Community discussions

MikroTik App
 
slocomptech
just joined
Topic Author
Posts: 5
Joined: Thu Jun 23, 2022 1:28 pm

ROSv7: OSPF on another VRF problems

Thu Jun 23, 2022 1:59 pm

Hi,
on my RBD52G-5HacD2HnD, where I'm using router OS 7.3.1, I configured OSPF instance which worked fine on my main VRF. But when I tried to move OSPF to secondary VRF, it stopped working. It just doesn't form connection with neighbors, I enabled logging (/system logging add topics=ospf,!raw) and it prints that instance is sending hello, but thats it. No OSPF neighbours are shown on the list.

VRF:
/ip vrf
add interfaces=zone-1 name=vrf-1
OSPF configuration:
/routing ospf instance
add comment="OSPF 1" disabled=no in-filter-chain=chain-1-in name=\
    ospf-1 out-filter-chain=chain-1-out router-id=10.0.76.1 \
    routing-table=vrf-1 vrf=vrf-1
/routing ospf area
add disabled=no instance=ospf-1 name=ospf-area-1-backbone
/routing ospf interface-template
add area=ospf-area-1-backbone disabled=no interfaces=zone-1 networks=\
    10.0.0.0/16 type=ptp
I also checked the firewall, but I couldn't determine, that problem was there.
 
User avatar
StubArea51
Trainer
Trainer
Posts: 1739
Joined: Fri Aug 10, 2012 6:46 am
Location: stubarea51.net
Contact:

Re: ROSv7: OSPF on another VRF problems

Fri Jun 24, 2022 9:17 am

Tried this in my lab on 7.4beta4 and interestingly enough, it works fine with IPv6 but not IPv4

@MikroTik - is this a known bug?

R1
[zuul@ccr2116-01.test.lab.ipa.net] > routing/ospf/neighbor/print 
Flags: V - virtual; D - dynamic 
 0  D instance=ospf-instance-v3-ipv6 area=ospf-area-0-ipv6 address=fe80::de2c:6eff:fe8a:982d%vlan3100 
      priority=128 router-id=1.1.1.2 dr=0.0.0.0 bdr=0.0.0.0 state="Full" state-changes=6 adjacency=3m44s 
      timeout=35s 


/routing ospf instance
add disabled=no name=ospf-instance-v3-ipv6 router-id=1.1.1.1 routing-table=\
    vrf-a version=3 vrf=vrf-a
add disabled=no name=ospf-instance-v2-ipv4 router-id=1.1.1.1 routing-table=\
    vrf-a vrf=vrf-a
/routing ospf area
add disabled=no instance=ospf-instance-v3-ipv6 name=ospf-area-0-ipv6
add disabled=no instance=ospf-instance-v2-ipv4 name=ospf-area-0-ipv4

R2
[zuul@ccr2004-2splus-01.test.lab.ipa] > routing/ospf/neighbor/print 
Flags: V - virtual; D - dynamic 
 0  D instance=ospf-instance-v3-ipv6 area=ospf-area-0-ipv6 address=fe80::de2c:6eff:fe7a:d0e6%vlan3100 
      router-id=1.1.1.1 state="Full" state-changes=5 adjacency=2m56s timeout=34s 


/routing ospf instance
add disabled=no name=ospf-instance-v2-ipv4 router-id=1.1.1.2 routing-table=vrf-a vrf=vrf-a
add disabled=no name=ospf-instance-v3-ipv6 router-id=1.1.1.2 routing-table=vrf-a version=3 vrf=vrf-a
/routing ospf area
add disabled=no instance=ospf-instance-v2-ipv4 name=ospf-area-0-ipv4
add disabled=no instance=ospf-instance-v3-ipv6 name=ospf-area-0-ipv6
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7042
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: ROSv7: OSPF on another VRF problems

Mon Jun 27, 2022 9:54 am

It works in our test setup with both OSPF v3 and OSPF v2 instances. Send a supout file from that router to support.
 
slocomptech
just joined
Topic Author
Posts: 5
Joined: Thu Jun 23, 2022 1:28 pm

Re: ROSv7: OSPF on another VRF problems

Mon Jun 27, 2022 5:30 pm

Thanks, just submitted ticket to the support.
 
slocomptech
just joined
Topic Author
Posts: 5
Joined: Thu Jun 23, 2022 1:28 pm

Re: ROSv7: OSPF on another VRF problems  [SOLVED]

Fri Jul 01, 2022 11:00 am

Hello,
I resolved issue with the support. I'm writing here for anyone having similar problems...

Problem is with in-interface and in-interface list parameter in firewall when VRF is used. Current solution is to upgrade RouterOS to 7.4beta5 and add firewall rule to allow OSPF from specific interface (in-interface), rule where in-interface list is specified for allowing OSPF traffic is not fixed yet.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: ROSv7: OSPF on another VRF problems

Mon Jul 11, 2022 10:34 am

Thank you, I hit a similar problem when I converted my setup from manually configured routing rules into VRF configuration.
Lots of problems with the firewall, it apparently is caused by my extensive use of interface lists in the firewall, and they indeed do not work for VRF interfaces.
Waiting for next version then....

Who is online

Users browsing this forum: No registered users and 22 guests