From eff8e8a2b0a8bcf2ae9238677c34add9cb968e4f Mon Sep 17 00:00:00 2001 From: Donald Sharp Date: Thu, 10 Dec 2020 07:38:52 -0500 Subject: [PATCH] doc: Slightly touch on the vrf route lookup semantics People keep asking about the default unreachable route in the linux vrf table. Add a bit of color about the design choices and what is going on. Signed-off-by: Donald Sharp --- doc/user/zebra.rst | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/doc/user/zebra.rst b/doc/user/zebra.rst index b94c248b33..a9979558c3 100644 --- a/doc/user/zebra.rst +++ b/doc/user/zebra.rst @@ -407,6 +407,14 @@ If no option is chosen, then the *Linux VRF* implementation as references in https://www.kernel.org/doc/Documentation/networking/vrf.txt will be mapped over the *Zebra* VRF. The routing table associated to that VRF is a Linux table identifier located in the same *Linux network namespace* where *Zebra* started. +Please note when using the *Linux VRF* routing table it is expected that a +default Kernel route will be installed that has a metric as outlined in the +www.kernel.org doc above. The Linux Kernel does table lookup via a combination +of rule application of the rule table and then route lookup of the specified +table. If no route match is found then the next applicable rule is applied +to find the next route table to use to look for a route match. As such if +your VRF table does not have a default blackhole route with a high metric +VRF route lookup will leave the table specified by the VRF, which is undesirable. If the :option:`-n` option is chosen, then the *Linux network namespace* will be mapped over the *Zebra* VRF. That implies that *Zebra* is able to configure -- 2.39.5