In Ros v7.14.1 Route leaking between VRF is so easy I just follow the Simple VRF Setup in the mikrotik documents and it works like a charm, however the docs never mentioned or give a snippet config on how to leak between the VRF network with the Main routing table on the Provider Router

https://help.mikrotik.com/docs/pages/vi ... uteleaking

I have 2 question I hope someone can chime and and shed some light on this please

a.) can route leaking between main and VRF network is possible?
b.) can this be done using plain routing rules without using mangle?

I've seen similar topic but it was an open ended discussion viewtopic.php?t=181982 and it's OLD the VRF implementation on v7.14.1 is much cleaner, thanks in advance

This is how far I go from R1 192.168.50.1 using this routing rules above I was able to reach 192.168.0.1 and 192.168.1.1 but not the whole subnet
I know I'm missing a routing entries for 192.168.50.0/24 subnet in both vrf_cusotmer_a and vrf_customer_b routing table to make this work I just don't know what I'm going to put in there, definitely i won't be able to reach 192.168.50.0/24 subnet on each VRF default gateway (192.168.114.2)

I now add a routing entries to each VRF that I think might solve the issue but still is not working, the C2 router can reach internet and VRF_CUSTOMER-A and VRF_CUSTOMER-B but not 192.168.50.0/24 subnet in the main routing table of the Provider Router

Hooraahh... i made it to work the routing entries for subnet 192.168.50.0/24 the gateway should be the ether4@main

In Ros v7.14.1 Route leaking between VRF is so easy I just follow the Simple VRF Setup in the mikrotik documents and it works like a charm, however the docs never mentioned or give a snippet config on how to leak between the VRF network with the Main routing table on the Provider Router

I submitted a ticket and asked about leaking to/from main routing table (SUP-147161). Got a reply from Māris:

Currently it will not work, linux kernel does not allow to leak to main table directly.

I don't think that's the case look carefully the VRF and the routing table of main evidently 192.168.50.0/24 on ether4 is on main routing table and it's working properly

I slightly modify the topology and have a loopback address 10.0.0.1/32 on R1 so in theory I should be able to reach 192.168.50.1 and 10.0.0.1/32 from C1 and C2 if this this route leaking feature was really working as advertise

It seems the limitation is real you can't reach a subnet subnet if the flag is not "DAC" / directly connected even though it is reachable in Main Routing Table.
What a bummer, in other platform this is well supported I hope this limitation has a fix in sight , This is really unfortunate this will defeat the whole purpose of VRF at least in our use case

I found a way through trial and error and I don't think i know enough how VRF works in MT in low level because there's no documentation at all just config snippets

Hi,

How do I solve it? Can you add the configuration you are working on?

Regards,

I attach the config from "P - Router" to wrap your head around on it. a friendly tip read the routing table entries per VRF for you to grasp the concept, feel free to ask if you have question

That setup may work for your needs, but it has its own limitations as described here:
https://help.mikrotik.com/docs/pages/vi ... uteleaking

It is not possible to leak "main" connected routes and be able to reach local addresses.

It is not possible to leak "main" connected routes and be able to reach local addresses.

May i ask if it is fixable in the future or it is what it is?

THere are possible workarounds that might be implemented in the future, but currently it is as it is.

Thanks I hope the workaround is soon to be implemented

Workaround maybe using the MACVLAN interface (mode bridge), this will be the transit between in VRFs ( this solution is working under LINUX ).
MACVLAN interfaces (mode bridge) is directly connected in L2, so in L3 routes needed only.

Will try that in the future