Hi I am looking at consolidating some Virtual routers installs into physical ccr1036 (&72) Current my vm's handle public internet and private p-t-p links. My thought was to use VRF to isolate the routing tables on the new consolidated ccr's. I am presuming all the interfaces that where the old private would get tagged with a vrf tag=??? And all the internet packet would get tagged with a different vrf tag. On the router I would have these interfaces A) Internet - B) Private - C) FromInside. I want to allow C to A or B and A to C or B to C. but never A <=> B (don't want to act as a transit). On B I am using bgp to clients and on A I am using BGP to ISP's. I was going to use a private BGP AS for the private links and not to mix it with my public AS on the internet. This sounds like stock standard stuff. Any gotchas to look for ? A
Looks pretty straightforward Alex, now reason you can't use your AS for iBGP as well though. If you need to go between the VRF's just setup a vlan and route between them as required, we do this for management of customer VRF's so we have a leg in for monitoring etc. Regards Paul -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Alex Samad - Yieldbroker Sent: Friday, 21 October 2016 11:28 AM To: public@talk.mikrotik.com.au Subject: [MT-AU Public] Question Hi I am looking at consolidating some Virtual routers installs into physical ccr1036 (&72) Current my vm's handle public internet and private p-t-p links. My thought was to use VRF to isolate the routing tables on the new consolidated ccr's. I am presuming all the interfaces that where the old private would get tagged with a vrf tag=??? And all the internet packet would get tagged with a different vrf tag. On the router I would have these interfaces A) Internet - B) Private - C) FromInside. I want to allow C to A or B and A to C or B to C. but never A <=> B (don't want to act as a transit). On B I am using bgp to clients and on A I am using BGP to ISP's. I was going to use a private BGP AS for the private links and not to mix it with my public AS on the internet. This sounds like stock standard stuff. Any gotchas to look for ? A _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
Hi Slightly confused why would I need a vlan . if its on the same router. I had thought vrf was a way of segregating routing tables. So my routes in /ip route marked with router-mark = vrf1 would belong to vrf1. I'm looking at this http://wiki.mikrotik.com/wiki/Manual:Virtual_Routing_and_Forwarding I think I get the routing table, I add in the route-mark attribute to assign a route to a vrf. How to I associate an interface to a VRF, or do I use firewall mangle and mark then with routing-mark, But in the example they talk about /ip vrf ... I don't have that on my ccr ? what package to I need to install ? Plus can find vrf interface in http://wiki.mikrotik.com/wiki/Manual:Interface A -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Friday, 21 October 2016 11:43 AM To: 'MikroTik Australia Public List' <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] Question Looks pretty straightforward Alex, now reason you can't use your AS for iBGP as well though. If you need to go between the VRF's just setup a vlan and route between them as required, we do this for management of customer VRF's so we have a leg in for monitoring etc. Regards Paul -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Alex Samad - Yieldbroker Sent: Friday, 21 October 2016 11:28 AM To: public@talk.mikrotik.com.au Subject: [MT-AU Public] Question Hi I am looking at consolidating some Virtual routers installs into physical ccr1036 (&72) Current my vm's handle public internet and private p-t-p links. My thought was to use VRF to isolate the routing tables on the new consolidated ccr's. I am presuming all the interfaces that where the old private would get tagged with a vrf tag=??? And all the internet packet would get tagged with a different vrf tag. On the router I would have these interfaces A) Internet - B) Private - C) FromInside. I want to allow C to A or B and A to C or B to C. but never A <=> B (don't want to act as a transit). On B I am using bgp to clients and on A I am using BGP to ISP's. I was going to use a private BGP AS for the private links and not to mix it with my public AS on the internet. This sounds like stock standard stuff. Any gotchas to look for ? A _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
