Red Hat Training

A Red Hat training course is available for RHEL 8

Chapter 39. Reusing the same IP address on different interfaces

With Virtual routing and forwarding (VRF), administrators can use multiple routing tables simultaneously on the same host. For that, VRF partitions a network at layer 3. This enables the administrator to isolate traffic using separate and independent route tables per VRF domain. This technique is similar to virtual LANs (VLAN), which partitions a network at layer 2, where the operating system uses different VLAN tags to isolate traffic sharing the same physical medium.

One benefit of VRF over partitioning on layer 2 is that routing scales better considering the number of peers involved.

Red Hat Enterprise Linux uses a virtual vrt device for each VRF domain and adds routes to a VRF domain by adding existing network devices to a VRF device. Addresses and routes previously attached to the original device will be moved inside the VRF domain.

Note that each VRF domain is isolated from each other.

39.1. Permanently reusing the same IP address on different interfaces

You can use the virtual routing and forwarding (VRF) feature to permanently use the same IP address on different interfaces in one server.

Important

To enable remote peers to contact both VRF interfaces while reusing the same IP address, the network interfaces must belong to different broadcasting domains. A broadcast domain in a network is a set of nodes, which receive broadcast traffic sent by any of them. In most configurations, all nodes connected to the same switch belong to the same broadcasting domain.

Prerequisites

  • You are logged in as the root user.
  • The network interfaces are not configured.

Procedure

  1. Create and configure the first VRF device:

    1. Create a connection for the VRF device and assign it to a routing table. For example, to create a VRF device named vrf0 that is assigned to the 1001 routing table:

      # nmcli connection add type vrf ifname vrf0 con-name vrf0 table 1001 ipv4.method disabled ipv6.method disabled
    2. Enable the vrf0 device:

      # nmcli connection up vrf0
    3. Assign a network device to the VRF just created. For example, to add the enp1s0 Ethernet device to the vrf0 VRF device and assign an IP address and the subnet mask to enp1s0, enter:

      # nmcli connection add type ethernet con-name vrf.enp1s0 ifname enp1s0 master vrf0 ipv4.method manual ipv4.address 192.0.2.1/24
    4. Activate the vrf.enp1s0 connection:

      # nmcli connection up vrf.enp1s0
  2. Create and configure the next VRF device:

    1. Create the VRF device and assign it to a routing table. For example, to create a VRF device named vrf1 that is assigned to the 1002 routing table, enter:

      # nmcli connection add type vrf ifname vrf1 con-name vrf1 table 1002 ipv4.method disabled ipv6.method disabled
    2. Activate the vrf1 device:

      # nmcli connection up vrf1
    3. Assign a network device to the VRF just created. For example, to add the enp7s0 Ethernet device to the vrf1 VRF device and assign an IP address and the subnet mask to enp7s0, enter:

      # nmcli connection add type ethernet con-name vrf.enp7s0 ifname enp7s0 master vrf1 ipv4.method manual ipv4.address 192.0.2.1/24
    4. Activate the vrf.enp7s0 device:

      # nmcli connection up vrf.enp7s0

39.2. Temporarily reusing the same IP address on different interfaces

You can use the virtual routing and forwarding (VRF) feature to temporarily use the same IP address on different interfaces in one server. Use this procedure only for testing purposes, because the configuration is temporary and lost after you reboot the system.

Important

To enable remote peers to contact both VRF interfaces while reusing the same IP address, the network interfaces must belong to different broadcasting domains. A broadcast domain in a network is a set of nodes which receive broadcast traffic sent by any of them. In most configurations, all nodes connected to the same switch belong to the same broadcasting domain.

Prerequisites

  • You are logged in as the root user.
  • The network interfaces are not configured.

Procedure

  1. Create and configure the first VRF device:

    1. Create the VRF device and assign it to a routing table. For example, to create a VRF device named blue that is assigned to the 1001 routing table:

      # ip link add dev blue type vrf table 1001
    2. Enable the blue device:

      # ip link set dev blue up
    3. Assign a network device to the VRF device. For example, to add the enp1s0 Ethernet device to the blue VRF device:

      # ip link set dev enp1s0 master blue
    4. Enable the enp1s0 device:

      # ip link set dev enp1s0 up
    5. Assign an IP address and subnet mask to the enp1s0 device. For example, to set it to 192.0.2.1/24:

      # ip addr add dev enp1s0 192.0.2.1/24
  2. Create and configure the next VRF device:

    1. Create the VRF device and assign it to a routing table. For example, to create a VRF device named red that is assigned to the 1002 routing table:

      # ip link add dev red type vrf table 1002
    2. Enable the red device:

      # ip link set dev red up
    3. Assign a network device to the VRF device. For example, to add the enp7s0 Ethernet device to the red VRF device:

      # ip link set dev enp7s0 master red
    4. Enable the enp7s0 device:

      # ip link set dev enp7s0 up
    5. Assign the same IP address and subnet mask to the enp7s0 device as you used for enp1s0 in the blue VRF domain:

      # ip addr add dev enp7s0 192.0.2.1/24
  3. Optionally, create further VRF devices as described above.

39.3. Additional resources

  • /usr/share/doc/kernel-doc-<kernel_version>/Documentation/networking/vrf.txt from the kernel-doc package