Given VRF red and green which use 192.168.1.0/24 and 192.168.2.0/24 and leaking a default route into the VRFs. The VRF prefixes are “exported” via OSPF to my border router (BR1).
[email protected]:~$ show ip route ospf | match 192.168
O>* 192.168.1.0/24 [110/20] via 172.18.201.10, eth0.201, weight 1, 00:05:36
O>* 192.168.2.0/24 [110/20] via 172.18.201.10, eth0.201, weight 1, 00:05:36
The router with the VRFs uses:
set interfaces ethernet eth1 address '192.168.1.1/24'
set interfaces ethernet eth1 vrf 'green'
set interfaces ethernet eth2 address '192.168.2.1/24'
set interfaces ethernet eth2 vrf 'red'
set protocols ospf redistribute static
set protocols static route 192.168.1.0/24 interface eth1 vrf 'green'
set protocols static route 192.168.2.0/24 interface eth2 vrf 'red'
set vrf name green protocols static route 0.0.0.0/0 next-hop 172.18.201.254 interface 'eth0.201'
set vrf name green protocols static route 0.0.0.0/0 next-hop 172.18.201.254 vrf 'default'
set vrf name green table '3000'
set vrf name red protocols static route 0.0.0.0/0 next-hop 172.18.201.254 interface 'eth0.201'
set vrf name red protocols static route 0.0.0.0/0 next-hop 172.18.201.254 vrf 'default'
set vrf name red table '2000'
[email protected]:~$ show ip route vrf red
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
F - PBR, f - OpenFabric,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
VRF red:
S>* 0.0.0.0/0 [1/0] via 172.18.201.254, eth0.201 (vrf default), weight 1, 00:03:39
K * 0.0.0.0/0 [255/8192] unreachable (ICMP unreachable), 1d08h24m
C>* 192.168.2.0/24 is directly connected, eth2, 00:06:31
[email protected]:~$ show ip route vrf green
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
F - PBR, f - OpenFabric,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
VRF green:
S>* 0.0.0.0/0 [1/0] via 172.18.201.254, eth0.201 (vrf default), weight 1, 00:03:42
K * 0.0.0.0/0 [255/8192] unreachable (ICMP unreachable), 1d08h24m
C>* 192.168.1.0/24 is directly connected, eth1, 00:06:34
Please note - due to a limitation in the VRF implementation in Linux it seems that you can not access the local IP address inside a VRF (192.168.1.1 or 192.168.2.1) by e.g. ICMP or any other fancy stuff. If you have more hosts connected inside that VRF they will be reachable.