Versions Compared

Old Version 52

changes.mady.by.user Olga Ļ.

Saved on

compared with

New Version 53

changes.mady.by.user Māris B.

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languageros
# mark new customer connections
/ip firewall mangle 
add action=mark-connection chain=prerouting connection-state=new new-connection-mark=\
    cust_a_conn src-address=192.168.1.0/24 passthrough=no
add action=mark-connection chain=prerouting connection-state=new new-connection-mark=\
    cust_b_conn src-address=192.168.2.0/24 passthrough=no 

# mark routing
/ip firewall mangle  
add action=mark-routing chain=prerouting connection-mark=cust_a_conn \
    in-interface=public new-routing-mark=cust_a
add action=mark-routing chain=prerouting connection-mark=cust_b_conn \
    in-interface=public new-routing-mark=cust_b

Static VRF-Lite Connected route leaking


Code Block
                   +-----------------+
                   |+-vrf1-+ +-vrf2-+|
client1(*.2)-------||ip *.1| |ip *.1||-------client2(*.2)
   (10.11.0.0/24)  |+------+ +------+|   (10.12.0.0/24)
                   +-----------------+


Code Block
languageros
/ip address
add address=10.11.0.1/24 interface=ether1
add address=10.12.0.1/24 interface=ether2

# add VRF configuration
/ip vrf
add name=vrf1 interface=ether1 place-before 0
add name=vrf2 interface=ether2 place-before 0

# add vrf routes
/ip route
add dst-address=10.11.0.0/24 gateway=vrf1 routing-table=vrf2
add dst-address=10.12.0.0/24 gateway=vrf2 routing-table=vrf1


Static inter-VRF routes

In general, it is recommended that all routes between VRF should be exchanged using BGP local import and export functionality. If that is not enough, static routes can be used to achieve this so-called route leaking.

...