Good morning,
I purchased an RB5009 to replace my old UniFi and virtual OpnSense routers and was hoping to completely isolate my normal home network from my notoriously unstable homelab networks. I’m not sure if this is a design issue and my beginner level understanding of VRF-lite configs or an implementation problem. Please help set me straight.
I’m able to get the VRF-home or VRF-lab to be accessible outside of the router through a LACP link to a catalyst 3850. I even have BGP distributing routes from the catalyst’s L3 vlan interfaces. I don’t know how to get a (virtual?) link between the VRFs and the parent one. I read from the VRF documentation guide that an IPIP tunnel is how you could do route leaking, but I don’t understand how a packet would go between the two (the drawn links between the router icons). I feel like I need a L2 connection between them to facilitate that communications, but again, maybe that’s just not fully understanding how the VRFs are meant to be used.
I can paste my current config, but i’ve been poking it so much i’m not sure it’s a valid starting point anymore…
