Page MenuHomeVyOS Platform

interfaces veth/veth-pairs -standalone used
Needs testing, Requires assessmentPublicFEATURE REQUEST

Description

Hi team

On Linux has the ability to connect interfaces veth, not just a namespace or container, if not different types of virtual networks. also enable communication with and between virtualized guest systems. A veth device has two associated Ethernet interfaces – so called “peer” interfaces.

https://linux-blog.anracom.com/2016/02/02/fun-with-veth-devices-linux-virtual-bridges-kvm-vmware-attach-the-host-and-connect-bridges-via-veth/

“veth” devices are instead created as pairs of connected virtual Ethernet interfaces. These 2 devices can be imagined as being connected by a network cable; each veth-device of a pair can be attached to different virtual entities as OpenVswitch bridges, LXC containers or Linux standard bridges. veth pairs are ideal to connect virtual devices to each other.

example: veth interfaces to interconnect different vrf:

Step1: create and configure veth interface

sudo ip link add DSR201-VE1 type veth peer name BR10-DSR201-VE1
sudo ip link add DSR202-VE1 type veth peer name BR10-DSR202-VE1
sudo ip link add DSR203-VE1 type veth peer name BR10-DSR203-VE1
sudo ip addr add 10.85.228.5/25 dev DSR201-VE1
sudo ip addr add 10.85.228.6/25 dev DSR202-VE1
sudo ip addr add 10.85.228.7/25 dev DSR203-VE1
sudo ip link set dev DSR201-VE1 up
sudo ip link set dev DSR202-VE1 up
sudo ip link set dev DSR203-VE1 up
sudo ip link set dev BR10-DSR201-VE1 up
sudo ip link set dev BR10-DSR202-VE1 up
sudo ip link set dev BR10-DSR203-VE1 up 

Step2: associate veth with VRF(already created vrf )


sudo ip link set DSR201-VE1 vrf VRF-DSR201
sudo ip link set DSR202-VE1 vrf VRF-DSR202
sudo ip link set DSR203-VE1 vrf VRF-DSR203


Step3: create a bridge then bridge those veths

sudo ip link add BR10-XSR type bridge
sudo ip link set dev BR10-XSR up

sudo ip link set BR10-DSR201-VE1 master BR10-XSR
sudo ip link set BR10-DSR202-VE1 master BR10-XSR
sudo ip link set BR10-DSR203-VE1 master BR10-XSR

`

this configuration we can see something like this:

[email protected]:~$ bridge link
36: [email protected]: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master BR10-XSR state forwarding priority 32 cost 2
38: [email protected]: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master BR10-XSR state forwarding priority 32 cost 2
40: [email protected]: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master BR10-XSR state forwarding priority 32 cost 2



[email protected]:~$ show bridge
Bridge interface BR10-XSR:
Member           State       MTU    Flags                            Prio
---------------  ----------  -----  -------------------------------  ------
BR10-DSR201-VE1  forwarding  1500   broadcast,multicast,up,lower_up  32
BR10-DSR202-VE1  forwarding  1500   broadcast,multicast,up,lower_up  32
BR10-DSR203-VE1  forwarding  1500   broadcast,multicast,up,lower_up  32


[email protected]:~$ show ip route vrf VRF-DSR201
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
       f - OpenFabric,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup
       t - trapped, o - offload failure

VRF VRF-DSR201:
C>* 10.85.228.0/25 is directly connected, DSR201-VE1, 02:06:01


[email protected]:~$ show ip route vrf VRF-DSR202
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
       f - OpenFabric,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup
       t - trapped, o - offload failure

VRF VRF-DSR202:
C>* 10.85.228.0/25 is directly connected, DSR202-VE1, 02:06:57


[email protected]:~$ show ip route vrf VRF-DSR203
VRF VRF-DSR203:
C>* 10.85.228.0/25 is directly connected, DSR203-VE1, 02:06:59


