Rare project developers

[Frédéric LOUI <>]

Fico feliz que tenha conseguido fazer funcionar!
Parabéns!

Frederic

PS: Not sure if Google traduction translate this accurately … :)

> Le 18 nov. 2022 à 20:47, Gabriel Tetzner 
> <> a écrit :
> 
> Hello Frédéric,
> 
> Eu acho que consegui fazer a vrf reconhecer a saída gateway
> 
> Fiz com hairpin11 e hairpin12 e acertei uma rota da vrf VXLAnN para 1.1.1.1 
> que seria minha saída gateway:
> 
> 
> 
> Em ter., 15 de nov. de 2022 às 18:01, Frédéric LOUI 
> <> escreveu:
> Hi,
> 
> What you are referring is called inter-VRF routing.
> You have multiple ways to achieve that.
> 
> For example you can use: 
> 
> 1- multiple MPLS route-target  and from a site connected to a PE that 
> import both RT, you can do the inter-VRF routing.
> 2- freeRtr has a nice feature feature in order to bon VRF locally that is 
> called hairpin.  Juniper calls this feature logical-tunnel interface)
> 3- Other method, such as route redistribution between VRF etc.
> 
> -2- is good if you are not familiar with service provider MPLS CORE. (I’m 
> not sure about your design choice)
> 
> Take a look at this test case:
> http://docs.freertr.org/guides/reference/md/conn-hairpin01.tst/
> 
> It binds v1 to hairpin11 and v2 to hairpin12, routing is done through this 
> interface.
> 
> The cool thing is that you can apply ACL on hairpin11 and hairpin12 in 
> order to filter traffic.
> 
> Not sure if I understood and answered your question though :-/
> 
> I’ll let mc36 elaborate more if need.
> 
> All the best
> Frederic
> 
> > Le 15 nov. 2022 à 17:30, Gabriel Tetzner 
> > <> a écrit :
> > 
> > Hi all,
> > 
> > sorry for the inconvenience and I know that everyone must be busy,
> > 
> > I managed to make a wireguard client recognize our vxlan's tunnel 
> > infrastructure and reach another router from another available network, 
> > but I need to advance in one thing...
> > 
> > Everything I am doing is separated into a vrf called VXLAN, but there is 
> > a global vrf called INET that freeRouter creates when it is installed in 
> > the virtual machine.
> > 
> > This my global INET vrf has output to the Internet via an Ethernet1 
> > interface that points to an outbound gateway, now consider that I want my 
> > other VXLAN vrf to have output to the Internet so that I have in my 
> > routes the external connectivity.
> > 
> > I thought about creating a second eth2 interface and linking it with 
> > pcapInt afterwards, I haven't done that yet as I tried using a tapInt by 
> > default and within my research, I saw that you have a way to import the 
> > routes from one vrf to the other is what they kind of call leaking, not 
> > sure.
> > 
> > Well, my question is: how can I make this vrf VXLAN communicate with the 
> > output (gateway), using some means that is possible for this?
> > 
> > And on that note...
> > The context of this ẽ́ that I am looking for isolation of my network and 
> > for it to point to the Internet afterwards, I need this to do tests with 
> > SD-WAN as well, since I believe vpdn needs an output to reach the 
> > destination target of the sd-wan server.
> > 
> > Here are some configurations:
> > 
> > prefix-list vrf_inet
> >  sequence 10 permit 0.0.0.0/0 ge 0 le 0
> >  exit              
> > !                  
> > route-map VRF_TO_NET
> >  sequence 10 action permit
> >  sequence 10 match prefix-list vrf_inet
> >  !                 
> >  exit              
> > !                  
> > route-map VRFINET_TO_VXLAN
> >  sequence 10 action permit
> >  sequence 10 match prefix-list vrf_inet
> >  !                 
> >  exit              
> > !          
> >  vrf definition inet
> >  rd 200:200        
> >  import4map VRF_TO_NET
> >  export4map VRFINET_TO_VXLAN
> >  exit              
> > !                              
> > vrf definition vxlan
> >  description vxlan vrf isolation
> >  rd 100:100        
> >  import4map VRFINET_TO_VXLAN
> >  export4map VRF_TO_NET
> >  exit              
> > ! 
> > interface ethernet1
> >  description uplink     
> >  vrf forwarding inet
> >  ipv4 address dynamic dynamic
> >  ipv4 gateway-prefix all4
> >  ipv4 dhcp-client enable
> >  ipv4 dhcp-client early
> >  ipv6 address dynamic dynamic
> >  ipv6 gateway-prefix all6
> >  ipv6 slaac-client enable
> >  ipv6 prefix-suppress
> >  router eigrp4 2 enable
> >  no shutdown       
> >  no log-link-change
> >  exit              
> > !
> > vcpe1#show ipv4 route inet                                                
> >      
> > typ  prefix             metric  iface          hop            time
> > DEF  0.0.0.0/0          0/2     ethernet1      200.x.x.65  00:00:21
> > C    10.255.255.0/24    0/0     ethernet20001  null           12:05:01
> > LOC  10.255.255.254/32  0/1     ethernet20001  null           12:05:01
> > C    200.x.x.64/28   0/0     ethernet1      null           00:00:21
> > REM  200.x.x.65/32   0/0     ethernet1      200.x.x.65  00:00:21
> > LOC  200.x.x.69/32   0/1     ethernet1      null           00:00:21
> >  
> > vcpe1#show ipv4 route vxlan                                               
> >      
> > typ  prefix            metric  iface      hop   time
> > C    10.0.0.0/24       0/0     tunnel2    null  12:09:08
> > LOC  10.0.0.2/32       0/1     tunnel2    null  12:09:08
> > C    124.0.2.0/28      0/0     tunnel1    null  12:09:08
> > LOC  124.0.2.2/32      0/1     tunnel1    null  12:09:08
> > C    200.x.x.85/32  0/0     ethernet2  null  11:27:19
> > 
> > This ethernet2 is the interface I tried to create ;)
> > 
> > Best regards,Gabriel Tetzner Menegueti.
> > 
>