IPIP tunnel in VRF

smunaut · July 15, 2016, 3:34pm

Hi,

I’ve been trying to make an IPIP tunnel in VRF (i.e. both the tunnel itself and also the underlying peers are in the VRFs) and failing … tunnels stays in the “not running state” and as soon as I disable the VRF it starts working.

Below is the config I’ve been trying to use, with two IPIP tunnels each in its own VRF.

If I disable the VRF, then the tunnels works fine.

Once I get it to work, I’ll also need to enable IPSec for those tunnels.

Any idea what’s wrong ?

/interface ethernet
set [ find default-name=ether6 ] l2mtu=9280 mtu=9200
set [ find default-name=sfp-sfpplus1 ] l2mtu=9280 mtu=9200
set [ find default-name=sfp-sfpplus2 ] l2mtu=9280 mtu=9200
/interface ipip
add allow-fast-path=no !keepalive local-address=172.30.3.1 name=rx_tunnel remote-address=172.30.3.2
add allow-fast-path=no !keepalive local-address=172.30.2.1 name=tx_tunnel remote-address=172.30.2.2
/interface vlan
add interface=sfp-sfpplus1 mtu=9200 name=vlan2000 vlan-id=2000
add interface=sfp-sfpplus1 mtu=9200 name=vlan2001 vlan-id=2001
/interface bonding
add mode=active-backup mtu=9200 name=bond1 slaves=sfp-sfpplus2,ether6
/interface vlan
add interface=bond1 mtu=9200 name=vlan1000 vlan-id=1000
add interface=bond1 mtu=9200 name=vlan1001 vlan-id=1001
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha256 enc-algorithms=aes-128-cbc pfs-group=modp2048
/routing bgp instance
set default as=2 router-id=172.30.2.1
/system logging action
add name=graylog remote=10.192.2.155 remote-port=5514 syslog-facility=local6 target=remote
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether1 network=192.168.88.0
add address=172.30.2.1/24 interface=vlan1000 network=172.30.2.0
add address=172.30.3.1/24 interface=vlan1001 network=172.30.3.0
add address=172.30.0.1/24 interface=vlan2000 network=172.30.0.0
add address=172.30.1.1/24 interface=vlan2001 network=172.30.1.0
add address=172.30.255.1/30 interface=tx_tunnel network=172.30.255.0
add address=172.30.255.5/30 interface=rx_tunnel network=172.30.255.4
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether2
/ip route
add distance=1 dst-address=172.30.0.0/16 gateway=172.30.2.2 routing-mark=branch1
add distance=1 dst-address=172.30.0.0/16 gateway=172.30.1.2 routing-mark=branch2
/ip route vrf
add interfaces=vlan1000,vlan2000,tx_tunnel route-distinguisher=1:1 routing-mark=branch1
add interfaces=vlan1001,vlan2001,rx_tunnel route-distinguisher=2:2 routing-mark=branch2
/system clock
set time-zone-name=Europe/Brussels
/system identity
set name=ccr1036
/system logging
add action=graylog topics=info
/system routerboard settings
set cpu-frequency=1200MHz memory-frequency=1066DDR protected-routerboot=disabled

brixo · April 23, 2018, 1:36pm

I am having the very same issue. GRE in the “main” routing table works fine. When I put the main interface and the GRE interface into the VRF, everything drops.

Is there something with pre-routing or post-routing to kick this into life?

Thanks.