diff options
| author | Christian Poessinger <christian@poessinger.com> | 2021-07-11 17:48:34 +0200 | 
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2021-07-11 17:48:34 +0200 | 
| commit | 319c9261ea54c84f94ab97e682d1b98b39ae0208 (patch) | |
| tree | 411d7c3062d22cca8e7eeffa0674794fb21a53c6 /docs | |
| parent | 5e03e4668038442163ce1a2d26b5cfa14c1bc74d (diff) | |
| download | vyos-documentation-319c9261ea54c84f94ab97e682d1b98b39ae0208.tar.gz vyos-documentation-319c9261ea54c84f94ab97e682d1b98b39ae0208.zip | |
vrf: add example for route-leaking
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/_static/images/vrf-example-topology-01.png | bin | 0 -> 32567 bytes | |||
| -rw-r--r-- | docs/configuration/vrf/index.rst | 129 | 
2 files changed, 129 insertions, 0 deletions
| diff --git a/docs/_static/images/vrf-example-topology-01.png b/docs/_static/images/vrf-example-topology-01.pngBinary files differ new file mode 100644 index 00000000..57357509 --- /dev/null +++ b/docs/_static/images/vrf-example-topology-01.png diff --git a/docs/configuration/vrf/index.rst b/docs/configuration/vrf/index.rst index f0765aec..0d2fc160 100644 --- a/docs/configuration/vrf/index.rst +++ b/docs/configuration/vrf/index.rst @@ -318,5 +318,134 @@ For VR Fmaintenance the followin operational commands are in place.     packets take to the for the given hosts IP address family. This option is     useful when the host specified is a hostname rather than an IP address. +Example +======= + +VRF route leaking +----------------- + +The following example topology was build using EVE-NG. + +.. figure:: /_static/images/vrf-example-topology-01.png +   :alt: VRF topology example + +   VRF route leaking + +* PC1 is in the ``default`` VRF and acting as e.g. a "fileserver" +* PC2 is in VRF ``blue`` which is the development department +* PC3 and PC4 are connected to a bridge device on router ``R1`` which is in VRF +  ``red``. Say this is the HR department. +* R1 is managed through an out-of-band network that resides in VRF ``mgmt`` + +Configuration +^^^^^^^^^^^^^ + +  .. code-block: none + +    set interfaces bridge br10 address '10.30.0.254/24' +    set interfaces bridge br10 member interface eth3 +    set interfaces bridge br10 member interface eth4 +    set interfaces bridge br10 vrf 'red' +    set interfaces ethernet eth0 address 'dhcp' +    set interfaces ethernet eth0 vrf 'mgmt' +    set interfaces ethernet eth1 address '10.0.0.254/24' +    set interfaces ethernet eth2 address '10.20.0.254/24' +    set interfaces ethernet eth2 vrf 'blue' +    set protocols static interface-route 10.20.0.0/24 next-hop-interface eth2 next-hop-vrf 'blue' +    set protocols static interface-route 10.30.0.0/24 next-hop-interface br10 next-hop-vrf 'red' +    set protocols vrf blue static interface-route 10.0.0.0/24 next-hop-interface eth1 next-hop-vrf 'default' +    set protocols vrf red static interface-route 10.0.0.0/24 next-hop-interface eth1 next-hop-vrf 'default' +    set service ssh disable-host-validation +    set service ssh vrf 'mgmt' +    set system console device ttyS0 speed '9600' +    set system domain-name 'vyos.net' +    set system host-name 'R1' +    set system name-servers-dhcp 'eth0' +    set system ntp server 0.pool.ntp.org +    set system ntp server 1.pool.ntp.org +    set system ntp server 2.pool.ntp.org +    set system ntp vrf 'mgmt' +    set system syslog global facility all level 'info' +    set system syslog global facility protocols level 'debug' +    set system time-zone 'UTC' +    set vrf name blue table '3000' +    set vrf name mgmt table '1000' +    set vrf name red table '2000' + +Operation +^^^^^^^^^ + +After committing the configuration we can verify all leaked routes are installed, +and try to ICMP ping PC1 from PC3. + +  .. code-block:: none + +    PCS> ping 10.0.0.1 + +    84 bytes from 10.0.0.1 icmp_seq=1 ttl=63 time=1.943 ms +    84 bytes from 10.0.0.1 icmp_seq=2 ttl=63 time=1.618 ms +    84 bytes from 10.0.0.1 icmp_seq=3 ttl=63 time=1.745 ms + +  .. code-block:: none + +    VPCS> show ip + +    NAME        : VPCS[1] +    IP/MASK     : 10.30.0.1/24 +    GATEWAY     : 10.30.0.254 +    DNS         : +    MAC         : 00:50:79:66:68:0f + +VRF default routing table +""""""""""""""""""""""""" + +  .. code-block:: none + +    vyos@R1:~$ show ip route +    Codes: K - kernel route, C - connected, S - static, R - RIP, +           O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, +           T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP, +           F - PBR, f - OpenFabric, +           > - selected route, * - FIB route, q - queued, r - rejected, b - backup + +    C>* 10.0.0.0/24 is directly connected, eth1, 00:07:44 +    S>* 10.20.0.0/24 [1/0] is directly connected, eth2 (vrf blue), weight 1, 00:07:38 +    S>* 10.30.0.0/24 [1/0] is directly connected, br10 (vrf red), weight 1, 00:07:38 + +VRF red routing table +""""""""""""""""""""" + +  .. code-block:: none + +    vyos@R1:~$ show ip route vrf red +    Codes: K - kernel route, C - connected, S - static, R - RIP, +           O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, +           T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP, +           F - PBR, f - OpenFabric, +           > - selected route, * - FIB route, q - queued, r - rejected, b - backup + +    VRF red: +    K>* 0.0.0.0/0 [255/8192] unreachable (ICMP unreachable), 00:07:57 +    S>* 10.0.0.0/24 [1/0] is directly connected, eth1 (vrf default), weight 1, 00:07:40 +    C>* 10.30.0.0/24 is directly connected, br10, 00:07:54 + +VRF blue routing table +"""""""""""""""""""""" + +  .. code-block:: none + +    vyos@R1:~$ show ip route vrf blue +    Codes: K - kernel route, C - connected, S - static, R - RIP, +           O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, +           T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP, +           F - PBR, f - OpenFabric, +           > - selected route, * - FIB route, q - queued, r - rejected, b - backup + +    VRF blue: +    K>* 0.0.0.0/0 [255/8192] unreachable (ICMP unreachable), 00:08:00 +    S>* 10.0.0.0/24 [1/0] is directly connected, eth1 (vrf default), weight 1, 00:07:44 +    C>* 10.20.0.0/24 is directly connected, eth2, 00:07:53 + +  .. include:: /_include/common-references.txt | 
