I have run into an odd situation. I have a primary VPN server (RB1100) that is connected using L2TP to one of several VPN clients. The L2TP tunnel interface is part of an 'inside' VRF.
I cannot get redistribution of connected or static routes to function. the only way a connected route shows up is if I add it to the OSPF network list. Using the redistribute connected feature results in the route *momentarily* appearing in the OSPF route tab on the far end with a cost of 'infinity'. All redistribute metrics on both ends have been given a cost of 20.
I am *not* running BGP or MPLS on these systems as neither should be needed. I have a static route defined within the VRF-SdnInside VRF for 172.25.11.0/24 via 172.25.10.5. It appears in the OSPF ROUTES on the local machine with a cost of 20 and a tag of imported type 1.
If anyone spots something I missed please let me know... I've looked at this for so long that I will likely never see the problem!
Tim McKee
OSPF config from Server:
#
/routing ospf instance
set default disabled=no distribute-default=never in-filter=ospf-in metric-bgp=auto metric-connected=20 \
metric-default=1 metric-other-ospf=auto metric-rip=20 metric-static=20 name=default out-filter=ospf-out \
redistribute-bgp=no redistribute-connected=no redistribute-other-ospf=no redistribute-rip=no \
redistribute-static=no router-id=0.0.0.0
add disabled=no distribute-default=never in-filter=ospf-in metric-bgp=20 metric-connected=20 metric-default=1 \
metric-other-ospf=20 metric-rip=20 metric-static=20 name=ospf-Inside out-filter=ospf-out \
redistribute-bgp=no redistribute-connected=no redistribute-other-ospf=no redistribute-rip=no \
redistribute-static=no router-id=172.25.1.1 routing-table=VRF-SdnInside
/routing ospf area
set backbone area-id=0.0.0.0 disabled=no instance=default name=backbone type=default
add area-id=0.0.0.0 disabled=no instance=ospf-Inside name=Inside-bbone type=default
/routing ospf network
add area=Inside-bbone disabled=no network=172.25.255.0/24
add area=Inside-bbone disabled=no network=172.25.1.0/24
OSPF Config from Client:
#
/routing ospf instance
set default disabled=no distribute-default=never in-filter=ospf-in metric-bgp=
metric-default=1 metric-other-ospf=auto metric-rip=20 metric-static=20 nam
ospf-out redistribute-bgp=no redistribute-connected=as-type-2 redistribute
redistribute-rip=no redistribute-static=as-type-2 router-id=0.0.0.0
add disabled=no distribute-default=never in-filter=ospf-in metric-bgp=20 metri
metric-default=1 metric-other-ospf=20 metric-rip=20 metric-static=20 name=
ospf-out redistribute-bgp=no redistribute-connected=no redistribute-other-
redistribute-static=as-type-1 router-id=172.25.10.254 routing-table=VRF-Sd
/routing ospf area
set backbone area-id=0.0.0.0 disabled=no instance=default name=backbone type=d
add area-id=0.0.0.0 disabled=no instance=ospf-Inside name=Inside-bbone type=de
/routing ospf network
add area=Inside-bbone disabled=no network=172.25.255.0/24
add area=Inside-bbone disabled=no network=172.25.10.0/24
Re: OSPF / VRF Connected/Static route redistribution
i use VRF & OSPF & redistribution of static routes, and it works (4.10 on x86, no MPLS).
make sure your VRF interfaces are all listed under /ip route vrf.
in my case, the static route's gateway is reachable through an interface that is part of the VRF, i.e. it is NOT pointing outside the VRF. to better understand your setup, the ip addresses of the interfaces and the settings in /ip route vrf would be helpful.
make sure your VRF interfaces are all listed under /ip route vrf.
in my case, the static route's gateway is reachable through an interface that is part of the VRF, i.e. it is NOT pointing outside the VRF. to better understand your setup, the ip addresses of the interfaces and the settings in /ip route vrf would be helpful.
-
-
stevenjacobs
just joined
- Posts: 7
- Joined:
- Contact:
Re: OSPF / VRF Connected/Static route redistribution
For other users bumping into this problem:
the solution is described in post http://forum.mikrotik.com/viewtopic.php?t=46495
Basically, when redistributing routes in a VRF, the LSA received on the remote end has the options "E|DN" which indicates that the DOWN bit has been set.
The down bit indicates that the route should not be included in the routing table, as a precaution to prevent the route from being redistributed back into the MPLS domain.
When you are using VRFs simply to separate routing tables without the use of MPLS, this is meaningless.
For each instance, you can disable the use of the down bit, by setting "use-dn-no".
Make sure to clear each process by disabling and re-enabling it.
The use-dn parameter was introduced in RouterOS 6:
http://wiki.mikrotik.com/wiki/Manual:RouterOS6_news
the solution is described in post http://forum.mikrotik.com/viewtopic.php?t=46495
Basically, when redistributing routes in a VRF, the LSA received on the remote end has the options "E|DN" which indicates that the DOWN bit has been set.
The down bit indicates that the route should not be included in the routing table, as a precaution to prevent the route from being redistributed back into the MPLS domain.
When you are using VRFs simply to separate routing tables without the use of MPLS, this is meaningless.
For each instance, you can disable the use of the down bit, by setting "use-dn-no".
Make sure to clear each process by disabling and re-enabling it.
The use-dn parameter was introduced in RouterOS 6:
http://wiki.mikrotik.com/wiki/Manual:RouterOS6_news
-
-
StubArea51
Trainer
- Posts: 1739
- Joined:
- Location: stubarea51.net
- Contact:
Re: OSPF / VRF Connected/Static route redistribution
Great info to have and certainly one that you wouldn't come by without some effort 
Who is online
Users browsing this forum: mrtrca and 18 guests