I have a few 7.2.1 routers with iBGP and multiple VRFs, trying to figure out how to leak routes between VRFs.
Static routes work ok (route + 2x routing rules with lookup in another table) but the wiki says:
“In general it is recommended that all routes between VRF should be exchanged using BGP local import and export functionality.”
How exactly would this be achieved? I can figure out a few overly complicated hacks to do it (including a cable from one port to another) but not the clean way.
At the moment there is no easy mechanism to do this. What may work is setting two BGP instances, one per VRF, and making a BGP session internally between vrfs.
Thanks for the lightning fast response!
So would this be best practice then?
It’s not like best practice, but rather a workaround that might work.
Ok, just for reference how does this work on v6 then?
I’ve been able to export and router from vrf and import it to another vrf.
However the route is not working.
absolute minimal config to reproduce:
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip vrf
add interfaces=ether2 name=Cust1
/port
set 0 name=serial0
/ip address
add address=10.0.0.1/24 interface=ether1 network=10.0.0.0
add address=192.168.0.1/24 interface=ether2 network=192.168.0.0
/ip dhcp-client
add interface=ether1
/ip route
add gateway=10.0.0.2
/routing bgp vpn
add export-filter=select-only-default export-route-targets=1000:1 import-route-targets=1000:1 \
label-allocation-policy=per-vrf route-distinguisher=1000:1 vrf=main
add export-route-targets=2000:1 import-filter="" import-route-targets=2000:1,1000:1 label-allocation-policy=per-vrf \
route-distinguisher=2000:1 vrf=Cust1
/routing filter rule
add chain=select-only-default rule="if (dst in 0.0.0.0/0 && dst-len == 0) { accept;}"
/routing filter select-rule
add chain=select-only-default disabled=no do-where=select-only-default
It seens like it almost works. The route is where it should be but there is no immediate gateway resolved in the imported route.
[admin@MikroTik] /routing/bgp/vpn> /ip/route/print detail
Flags: D - dynamic; X - disabled, I - inactive, A - active;
c - connect, s - static, r - rip, b - bgp, o - ospf, d - dhcp, v - vpn, m - modem, y - copy; H - hw-offloaded;
+ - ecmp
0 As dst-address=0.0.0.0/0 routing-table=main pref-src="" gateway=10.0.0.2 immediate-gw=10.0.0.2%ether1 distance=1
scope=30 target-scope=10 suppress-hw-offload=no
DAc dst-address=10.0.0.0/24 routing-table=main gateway=ether1 immediate-gw=ether1 distance=0 scope=10
suppress-hw-offload=no local-address=10.0.0.1%ether1
DAyH dst-address=0.0.0.0/0 routing-table=Cust1 gateway=10.0.0.2 distance=0 scope=30 target-scope=10
suppress-hw-offload=no
DAc dst-address=192.168.0.0/24 routing-table=Cust1 gateway=ether2@Cust1 immediate-gw=ether2 distance=0 scope=10
suppress-hw-offload=no local-address=192.168.0.1%ether2@Cust1
[admin@MikroTik] /routing/bgp/vpn> /ping 8.8.8.8 vrf=Cust1
SEQ HOST SIZE TTL TIME STATUS
0 22 (Invalid argument)
1 22 (Invalid argument)
sent=2 received=0 packet-loss=100%
However if i replace the imported route by a static one and disable the import/export:
/routing/bgp/vpn/disable 0
/routing/bgp/vpn/disable 1
[admin@MikroTik] /ip/route> /ip/route/add dst-address=0.0.0.0/0 routing-table=Cust1 gateway=10.0.0.2@main
[admin@MikroTik] /ip/route> print detail
Flags: D - dynamic; X - disabled, I - inactive, A - active;
c - connect, s - static, r - rip, b - bgp, o - ospf, d - dhcp, v - vpn, m - modem, y - copy; H - hw-offloaded;
+ - ecmp
0 As dst-address=0.0.0.0/0 routing-table=main pref-src="" gateway=10.0.0.2 immediate-gw=10.0.0.2%ether1 distance=1
scope=30 target-scope=10 suppress-hw-offload=no
DAc dst-address=10.0.0.0/24 routing-table=main gateway=ether1 immediate-gw=ether1 distance=0 scope=10
suppress-hw-offload=no local-address=10.0.0.1%ether1
1 As dst-address=0.0.0.0/0 routing-table=Cust1 pref-src="" gateway=10.0.0.2 immediate-gw=10.0.0.2%ether1 distance=1
scope=30 target-scope=10 suppress-hw-offload=no
DAc dst-address=192.168.0.0/24 routing-table=Cust1 gateway=ether2@Cust1 immediate-gw=ether2 distance=0 scope=10
suppress-hw-offload=no local-address=192.168.0.1%ether2@Cust1
static works fine ! but export/import does not !
Anyone has been able to make it work with import/export?