Manipulations on lookup tables

aserkin · May 3, 2024, 10:24am

Hi. For my project i need different lookup table than it is on my host:

# ip rule
0:   from all lookup local
1000:   from all lookup [l3mdev-table]
32766:  from all lookup main
32767:  from all lookup default

needed chain:

1000:   from all lookup [l3mdev-table]
2000:   from all lookup local
32766:  from all lookup main
32767:  from all lookup default

I see that VyOS has this rules sequence:

1000:   from all lookup [l3mdev-table]
2000:   from all lookup [l3mdev-table] unreachable
32765:  from all lookup local
32766:  from all lookup main
32767:  from all lookup default

and it persists across reboots and interfaces flaps. Is that possible to do the same on plain recent Debian or Ubuntu?
I created systemd service like this:

[Unit]
Description=Put l3mdev-table lookup first in ip rules
Requires=network-online.target
After=network-online.target

[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/local/sbin/ipruleinsert.sh

[Install]
WantedBy=multi-user.target

where the script does the following:

#!/usr/bin/bash
ip -4 rule | egrep '^0:' &> /dev/null
if [ $? == 0 ]; then
        ip -4 rule del 0
fi
ip -r rule | grep "2000:" &> /dev/null
if [ $? != 0 ]; then
        ip -4 rule add pref 2000 table local
fi

it works across reboots, but the line with preference 2000 disappears unfortunately after network interfaces flaps, or “systemctl restart systemd-networkd” or after netplan apply.
That is probably not VyOS related directly, but the place seem to be the only one where it could be resolved)

fernando · May 3, 2024, 2:34pm

is it not possible to achieved with route-police ? they allow to configure a particular table, in case to be necessary.

Apachez · May 4, 2024, 6:38am

Care to explain why this is needed in your case vs just using the vrf function in VyOS who will create a unique routing table for a particular interface to use?

aserkin · May 6, 2024, 8:29am

I do not need VyOS routing functions actually. The goal is to establish communication between Telegraf, running in VRF default, and Bind, running in another VRF. This works fine with veth interfaces pair but only in case of modified ip rules as shown above.
I’d appreciate other possible solutions for that.

Apachez · May 6, 2024, 10:33am

Perhaps VRF-leaking?

https://docs.vyos.io/en/latest/configuration/vrf/index.html#vrf-example

aserkin · May 6, 2024, 1:00pm

this is too big for me) The setup takes not more than one virtual machine. But i have to separate OAM and Service parts (i.e. telegraf and bind)

aserkin · May 6, 2024, 4:46pm

the main goal is to make the changes persistent across reboots, ‘systemctl restart systemd-networkd’, ‘netplan apply’ commands.
Yes, i can add rules with routing-policy in netplan configuration, but i still have no idea how to get rid if the first rule with preference 0:
0: from all lookup local