[DEPRECATED] Using Management MRF

Follow

IMPORTANT! This feature has been deprecated. Use the management VRF feature instead.

 


 

How Management MRF Works

Management MRF (multiple routing tables and forwarding) is an experimental feature in Cumulus Linux 2.5.3. It works by creating two routing tables within the Linux kernel:

  • main: This is the routing table for all the data plane switch ports. 
  • mgmt: This is the routing table for eth0.

Management MRF assumes all traffic generated by the switch (except via Quagga) will exit eth0 by default, so unless there is application-level intervention, any packet generated by an application on the switch will only reference the eth0 routing table. 

For example, if the switch is responding to an inbound SSH connection or inbound ping, management MRF does not assume that this traffic exits via eth0. However, if you SSH from the switch outbound, then management MRF assumes the traffic exits eth0.

For traffic to use a switch port, either the switch port must be defined in the software configuration or the software package must be extended. 

For any inbound connections on a switch port, management MRF works as expected without any modifications or changes.

More details are provided below, but in general:

  • If you want the application to use eth0, it works as expected.
  • If you want the application to use a switch port, additional configuration may be required.

Using ping or traceroute

By default, issuing a ping or traceroute assumes the packet should be sent to eth0. If you wish to use ping or traceroute to a switch port, use the -m flag for ping and --fwmark=254 for traceroute. 254 is the main routing table, these options tell ping and traceroute to use that table instead of the mgmt table. For example:

ping -m 254 192.168.1.1

or

sudo traceroute --fwmark=254 192.168.1.1

OSPF and BGP

No changes are required for either BGP or OSPF. Quagga has been updated in Cumulus Linux 2.5.3 to be aware of the management MRF and automatically sends packets based on the switch port routing table. This includes BGP peering via loopback interfaces. BGP does routing lookups in the default table.

SNMP and sFlow

Both SNMP and sFlow do not currently have a method to use a switch port to send data. For any netflow collectors or SNMP traps, this traffic gets sent out to eth0. Cumulus Networks should support switch ports in the future.

Note: For SNMP, this restriction only applies to traps. SNMP polling is not affected.

SSH

If you SSH to the switch through a switch port, it works as expected. If you need to SSH from the device out a switch port, use ssh -b <ip_address_of_swp_port>. For example:

cumulus@leaf1$ ip addr show swp17
19: swp17: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 500
    link/ether ec:f4:bb:fc:19:23 brd ff:ff:ff:ff:ff:ff
    inet 10.23.23.2/24 scope global swp17
    inet6 fe80::eef4:bbff:fefc:1923/64 scope link
       valid_lft forever preferred_lft forever

cumulus@leaf1$ ssh -b 10.23.23.2 10.3.3.3

Viewing the Routing Tables

As mentioned earlier, two routing tables now exist. When you look at the routing table with ip route show, you are looking at the switch port (main) table. To look at information about eth0, use ip route show table mgmt.

cumulus@leaf1$ ip route show table mgmt
default via 192.168.0.1 dev eth0

cumulus@leaf1$ ip route show
default via 10.23.23.3 dev swp17  proto zebra  metric 20
10.3.3.3 via 10.23.23.3 dev swp17
10.23.23.0/24 dev swp17  proto kernel  scope link  src 10.23.23.2
192.168.0.0/24 dev eth0  proto kernel  scope link  src 192.168.0.11

Upgrading from Namespaces

When you upgrade to Cumulus Linux 2.5.3 from a namespace, do not use cl-ns-mgmt --mnt-persist.

Back up any important files (like /etc/network/interfaces), run cl-img-select then reboot the switch. 

Enabling Management MRF

Management MRF is an experimental feature in Cumulus Linux 2.5.3. You must upgrade your switch to Cumulus Linux 2.5.3 before attempting to configure the management MRF. To enable management MRF:

  1. Uncomment the testing repo in /etc/apt/sources.list
    # 
    #  The Cumulus Package Repository.
    #
    #  Only packages from this repository are supported
    #
    #
    
    deb http://repo.cumulusnetworks.com CumulusLinux-2.5 main addons updates
    deb http://repo.cumulusnetworks.com CumulusLinux-2.5 security-updates
    
    # Uncomment the next line to get access to the testing component
    deb http://repo.cumulusnetworks.com CumulusLinux-2.5 testing
    
  2. Update the apt source list:
    $ sudo apt-get update
    
  3. Install the management MRF package:
    sudo apt-get install cl-mgmtmrf
    
  4. Run the management MRF script:
    sudo cl-mgmtmrf --setup
    

That's it. There's no need to reboot or restart any services.

 

Verifying Management MRF

To check the status of management MRF, run:

cl-mgmtmrf --status

This will display cl-mgmtmrf is NOT enabled or cl-mgmtmrf is enabled, depending upon whether management MRF is disabled or enabled.

Disabling Management MRF

To disable managment MRF, run:

sudo cl-mgmtmrf --undo

About Static Gateways

If a static gateway is used in the eth0 definition, you must change the configuration to assign the default in the correct routing table. Then you must bounce eth0 for the change to take effect.

Original configuration:

auto eth0
iface eth0 inet static
 address 192.168.0.12/24
 gateway 192.168.0.1

New configuration:

auto eth0
iface eth0
 address 192.168.0.12/24
 post-up ip route add default via 192.168.0.1 dev eth0 table mgmt

Then bounce eth0:

sudo ifdown eth0; sudo ifup eth0
Have more questions? Submit a request

Comments

Powered by Zendesk