PBR howto within same network subnet

General questions
1

In GNS3 with 3 instances of vyos 1.1.8 I want to try policy based route in comparission to the docs pbr i am testing it on the same subnet.

I have configured each like these

##main

show interfaces
configure
set interfaces dummy dum0
set interfaces dummy dum0 address 10.10.10.255/32
set interfaces ethernet eth1 address 192.168.1.1/24
set interfaces ethernet eth1 description 'LAN1'
set interfaces ethernet eth2 address 192.168.2.1/24
set interfaces ethernet eth2 description 'LAN2'
set service dhcp-server disabled 'false'
set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 default-router '192.168.1.1'
set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 dns-server '192.168.1.1'
set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 domain-name 'LAN1-net'
set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 lease '86400'
set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 start 192.168.1.100 stop '192.168.1.254'
set service dhcp-server disabled 'false'
set service dhcp-server shared-network-name LAN2 subnet 192.168.2.0/24 default-router '192.168.2.1'
set service dhcp-server shared-network-name LAN2 subnet 192.168.2.0/24 dns-server '192.168.2.1'
set service dhcp-server shared-network-name LAN2 subnet 192.168.2.0/24 domain-name 'LAN2-net'
set service dhcp-server shared-network-name LAN2 subnet 192.168.2.0/24 lease '86400'
set service dhcp-server shared-network-name LAN2 subnet 192.168.2.0/24 start 192.168.2.100 stop '192.168.2.254'
set system name-server 8.8.8.8
set system name-server 8.8.4.4
set policy route FILTER-WEB rule 1000 destination port 80
set policy route FILTER-WEB rule 1000 protocol tcp
set policy route FILTER-WEB rule 1000 set table 100
set protocols static table 10 route 0.0.0.0/0 next-hop 192.168.1.10
set protocols static table 11 route 0.0.0.0/0 next-hop 192.168.2.10
set policy route PBR rule 20 set table '10'
set policy route PBR rule 20 description 'Route VLAN10 traffic to table 10'
set policy route PBR rule 20 source address '192.168.1.0/24'
set policy route PBR rule 30 set table '11'
set policy route PBR rule 30 description 'Route VLAN11 traffic to table 11'
set policy route PBR rule 30 source address '192.168.2.0/24'
set interfaces ethernet eth1 vif 10 policy route 'PBR'
set interfaces ethernet eth2 vif 11 policy route 'PBR'
set policy route PBR rule 10 description 'VLAN10 <-> VLAN11 shortcut'
set policy route PBR rule 10 destination address '192.168.1.0/24'
set policy route PBR rule 10 destination address '192.168.2.0/24'
set policy route PBR rule 10 set table 'main'

show interfaces
Interface IP Address S/L Description

dum0 10.10.10.255/32 u/u
eth0 - u/D
eth1 192.168.1.1/24 u/u
eth1.10 - u/u
eth2 192.168.2.1/24 u/u
eth2.11 - u/u
lo 127.0.0.1/8 u/u
::1/128

##Lan1

configure
set interfaces dummy dum0
set interfaces dummy dum0 address 10.10.1.100/32
set interfaces ethernet eth0 address 192.168.1.10/24
set interfaces ethernet eth0 description 'insidelan1'

##Lan2

configure
set interfaces dummy dum0
set interfaces dummy dum0 address 10.10.2.100/32
set interfaces ethernet eth0 address 192.168.2.10/24
set interfaces ethernet eth0 description 'insidelan2'

PC1 can't ping 10.10.1.100
PC2 can't ping 10.10.2.100

![pbr|575x458](upload://y4SjNWkkK9Tlq68lSrVGk7Hbe4O.png)
2

1.1.8 is EOL. Try latest rolling release.

3

ok will try and get back

thanks :slight_smile:

4

i have tried with Vyos-1.3-rolling-202002110217-amd64 and i get the same results.

in PBR is it possible to set the next hop ip as the same subnet.? :face_with_hand_over_mouth:

Thanks for you help :slight_smile:

5

Hi sd0,

I see different subnets and I think what you are trying to do is to communicate different subnets, am I right? What do you mean by PBR in the same subnet? By definition PBR is about routing, which means communicating different subnets.

