VRFs - pinging all interfaces on router problem

RouterOS Forwarding Protocols
1

Hi,

I am doing some testing of MPLS, BGP, L3 VPNs with VRFs. I followed this configuration examples:
http://wiki.mikrotik.com/wiki/Manual:Virtual_Routing_and_Forwarding

I am using only Mikrotik, no Cisco. So if I connect laptop to interface which is one VRF (for exapmle as CE1 in more complex example on VRF manual page) I can ping all interfaces on the PE router. Loopback interface, ethernet interface in different VRF than mine, interface in the MPLS backbone… So if I am a provider I would surely not be happy with such behaviour. That my customers are able to ping interfaces in my backbone or other VRFs.

I found this thread also:
http://forum.mikrotik.com/t/inter-vrf-connectivity-issue/38496/4

It seems the theme is similar. Is there any solution for this?

2

Firewall filters are the only solution right now. I believe your customers should only be able to ping interfaces local to their PE router which are in other VRF’s. I haven’t tested it lately, but that’s the behavior I recall when I tested VRF’s on MikroTik.

3

I currently have a similar problem, in RouterOS 6.38.3; I am migrating from Cisco to Mikrotik, and I encounter this problem. :frowning: :frowning: :frowning: