VRF Route

volga629 · Thu Nov 16, 2023 11:06 pm

Hello Everyone,

I am trying to send specific IP over different default gateway in VRF.

Version

7.12

Setup

 1.1.1.1/32 -----> Inbound ----> Mikrotik (Main) 0.0.0.0/0 ( Provider One) ----> Inernet 
                                                      |
                                                       VRF (DMZ) 0.0.0.0/0 (Provider Two) -----> Internet (Lease Line)

Is possible to send 1.1.1.1 over second connect inside VRF ?
I tried to mark connection, but /routing/rule and route is in question


> /ip/firewall/mangle/print detail 
Flags: X - disabled, I - invalid; D - dynamic 
 0  D ;;; special dummy rule to show fasttrack counters
      chain=prerouting action=passthrough 

 1  D ;;; special dummy rule to show fasttrack counters
      chain=forward action=passthrough 

 2  D ;;; special dummy rule to show fasttrack counters
      chain=postrouting action=passthrough 

 3 X  ;;; failover PBR LTE 
      chain=prerouting action=mark-connection new-connection-mark=out_of_vrf passthrough=yes 
      src-address=1.1.1.1  in-interface=VLAN99-LTE log=no log-prefix="" 

 4 X  ;;; Mark packet
      chain=prerouting action=mark-packet new-packet-mark=p_out_of_vrf passthrough=yes 
      connection-mark=out_of_vrf log=no log-prefix="" 

 5 X  ;;; Mark PBR route
      chain=prerouting action=mark-routing new-routing-mark=DMZ-LTE passthrough=yes packet-mark=p_out_of_vrf 
      log=no log-prefix=""

Fri Nov 17, 2023 8:58 am

dst-address=1.1.1.0/24 gateway=y.y.y.y@vrf where "y.y.y.y" is the gateway in vrf and "vrf" is vrf name

volga629 · Fri Nov 17, 2023 4:41 pm

Thank you for reply.

1.1.1.1 inbound to main table and when I added VRF route still unable to ping the gateway in VRF

Relevant route.


/routing/rule> /ip/route/print 
Flags: D - DYNAMIC; X - DISABLED, I - INACTIVE, A - ACTIVE; c - CONNECT, s - STATIC, d - DHCP, m - MODEM
Columns: DST-ADDRESS, GATEWAY, DISTANCE
#     DST-ADDRESS        GATEWAY           DISTANCE


3   s 0.0.0.0/0          lo0@DMZ-LTE              2

Test result


[admin@bisd-lte-master00] /routing/rule> /ping  10.99.10.1 vrf=DMZ-LTE 
  SEQ HOST                                     SIZE TTL TIME       STATUS                                         
    0 10.99.10.1                                 56  64 290us     
    1 10.99.10.1                                 56  64 262us     
    2 10.99.10.1                                 56  64 275us     
    3 10.99.10.1                                 56  64 280us     
    4 10.99.10.1                                 56  64 346us     
    sent=5 received=5 packet-loss=0% min-rtt=262us avg-rtt=290us max-rtt=346us 

[admin@bisd-lte-master00] /routing/rule> /ping  10.99.10.1             
  SEQ HOST                                     SIZE TTL TIME       STATUS                                         
    0 10.99.10.1                                                   timeout                                        
    1 10.99.10.1                                                   timeout                                        
    2 10.99.10.1                                                   timeout                                        
    sent=3 received=0 packet-loss=100%

VRF Route

VRF Route

Re: VRF Route

Re: VRF Route

Who is online