Hi,
Is anyone doing anything similar to IOS XE’s VASI with VyOS?
Ref Configure VRF-Aware Software Infrastructure NAT on Cisco IOS XE - Cisco
To replicate, is the best option with VyOS seems simply sub-interfaces between VRFs via different pNICs or vNICs?
Cheers,
Mick
So in short VRF-leaking with NAT/CGNAT between the VRF domains?
That is doing this internally in the box without wasting physical interfaces (which is otherwise the common workaround to achieve this)?
Or did I misunderstand the usecase?
Note that VRF in VyOS is currently “VRF lite” where only the routing table is unique per VRF but everything else is still mixed (as if you have a single VRF). That is its not as isolated as VRF are on a Cisco/Arista/Juniper router.
To get full isolation (similar to “how others does this”) we need NETNS (network namespace) but that was recently removed from 1.4 and 1.5-rolling since its unfinished. Hopefully it will return in future.
https://vyos.dev/T6295
Thanks for your reply, @Apachez
You’ve got it - that’s pretty much the use-case:
- NAT/CGNAT between VRF domains (both host and subnet based)
- Post NAT netflow on DST VRF
- Post NAT strict unicast RPF on DST VRF
- Simplification of route leaking between VRF domains in relation to multi destination be it VTI or ethernet based.
Thanks, I’ll have a look around vyos.dev and subscribe.
T3829 and T6295 netns: disable incomplete support in VyOS 1.4 sagitta look applicable to what you’ve described.
I think that it’s possible to make it with our current features , using vrf route-link + nat or route leaking with virtual-ethernet + nat . furthermore , it’s possible to configure VTI , here there are some link in our documentation with different techniques , try to play with them :
https://docs.vyos.io/en/latest/configuration/vrf/index.html
https://docs.vyos.io/en/latest/configexamples/inter-vrf-routing-vrf-lite.html
https://docs.vyos.io/en/latest/configuration/interfaces/virtual-ethernet.html#example
1 Like