Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

IPIP tunnel in VRF

Locked
 
smunaut
newbie
Topic Author
Posts: 26
Joined: Fri Jul 08, 2016 10:24 pm

IPIP tunnel in VRF

Fri Jul 15, 2016 6:34 pm

Hi,

I've been trying to make an IPIP tunnel in VRF (i.e. both the tunnel itself and also the underlying peers are in the VRFs) and failing ... tunnels stays in the "not running state" and as soon as I disable the VRF it starts working.

Below is the config I've been trying to use, with two IPIP tunnels each in its own VRF.

If I disable the VRF, then the tunnels works fine.

Once I get it to work, I'll also need to enable IPSec for those tunnels.

Any idea what's wrong ?

Code: Select all
/interface ethernet
set [ find default-name=ether6 ] l2mtu=9280 mtu=9200
set [ find default-name=sfp-sfpplus1 ] l2mtu=9280 mtu=9200
set [ find default-name=sfp-sfpplus2 ] l2mtu=9280 mtu=9200
/interface ipip
add allow-fast-path=no !keepalive local-address=172.30.3.1 name=rx_tunnel remote-address=172.30.3.2
add allow-fast-path=no !keepalive local-address=172.30.2.1 name=tx_tunnel remote-address=172.30.2.2
/interface vlan
add interface=sfp-sfpplus1 mtu=9200 name=vlan2000 vlan-id=2000
add interface=sfp-sfpplus1 mtu=9200 name=vlan2001 vlan-id=2001
/interface bonding
add mode=active-backup mtu=9200 name=bond1 slaves=sfp-sfpplus2,ether6
/interface vlan
add interface=bond1 mtu=9200 name=vlan1000 vlan-id=1000
add interface=bond1 mtu=9200 name=vlan1001 vlan-id=1001
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha256 enc-algorithms=aes-128-cbc pfs-group=modp2048
/routing bgp instance
set default as=2 router-id=172.30.2.1
/system logging action
add name=graylog remote=10.192.2.155 remote-port=5514 syslog-facility=local6 target=remote
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether1 network=192.168.88.0
add address=172.30.2.1/24 interface=vlan1000 network=172.30.2.0
add address=172.30.3.1/24 interface=vlan1001 network=172.30.3.0
add address=172.30.0.1/24 interface=vlan2000 network=172.30.0.0
add address=172.30.1.1/24 interface=vlan2001 network=172.30.1.0
add address=172.30.255.1/30 interface=tx_tunnel network=172.30.255.0
add address=172.30.255.5/30 interface=rx_tunnel network=172.30.255.4
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether2
/ip route
add distance=1 dst-address=172.30.0.0/16 gateway=172.30.2.2 routing-mark=branch1
add distance=1 dst-address=172.30.0.0/16 gateway=172.30.1.2 routing-mark=branch2
/ip route vrf
add interfaces=vlan1000,vlan2000,tx_tunnel route-distinguisher=1:1 routing-mark=branch1
add interfaces=vlan1001,vlan2001,rx_tunnel route-distinguisher=2:2 routing-mark=branch2
/system clock
set time-zone-name=Europe/Brussels
/system identity
set name=ccr1036
/system logging
add action=graylog topics=info
/system routerboard settings
set cpu-frequency=1200MHz memory-frequency=1066DDR protected-routerboot=disabled
Top
 
brixo
newbie
Posts: 28
Joined: Mon Oct 23, 2017 9:45 pm

Re: IPIP tunnel in VRF

Mon Apr 23, 2018 4:36 pm

I am having the very same issue. GRE in the "main" routing table works fine. When I put the main interface and the GRE interface into the VRF, everything drops.

Is there something with pre-routing or post-routing to kick this into life?

Thanks.
Top
Locked
  4. RouterOS
  5. Beginner Basics