iperf3 with Netplan VRFs

Question

Hi I have 2 Ubuntu 22 machines with 3-3 different VRFs configured through netplan.

When I do a ping -I <source-interface> <destination-IP> everything is working fine, ICMP traffic passing through the right VRF as the associated source interface is selected.

I would like to do performance tests with iperf3 but I cannot find the way to specify the source interface so the application would use the proper VRF. Is there a way to do this?

score 0 · Accepted Answer · answered Aug 04 '23 at 15:37

The option --bind-dev was added for your specific purpose:

enh: Support SO_BINDTODEVICE (#1097)

This lets iperf work better with multi-homed machines and VRF.

Alas, this option is not available on iperf3 as shipped by Ubuntu 22 LTS. It's available in the next (not yet EOL-ed) release Ubuntu 23.04:

--bind-dev dev
       bind to the specified network interface.  This option uses SO_BINDTODEVICE, and may
       require root permissions.  (Available on Linux and possibly other systems.)

The command would then be for a client choosing the vrf-blue interface and reaching the server at 198.51.100.2:

iperf3 --bind-dev vrf-blue -c 198.51.100.2

Meanwhile, you could either:

Use ip vrf exec which is a BPF wrapper/interceptor relying on cgroupv2. It will make the application auto-use SO_BINDTODEVICE.

On the client the command would be like:
```
ip vrf exec vrf-blue iperf3 -c 198.51.100.2
```
to bind to vrf-blue (and let it choose the right source IP address, else also use --bind).
if prerequisites are unavailable, you could create a LD_PRELOAD wrapper around bind(2) to alter the behavior in the same way.

I already made such wrapper in C available in this Q/A's answer: How can I configure a podman container to use my wireguard interface only?

The wrapper being a bit less intuitive, requires to bind to an address and match it with an environment variable to confirm it will bind to the interface (using an other environment variable). If the local source address to use when binding on vrf-blue is 192.0.2.2, the equivalent of above would be (that's actually a single line):
```
LD_PRELOAD=./bindtodevicewrapper.so \
WRAPPER_BINDTODEVICE=vrf-blue \
WRAPPER_INET=192.0.2.2 \
iperf3 --bind 192.0.2.2 -c 198.51.100.2
```

This: `ip vrf exec ` is pure gold, thank you !!! – Seathorn Aug 07 '23 at 07:00 — Seathorn, Aug 07 '23 at 07:00

iperf3 with Netplan VRFs

1 Answers1