then I can communicate from 192.168.2.1 to 192.168.3.1 within the box,
since both of these interfaces are in the same routing table. But I
cannot communicate from 192.168.2.1 to 192.168.1.1 within the box,
since these interfaces are in separate routing tables. To get from
192.168.2.1 to 192.168.1.1 I need to send the traffic to an external
device.
Steinar Haug, Nethelp consulting, sthaug at nethelp.no
More information about the freebsd-net
mailing list