IP-VRF(8)                           Linux                          IP-VRF(8)

NAME         top

       ip-vrf - run a command against a vrf

SYNOPSIS         top

       ip vrf  { COMMAND | help }

       ip vrf show [ NAME ]

       ip vrf identify [ PID ]

       ip vrf pids NAME

       ip vrf exec [ NAME ] command...

DESCRIPTION         top

       A VRF provides traffic isolation at layer 3 for routing, similar to
       how a VLAN is used to isolate traffic at layer 2. Fundamentally, a
       VRF is a separate routing table. Network devices are associated with
       a VRF by enslaving the device to the VRF. At that point network
       addresses assigned to the device are local to the VRF with host and
       connected routes moved to the table associated with the VRF.

       A process can specify a VRF using several APIs -- binding the socket
       to the VRF device using SO_BINDTODEVICE, setting the VRF association
       using IP_UNICAST_IF or IPV6_UNICAST_IF, or specifying the VRF for a
       specific message using IP_PKTINFO or IPV6_PKTINFO.

       By default a process is not bound to any VRF. An association can be
       set explicitly by making the program use one of the APIs mentioned
       above or implicitly using a helper to set SO_BINDTODEVICE for all
       IPv4 and IPv6 sockets (AF_INET and AF_INET6) when the socket is
       created. This ip-vrf command is a helper to run a command against a
       specific VRF with the VRF association inherited parent to child.

       ip vrf show [ NAME ] - Show all configured VRF

              This command lists all VRF and their corresponding table ids.
              If NAME is given, then only that VRF and table id is shown.
              The latter command is useful for scripting where the table id
              for a VRF is needed.

       ip vrf exec [ NAME ] cmd ... - Run cmd against the named VRF

              This command allows applications that are VRF unaware to be
              run against a VRF other than the default VRF (main table). A
              command can be run against the default VRF by passing the
              "default" as the VRF name. This is useful if the current shell
              is associated with another VRF (e.g, Management VRF).

       ip vrf identify [PID] - Report VRF association for process

              This command shows the VRF association of the specified
              process. If PID is not specified then the id of the current
              process is used.

       ip vrf pids NAME - Report processes associated with the named VRF

              This command shows all process ids that are associated with
              the given VRF.

CAVEATS         top

       This command requires a kernel compiled with CGROUPS and CGROUP_BPF

       The VRF helper *only* affects network layer sockets.

EXAMPLES         top

       ip vrf exec red ssh
              Executes ssh to against the VRF red table.

SEE ALSO         top

       ip(8), ip-link(8), ip-address(8), ip-route(8), ip-neighbor(8)

AUTHOR         top

       Original Manpage by David Ahern

COLOPHON         top

       This page is part of the iproute2 (utilities for controlling TCP/IP
       networking and traffic) project.  Information about the project can
       be found at 
       If you have a bug report for this manual page, send it to,  This page was obtained
       from the project's upstream Git repository 
       on 2017-07-05.  If you discover any rendering problems in this HTML
       version of the page, or you believe there is a better or more up-to-
       date source for the page, or you have corrections or improvements to
       the information in this COLOPHON (which is not part of the original
       manual page), send a mail to

iproute2                         7 Dec 2016                        IP-VRF(8)