10-18-2017 07:57 AM
I need to separarte customer and management traffic on the Vyatta firewall. With the version 5600 there is the VRF support. I found yet only configuration to put a physical interface in a VRF.
Is it possible to put only a vif interface in a VRF?
If ye, how can it realized and is that already tested?
Solved! Go to Solution.
10-18-2017 10:04 AM
I am not sure how far you got with your configuration but you can certainly put a vif into a vrf (or routing-instance in Vyatta terminology)
When setting the interface name in the routing-instance use physical.vif as the naming convention.
set interfaces dataplane dp0p224p1 vif 1 address '126.96.36.199/24'
set interfaces dataplane dp0p224p1 vif 1 vlan '1001'
set routing routing-instance vrf1 instance-type 'vrf'
set routing routing-instance vrf1 interface 'dp0p224p1.1'
And confirmation that it has accepted the configuration and interface naming
vyatta@vrouter3:~$ show int rou vrf1
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface IP Address S/L Description
--------- ---------- --- -----------
dp0p224p1.1 188.8.131.52/24 u/u
10-18-2017 11:14 AM
many thanks for the example which works fine.
Is that also possible with a VRRP address between two devices?
If I add the vrrp command the virtual adress is in the normal routing table and not in the VRF table.
Can you help meh?
10-18-2017 11:39 AM
It works for me. Remember to add the vrrp configuration after you have specified the vif under the dataplane interface
set interfaces dataplane dp0p224p1 vif 1 vrrp vrrp-group 1 virtual-address '184.108.40.206'
and my route table looks like
vyatta@vrouter3:~$ sh ip rout routing vrf1
IP Route Table for Routing-instance "vrf1"
C *> 220.127.116.11/24 is directly connected, dp0p224p1.1
C *> 18.104.22.168/32 is directly connected, dp0p224p1.1