VRF

Source: unfriendlygrinch - Mar 16, 2022 Traditionally speaking, the OpenBSD kernel routing system has a single table for routes. This means it only allows non-conflicting IP address assignments and all network interfaces on the system are connected to a single routing table. Therefore, by default, all interfaces on an OpenBSD server belong to rdomain 0. Assuming that IP Forwarding is enabled and pf(4) allows it, traffic will flow freely between all interfaces. This functionality is also present in userland tools such as dhclient(8), dhcpd(8), and in the routing protocol daemons ospfd(8), and bgpd(8). The ability to have routing domains first appeared in OpenBSD 4.6, allowing for virtual routing and firewalling. ...

Source: packetmischief - September 20, 2011 The OpenBSD routing table can be carved into multiple virtual routing tables allowing complete logical separation of attached networks. This article gives a brief overview of rtables and explains how to successfully leak traffic between virtual routing domains. The ability to virtualize the routing table in OpenBSD first appeared in version 4.6. Since then the functionality has matured nicely with support for virtual routing tables now present in userland tools such as dhclient(8) and dhcpd(8) and in the routing protocol daemons ripd(8), ospfd(8), and bgpd(8). Kernel side, pf(4) has been extended to handle filtering of packets based on the routing table they came in on as well as being able to move packets between routing tables. This article will concentrate on the latter with examples of how to setup separate routing tables and leak traffic between them successfully. ...