kocifi
December 7, 2022, 12:47am
1
Hello, I have problem with setting up VRF.
Did I miss something?
SW1 :
set vrf bind-to-all
set interfaces ethernet eth6 address '10.0.8.2/29'
set interfaces ethernet eth6 vrf 'DHCP_Server'
set protocols static route 10.0.8.0/29 interface eth6 vrf 'DHCP_Server'
set vrf name DHCP_Server protocols static route 0.0.0.0/0 next-hop 10.0.255.65 vrf 'default'
set vrf name DHCP_Server table '100'
SW2 :
set vrf bind-to-all
set interfaces ethernet eth6 address '10.0.8.3/29'
set interfaces ethernet eth6 vrf 'DHCP_Server'
set protocols static route 10.0.8.0/29 interface eth6 vrf 'DHCP_Server'
set vrf name DHCP_Server protocols static route 0.0.0.0/0 next-hop 10.0.255.65 vrf 'default'
set vrf name DHCP_Server table '100'
VM dhcp1 :
Example ping from SW1:
vyos@sw1# ping 10.0.8.2
PING 10.0.8.2 (10.0.8.2) 56(84) bytes of data.
^C
--- 10.0.8.2 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 0ms
[edit]
vyos@sw1# ping 10.0.8.3
PING 10.0.8.3 (10.0.8.3) 56(84) bytes of data.
64 bytes from 10.0.8.3: icmp_seq=1 ttl=64 time=0.505 ms
64 bytes from 10.0.8.3: icmp_seq=2 ttl=64 time=0.391 ms
^C
--- 10.0.8.3 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1008ms
rtt min/avg/max/mdev = 0.391/0.448/0.505/0.057 ms
It is expectedhttps://docs.vyos.io/en/latest/configuration/interfaces/virtual-ethernet.html?highlight=Virtual-router%20#example
3 Likes
This issue is perplexing me somewhat - I get the principle of creating a virtual ethernet interface however the documentation/example doesn’t really show what I need:
I have a vrf with a few subnets and I need the router to have IPs 10.10.0.1/24 and 10.10.1.1/24 on different ethernet interfaces as an example. So from the global space (or any other vrf with appropriate route leaks) I need to be able to ping these. I don’t see how I would set up a veth interface as they need to be created in pairs and it seems odd to then try to put the VRF address space in the global space by way of a virtual-ethernet pair. Am I missing something here?
thanks
Apachez
September 11, 2023, 7:19pm
4
I think something is broken with the ping utility in VyOS.
Or rather this script: /usr/libexec/vyos/op_mode/ping.py
Because doing this fails:
vyos@vyos:~$ force vrf INTERNET
vyos@vyos:INTERNET:~$ ping 192.168.1.254
/bin/ping: connect: Network is unreachable
vyos@vyos:INTERNET:~$ ping 192.168.2.2
/bin/ping: connect: Network is unreachable
vyos@vyos:INTERNET:~$ ping 192.168.3.2
/bin/ping: connect: Network is unreachable
but this works:
vyos@vyos:~$ sudo ip vrf exec INTERNET ping 192.168.1.254
PING 192.168.1.254 (192.168.1.254) 56(84) bytes of data.
64 bytes from 192.168.1.254: icmp_seq=1 ttl=64 time=0.395 ms
64 bytes from 192.168.1.254: icmp_seq=2 ttl=64 time=0.586 ms
^C
--- 192.168.1.254 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1024ms
rtt min/avg/max/mdev = 0.395/0.490/0.586/0.095 ms
vyos@vyos:~$ sudo ip vrf exec INTERNET ping 192.168.2.2
PING 192.168.2.2 (192.168.2.2) 56(84) bytes of data.
64 bytes from 192.168.2.2: icmp_seq=1 ttl=64 time=0.069 ms
64 bytes from 192.168.2.2: icmp_seq=2 ttl=64 time=0.083 ms
^C
--- 192.168.2.2 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1044ms
rtt min/avg/max/mdev = 0.069/0.076/0.083/0.007 ms
vyos@vyos:~$ sudo ip vrf exec INTERNET ping 192.168.3.2
PING 192.168.3.2 (192.168.3.2) 56(84) bytes of data.
64 bytes from 192.168.3.2: icmp_seq=1 ttl=64 time=0.048 ms
64 bytes from 192.168.3.2: icmp_seq=2 ttl=64 time=0.104 ms
^C
--- 192.168.3.2 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1032ms
rtt min/avg/max/mdev = 0.048/0.076/0.104/0.028 ms
In this installation 192.168.1.254 is a remote host reachable over eth1.
While 192.168.2.2 is the local ip of eth2 and 192.168.3.2 is the local ip of eth3.
All three are part of vrf INTERNET.