Doc: Update documentation about VRFs and BFD

This commit is contained in:
Ondrej Zajicek (work) 2019-07-30 19:21:06 +02:00
parent 2de1e2062e
commit 8c703ecf73

View file

@ -671,14 +671,24 @@ agreement").
This is an optional description of the protocol. It is displayed as a This is an optional description of the protocol. It is displayed as a
part of the output of 'show protocols all' command. part of the output of 'show protocols all' command.
<tag><label id="proto-vrf">vrf "<m/text/"</tag> <tag><label id="proto-vrf">vrf "<m/text/"|default</tag>
Associate the protocol with specific VRF. The protocol will be Associate the protocol with specific VRF. The protocol will be
restricted to interfaces assigned to the VRF and will use sockets bound restricted to interfaces assigned to the VRF and will use sockets bound
to the VRF. Appropriate VRF interface must exist on OS level. For kernel to the VRF. A corresponding VRF interface must exist on OS level. For
protocol, an appropriate table still must be explicitly selected by kernel protocol, an appropriate table still must be explicitly selected
<cf/table/ option. Note that for proper VRF support it is necessary to by <cf/table/ option.
use Linux kernel version at least 4.14, older versions have limited VRF
implementation. By selecting <cf/default/, the protocol is associated with the default
VRF; i.e., it will be restricted to interfaces not assigned to any
regular VRF. That is different from not specifying <cf/vrf/ at all, in
which case the protocol may use any interface regardless of its VRF
status.
Note that for proper VRF support it is necessary to use Linux kernel
version at least 4.14, older versions have limited VRF implementation.
Before Linux kernel 5.0, a socket bound to a port in default VRF collide
with others in regular VRFs. In BGP, this can be avoided by using
<ref id="bgp-strict-bind" name="strict bind"> option.
<tag><label id="proto-channel"><m/channel name/ [{<m/channel config/}]</tag> <tag><label id="proto-channel"><m/channel name/ [{<m/channel config/}]</tag>
Every channel must be explicitly stated. See the protocol-specific Every channel must be explicitly stated. See the protocol-specific
@ -1896,12 +1906,11 @@ the BFD session went down).
advanced features like the echo mode or authentication are not implemented), IP advanced features like the echo mode or authentication are not implemented), IP
transport for BFD as defined in <rfc id="5881"> and <rfc id="5883"> and transport for BFD as defined in <rfc id="5881"> and <rfc id="5883"> and
interaction with client protocols as defined in <rfc id="5882">. interaction with client protocols as defined in <rfc id="5882">.
We currently support at most one protocol instance.
<p>BFD packets are sent with a dynamic source port number. Linux systems use by <p>BFD packets are sent with a dynamic source port number. Linux systems use by
default a bit different dynamic port range than the IANA approved one default a bit different dynamic port range than the IANA approved one
(49152-65535). If you experience problems with compatibility, please adjust (49152-65535). If you experience problems with compatibility, please adjust
<cf>/proc/sys/net/ipv4/ip_local_port_range</cf> <cf>/proc/sys/net/ipv4/ip_local_port_range</cf>.
<sect1>Configuration <sect1>Configuration
<label id="bfd-config"> <label id="bfd-config">
@ -1918,6 +1927,14 @@ configuration is often sufficient.
<p>Note that to use BFD for other protocols like OSPF or BGP, these protocols <p>Note that to use BFD for other protocols like OSPF or BGP, these protocols
also have to be configured to request BFD sessions, usually by <cf/bfd/ option. also have to be configured to request BFD sessions, usually by <cf/bfd/ option.
<p>A BFD instance not associated with any VRF handles session requests from all
other protocols, even ones associated with a VRF. Such setup would work for
single-hop BFD sessions if <cf/net.ipv4.udp_l3mdev_accept/ sysctl is enabled,
but does not currently work for multihop sessions. Another approach is to
configure multiple BFD instances, one for each VRF (including the default VRF).
Each BFD instance associated with a VRF (regular or default) only handles
session requests from protocols in the same VRF.
<p>Some of BFD session options require <m/time/ value, which has to be specified <p>Some of BFD session options require <m/time/ value, which has to be specified
with the appropriate unit: <m/num/ <cf/s/|<cf/ms/|<cf/us/. Although microseconds with the appropriate unit: <m/num/ <cf/s/|<cf/ms/|<cf/us/. Although microseconds
are allowed as units, practical minimum values are usually in order of tens of are allowed as units, practical minimum values are usually in order of tens of