bind-to-interface option
David Ahern
dsa at cumulusnetworks.com
Tue Nov 24 10:59:48 AEDT 2015
On 11/23/15 4:50 PM, Damien Miller wrote:
> On Sun, 22 Nov 2015, David Ahern wrote:
>
>> Hi:
>>
>> The openssh suite of commands have an option to specify address (e.g,
>> ListenAddress for sshd) but I do not see support for bind-to-interface.
>>
>> The motivating use case for me is using openssh commands (sshd, ssh, scp,
>> sftp) with the recent VRF capability added to the Linux kernel. The VRF design
>> relies on the bind-to-interface option to select the correct routing tables.
>> Before I started working on patches I wanted to get a sense of whether it
>> would be accepted.
>
> What's wrong with the existing BindAddress option?
>
For my use case the problem is that it is an address, not a device.
The VRF implementation with Linux expects tasks to use the
SO_BINDTODEVICE option to bind to the VRF-device. That triggers the use
of a route table associated with the VRF domain which can encapsulate
one or more network interfaces. Addresses are local to a VRF domain
(e.g., 2 interfaces in 2 different VRFs can have the same IP address).
i.e., to run ssh/scp/sftp/sshd in a VRF context requires the bind to
device option.
More information about the openssh-unix-dev
mailing list