IMPORTANT! This feature has been deprecated. Use the management VRF feature instead.
How Management MRF Works
Management MRF (multiple routing tables and forwarding) is an experimental feature in Cumulus Linux 2.5.3. It works by creating two routing tables within the Linux kernel:
- main: This is the routing table for all the data plane switch ports.
- mgmt: This is the routing table for eth0.
Management MRF assumes all traffic generated by the switch (except via Quagga) will exit eth0 by default, so unless there is application-level intervention, any packet generated by an application on the switch will only reference the eth0 routing table.
For example, if the switch is responding to an inbound SSH connection or inbound ping, management MRF does not assume that this traffic exits via eth0. However, if you SSH from the switch outbound, then management MRF assumes the traffic exits eth0.
For traffic to use a switch port, either the switch port must be defined in the software configuration or the software package must be extended.
For any inbound connections on a switch port, management MRF works as expected without any modifications or changes.
More details are provided below, but in general:
- If you want the application to use eth0, it works as expected.
- If you want the application to use a switch port, additional configuration may be required.
Using ping or traceroute
By default, issuing a
traceroute assumes the packet should be sent to eth0. If you wish to use
traceroute to a switch port, use the
-m flag for ping and --fwmark=254 for traceroute. 254 is the main routing table, these options tell ping and traceroute to use that table instead of the mgmt table. For example:
ping -m 254 192.168.1.1
sudo traceroute --fwmark=254 192.168.1.1
OSPF and BGP
No changes are required for either BGP or OSPF. Quagga has been updated in Cumulus Linux 2.5.3 to be aware of the management MRF and automatically sends packets based on the switch port routing table. This includes BGP peering via loopback interfaces. BGP does routing lookups in the default table.
SNMP and sFlow
Both SNMP and sFlow do not currently have a method to use a switch port to send data. For any netflow collectors or SNMP traps, this traffic gets sent out to eth0. Cumulus Networks should support switch ports in the future.
Note: For SNMP, this restriction only applies to traps. SNMP polling is not affected.
If you SSH to the switch through a switch port, it works as expected. If you need to SSH from the device out a switch port, use
ssh -b <ip_address_of_swp_port>. For example:
cumulus@leaf1$ ip addr show swp17 19: swp17: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 500 link/ether ec:f4:bb:fc:19:23 brd ff:ff:ff:ff:ff:ff inet 10.23.23.2/24 scope global swp17 inet6 fe80::eef4:bbff:fefc:1923/64 scope link valid_lft forever preferred_lft forever cumulus@leaf1$ ssh -b 10.23.23.2 10.3.3.3
Viewing the Routing Tables
As mentioned earlier, two routing tables now exist. When you look at the routing table with
ip route show, you are looking at the switch port (main) table. To look at information about eth0, use
ip route show table mgmt.
cumulus@leaf1$ ip route show table mgmt default via 192.168.0.1 dev eth0 cumulus@leaf1$ ip route show default via 10.23.23.3 dev swp17 proto zebra metric 20 10.3.3.3 via 10.23.23.3 dev swp17 10.23.23.0/24 dev swp17 proto kernel scope link src 10.23.23.2 192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.11
When you upgrade to Cumulus Linux 2.5.3 from a namespace, do not use
Back up any important files (like
cl-img-select then reboot the switch.
Management MRF is an experimental feature in Cumulus Linux 2.5.3. You must upgrade your switch to Cumulus Linux 2.5.3 before attempting to configure the management MRF. To enable management MRF:
- Uncomment the testing repo in
# # The Cumulus Package Repository. # # Only packages from this repository are supported # # deb http://repo.cumulusnetworks.com CumulusLinux-2.5 main addons updates deb http://repo.cumulusnetworks.com CumulusLinux-2.5 security-updates # Uncomment the next line to get access to the testing component deb http://repo.cumulusnetworks.com CumulusLinux-2.5 testing
- Update the
$ sudo apt-get update
- Install the management MRF package:
sudo apt-get install cl-mgmtmrf
- Run the management MRF script:
sudo cl-mgmtmrf --setup
That's it. There's no need to reboot or restart any services.
Verifying Management MRF
To check the status of management MRF, run:
This will display
cl-mgmtmrf is NOT enabled or
cl-mgmtmrf is enabled, depending upon whether management MRF is disabled or enabled.
Disabling Management MRF
To disable managment MRF, run:
sudo cl-mgmtmrf --undo
About Static Gateways
If a static gateway is used in the eth0 definition, you must change the configuration to assign the default in the correct routing table. Then you must bounce eth0 for the change to take effect.
auto eth0 iface eth0 inet static address 192.168.0.12/24 gateway 192.168.0.1
auto eth0 iface eth0 address 192.168.0.12/24 post-up ip route add default via 192.168.0.1 dev eth0 table mgmt
Then bounce eth0:
sudo ifdown eth0; sudo ifup eth0