Alex - under /ip route vrf you can create a VRF and can assign interfaces to it. -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Alex Samad - Yieldbroker Sent: Friday, 21 October 2016 3:33 PM To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] Question Hi Slightly confused why would I need a vlan . if its on the same router. I had thought vrf was a way of segregating routing tables. So my routes in /ip route marked with router-mark = vrf1 would belong to vrf1. I'm looking at this http://wiki.mikrotik.com/wiki/Manual:Virtual_Routing_and_Forwarding I think I get the routing table, I add in the route-mark attribute to assign a route to a vrf. How to I associate an interface to a VRF, or do I use firewall mangle and mark then with routing-mark, But in the example they talk about /ip vrf ... I don't have that on my ccr ? what package to I need to install ? Plus can find vrf interface in http://wiki.mikrotik.com/wiki/Manual:Interface A -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Friday, 21 October 2016 11:43 AM To: 'MikroTik Australia Public List' <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] Question Looks pretty straightforward Alex, now reason you can't use your AS for iBGP as well though. If you need to go between the VRF's just setup a vlan and route between them as required, we do this for management of customer VRF's so we have a leg in for monitoring etc. Regards Paul -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Alex Samad - Yieldbroker Sent: Friday, 21 October 2016 11:28 AM To: public@talk.mikrotik.com.au Subject: [MT-AU Public] Question Hi I am looking at consolidating some Virtual routers installs into physical ccr1036 (&72) Current my vm's handle public internet and private p-t-p links. My thought was to use VRF to isolate the routing tables on the new consolidated ccr's. I am presuming all the interfaces that where the old private would get tagged with a vrf tag=??? And all the internet packet would get tagged with a different vrf tag. On the router I would have these interfaces A) Internet - B) Private - C) FromInside. I want to allow C to A or B and A to C or B to C. but never A <=> B (don't want to act as a transit). On B I am using bgp to clients and on A I am using BGP to ISP's. I was going to use a private BGP AS for the private links and not to mix it with my public AS on the internet. This sounds like stock standard stuff. Any gotchas to look for ? A _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
Hi Done some more reading ... I think I have been using the wrong term, correct me if I am wrong. Seems like the term VRF is associated with MPLS and is part of the MPLS package http://wiki.mikrotik.com/wiki/Manual:MPLS It might be over kill for what I need. If I have my routerA it connects to multiple ISP. I would use my public AS to peer with them. These routes can be amalgamated It also connects to multiple private connections -- say like BT/Radianz - someone I BGP peer with. I would use a separate private AS for each of these. Now how do I stop, routes learned on the ISP being added to the routes published on the private AS BGP links. I had thought to mark all the routes. Leave the ISP routes unmarked. And say mark the private AS with something like AS<and their AS number)> I'm going to be setting this up on some trial boxes.... Fun Fun Fun A -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Philip Loenneker Sent: Friday, 21 October 2016 3:39 PM To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] Question Alex - under /ip route vrf you can create a VRF and can assign interfaces to it. -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Alex Samad - Yieldbroker Sent: Friday, 21 October 2016 3:33 PM To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] Question Hi Slightly confused why would I need a vlan . if its on the same router. I had thought vrf was a way of segregating routing tables. So my routes in /ip route marked with router-mark = vrf1 would belong to vrf1. I'm looking at this http://wiki.mikrotik.com/wiki/Manual:Virtual_Routing_and_Forwarding I think I get the routing table, I add in the route-mark attribute to assign a route to a vrf. How to I associate an interface to a VRF, or do I use firewall mangle and mark then with routing-mark, But in the example they talk about /ip vrf ... I don't have that on my ccr ? what package to I need to install ? Plus can find vrf interface in http://wiki.mikrotik.com/wiki/Manual:Interface A -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Friday, 21 October 2016 11:43 AM To: 'MikroTik Australia Public List' <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] Question Looks pretty straightforward Alex, now reason you can't use your AS for iBGP as well though. If you need to go between the VRF's just setup a vlan and route between them as required, we do this for management of customer VRF's so we have a leg in for monitoring etc. Regards Paul -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Alex Samad - Yieldbroker Sent: Friday, 21 October 2016 11:28 AM To: public@talk.mikrotik.com.au Subject: [MT-AU Public] Question Hi I am looking at consolidating some Virtual routers