How can use VRF to achieve user routing isolation?

desword · 2021-09-16 11:30:02

Recently, I am studying the Virtual Routing and Forwarding feature in Linux.

http://www.routereflector.com/2016/11/w … -on-linux/

I find that to create VRF, each VRF is bond with a network interface.
e.g.,
# ip link add red type vrf table 1
# ip link set dev red up
# ip link set eth1 master red

Then, does it indicate that the number of isolated user's routing tables are highly related to the number of 'physical' installed network interface?
For example, a server is only equipped with three network interfaces, eth0, eth1, eth2. Then the server can only provide the isolation for three uesrs? Then the usage scenarios may be limited?

However, I can still see some approaches using VRF to distinguish users and provide the resource isolation services for mutiple tenant.

Anyone can give some help for this?
Thanks very much!

desword · 2021-09-18 09:19:12

Any Help is appreciated.

Slithery · 2021-09-18 10:07:08

Don't do that...
https://wiki.archlinux.org/title/Genera … es#Bumping

Lone_Wolf · 2021-09-18 12:09:57

There appears to be such a limit, but you get could around that using virtual network devices (like VM hypervisors do).

Apart from VRF you may also be able to use policy based routing .

iproute2 is very powerful, I suggest you read up on it:

http://www.policyrouting.org/iproute2.doc.html
https://baturin.org/docs/iproute2/

Arch Linux

#1 2021-09-16 11:30:02

How can use VRF to achieve user routing isolation?

#2 2021-09-18 09:19:12

Re: How can use VRF to achieve user routing isolation?

#3 2021-09-18 10:07:08

Re: How can use VRF to achieve user routing isolation?

#4 2021-09-18 12:09:57

Re: How can use VRF to achieve user routing isolation?

Board footer