Linux Kernel 4.3 has had some changes made for VXLAN and MPLS. A Merge Branch 'lwtunnel' has been merged. The patch set is listed at LWN as [PATCH net-next 00/22] Lightweight & flow based encapsulation. The interesting aspect of the code is that the documentation presents examples for creating VXLAN and MPLS light weight tunnels:
VXLAN: ip route add 40.1.1.1/32 encap vxlan id 10 dst 50.1.1.2 dev vxlan0 MPLS: ip route add 10.1.1.0/30 encap mpls 200 via inet 10.1.1.1 dev swp1
vrf-lite has also been made available. iproute2 tools are used to provide the functionality. It appears to be functional for ipv4 only for now. Utilities such as tcpdump, ping, tc, and netfilter are vrf-lite aware.
Kernel v4.3 will have something called Identifier Locator Addressing. This works with ipv6 only. From the article:
... each task in the data center is assigned a unique identifier that is not tied to any specific location in the net. That identifier is built into that task's IPv6 network address; the networking subsystem then does the necessary magic to route packets properly between them, changing the routing as needed as the task moves between machines.
Another addition to kernel v4.3 is a ipvlan driver A pdf with background information. Fundamentally, this is for l2/l3 based namespaces to share the mac address of a physical port (for instances where external switch policy only allows a single mac address per port).
Creating Overlay Networks Using Intel Ethernet Converged Network Adapters
IpRoute2 Stuff:
- baturin.org: lots of good recipes, including namespace support, l2tpv3, vxlan, multicast, and network event monitoring
- IPROUTE2 Utility Suite Howto: kernel circa 2.2 - 2.6. usual stuff plus ip tunnel, ip rule, ip monitor, multiple route tables
- How To Use IPRoute2 Tools to Manage Network Configuration on a Linux VPS: Digital Ocean related notes for their VP service
- xmodulo: Linux TCP/IP networking: net-tools vs. iproute2
- Information about gmane.linux.network: mailing list for Linux network development
- Simulating VRF Lite with iproute2
- Linux Advanced Routing and Traffic Control HOWTO
- Application Layer Packet Classifier for Linux: obsolete, and even going to Clear Foundation results in kernel v2 stuff. But the original l7-filter page has links to various firewall applications, including something from ZeroShell, which side-tracked me to Kerberos Protocol Tutorial.
- iproute2: Linux Foundation
- iproute2 From Wikipedia
- Linux NetDev Mailing List
- mplsadm: a cached page for mplsadm, really old, not really relevant, but an indicator for manually maintaining mpls labels
https://github.com/cilium/cilium/blob/d4b93781b8f2
Tracked: Aug 15, 20:21