installs into physical ccr1036 (&72) Current my vm's handle public internet and private p-t-p links. My thought was to use VRF to isolate the routing tables on the new consolidated ccr's. I am presuming all the interfaces that where the old private would get tagged with a vrf tag=??? And all the internet packet would get tagged with a different vrf tag. On the router I would have these interfaces A) Internet - B) Private - C) FromInside. I want to allow C to A or B and A to C or B to C. but never A <=> B (don't want to act as a transit). On B I am using bgp to clients and on A I am using BGP to ISP's. I was going to use a private BGP AS for the private links and not to mix it with my public AS on the internet. This sounds like stock standard stuff. Any gotchas to look for ? A _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
You don't need to be using MPLS on your network for VRF, VRF just stands for Virtual Routing and Forwarding, it's just a way of having a segregated routing table for certain things. With BGP you only advertise what you want to the peers, and you use filters if you need to tighten it up more. Regards Paul -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Alex Samad - Yieldbroker Sent: Friday, 21 October 2016 3:45 PM To: MikroTik Australia Public List Subject: Re: [MT-AU Public] Question Hi Done some more reading ... I think I have been using the wrong term, correct me if I am wrong. Seems like the term VRF is associated with MPLS and is part of the MPLS package http://wiki.mikrotik.com/wiki/Manual:MPLS It might be over kill for what I need. If I have my routerA it connects to multiple ISP. I would use my public AS to peer with them. These routes can be amalgamated It also connects to multiple private connections -- say like BT/Radianz - someone I BGP peer with. I would use a separate private AS for each of these. Now how do I stop, routes learned on the ISP being added to the routes published on the private AS BGP links. I had thought to mark all the routes. Leave the ISP routes unmarked. And say mark the private AS with something like AS<and their AS number)> I'm going to be setting this up on some trial boxes.... Fun Fun Fun A -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Philip Loenneker Sent: Friday, 21 October 2016 3:39 PM To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] Question Alex - under /ip route vrf you can create a VRF and can assign interfaces to it. -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Alex Samad - Yieldbroker Sent: Friday, 21 October 2016 3:33 PM To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] Question Hi Slightly confused why would I need a vlan . if its on the same router. I had thought vrf was a way of segregating routing tables. So my routes in /ip route marked with router-mark = vrf1 would belong to vrf1. I'm looking at this http://wiki.mikrotik.com/wiki/Manual:Virtual_Routing_and_Forwarding I think I get the routing table, I add in the route-mark attribute to assign a route to a vrf. How to I associate an interface to a VRF, or do I use firewall mangle and mark then with routing-mark, But in the example they talk about /ip vrf ... I don't have that on my ccr ? what package to I need to install ? Plus can find vrf interface in http://wiki.mikrotik.com/wiki/Manual:Interface A -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Friday, 21 October 2016 11:43 AM To: 'MikroTik Australia Public List' <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] Question Looks pretty straightforward Alex, now reason you can't use your AS for iBGP as well though. If you need to go between the VRF's just setup a vlan and route between them as required, we do this for management of customer VRF's so we have a leg in for monitoring etc. Regards Paul -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Alex Samad - Yieldbroker Sent: Friday, 21 October 2016 11:28 AM To: public@talk.mikrotik.com.au Subject: [MT-AU Public] Question Hi I am looking at consolidating some Virtual routers installs into physical ccr1036 (&72) Current my vm's handle public internet and private p-t-p links. My thought was to use VRF to isolate the routing tables on the new consolidated ccr's. I am presuming all the interfaces that where the old private would get tagged with a vrf tag=??? And all the internet packet would get tagged with a different vrf tag. On the router I would have these interfaces A) Internet - B) Private - C) FromInside. I want to allow C to A or B and A to C or B to C. but never A <=> B (don't want to act as a transit). On B I am using bgp to clients and on A I am using BGP to ISP's. I was going to use a private BGP AS for the private links and not to mix it with my public AS on the internet. This sounds like stock standard stuff. Any gotchas to look for ? A _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
