veth

A usual way to connect VRF together is to use a veth interface. The veth interfaces are virtual Ethernet devices that are always created in interconnected pairs. They can act as tunnels between network namespaces.

veth interfaces are similar to xvrf interfaces, with the following differences:

  • the MAC address can be configured on veth interfaces

  • veth interfaces are not flagged NOARP, meaning that ARP or NDP resolution is done when sending an IP packet through it

  • veth interfaces support IP configuration

See also

xvrf interfaces.

Here is an example of configuration where veth interfaces connect two VRF.

vrouter running config# / vrf vr1
vrouter running vrf vr1# interface veth veth-to-vr2
vrouter running veth veth-to-vr2#! link-interface veth-to-vr1 link-vrf vr2
vrouter running veth veth-to-vr2#! ipv4 address 10.1.1.1/24
vrouter running veth veth-to-vr2#! / vrf vr2
vrouter running vrf vr2#! interface veth veth-to-vr1
vrouter running veth veth-to-vr1#! link-interface veth-to-vr2 link-vrf vr1
vrouter running veth veth-to-vr1# ipv4 address 10.1.1.2/24
vrouter running veth veth-to-vr1# commit

A YANG condition ensures that the binding of veth interfaces is consistent: the veth interfaces of a given pair must bind each other.

A route can then be added in vr2 to reach a network 10.100.0.0/16 through vr1:

vrouter running config# vrf vr2
vrouter running vrf vr2# routing static
vrouter running static# ipv4-route 10.100.0.0/16 next-hop 10.1.1.1
vrouter running static# commit

Let’s fetch the veth state inside vr1 afer committing this configuration:

vrouter running config# show state vrf vr1 interface veth
veth veth-to-vr2
    mtu 1500
    promiscuous false
    enabled true
    ipv4
        address 10.1.1.1/24
        ..
    ipv6
        address fe80::687e:84ff:fed1:cc6/64
        ..
    oper-status UP
    counters
        in-octets 738
        in-unicast-pkts 7
        in-discards 0
        in-errors 0
        out-octets 738
        out-unicast-pkts 7
        out-discards 0
        out-errors 0
        ..
    ethernet
        mac-address 6a:7e:84:d1:0c:c6
        ..
    link-interface veth-to-vr1
    link-vrf vr2
    ..

The same configuration can be made using this NETCONF XML configuration.

vrouter running config# show config xml absolute
<config xmlns="urn:6wind:vrouter">
  <vrf>
    <name>vr1</name>
    <interface xmlns="urn:6wind:vrouter/interface">
      <veth xmlns="urn:6wind:vrouter/veth">
        <name>veth-to-vr2</name>
        <enabled>true</enabled>
        <ipv4>
          <enabled>true</enabled>
          <address>
            <ip>10.1.1.1/24</ip>
          </address>
        </ipv4>
        <link-interface>veth-to-vr1</link-interface>
        <link-vrf>vr2</link-vrf>
        (...)
      </veth>
    </interface>
  </vrf>
  <vrf>
    <name>vr2</name>
    <interface xmlns="urn:6wind:vrouter/interface">
      <veth xmlns="urn:6wind:vrouter/veth">
        <name>veth-to-vr1</name>
        <enabled>true</enabled>
        <ipv4>
          <enabled>true</enabled>
          <address>
            <ip>10.1.1.2/24</ip>
          </address>
        </ipv4>
        <link-interface>veth-to-vr2</link-interface>
        <link-vrf>vr1</link-vrf>
        (...)
      </veth>
    </interface>
  </vrf>
</config>

See also

The command reference for details.