frr icon indicating copy to clipboard operation
frr copied to clipboard
verified publisher icon FRRouting

[pbrd] How-to make ip rule without interface?

Open k0ste opened this issue 7 years ago • 7 comments

  • [x] Did you check if this is a duplicate issue?
  • [x] Did you test it on the latest FRRouting/frr master branch?

Description

How-to make ip rule with pbrd like this: ip rule add from 5.128.220.100 lookup ntk ip route add 0.0.0.0/0 via 5.128.220.1 table ntk

Steps to Reproduce

nexthop-group ntk
  nexthop 5.128.220.1
!
pbr-map ntk seq 10
  match src-ip 5.128.220.100/32
  set nexthop-group ntk
!

Expected behavior:

Possible to add pbr without interface definition.

Actual behavior:

pbr-policy only avaiable for interface. I don't need iif in this rule.

R1# sh pbr map
  pbr-map ntk valid: 0
    Seq: 10 rule: 309 Installed: 1(1) Reason: Invalid NH-group
        SRC Match: 5.128.220.100/32
        Nexthop-Group: ntk(10001) Installed: 0(1)
R1# sh pbr nexthop-groups 
Nexthop-Group: ntk Table: 10001 Valid: 0 Installed: 1
        Valid: 0 nexthop 5.128.220.1

Components

pbrd

Versions

  • OS: Archlinux
  • Kernel: Linux 4.17.13-arch1-1-nfcustom
  • FRR: 6.0

k0ste avatar Oct 25 '18 13:10 k0ste

PBR is designed to work with an incoming interface, if you do not want that we will need to modify PBR to do this.

donaldsharp avatar Oct 30 '18 15:10 donaldsharp

I was thinking that pbrd is Policy Based Routing daemon and I'll can replace my iproute scripts with this frr feature. My ip rule example, and lookup like this ip rule add from all fwmark 0x1e5b lookup this_table is a gentlemen's set. If this is not possible at this time - this issue is feature request.

k0ste avatar Oct 30 '18 16:10 k0ste

as a workaround you can add the pbr-policy to every interface, you'll end up with more rules but it will allow you to use it in the meantime.

donaldsharp avatar Oct 30 '18 19:10 donaldsharp

Maybe there should be possibility to attach pbr-map globally, without referencing any interface (in addition to interfaced based pbr-maps). Internally global pbr rules should have higher sequence numbers than interface based (let's say above 20k) to guarantee that interface based rules are evaluated earlier and always override global rules. This way current behavior would be preserved and global map will provide means for direct translation of existing ip rule based configurations into pbrd.

n3wtype avatar Jun 05 '19 15:06 n3wtype

@n3wtype -> It would be a very simple matter of adding a pbr rule range .. command. Please feel free to do so

donaldsharp avatar Jun 05 '19 15:06 donaldsharp

The workaround for this, is use new frr lua scripting feature. The example of script can be found here https://github.com/FRRouting/frr/discussions/16727#discussioncomment-10981791

k0ste avatar Oct 29 '24 12:10 k0ste

It seems that one interface can only have one pbr-policy. What can I do if I have two policies in the same one incoming interface?

yanjiulab avatar Nov 25 '25 04:11 yanjiulab