Hi Might be best if I show what I am trying to do https://postimg.org/image/6yl29v1f7/ Not sure what the policy is for attachments so But it looks like I need to install the VRF package to get all of the VRF stuff ? Alex -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Friday, 21 October 2016 4:10 PM To: 'MikroTik Australia Public List' <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] Question You don't need to be using MPLS on your network for VRF, VRF just stands for Virtual Routing and Forwarding, it's just a way of having a segregated routing table for certain things. With BGP you only advertise what you want to the peers, and you use filters if you need to tighten it up more. Regards Paul -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Alex Samad - Yieldbroker Sent: Friday, 21 October 2016 3:45 PM To: MikroTik Australia Public List Subject: Re: [MT-AU Public] Question Hi Done some more reading ... I think I have been using the wrong term, correct me if I am wrong. Seems like the term VRF is associated with MPLS and is part of the MPLS package http://wiki.mikrotik.com/wiki/Manual:MPLS It might be over kill for what I need. If I have my routerA it connects to multiple ISP. I would use my public AS to peer with them. These routes can be amalgamated It also connects to multiple private connections -- say like BT/Radianz - someone I BGP peer with. I would use a separate private AS for each of these. Now how do I stop, routes learned on the ISP being added to the routes published on the private AS BGP links. I had thought to mark all the routes. Leave the ISP routes unmarked. And say mark the private AS with something like AS<and their AS number)> I'm going to be setting this up on some trial boxes.... Fun Fun Fun A -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Philip Loenneker Sent: Friday, 21 October 2016 3:39 PM To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] Question Alex - under /ip route vrf you can create a VRF and can assign interfaces to it. -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Alex Samad - Yieldbroker Sent: Friday, 21 October 2016 3:33 PM To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] Question Hi Slightly confused why would I need a vlan . if its on the same router. I had thought vrf was a way of segregating routing tables. So my routes in /ip route marked with router-mark = vrf1 would belong to vrf1. I'm looking at this http://wiki.mikrotik.com/wiki/Manual:Virtual_Routing_and_Forwarding I think I get the routing table, I add in the route-mark attribute to assign a route to a vrf. How to I associate an interface to a VRF, or do I use firewall mangle and mark then with routing-mark, But in the example they talk about /ip vrf ... I don't have that on my ccr ? what package to I need to install ? Plus can find vrf interface in http://wiki.mikrotik.com/wiki/Manual:Interface A -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Friday, 21 October 2016 11:43 AM To: 'MikroTik Australia Public List' <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] Question Looks pretty straightforward Alex, now reason you can't use your AS for iBGP as well though. If you need to go between the VRF's just setup a vlan and route between them as required, we do this for management of customer VRF's so we have a leg in for monitoring etc. Regards Paul -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Alex Samad - Yieldbroker Sent: Friday, 21 October 2016 11:28 AM To: public@talk.mikrotik.com.au Subject: [MT-AU Public] Question Hi I am looking at consolidating some Virtual routers installs into physical ccr1036 (&72) Current my vm's handle public internet and private p-t-p links. My thought was to use VRF to isolate the routing tables on the new consolidated ccr's. I am presuming all the interfaces that where the old private would get tagged with a vrf tag=??? And all the internet packet would get tagged with a different vrf tag. On the router I would have these interfaces A) Internet - B) Private - C) FromInside. I want to allow C to A or B and A to C or B to C. but never A <=> B (don't want to act as a transit). On B I am using bgp to clients and on A I am using BGP to ISP's. I was going to use a private BGP AS for the private links and not to mix it with my public AS on the internet. This sounds like stock standard stuff. Any gotchas to look for ? A _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
