0

I'm having issues with 2 VyOS routers, not being able to ping IP address on VIF interfaces. Below is the configuration on the router, which is also running BGP (which I've confirmed is working as expected).

high-availability {
    vrrp {
        group VL200 {
            hello-source-address 203.0.113.28
            interface eth1.200
            no-preempt
            peer-address 203.0.113.29
            priority 200
            virtual-address 203.0.113.30/27
            vrid 20
        }
    }
}
interfaces {
    ethernet eth0 {
        hw-id nn:nn:nn:nn:nn:nn
        vif 65 {
            address 192.0.2.1/29
        }
    }
    ethernet eth1 {
        address 203.0.113.111/32
        hw-id nn:nn:nn:nn:nn:nn
        vif 100 {
            address 10.20.0.252/24
        }
        vif 200 {
            address 203.0.113.28/27
        }
    }
    loopback lo {
        address 203.0.113.222/32
    }
}
protocols {
    bgp 64511 {
        address-family {
            ipv4-unicast {
                network 203.0.113.0/24 {
                }
            }
        }
        neighbor 192.0.2.6 {
            ebgp-multihop 2
            remote-as 64496
            update-source 192.0.2.1
        }
        parameters {
            router-id 192.0.2.1
        }
    }
    static {
        route 0.0.0.0/0 {
            next-hop 192.0.2.6 {
                distance 253
            }
        }
        route 203.0.113.0/24 {
            blackhole {
                distance 254
            }
        }
    }
}

From an external computer, I am able to ping 203.0.113.111 and 203.0.113.222, however I cannot ping 203.0.113.28 or 203.0.113.30. My config does not appear to be missing anything that I know of.

Christopher H
  • 368
  • 2
  • 18
  • check that your VLANs 100 and 200 are actually up. – Ron Trunk Oct 09 '20 at 12:16
  • @RonTrunk I did check, and the interfaces are up. – Christopher H Oct 10 '20 at 10:37
  • Could you please tell us the IP address of the external computer, and whether it is a Windows system or Linux? – Binarus Oct 12 '20 at 18:54
  • Hi @Binarus, the external computer could be any device on the internet and not just a specific address, and the computer could be running any OS (Windows/*nix/Mac). These are public-facing BGP routers and I have confirmed with the upstream peer that the prefix 203.0.113.0/24 is being announced and filtered correctly. This was also confirmed by completing basic connectivity testing (ICMP, SSH, etc). FYI: 203.0.113.0/24 is an RFC 5737 (Reserved for Documentation) prefix, and is not the actual prefix being announced. – Christopher H Oct 14 '20 at 03:58
  • I see, thank you very much. Then the cause of the problem is probably much more complicated than I suspected, and I can't help any more. Good luck! – Binarus Oct 14 '20 at 07:12

0 Answers0