I’ve got a curios issue. When interfaces and corresponding routes are placed in a VRF, users can’t browse at all. They can ping, traceroute, resolve names etc, but browsing does not work at all. The moment I move all the interfaces and routes back to the main routing table, everything works fine. I’m at a loss as I’ve configured VRF’s a thousand times before and never ran into this issue.
The thing is I don’t really need the main table. I only use it for management/monitoring so there’s only routing in the main table for monitoring systems.
Internet traffic should be going via the CLIENT-CORP VRF via VLAN10
But there is has to be a lookup in a main table or vrf import of global routes in that vrf (route leak) otherwise you can’t go to Internet via this vrf.
The users can traceroute to the internet, and sometimes web pages load, but very slowly (takes 3 minutes to load Google). The moment I take interfaces and routes out of VRF, it works fine.
CPU sitting at 3%.
I tried on 6.44.5 as well as 6.46.1 software and firmware versions.
That said I’ve never done this on an RB2011, only on CCR and 3011 routers. I don’t know if the architecture is causing issues at all.
The behavior you described sounds a lot like an MTU problem. Have you tried pinging from a user computer with the DF bit set to see if you can get 1500 bytes through?
I’ve spun up another router, duplicated the configuration and it works fine. Is this possibly an issue with the router itself? I’ve again updated code to latest stable.