Community discussions

MikroTik App
  4. RouterOS
  5. Forwarding Protocols

MPLS LAB Mikrotik as PEs and cisco as LSRs

Post Reply
 
User avatar
dgonzalezh
Trainer
Trainer
Topic Author
Posts: 40
Joined: Wed Jun 05, 2013 9:39 am
Location: Colombia
Contact:
Contact dgonzalezh

MPLS LAB Mikrotik as PEs and cisco as LSRs

Tue Jan 16, 2018 6:22 pm

Hello everyone.

Basically I setup this MPLS topology first on EVE-NG, then live on my lab, the two cisco RTRs (2821) and RouterBOARDS all connected and able to ping each other, as per the picture; OSPF, MPLS and BGP peering work fine, I setup VPLS static tunnels between R1 and RB_206, added them to the LAN vridge, they ping but on the real deal, no web sufing isw available.

Something like this, i think.

https://wiki.mikrotik.com/wiki/Manual:EoMPLS_vs_Cisco

Devices
CCR1009 MPLS LER (BGP RR) connected to the RB750 whch has the cable modem attached (WAN)
CRS125 MPLS LER > this one also is a switch to my servers, proper bridges already setup, ping works
RB750 PE > Cable modem attached to ther1, dhcp-client for public WAN, dhcp-server for 172.16.254.0/23 LAN
RB2011 PE > VPLS to RB750 abd BGP to RR
Cisco 2821 x 2 (these two are my LSRs "P" routers, no BGP on them

All of them have loopbak bridges, OSPF and networks advertised, working OK

Image

Tests
ping 8.8.8.8 OK
ping www.yahoo.com OK
trace IP/doamin OK
ping 172.16.254.254 (LAN GW RB750) OK

But when you open chrome and try anything other than google services (gmail, youtube, etc) nothing else works. I'm very troubled by that.

Also if I do it with BGP VPLS as per this wiki article https://wiki.mikrotik.com/wiki/Manual:B ... le_network and this https://wiki.mikrotik.com/wiki/Manual:MPLSVPLS, BGP VPLS tunnels come up but same problem arises, no web surfing.

This is a test lab of mine but I want to accomplish this because in the real world there are a lot of mixtures and different brands.

If I'm missing configs or some more details, please let me know so I can share configs I've done.

I will much appreciate any insights and thoughts on this, I'm pretty sure I'm missing something, but I've come to the point of stumbling upon the great wall.

Thanks in advance folks.
Top
 
telcouk
newbie
Posts: 31
Joined: Mon Jan 08, 2018 3:50 pm

Re: MPLS LAB Mikrotik as PEs and cisco as LSRs

Tue Jan 16, 2018 6:48 pm

If you can ping web-sites, but you're unable to visit them, it's most likely an MTU issue from experience.

On the Mikrotiks you need to ensure you have an MPLS MTU of at least 1530 to allow an MTU of 1500 on VPLS.
I think you need to setup that even higher if you have tagged ethernet on the VPLS...

The Mikrotiks will clamp the TCP MSS or automatically fragment the packets, either way you don't really want to do that unless you have to.
I'm not sure if the Cisco will do that, hence why you're experiencing the issues.
Top
 
User avatar
dgonzalezh
Trainer
Trainer
Topic Author
Posts: 40
Joined: Wed Jun 05, 2013 9:39 am
Location: Colombia
Contact:
Contact dgonzalezh

Re: MPLS LAB Mikrotik as PEs and cisco as LSRs

Wed Jan 17, 2018 12:10 am

If you can ping web-sites, but you're unable to visit them, it's most likely an MTU issue from experience.

On the Mikrotiks you need to ensure you have an MPLS MTU of at least 1530 to allow an MTU of 1500 on VPLS.
I think you need to setup that even higher if you have tagged ethernet on the VPLS...

The Mikrotiks will clamp the TCP MSS or automatically fragment the packets, either way you don't really want to do that unless you have to.
I'm not sure if the Cisco will do that, hence why you're experiencing the issues.

First of all, thanks for making your firsts posts replies to me, so value, very very fond of you to do that, by the way, welcome to the forum.

Absolutely true, followed your advise and it solved the issue -- with static VPLS tunnels -- still can't get BGP signaled tunnels to work, but I'll make another post on that.

I changed interfaces' MTU to 1600 and MPLS MTU to 1580 on the MPLS backbone (Ciscos) and PE routers (RouterBOARDS), tunnels came up fine, pings worked fine between routers:
Code: Select all
[david@CRS_PE02] > /ping 10.255.255.105 size=1560 do-not-fragment src-address=10.255.255.102
  SEQ HOST                                     SIZE TTL TIME  STATUS
    0 10.255.255.105                           1560  61 1ms
    1 10.255.255.105                           1560  61 1ms
    2 10.255.255.105                           1560  61 1ms
    sent=3 received=3 packet-loss=0% min-rtt=1ms avg-rtt=1ms max-rtt=1ms

[david@CRS_PE02] > /ping 10.255.255.105 size=1580 do-not-fragment src-address=10.255.255.102
  SEQ HOST                                     SIZE TTL TIME  STATUS
    0                                                         packet too lar...
    0 10.255.255.102                            576  64 0ms   fragmentation ...
    1                                                         packet too lar...
    1 10.255.255.102                            576  64 0ms   fragmentation ...
    2                                                         packet too lar...
    2 10.255.255.102                            576  64 0ms   fragmentation ...
    sent=3 received=0 packet-loss=100%
This is reported by cisco
Code: Select all
MPLS_P04#ping 10.255.255.101 size 1576 df-bit
Type escape sequence to abort.
Sending 5, 1576-byte ICMP Echos to 10.255.255.101, timeout is 2 seconds:
Packet sent with the DF bit set
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
MPLS_P04#ping 10.255.255.101 size 1578 df-bit
Type escape sequence to abort.
Sending 5, 1578-byte ICMP Echos to 10.255.255.101, timeout is 2 seconds:
Packet sent with the DF bit set
.....
Success rate is 0 percent (0/5)
NOTE: default MPLS on RouterOS is 1508 <<< issue

I guess this is when when MPLS overhead kicks in. I'd love a jumbo fram capable MPLS backbone, but as there are so many different MTUS and OSPF will scream at me if mtus don't mach, I don't want to go down that path

To avoid disconnecting the rest of my family and getting an ear full 8-/ I added the vpls+virtual AP and I got connection on my phone

Although I have some questions that arose after making it work.

- Should bridges' MTU be changed or not?
- A while back I changed from flat network to VLANS for voice and my networking labs and normal LAN, if I wanted to implement these on this new design, should I use the pw-type=tagged-ethernet on the VPLSs?
- Would I need to up the vpls tunnel MTU or just with the pw-type parameter is enough?.

Thanks again for your valuable help

Cheers!
Top
Post Reply

Who is online

Users browsing this forum: No registered users and 3 guests
  4. RouterOS
  5. Forwarding Protocols