Manual:Internet access from VRF: Difference between revisions
m Protected "Manual:Internet access from VRF" ([edit=sysop] (indefinite) [move=sysop] (indefinite)) |
mNo edit summary |
||
(9 intermediate revisions by one other user not shown) | |||
Line 1: | Line 1: | ||
== Description == | |||
''Packages required: '''routing-test''', '''mpls-test''''', RouterOS version 3.23+ | ''Packages required: '''routing-test''', '''mpls-test''''', RouterOS version 3.23+ | ||
There are multiple ways how Internet access could be provided to VRF clients. They are outlined in RFC 4364 section 11, for example. | There are multiple ways how Internet access could be provided to VRF clients. They are outlined in RFC 4364 section 11, for example. | ||
Line 7: | Line 8: | ||
Here we show the way how to configure access using global routing table. | Here we show the way how to configure access using global routing table. | ||
= Example = | == Example == | ||
[[Image:l3vpn-internet.png]] | [[Image:l3vpn-internet.png|740px]] | ||
=== Default routes === | === Default routes === | ||
Add default routes to VRF routing tables on PE: | Add default routes to VRF routing tables on PE: | ||
<pre> | |||
/ip route add routing-mark=cust-one gateway=10.0.0.1@main | /ip route add routing-mark=cust-one gateway=10.0.0.1@main | ||
/ip route add routing-mark=cust-two gateway=10.0.0.1@main | /ip route add routing-mark=cust-two gateway=10.0.0.1@main | ||
</pre> | |||
Note that we must explicitly specify that the gateway should be resolved in the '''@main''' routing table, otherwise the routes will not become active. | Note that we must explicitly specify that the gateway should be resolved in the '''@main''' routing table, otherwise the routes will not become active. | ||
Line 26: | Line 29: | ||
Add these routes to PE's route table and redistribute them via OSPF: | Add these routes to PE's route table and redistribute them via OSPF: | ||
<pre> | |||
/ip route add dst-address=10.7.7.0/24 gateway=10.3.3.4%ether2 | /ip route add dst-address=10.7.7.0/24 gateway=10.3.3.4%ether2 | ||
/ip route add dst-address=10.8.8.0/24 gateway=10.4.4.5%ether3 | /ip route add dst-address=10.8.8.0/24 gateway=10.4.4.5%ether3 | ||
</pre> | |||
And this is how should look in print: | And this is how should look in print: | ||
<pre> | |||
[admin@PE2] > /ip route print detail where !routing-mark | [admin@PE2] > /ip route print detail where !routing-mark | ||
... | ... | ||
5 A S dst-address=10.7.7.0/24 gateway=10.3.3.4 on cust-one reachable ether2 distance=1 scope=30 target-scope=10 | 5 A S dst-address=10.7.7.0/24 gateway=10.3.3.4 on cust-one reachable ether2 | ||
distance=1 scope=30 target-scope=10 | |||
| | ||
6 A S dst-address=10.8.8.0/24 gateway=10.4.4.5 on cust-two reachable ether3 distance=1 scope=30 target-scope=10 | 6 A S dst-address=10.8.8.0/24 gateway=10.4.4.5 on cust-two reachable ether3 | ||
distance=1 scope=30 target-scope=10 | |||
</pre> | |||
[[Category: | [[Category:Routing|Internet access from VRF]] | ||
[[Category: | [[Category:Internetworking|Internet access from VRF]] | ||
[[Category: | [[Category:Manual|Internet access from VRF]] | ||
[[Category: | [[Category:Examples|Internet access from VRF]] |
Latest revision as of 12:23, 14 April 2010
Description
Packages required: routing-test, mpls-test, RouterOS version 3.23+
There are multiple ways how Internet access could be provided to VRF clients. They are outlined in RFC 4364 section 11, for example.
Here we show the way how to configure access using global routing table.
Example
Default routes
Add default routes to VRF routing tables on PE:
/ip route add routing-mark=cust-one gateway=10.0.0.1@main /ip route add routing-mark=cust-two gateway=10.0.0.1@main
Note that we must explicitly specify that the gateway should be resolved in the @main routing table, otherwise the routes will not become active.
Routes to client's networks
Routes to client's networks should be added in the main routing table, while their nexthops should be reachable via client's VRF interfaces, and as such belong to the VRF tables.
On the other hand, there is no way how to explicitly specify that gateway must be resolved in any other table, except the main table. So instead we specify the interface (which is in a VRF) and nexthop gateway address (which must be directly reachable on that interface). For point-to-point interfaces even the gateway address is not required.
Add these routes to PE's route table and redistribute them via OSPF:
/ip route add dst-address=10.7.7.0/24 gateway=10.3.3.4%ether2 /ip route add dst-address=10.8.8.0/24 gateway=10.4.4.5%ether3
And this is how should look in print:
[admin@PE2] > /ip route print detail where !routing-mark ... 5 A S dst-address=10.7.7.0/24 gateway=10.3.3.4 on cust-one reachable ether2 distance=1 scope=30 target-scope=10 6 A S dst-address=10.8.8.0/24 gateway=10.4.4.5 on cust-two reachable ether3 distance=1 scope=30 target-scope=10