Having trouble leaking routes between VRFs - simple example with static entries

ibehr · April 20, 2022, 3:27am

Trying to do a basic example leaking routes between 2 VRFs based on the example at VRF — VyOS 1.4.x (sagitta) documentation but can’t get it working.

I am using the 1.4 daily build from today (4/19/22).

interfaces {
    ethernet eth0 {
        address dhcp
        dhcp-options {
        }
        hw-id 08:00:27:57:76:c1
    }
    ethernet eth1 {
        address 10.8.8.1/24
        hw-id 08:00:27:6f:6b:67
        vrf red
    }
    ethernet eth2 {
        address 10.9.9.1/24
        hw-id 08:00:27:47:10:97
        vrf blue
    }
    loopback lo {
    }
}
system {
    config-management {
        commit-revisions 100
    }
    conntrack {
        modules {
            ftp
            h323
            nfs
            pptp
            sip
            sqlnet
            tftp
        }
    }
    console {
        device ttyS0 {
            speed 115200
        }
    }
    host-name vyos
    login {
        user vyos {
            authentication {
                encrypted-password ****************
                plaintext-password ****************
            }
        }
    }
    ntp {
        server time1.vyos.net {
        }
        server time2.vyos.net {
        }
        server time3.vyos.net {
        }
    }
    syslog {
        global {
            facility all {
                level info
            }
            facility protocols {
                level debug
            }
        }
    }
}
vrf {
    name blue {
        protocols {
            static {
                route 10.8.8.0/24 {
                    interface eth1 {
                        vrf red
                    }
                }
            }
        }
        table 2000
    }
    name red {
        protocols {
            static {
                route 10.9.9.0/24 {
                    interface eth2 {
                        vrf blue
                    }
                }
            }
        }
        table 1000
    }
}

Interfaces and Route tables:

vyos@vyos$ show interfaces
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface        IP Address                        S/L  Description
---------        ----------                        ---  -----------
eth0             10.0.2.15/24                      u/u  
eth1             10.8.8.1/24                       u/u  
eth2             10.9.9.1/24                       u/u  
lo               127.0.0.1/8                       u/u  
                 ::1/128                                

vyos@vyos$ show ip router vrf all
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
       f - OpenFabric,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup
       t - trapped, o - offload failure

VRF blue:
S>* 10.8.8.0/24 [1/0] is directly connected, eth1 (vrf red), weight 1, 00:22:00
C>* 10.9.9.0/24 is directly connected, eth2, 00:25:22

VRF default:
S>* 0.0.0.0/0 [210/0] via 10.0.2.2, eth0, weight 1, 00:29:21
C>* 10.0.2.0/24 is directly connected, eth0, 00:29:21

VRF red:
C>* 10.8.8.0/24 is directly connected, eth1, 00:25:22
S>* 10.9.9.0/24 [1/0] is directly connected, eth2 (vrf blue), weight 1, 00:22:01

But can’t get pings to work between the VRFs.

vyos@vyos$ ping 10.8.8.1 vrf blue
PING 10.8.8.1 (10.8.8.1) 56(84) bytes of data.

--- 10.8.8.1 ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 4081ms


vyos@vyos$ ping 10.9.9.1 vrf red
PING 10.9.9.1 (10.9.9.1) 56(84) bytes of data.

--- 10.9.9.1 ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 4124ms

Any ideas/help would be appreciated.

Atro · April 20, 2022, 10:41am

Did you test using some PC’s at the ends or did you test just using the Vyos?

Also add a source address to ping tests and retest please

ibehr · April 20, 2022, 1:05pm

Source address does not change results…

In this specific case, I am not using external devices to send traffic. I was trying that in my specific setup and was not working. I decided to come back to the most basic setup to figure out what I was doing wrong, so this is just a VirtualBox instance and very close to the specific example linked and same results… can’t make it do the simplest ping between VRFs.

Feel like I have to be missing something small but can’t find it.

Lean · April 20, 2022, 5:32pm

Hi @ibehr !

The scenario you are submitting is not “the same” as the example in the documentation, why? because you are doing inter-vrf leaking but not using the default VRF, just going from one VRF to another.

This can be achieved by using inter-vrf routing using MP-BGP as you need VPN labels to work.

However, I will try to figure out if this is a bug or can be a viable feature request to avoid using MP-BGP.

Keep you posted

zsdc · April 20, 2022, 6:08pm

@ibehr, you cannot ping VyOS addresses, but you must be able to ping through VyOS between 10.8.8.0/24 and 10.9.9.0/24.

ibehr · April 20, 2022, 6:18pm

Yes, it is not exactly the same. I have tried to do red vrf to default (and back) as well with same result.

Was the example using MP-BGP? I did not see BGP in the example at all?
Perhaps I am missing something here?

Viacheslav · April 22, 2022, 9:31am

You can’t ping from router itself the same router but in different vrf
You can ping hosts behind vrf or host from one vrf to host in another vrf

ibehr · April 24, 2022, 3:03am

Thanks @Lean, @zsdc and @Viacheslav. Your comments helped and I was able to get traffic routing through the VRF despite not being able to ping with local interfaces on the Vyos router.

system · April 26, 2022, 3:04am

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.