You don't need any VRF package, you just need standard routing package and go to IP/Route/VRF tab, add interfaces and configure routes, it's really that simple. Regards Paul -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Alex Samad - Yieldbroker Sent: Friday, 21 October 2016 4:40 PM To: MikroTik Australia Public List Subject: Re: [MT-AU Public] Question Hi Might be best if I show what I am trying to do https://postimg.org/image/6yl29v1f7/ Not sure what the policy is for attachments so But it looks like I need to install the VRF package to get all of the VRF stuff ? Alex -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Friday, 21 October 2016 4:10 PM To: 'MikroTik Australia Public List' <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] Question You don't need to be using MPLS on your network for VRF, VRF just stands for Virtual Routing and Forwarding, it's just a way of having a segregated routing table for certain things. With BGP you only advertise what you want to the peers, and you use filters if you need to tighten it up more. Regards Paul -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Alex Samad - Yieldbroker Sent: Friday, 21 October 2016 3:45 PM To: MikroTik Australia Public List Subject: Re: [MT-AU Public] Question Hi Done some more reading ... I think I have been using the wrong term, correct me if I am wrong. Seems like the term VRF is associated with MPLS and is part of the MPLS package http://wiki.mikrotik.com/wiki/Manual:MPLS It might be over kill for what I need. If I have my routerA it connects to multiple ISP. I would use my public AS to peer with them. These routes can be amalgamated It also connects to multiple private connections -- say like BT/Radianz - someone I BGP peer with. I would use a separate private AS for each of these. Now how do I stop, routes learned on the ISP being added to the routes published on the private AS BGP links. I had thought to mark all the routes. Leave the ISP routes unmarked. And say mark the private AS with something like AS<and their AS number)> I'm going to be setting this up on some trial boxes.... Fun Fun Fun A -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Philip Loenneker Sent: Friday, 21 October 2016 3:39 PM To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] Question Alex - under /ip route vrf you can create a VRF and can assign interfaces to it. -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Alex Samad - Yieldbroker Sent: Friday, 21 October 2016 3:33 PM To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] Question Hi Slightly confused why would I need a vlan . if its on the same router. I had thought vrf was a way of segregating routing tables. So my routes in /ip route marked with router-mark = vrf1 would belong to vrf1. I'm looking at this http://wiki.mikrotik.com/wiki/Manual:Virtual_Routing_and_Forwarding I think I get the routing table, I add in the route-mark attribute to assign a route to a vrf. How to I associate an interface to a VRF, or do I use firewall mangle and mark then with routing-mark, But in the example they talk about /ip vrf ... I don't have that on my ccr ? what package to I need to install ? Plus can find vrf interface in http://wiki.mikrotik.com/wiki/Manual:Interface A -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Friday, 21 October 2016 11:43 AM To: 'MikroTik Australia Public List' <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] Question Looks pretty straightforward Alex, now reason you can't use your AS for iBGP as well though. If you need to go between the VRF's just setup a vlan and route between them as required, we do this for management of customer VRF's so we have a leg in for monitoring etc. Regards Paul -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Alex Samad - Yieldbroker Sent: Friday, 21 October 2016 11:28 AM To: public@talk.mikrotik.com.au Subject: [MT-AU Public] Question Hi I am looking at consolidating some Virtual routers installs into physical ccr1036 (&72) Current my vm's handle public internet and private p-t-p links. My thought was to use VRF to isolate the routing tables on the new consolidated ccr's. I am presuming all the interfaces that where the old private would get tagged with a vrf tag=??? And all the internet packet would get tagged with a different vrf tag. On the router I would have these interfaces A) Internet - B) Private - C) FromInside. I want to allow C to A or B and A to C or B to C. but never A <=> B (don't want to act as a transit). On B I am using bgp to clients and on A I am using BGP to ISP's. I was going to use a private BGP AS for the private links and not to mix it with my public AS on the internet. This sounds like stock standard stuff. Any gotchas to look for ? A _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