In order to help you, could you clarify what you want to achieve (maybe you can provide a diagram)?

Cheers

6

pbr

7

Thank you for your reply again. :slight_smile:

Lan1 and lan2 routers are CPE managed by respective ISPs

I want all host in switch 1 to be part of LAN1 and Switch 2 to be part of Lan2.
All hosts in switch 1 access the internet from Lan1 and all hosts from switch 2 access the internet from Lan2 and all hosts in Lan1 and Lan2 connect with each other (that’s why pbr)

8

@sd0 you have mistakes with configuration
You use eth1 and eth2 without vlans, but you set policy routes with vlan10 and vlan11.
set interfaces ethernet eth1 vif 10 policy route ‘PBR’
set interfaces ethernet eth2 vif 11 policy route ‘PBR’
Example in docs was with one ethernet interface and 2 subinterfaces (vlans).

See my configuration, maybe it help to you.

fmap
fmap735×491 27.9 KB

set interfaces dummy dum0 address '10.10.10.255/32'
set interfaces ethernet eth1 address '192.168.1.1/24'
set interfaces ethernet eth1 description 'LAN1'
set interfaces ethernet eth1 policy route 'PBR01'
set interfaces ethernet eth2 address '192.168.2.1/24'
set interfaces ethernet eth2 description 'LAN2'
set interfaces ethernet eth2 policy route 'PBR02'
set interfaces loopback lo
set policy route PBR01 rule 10 destination address '192.168.2.0/24'
set policy route PBR01 rule 10 set table 'main'
set policy route PBR01 rule 20 set table '10'
set policy route PBR01 rule 20 source address '192.168.1.0/24'
set policy route PBR02 rule 10 destination address '192.168.1.0/24'
set policy route PBR02 rule 10 set table 'main'
set policy route PBR02 rule 20 set table '11'
set policy route PBR02 rule 20 source address '192.168.2.0/24'
set protocols static table 10 route 0.0.0.0/0 next-hop 192.168.1.10
set protocols static table 11 route 0.0.0.0/0 next-hop 192.168.2.10
set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 default-router '192.168.1.1'
set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 dns-server '1.1.1.1'
set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 lease '86400'
set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 range rang01 start '192.168.1.100'
set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 range rang01 stop '192.168.1.254'
set service dhcp-server shared-network-name LAN2 subnet 192.168.2.0/24 default-router '192.168.2.1'
set service dhcp-server shared-network-name LAN2 subnet 192.168.2.0/24 dns-server '1.1.1.1'
set service dhcp-server shared-network-name LAN2 subnet 192.168.2.0/24 lease '86400'
set service dhcp-server shared-network-name LAN2 subnet 192.168.2.0/24 range rang01 start '192.168.2.100'
set service dhcp-server shared-network-name LAN2 subnet 192.168.2.0/24 range rang01 stop '192.168.2.254'

So PC01 can ping 10.10.1.100
vpc01> ping 10.10.1.100

84 bytes from 10.10.1.100 icmp_seq=1 ttl=64 time=1.294 ms
84 bytes from 10.10.1.100 icmp_seq=2 ttl=64 time=1.127 ms
84 bytes from 10.10.1.100 icmp_seq=3 ttl=64 time=1.331 ms
84 bytes from 10.10.1.100 icmp_seq=4 ttl=64 time=1.143 ms
84 bytes from 10.10.1.100 icmp_seq=5 ttl=64 time=1.366 ms

vpc01>

PC02 can ping 10.10.2.100
vpc02> ping 10.10.2.100

84 bytes from 10.10.2.100 icmp_seq=1 ttl=64 time=1.000 ms
84 bytes from 10.10.2.100 icmp_seq=2 ttl=64 time=1.093 ms
84 bytes from 10.10.2.100 icmp_seq=3 ttl=64 time=1.386 ms
84 bytes from 10.10.2.100 icmp_seq=4 ttl=64 time=1.558 ms
84 bytes from 10.10.2.100 icmp_seq=5 ttl=64 time=1.228 ms

vpc02>
2 Likes
9

Perfect solution :100:

10

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.