Manual:Internet access from VRF: Difference between revisions

From MikroTik Wiki
Jump to navigation Jump to search
m Protected "Manual:Internet access from VRF" ([edit=sysop] (indefinite) [move=sysop] (indefinite))
mNo edit summary
 
(9 intermediate revisions by one other user not shown)
Line 1: Line 1:
== Description ==
''Packages required: '''routing-test''', '''mpls-test''''', RouterOS version 3.23+
''Packages required: '''routing-test''', '''mpls-test''''', RouterOS version 3.23+


= Description =


There are multiple ways how Internet access could be provided to VRF clients. They are outlined in RFC 4364 section 11, for example.
There are multiple ways how Internet access could be provided to VRF clients. They are outlined in RFC 4364 section 11, for example.
Line 7: Line 8:
Here we show the way how to configure access using global routing table.
Here we show the way how to configure access using global routing table.


= Example =
== Example ==


[[Image:l3vpn-internet.png]]
[[Image:l3vpn-internet.png|740px]]


=== Default routes ===
=== Default routes ===


Add default routes to VRF routing tables on PE:
Add default routes to VRF routing tables on PE:
<pre>
  /ip route add routing-mark=cust-one gateway=10.0.0.1@main
  /ip route add routing-mark=cust-one gateway=10.0.0.1@main
  /ip route add routing-mark=cust-two gateway=10.0.0.1@main
  /ip route add routing-mark=cust-two gateway=10.0.0.1@main
</pre>


Note that we must explicitly specify that the gateway should be resolved in the '''@main''' routing table, otherwise the routes will not become active.
Note that we must explicitly specify that the gateway should be resolved in the '''@main''' routing table, otherwise the routes will not become active.
Line 26: Line 29:


Add these routes to PE's route table and redistribute them via OSPF:
Add these routes to PE's route table and redistribute them via OSPF:
<pre>
  /ip route add dst-address=10.7.7.0/24 gateway=10.3.3.4%ether2
  /ip route add dst-address=10.7.7.0/24 gateway=10.3.3.4%ether2
  /ip route add dst-address=10.8.8.0/24 gateway=10.4.4.5%ether3
  /ip route add dst-address=10.8.8.0/24 gateway=10.4.4.5%ether3
</pre>


And this is how should look in print:
And this is how should look in print:
<pre>
  [admin@PE2] > /ip route print detail where !routing-mark
  [admin@PE2] > /ip route print detail where !routing-mark
   ...
   ...
   5 A S  dst-address=10.7.7.0/24 gateway=10.3.3.4 on cust-one reachable ether2 distance=1 scope=30 target-scope=10
   5 A S  dst-address=10.7.7.0/24 gateway=10.3.3.4 on cust-one reachable ether2  
    distance=1 scope=30 target-scope=10
   &nbsp;
   &nbsp;
   6 A S  dst-address=10.8.8.0/24 gateway=10.4.4.5 on cust-two reachable ether3 distance=1 scope=30 target-scope=10
   6 A S  dst-address=10.8.8.0/24 gateway=10.4.4.5 on cust-two reachable ether3  
      distance=1 scope=30 target-scope=10
</pre>


[[Category:Unfinished]]
[[Category:Routing|Internet access from VRF]]
[[Category:Routing]]
[[Category:Internetworking|Internet access from VRF]]
[[Category:Internetworking]]
[[Category:Manual|Internet access from VRF]]
[[Category:Manual]]
[[Category:Examples|Internet access from VRF]]

Latest revision as of 12:23, 14 April 2010

Description

Packages required: routing-test, mpls-test, RouterOS version 3.23+


There are multiple ways how Internet access could be provided to VRF clients. They are outlined in RFC 4364 section 11, for example.

Here we show the way how to configure access using global routing table.

Example

Default routes

Add default routes to VRF routing tables on PE:

 /ip route add routing-mark=cust-one gateway=10.0.0.1@main
 /ip route add routing-mark=cust-two gateway=10.0.0.1@main

Note that we must explicitly specify that the gateway should be resolved in the @main routing table, otherwise the routes will not become active.

Routes to client's networks

Routes to client's networks should be added in the main routing table, while their nexthops should be reachable via client's VRF interfaces, and as such belong to the VRF tables.

On the other hand, there is no way how to explicitly specify that gateway must be resolved in any other table, except the main table. So instead we specify the interface (which is in a VRF) and nexthop gateway address (which must be directly reachable on that interface). For point-to-point interfaces even the gateway address is not required.

Add these routes to PE's route table and redistribute them via OSPF:

 /ip route add dst-address=10.7.7.0/24 gateway=10.3.3.4%ether2
 /ip route add dst-address=10.8.8.0/24 gateway=10.4.4.5%ether3

And this is how should look in print:

 [admin@PE2] > /ip route print detail where !routing-mark
  ...
  5 A S  dst-address=10.7.7.0/24 gateway=10.3.3.4 on cust-one reachable ether2 
     distance=1 scope=30 target-scope=10
   
  6 A S  dst-address=10.8.8.0/24 gateway=10.4.4.5 on cust-two reachable ether3 
      distance=1 scope=30 target-scope=10