last 2 (hopefully) vrf questions
Hi My last 2 issue with VRF's So ICMP's that a generated on the box for net unreachable and similar iCMPs have the src address of the main table So my main table is basically 192.168.0.0/24 ether1 0.0.0.0/0 via 192.168.0.2 prc-src 192.168.0.1 VRF's Management Internet Private I have /ip route vrf set up for each And I have mangles rules to mark and remark packets So what happens on any of the vrf interfaces if the ccr generates a ICMP it has a source address of 192.168.0.1 I have a snat rules to snat to each interfaces actual address, but that doesn't seem to work for these icmp's But does work if I do something like this /ping 8.8.8.8 the source gets set to my Public ip address I use mange to route 8.8.8.8 from local machine via the Public VRF. I have sent support an email, but as yet no response. I do believe that somebody said they had fixed this on the list ? My last problem for now is my main table DGW is reliant upon ether1 being up :( if its not then local packet generation stops working . My thought was to generate a bridge and attach ether1 and apply the ip to the bridge ... the bridge should always be up and thus the dgw should always be up. How are other people handling this ? I did try a dgw with gateway against another bridge interface, but that interface was in Private and it overwrote my mangle rule . Alex
participants (1)
-
Alex Samad - Yieldbroker