[email protected]:~$ ping 10.85.228.5 vrf VRF-DSR201
PING 10.85.228.5 (10.85.228.5) 56(84) bytes of data.
64 bytes from 10.85.228.5: icmp_seq=1 ttl=64 time=0.054 ms
64 bytes from 10.85.228.5: icmp_seq=2 ttl=64 time=0.045 ms
^C
--- 10.85.228.5 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1010ms
rtt min/avg/max/mdev = 0.045/0.049/0.054/0.004 ms
[email protected]:~$ ping 10.85.228.6 vrf VRF-DSR201
PING 10.85.228.6 (10.85.228.6) 56(84) bytes of data.
64 bytes from 10.85.228.6: icmp_seq=1 ttl=64 time=0.099 ms
64 bytes from 10.85.228.6: icmp_seq=2 ttl=64 time=0.117 ms
^C
--- 10.85.228.6 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1061ms
rtt min/avg/max/mdev = 0.099/0.108/0.117/0.009 ms
[email protected]:~$ ping 10.85.228.7 vrf VRF-DSR201
PING 10.85.228.7 (10.85.228.7) 56(84) bytes of data.
64 bytes from 10.85.228.7: icmp_seq=1 ttl=64 time=0.086 ms
64 bytes from 10.85.228.7: icmp_seq=2 ttl=64 time=0.140 ms
64 bytes from 10.85.228.7: icmp_seq=3 ttl=64 time=0.086 m

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Feature (new functionality)

Related Objects

StatusSubtypeAssignedTask
OpenFEATURE REQUESTNone
OpenFEATURE REQUESTNone
Needs testingFEATURE REQUESTViacheslav

Event Timeline

PR https://github.com/vyos/vyos-1x/pull/1668

set vrf name foo table '1010'
set vrf name bar table '1011'
set vrf name baz table '1012'

set interfaces virtual-ethernet veth0 peer-name 'veth1010'
set interfaces virtual-ethernet veth1 peer-name 'veth1011'
set interfaces virtual-ethernet veth2 peer-name 'veth1012'
set interfaces virtual-ethernet veth1010 address '10.0.0.10/24'
set interfaces virtual-ethernet veth1010 description 'vrf-foo'
set interfaces virtual-ethernet veth1010 peer-name 'veth0'
set interfaces virtual-ethernet veth1010 vrf 'foo'
set interfaces virtual-ethernet veth1011 address '10.0.0.11/24'
set interfaces virtual-ethernet veth1011 description 'vrf-bar'
set interfaces virtual-ethernet veth1011 peer-name 'veth1'
set interfaces virtual-ethernet veth1011 vrf 'bar'
set interfaces virtual-ethernet veth1012 address '10.0.0.12/24'
set interfaces virtual-ethernet veth1012 description 'vrf-baz'
set interfaces virtual-ethernet veth1012 peer-name 'veth2'
set interfaces virtual-ethernet veth1012 vrf 'baz'

set interfaces bridge br0 address '10.0.0.1/24'
set interfaces bridge br0 member interface veth0
set interfaces bridge br0 member interface veth1
set interfaces bridge br0 member interface veth2

show interfaces:

[email protected]:~$ show int
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface        IP Address                        S/L  Description
---------        ----------                        ---  -----------
br0              10.0.0.1/24                       u/u  
eth0             192.168.122.14/24                 u/u  WAN
eth1             192.0.2.1/24                      u/u  
lo               127.0.0.1/8                       u/u  
                 ::1/128                                
veth0            -                                 u/u  
veth1            -                                 u/u  
veth2            -                                 u/u  
veth1010         10.0.0.10/24                      u/u  vrf-foo
veth1011         10.0.0.11/24                      u/u  vrf-bar
veth1012         10.0.0.12/24                      u/u  vrf-baz
[email protected]:~$

check connectivity between VRF default an others

[email protected]:~$ ping 10.0.0.10 count 2
PING 10.0.0.10 (10.0.0.10) 56(84) bytes of data.
64 bytes from 10.0.0.10: icmp_seq=1 ttl=64 time=0.144 ms
64 bytes from 10.0.0.10: icmp_seq=2 ttl=64 time=0.066 ms

