Simple routing between interfaces not working

caesar305 · January 26, 2016, 4:09pm

Hello, we are setting up a VyOS router to act as our ‘core’ router for a few customers we are providing internet access to.

There will be no NAT, just basic routing.

Here is a summary:

Customer Router = 205.16.32.30 (eth1)

VyOS Core Router = 205.16.32.2 (eth6)

VyOS Core Router WAN = 192.112.200.2 (eth4)
VyOS Core Router Wan Gateway = 192.112.200.1

All we need to do, is route any traffic coming from eth6 to the WAN interface which is eth4.

I can ping from VyOS out to the internet, but if I try ping -I 205.16.32.2 4.2.2.2 it does not work. Obviously, from the CPE we are unable to ping either. the traceroute stops at the VyOS Core Router eth6 interface.

Config:

interfaces {

ethernet eth4 {
    duplex auto
    hw-id 90:e2:ba:1d:24:24
    smp_affinity auto
    speed auto
    vif 500 {
        address 205.16.32.2/24
        description "VLAN 500"
    }
}
ethernet eth5 {
    
    address 192.112.200.2/24
    duplex auto
    hw-id 90:e2:ba:1d:24:25
    smp_affinity auto
    speed auto
}
loopback lo {
}

}
protocols {
static {
route 0.0.0.0/0 {
next-hop 192.112.200.1 {
}
}
route 205.16.32.0/24 {
next-hop 192.112.200.1 {
}
}
}
}

For whatever reason, it won’t route between the interfaces.

jl3128 · January 26, 2016, 4:36pm

Hi,
this route doesn’t make sense to me

route 205.16.32.0/24 {
next-hop 192.112.200.1 {

Also, does the customer have the eth6 vyos addr as their default gateway?
Lastly, you must advertise via BGP the 205.16.32.0/24 network into the global routing table so that return traffic from the internet will come to your router. Alternatively, you could have your ISP do it for you which will involve an ARIN swip down, or an LOA from the customer or whoever is on the whois

When you try to provide some internet access to customers, you are essentially becoming a small ISP yourself. As such, there are a lot of extra steps and configurations to be able to do that.

caesar305 · January 26, 2016, 4:56pm

Yes, the customer does have the vyos eth6 ip address as their default gateway.
Our ISP currently handles BGP for us and therefore advertises for us.

Our gateway is 192.112.200.1, this is our ISP’s router.

the reason I added this route:
route 205.16.32.0/24 {
next-hop 192.112.200.1 {

was because I was trying to have any traffic coming from the 205.16.32.0/24 network (meaning any of our customers), route to our gateway which would essential provide them with internet access. It is probably redundant since we already have the 0.0.0.0/0 network though.

Now that I wrote all of that and after I re-read your post, I’m starting to think I have this all wrong.

Let me try to summarize our network:

We own two /24s:
205.16.32.0/24
192.112.200.0/24

Our ISP advertises these IP ranges for us and we have the following ips being used as our gateway (which is their router):
205.16.32.1
192.112.200.1

Initially, I was going to subnet the 205.16.32.X network and assign /30’s or /29’s to customers but due to the limited supply of IP’s I instead am putting all of our customers on the same /24.

Our VyOS router has the 192.112.200.2 assigned as an IP to the interface connected to our ISP and it’s gateway set to 192.112.200.1. It also has another interface with 205.16.32.2.

The Customer equipment will have an IP in the 205.16.32.X range and it’s gateway set to 205.16.32.2.

I just realized now, inbound traffic would not be routed correctly. I assume I have to ask them to set a static route and route everything to 192.112.200.2 and then vyos would route it back accordingly?

Customer Router = 205.16.32.30 (eth1)

VyOS Core Router = 205.16.32.2 (eth6)

VyOS Core Router WAN = 192.112.200.2 (eth4)
VyOS Core Router Wan Gateway = 192.112.200.1