Versions Compared

Old Version 72

changes.mady.by.user Māris B.

Saved on

compared with

New Version Current

changes.mady.by.user Māris B.

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Add back Static inter-VRF routes example

...

Code Block
languageros
# mark new customer connections
/ip firewall mangle 
add action=mark-connection chain=prerouting connection-state=new new-connection-mark=\
    cust_a_conn src-address=192.168.1.0/24 passthrough=no
add action=mark-connection chain=prerouting connection-state=new new-connection-mark=\
    cust_b_conn src-address=192.168.2.0/24 passthrough=no 

# mark routing
/ip firewall mangle  
add action=mark-routing chain=prerouting connection-mark=cust_a_conn \
    in-interface=public new-routing-mark=cust_a
add action=mark-routing chain=prerouting connection-mark=cust_b_conn \
    in-interface=public new-routing-mark=cust_b

Static inter-VRF routes

In general, it is recommended that all routes between VRF should be exchanged using BGP local import and export functionality. If that is not enough, static routes can be used to achieve this so-called route leaking.

There are two ways to install a route that has a gateway in a different routing table than the route itself.

The first way is to explicitly specify the routing table in the gateway field when adding a route. This is only possible when leaking a route and gateway from the "main" routing table to a different routing table (VRF). Example:

Code Block
languageros
# add route to 5.5.5.0/24 in 'vrf1' routing table with gateway in the main routing table 
add dst-address=5.5.5.0/24 gateway=10.3.0.1@main routing-table=vrf1


The second way is to explicitly specify the interface in the gateway field. The interface specified can belong to a VRF instance. Example:

Code Block
languageros
# add route to 5.5.5.0/24 in the main routing table with gateway at 'ether2' VRF interface 
add dst-address=5.5.5.0/24 gateway=10.3.0.1%ether2 routing-table=main 
# add route to 5.5.5.0/24 in the main routing table with 'ptp-link-1' VRF interface as gateway 
add dst-address=5.5.5.0/24 gateway=ptp-link-1 routing-table=main


As can be observed, there are two variations possible - to specify gateway as ip_address%interface or to simply specify an interface. The first should be used for broadcast interfaces in most cases. The second should be used for point-to-point interfaces, and also for broadcast interfaces, if the route is a connected route in some VRF. For example, if you have an address 1.2.3.4/24 on interface ether2 that is put in a VRF, there will be a connected route to 1.2.3.0/24 in that VRF's routing table. It is acceptable to add a static route 1.2.3.0/24 in a different routing table with an interface-only gateway, even though ether2 is a broadcast interface:

 

Code Block
languageros
add dst-address=1.2.3.0/24 gateway=ether2 routing-table=main

Static VRF-Lite Connected route leaking

...