Community discussions

MikroTik App
 
smunaut
newbie
Topic Author
Posts: 26
Joined: Fri Jul 08, 2016 10:24 pm

Simple VRF test

Fri Jul 15, 2016 11:44 am

Ok, so I'm trying to do a simple VRF test.

I have a CCR1036 with two trunk links, each carrying two vlan. (one of the link is a bond of but not important here).

link1 is bond1 and carries vlan1000 and vlan1001
link2 is sfp-sfpplus1 and carries vlan2000 and vlan2001

I've setup two VRF, one with vlan1000 and vlan2000 and the other with vlan1001 and vlan2001.

Now if I send a packet to the router on vlan2000 to 172.30.3.1 (which is an ip on vlan1001 in a different VRF), I'd expect to get "No route to host" or "Unreachable" or some error ... and _not_ a valid reply ...

But that's not the case, I can happily ping 172.30.3.1 from vlan2000.

What's wrong here ?


# jul/15/2016 10:38:02 by RouterOS 6.35.4
# software id = 5TPR-QBLR
#
/interface vlan
add interface=sfp-sfpplus1 name=vlan2000 vlan-id=2000
add interface=sfp-sfpplus1 name=vlan2001 vlan-id=2001
/interface bonding
add mode=active-backup name=bond1 slaves=sfp-sfpplus2,ether6
/interface vlan
add interface=bond1 name=vlan1000 vlan-id=1000
add interface=bond1 name=vlan1001 vlan-id=1001
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc
/routing bgp instance
set default as=2 router-id=172.30.2.1
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether1 network=192.168.88.0
add address=172.30.2.1/24 interface=vlan1000 network=172.30.2.0
add address=172.30.3.1/24 interface=vlan1001 network=172.30.3.0
add address=172.30.0.1/24 interface=vlan2000 network=172.30.0.0
add address=172.30.1.1/24 interface=vlan2001 network=172.30.1.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether2
/ip route vrf
add interfaces=vlan1000,vlan2000 route-distinguisher=1:1 routing-mark=branch1
add interfaces=vlan1001,vlan2001 route-distinguisher=2:2 routing-mark=branch2
/system identity
set name=ccr1036
/system routerboard settings
set cpu-frequency=1200MHz memory-frequency=1066DDR protected-routerboot=disabled
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7042
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: Simple VRF test

Fri Jul 15, 2016 12:56 pm

In ROS v6 you can ping all addresses that are configured on the router no matter if there is different VRF. But addresses behind router from different VRF will not be reachable.
 
smunaut
newbie
Topic Author
Posts: 26
Joined: Fri Jul 08, 2016 10:24 pm

Re: Simple VRF test

Fri Jul 15, 2016 5:39 pm

Ok, that's mildly annoying but I guess I can live with it for now.

You specifically said "In ROS v6". Does that mean you're planning to fix that behavior in future ROS ?
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7042
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: Simple VRF test

Fri Jul 15, 2016 5:41 pm

Yes, in the  future VRFs will be completely isolated.
 
smunaut
newbie
Topic Author
Posts: 26
Joined: Fri Jul 08, 2016 10:24 pm

Re: Simple VRF test

Fri Jul 15, 2016 5:50 pm

Ok great tx for the quick answer.

Who is online

Users browsing this forum: Ahrefs [Bot] and 34 guests