--- 10.0.0.10 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1013ms
rtt min/avg/max/mdev = 0.066/0.105/0.144/0.039 ms
[email protected]:~$ 
[email protected]:~$ 
[email protected]:~$ ping 10.0.0.11 count 2
PING 10.0.0.11 (10.0.0.11) 56(84) bytes of data.
64 bytes from 10.0.0.11: icmp_seq=1 ttl=64 time=0.073 ms
64 bytes from 10.0.0.11: icmp_seq=2 ttl=64 time=0.080 ms

--- 10.0.0.11 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1060ms
rtt min/avg/max/mdev = 0.073/0.076/0.080/0.003 ms
[email protected]:~$ 
[email protected]:~$ 
[email protected]:~$ ping 10.0.0.12 count 2
PING 10.0.0.12 (10.0.0.12) 56(84) bytes of data.
64 bytes from 10.0.0.12: icmp_seq=1 ttl=64 time=0.089 ms
64 bytes from 10.0.0.12: icmp_seq=2 ttl=64 time=0.077 ms

--- 10.0.0.12 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1005ms
rtt min/avg/max/mdev = 0.077/0.083/0.089/0.006 ms
[email protected]:~$

show bridge/vrf

[email protected]:~$ bridge link
132: [email protected]: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 100 
134: [email protected]: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 100 
136: [email protected]: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 100 
[email protected]:~$ 
[email protected]:~$ 
[email protected]:~$ show bridge
Bridge interface br0:
Member    State       MTU    Flags                            Prio
--------  ----------  -----  -------------------------------  ------
veth0     forwarding  1500   broadcast,multicast,up,lower_up  32
veth2     forwarding  1500   broadcast,multicast,up,lower_up  32
veth1     forwarding  1500   broadcast,multicast,up,lower_up  32

[email protected]:~$ 
[email protected]:~$ 
[email protected]:~$ show vrf
Name    State    MAC address        Flags                     Interfaces
------  -------  -----------------  ------------------------  ------------
bar     up       92:07:3b:f4:79:06  noarp,master,up,lower_up  veth1011
baz     up       86:ce:c6:a8:bf:33  noarp,master,up,lower_up  veth1012
foo     up       9e:c2:bf:dd:29:3c  noarp,master,up,lower_up  veth1010
[email protected]:~$ 
[email protected]:~$
Viacheslav changed the task status from Open to Needs testing.Thu, Nov 24, 7:46 PM
Viacheslav claimed this task.

I've made some tested, it seems works as we expected :

[email protected]:~$ show configuration commands | match "veth|br"
set interfaces bridge br10 member interface veth201
set interfaces bridge br10 member interface veth202
set interfaces bridge br10 member interface veth203

set interfaces virtual-ethernet veth201 description 'DSR201-VE1'
set interfaces virtual-ethernet veth201 peer-name 'veth1201'
set interfaces virtual-ethernet veth202 description 'DSR202-VE1'
set interfaces virtual-ethernet veth202 peer-name 'veth1202'
set interfaces virtual-ethernet veth203 description 'DSR203-VE1'
set interfaces virtual-ethernet veth203 peer-name 'veth1203'
set interfaces virtual-ethernet veth1201 address '10.85.228.5/25'
set interfaces virtual-ethernet veth1201 description 'vrf-DSR201'
set interfaces virtual-ethernet veth1201 peer-name 'veth201'
set interfaces virtual-ethernet veth1201 vrf 'VRF-DSR201'
set interfaces virtual-ethernet veth1202 address '10.85.228.6/25'
set interfaces virtual-ethernet veth1202 description 'vrf-DSR202'
set interfaces virtual-ethernet veth1202 peer-name 'veth202'
set interfaces virtual-ethernet veth1202 vrf 'VRF-DSR202'
set interfaces virtual-ethernet veth1203 address '10.85.228.7/25'
set interfaces virtual-ethernet veth1203 description 'vrf-DSR203'
set interfaces virtual-ethernet veth1203 peer-name 'veth203'
set interfaces virtual-ethernet veth1203 vrf 'VRF-DSR203'

we see those interface veth in each vrf table :

[email protected]:~$ show ip route vrf VRF-DSR201
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
       f - OpenFabric,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup
       t - trapped, o - offload failure

VRF VRF-DSR201:
O   10.85.228.0/25 [110/1] is directly connected, veth1201, weight 1, 00:56:22
C>* 10.85.228.0/25 is directly connected, veth1201, 00:56:28
C>* 172.16.108.61/32 is directly connected, dum201, 00:56:30
O   192.168.221.111/32 [110/1] via 0.0.0.0, dum221 onlink, weight 1, 00:56:22
C>* 192.168.221.111/32 is directly connected, dum221, 00:56:30
O>* 192.168.222.112/32 [110/2] via 10.85.228.6, veth1201, weight 1, 00:55:33
O>* 192.168.223.113/32 [110/2] via 10.85.228.7, veth1201, weight 1, 00:55:33
C>* 192.168.255.111/32 is directly connected, dum201, 00:56:30

[email protected]:~$ show ip route vrf VRF-DSR202
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
       f - OpenFabric,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup
       t - trapped, o - offload failure

VRF VRF-DSR202:
O   10.85.228.0/25 [110/1] is directly connected, veth1202, weight 1, 00:55:44
C>* 10.85.228.0/25 is directly connected, veth1202, 00:56:39
C>* 103.242.108.62/32 is directly connected, dum202, 00:56:41
O>* 192.168.221.111/32 [110/2] via 10.85.228.5, veth1202, weight 1, 00:55:41
O   192.168.222.112/32 [110/1] via 0.0.0.0, dum222 onlink, weight 1, 00:56:31
C>* 192.168.222.112/32 is directly connected, dum222, 00:56:39
O>* 192.168.223.113/32 [110/2] via 10.85.228.7, veth1202, weight 1, 00:55:44
C>* 192.168.255.112/32 is directly connected, dum202, 00:56:41

[email protected]:~$ show ip route vrf VRF-DSR203
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
       f - OpenFabric,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup
       t - trapped, o - offload failure

VRF VRF-DSR203:
O   10.85.228.0/25 [110/1] is directly connected, veth1203, weight 1, 00:56:37
C>* 10.85.228.0/25 is directly connected, veth1203, 00:56:42
C>* 172.16.108.63/32 is directly connected, dum203, 00:56:44
O>* 192.168.221.111/32 [110/2] via 10.85.228.5, veth1203, weight 1, 00:55:42
O>* 192.168.222.112/32 [110/2] via 10.85.228.6, veth1203, weight 1, 00:55:47
O   192.168.223.113/32 [110/1] via 0.0.0.0, dum223 onlink, weight 1, 00:56:37
C>* 192.168.223.113/32 is directly connected, dum223, 00:56:41
C>* 192.168.255.113/32 is directly connected, dum203, 00:56:44
[email protected]:~$

[email protected]:~$ show version
Version:          VyOS 1.4-rolling-202211250318
Release train:    current

Built by:         [email protected]
Built on:         Fri 25 Nov 2022 03:18 UTC
Build UUID:       39c2acd7-6f92-4e5d-bc6a-aac2c2b640ad
Build commit ID:  ef7d02b09c49b4

Architecture:     x86_64
Boot via:         installed image
System type:      KVM guest

Hardware vendor:  QEMU
Hardware model:   Standard PC (i440FX + PIIX, 1996)
Hardware S/N:
Hardware UUID:    f1112e2b-e2a1-4c4f-a068-4242e281af8f

Copyright:        VyOS maintainers and contributor

I'll add a PR with documentation .

It must be RaiseConfigError if we delete one of the peers which related on the other veth interface

set interfaces virtual-ethernet veth0 peer-name 'veth1'
set interfaces virtual-ethernet veth1 peer-name 'veth0'

[email protected]# delete interfaces virtual-ethernet veth0
[edit]
[email protected]# commit
[edit]
[email protected]# sudo ip link show type veth
[edit]
[email protected]#