...
Code Block |
---|
|
# mark new customer connections
/ip firewall mangle
add action=mark-connection chain=prerouting connection-state=new new-connection-mark=\
cust_a_conn src-address=192.168.1.0/24 passthrough=no
add action=mark-connection chain=prerouting connection-state=new new-connection-mark=\
cust_b_conn src-address=192.168.2.0/24 passthrough=no
# mark routing
/ip firewall mangle
add action=mark-routing chain=prerouting connection-mark=cust_a_conn \
in-interface=public new-routing-mark=cust_a
add action=mark-routing chain=prerouting connection-mark=cust_b_conn \
in-interface=public new-routing-mark=cust_b |
Static VRF-Lite Connected route leaking
Code Block |
---|
+-----------------+
|+-vrf1-+ +-vrf2-+|
client1(*.2)-------||ip *.1| |ip *.1||-------client2(*.2)
(10.11.0.0/24) |+------+ +------+| (10.12.0.0/24)
+-----------------+ |
Code Block |
---|
|
/ip address
add address=10.11.0.1/24 interface=ether1
add address=10.12.0.1/24 interface=ether2
# add VRF configuration
/ip vrf
add name=vrf1 interface=ether1 place-before 0
add name=vrf2 interface=ether2 place-before 0
# add vrf routes
/ip route
add dst-address=10.11.0.0/24 gateway=vrf1 routing-table=vrf2
add dst-address=10.12.0.0/24 gateway=vrf2 routing-table=vrf1
|
Static inter-VRF routes
In general, it is recommended that all routes between VRF should be exchanged using BGP local import and export functionality. If that is not enough, static routes can be used to achieve this so-called route leaking.
...