Hello,

I have multiple VRF on the same ROS router, and I would like to leak OSPF route between all VRFs. Accoring to the documents, it seems the import/export only support BGP routes, but not OSPF routes. Is there any other way to exchange OSPF routers between VRFs? BTW, I am thingking if ROS can support set up a veth or other logical tunnel between VRF, then OSPF can be ran on the interface as well as the traffic. I have use veth on frr router, and I saw that ROS can support veth as well, but it seems different from the Linux veth.

https://help.mikrotik.com/docs/pages/vi ... eId=328206

The only kind of tunnels you can use for hairpin connections (i.e. two tunnel interfaces connected to each other on the same Mikrotik) is currently the IPIP (ip-encap) one.

/interface bridge add name=br-lo protocol-mode=none

/ip address
add address=127.0.0.2/32 interface=br-lo
add address=127.0.0.3/32 interface=br-lo

/interface ipip
add name=ipip-1-a local-address=127.0.0.2 remote-address=127.0.0.3
add name=ipip-1-b local-address=127.0.0.3 remote-address=127.0.0.2

Thank you @sindy

Hello @ggs331,

Did you manage to get this working?

I'm following the "Leaking routes between VRFs" instructions but it's not working for me, it never shows any neighbors.

what are you trying to achieve?

basically @sindy is giving solution to be able to leak the traffic from one to one to another VRF.

how you are doing that, and how u are thsting?

fyi: in case if u have one subnet in one VRF, and other one is on the main routing table tha you can play with ip firewall mangle/ip route rule

what are you trying to achieve?

I have a RB5009UG as my home router. I connect to the Internet via PPPoE and get my IPv6 block (/64) via DHCPv6-PD. I use NAT only for IPv4. All of this happens in the main VRF.

I also have a Wireguard tunnel and I forward some traffic through this tunnel using a different routing table (not VRF) called "vpn". To make this work I also do NAT for IPv6 when out-interface=vpn.

Here's a snippet of my config:


This works just fine. Both IPv4 and IPv6 work for any destination (main table and vpn table). IPv6 NAT is done only for traffic with routing-mark=warp (as expected).

Problem is this setup stops working when I change it to a VRF (VRF name=vpn with interfaces=vpn). From what I was able to troubleshoot the problem is in the return route for IPv6. The packet seems to go out just fine through the vpn VRF, but when it comes back the router is confused and does not change the packet to the main VRF (where it originated from).

I can't add a static routing rule for IPv6 (as I did for IPv4) because the packet is originated by clients using a dynamic IPv6 /64 block I get from my ISP via DHCPv6-PD (this prefix is not static, it changes every time I reconnect). That is why I would like to leak routes from one VRF to the other, that way the correct return route will be always there.

I tried the config provided by MikroTik but it didn't work. I literally copied and pasted that setup with its dummy interfaces but /routing/ospf/neighbor would show nothing. I also tried @sindy suggestion but it didn't work either.

That is why I asked @ggs331 if they managed to get this working, because sadly I didn't

what has been advised above will not fit into your config you need to play something like that

/ip firewall mangle
add action=mark-routing chain=prerouting dst-address=subnet_in_main new-routing-mark=vpn passthrough=yes src-address=subnet_in_vrf
add action=mark-routing chain=prerouting dst-address=subnet_in_vrf new-routing-mark=main passthrough=no src-address=subnet_in_main