Hi So been doing some testing around the routing and separation of the VRF's. So I have VRF Management - ether port Private - this is a point to point with clients Public - Isp I have added the relevant interfaces to the relevant Vrf in the /ip route vrf section I have tried testing with ping to 8.8.8.8 So test machine on the Private vlan setup static route 8.8.8.8/32 via 10.10.10.10 (my new router) I do a /ip route print detail where routing-marl=private 8.8.8.8 in dst-address It only shows me the default gateway... But /tool quick snif quick ip-address=8.8.8.8 shows the icmp coming in on Private and out Public ????????? This might just be icmp packets ! Did another test from my mgmt. box setup static route Ip r a 8.8.8.8/32 via 10.20.10.10 Ping and I can see packets heading out Public But telnet 8.8.8.8 and it doesn't go anywhere In fact the reply icmp comes from the main table, looking at the ICMP .... Alex
Hi Alex, Keep in mind that all Output traffic from the Mikrotik defaults to the Main routing table. Can you try ping through the router instead of from the router? Regards, Philip Loenneker | Network Engineer | TasmaNet -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Alex Samad - Yieldbroker Sent: Monday, 6 February 2017 11:39 AM To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Subject: [MT-AU Public] issues with VRF Hi So been doing some testing around the routing and separation of the VRF's. So I have VRF Management - ether port Private - this is a point to point with clients Public - Isp I have added the relevant interfaces to the relevant Vrf in the /ip route vrf section I have tried testing with ping to 8.8.8.8 So test machine on the Private vlan setup static route 8.8.8.8/32 via 10.10.10.10 (my new router) I do a /ip route print detail where routing-marl=private 8.8.8.8 in dst-address It only shows me the default gateway... But /tool quick snif quick ip-address=8.8.8.8 shows the icmp coming in on Private and out Public ????????? This might just be icmp packets ! Did another test from my mgmt. box setup static route Ip r a 8.8.8.8/32 via 10.20.10.10 Ping and I can see packets heading out Public But telnet 8.8.8.8 and it doesn't go anywhere In fact the reply icmp comes from the main table, looking at the ICMP .... Alex _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
Hi Sorry wasn't clear I was trying to ping through. My 2 test New router (RTRA) Test router (RTRB) Test Mgmt (BoXA) PublicDGW (PDGW) RTRB ----- Private ---- RTRA (vrf private ) BoXA ------ Management ---- RTRA ( vrf Management) PDGW ---- Public ----- RTRA (vrf Public) On RTRB /ping 8.8.8.8 Via RTRA On RTRA a tool sniff quick ip-address=8.8.8.8 Show packets heading out Public interface ! On BoXA Ping 8.8.8.8 Via RTRA Found the issue (for clarity) I had a ip route rule , with a dst-address if 8.8.8.8 use public. This is to allow the local box access to ntp and dns... Now still one problem .. It icmp network unreachable is still coming from the main table . I have tried a SNAT line but ... Alex -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Philip Loenneker Sent: Monday, 6 February 2017 11:44 AM To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] issues with VRF Hi Alex, Keep in mind that all Output traffic from the Mikrotik defaults to the Main routing table. Can you try ping through the router instead of from the router? Regards, Philip Loenneker | Network Engineer | TasmaNet -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Alex Samad - Yieldbroker Sent: Monday, 6 February 2017 11:39 AM To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Subject: [MT-AU Public] issues with VRF Hi So been doing some testing around the routing and separation of the VRF's. So I have VRF Management - ether port Private - this is a point to point with clients Public - Isp I have added the relevant interfaces to the relevant Vrf in the /ip route vrf section I have tried testing with ping to 8.8.8.8 So test machine on the Private vlan setup static route 8.8.8.8/32 via 10.10.10.10 (my new router) I do a /ip route print detail where routing-marl=private 8.8.8.8 in dst-address It only shows me the default gateway... But /tool quick snif quick ip-address=8.8.8.8 shows the icmp coming in on Private and out Public ????????? This might just be icmp packets ! Did another test from my mgmt. box setup static route Ip r a 8.8.8.8/32 via 10.20.10.10 Ping and I can see packets heading out Public But telnet 8.8.8.8 and it doesn't go anywhere In fact the reply icmp comes from the main table, looking at the ICMP .... Alex _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au -- Message protected by MailGuard: e-mail anti-virus, anti-spam and content filtering.http://www.mailguard.com.au/mg Click here to report this message as spam: https://console.mailguard.com.au/ras/1Qd2daS3I2/7uORvxCzDGsubYQZ8YTKVn/0.4
participants (2)
-
Alex Samad - Yieldbroker -
Philip Loenneker