Okay. I will read up . one I setup my test setup I can give it a go. Thanks -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Friday, 21 October 2016 4:46 PM To: 'MikroTik Australia Public List' <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] Question You don't need any VRF package, you just need standard routing package and go to IP/Route/VRF tab, add interfaces and configure routes, it's really that simple. Regards Paul -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Alex Samad - Yieldbroker Sent: Friday, 21 October 2016 4:40 PM To: MikroTik Australia Public List Subject: Re: [MT-AU Public] Question Hi Might be best if I show what I am trying to do https://postimg.org/image/6yl29v1f7/ Not sure what the policy is for attachments so But it looks like I need to install the VRF package to get all of the VRF stuff ? Alex -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Friday, 21 October 2016 4:10 PM To: 'MikroTik Australia Public List' <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] Question You don't need to be using MPLS on your network for VRF, VRF just stands for Virtual Routing and Forwarding, it's just a way of having a segregated routing table for certain things. With BGP you only advertise what you want to the peers, and you use filters if you need to tighten it up more. Regards Paul -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Alex Samad - Yieldbroker Sent: Friday, 21 October 2016 3:45 PM To: MikroTik Australia Public List Subject: Re: [MT-AU Public] Question Hi Done some more reading ... I think I have been using the wrong term, correct me if I am wrong. Seems like the term VRF is associated with MPLS and is part of the MPLS package http://wiki.mikrotik.com/wiki/Manual:MPLS It might be over kill for what I need. If I have my routerA it connects to multiple ISP. I would use my public AS to peer with them. These routes can be amalgamated It also connects to multiple private connections -- say like BT/Radianz - someone I BGP peer with. I would use a separate private AS for each of these. Now how do I stop, routes learned on the ISP being added to the routes published on the private AS BGP links. I had thought to mark all the routes. Leave the ISP routes unmarked. And say mark the private AS with something like AS<and their AS number)> I'm going to be setting this up on some trial boxes.... Fun Fun Fun A -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Philip Loenneker Sent: Friday, 21 October 2016 3:39 PM To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] Question Alex - under /ip route vrf you can create a VRF and can assign interfaces to it. -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Alex Samad - Yieldbroker Sent: Friday, 21 October 2016 3:33 PM To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] Question Hi Slightly confused why would I need a vlan . if its on the same router. I had thought vrf was a way of segregating routing tables. So my routes in /ip route marked with router-mark = vrf1 would belong to vrf1. I'm looking at this http://wiki.mikrotik.com/wiki/Manual:Virtual_Routing_and_Forwarding I think I get the routing table, I add in the route-mark attribute to assign a route to a vrf. How to I associate an interface to a VRF, or do I use firewall mangle and mark then with routing-mark, But in the example they talk about /ip vrf ... I don't have that on my ccr ? what package to I need to install ? Plus can find vrf interface in http://wiki.mikrotik.com/wiki/Manual:Interface A -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Friday, 21 October 2016 11:43 AM To: 'MikroTik Australia Public List' <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] Question Looks pretty straightforward Alex, now reason you can't use your AS for iBGP as well though. If you need to go between the VRF's just setup a vlan and route between them as required, we do this for management of customer VRF's so we have a leg in for monitoring etc. Regards Paul -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Alex Samad - Yieldbroker Sent: Friday, 21 October 2016 11:28 AM To: public@talk.mikrotik.com.au Subject: [MT-AU Public] Question Hi I am looking at consolidating some Virtual routers installs into physical ccr1036 (&72) Current my vm's handle public internet and private p-t-p links. My thought was to use VRF to isolate the routing tables on the new consolidated ccr's. I am presuming all the interfaces that where the old private would get tagged with a vrf tag=??? And all the internet packet would get tagged with a different vrf tag. On the router I would have these interfaces A) Internet - B) Private - C) FromInside. I want to allow C to A or B and A to C or B to C. but never A <=> B (don't want to act as a transit). On B I am using bgp to clients and on A I am using BGP to ISP's. I was going to use a private BGP AS for the private links and not to mix it with my public AS on the internet. This sounds like stock standard stuff. Any gotchas to look for ? A _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
participants (3)
-
Alex Samad - Yieldbroker
-
Paul Julian
-
Philip Loenneker