Hello colleagues, it may seem fun but I'm a very curious have a tunnel which vpls which customers can access only some sites including Google services (Orkut, Gmail, SEARCH) and some sites of banks such as Bradesco, have done and redid the setup several times and that puzzles me is that I have another RB identical in the same tower and in this everything is working ok.

My scenario is as follows: I have a RB1000 (1) connected with a cable RB411AH (2) is in turn communicates with other RB411AH (3) and this is on a switch and it linked the two RBS RB433AH (4 ) and RB433AH (5).

cfg RB1000 (1) ROS v4.2:
/ip address
add address=XXX.XXX.49.113/24 broadcast=XXX.XXX.49.255 comment=Wan disabled=no \
interface="ether1 - WAN" network=XXX.XXX.49.0
add address=192.168.7.44/24 broadcast=192.168.7.255 comment=Wan disabled=no \
interface="ether1 - WAN" network=192.168.7.0
add address=1.0.1.1/32 broadcast=1.0.1.1 comment="ID MPLS" disabled=no \
interface=lobridge network=1.0.1.1

/ip route
add check-gateway=ping comment="" disabled=no distance=1 dst-address=\
0.0.0.0/0 gateway=XXX.XXX.49.1 scope=30 target-scope=10

/interface bridge

add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \
comment="" disabled=no forward-delay=15s l2mtu=1500 max-message-age=20s \
mtu=1500 name=Setoriais priority=0x8000 protocol-mode=none \
transmit-hold-count=6

/interface bridge port

add bridge=Setoriais comment="" disabled=no edge=auto external-fdb=auto \
horizon=none interface=1011_1062 path-cost=10 point-to-point=auto \
priority=0x80
add bridge=Setoriais comment="" disabled=no edge=auto external-fdb=auto \
horizon=none interface=1011_1063 path-cost=10 point-to-point=auto \
priority=0x80
add bridge=Setoriais comment="" disabled=no edge=auto external-fdb=auto \
horizon=none interface="ether1 - WAN" path-cost=10 point-to-point=auto \
priority=0x80



/ mpls
Set Dynamic-label-range = 16-1048575 propagate-ttl = yes
/ mpls interface
add comment = "" disabled = no interface = all-mpls mtu = 1508
/ mpls ldp
September distribute-for-default-route = no enabled = yes-hop limit = 255 loop-detect = no \
lsr-id = 1.0.1.1 path-vector-limit = 255 transport-address = 1.0.1.1 \
use-explicit-null = no
/ mpls ldp interface
add accept-dynamic-neighbors = yes comment = "" disabled = no hello-interval = 5s \
hold-time = 15s interface = "ether2 - MPLS" transport-address = 0.0.0.0

/ interface vpls
add-advertised l2mtu = 1500 arp = enabled cisco-style = no cisco-style-id = 0 \
comment = disable-running-check = no disabled = no l2mtu = 1500 \
mac-address = 02:4 B: 30:72: A9: 20 mtu = 1500 name = 1011_1063 pw-type = \
raw-ethernet remote-peer = 1.0.6.3 vpls-id = 1.0.6.3:0
add-advertised l2mtu = 1500 arp = enabled cisco-style = no cisco-style-id = 0 \
comment = disable-running-check = no disabled = no l2mtu = 1500 \
mac-address = 02: B7: 84:53: FB: 28 mtu = 1500 name = 1011_1062 pw-type = \
raw-ethernet remote-peer = 1.0.6.2 vpls-id = 1.0.6.2:0




RB411AH (2) ROS v4.4:
RB411AH (2) ROS v4.4:

RB433AH (4 working) ROS 4.0RC1:

/ip address
add address=192.168.7.209/24 broadcast=192.168.7.255 comment="" disabled=no \
interface=1011_1062 network=192.168.7.0
add address=XXX.XXX.53.0/25 broadcast=XXX.XXX.53.127 comment="" disabled=no \
interface=1011_1062 network=XXX.XXX.53.0
add address=XXX.XXX.49.117/24 broadcast=XXX.XXX.49.255 comment="" disabled=no \
interface=1011_1062 network=XXX.XXX.49.0
add address=1.0.6.2/32 broadcast=1.0.6.2 comment="" disabled=no interface=\
lobridge network=1.0.6.2
add address=10.1.6.2/26 broadcast=10.1.6.63 comment="" disabled=no interface=\
ether2 network=10.1.6.0

/ip route
add check-gateway=ping comment="" disabled=no distance=1 dst-address=\
0.0.0.0/0 gateway=XXX.XXX.49.1 scope=30 target-scope=10


/ mpls
Set Dynamic-label-range = 16-1048575 propagate-ttl = yes
/ mpls interface
add comment = "" disabled = no interface = all-mpls mtu = 1508
/ mpls ldp
September distribute-for-default-route = no enabled = yes-hop limit = 255 loop-detect = no \
lsr-id = 1.0.6.2 path-vector-limit = 255 transport-address = 1.0.6.2 \
use-explicit-null = no
/ mpls ldp interface
add accept-dynamic-neighbors = yes comment = "" disabled = no hello-interval = 5s \
hold-time = 15s = interface ether2 transport-address = 0.0.0.0
add accept-dynamic-neighbors = yes comment = "" disabled = no hello-interval = 5s \
hold-time = 15s = interface Ether3 transport-address = 0.0.0.0
add accept-dynamic-neighbors = yes comment = "" disabled = no hello-interval = 5s \
hold-time = 15s = interface Ether1 transport-address = 0.0.0.0

/ interface vpls
add-advertised l2mtu = 1500 arp = enabled cisco-style = no cisco-style-id = 0 \
comment = "" disable-running-check = no disabled = no l2mtu = 1500 mac-address = \
02:5 D: 7F: 1D: F8: 90 mtu = 1500 name = 1011_1062 pw-raw-type = ethernet \
remote-peer = 1.0.1.1 vpls-id = 1.0.6.2:0
add-advertised l2mtu = 1500 arp = enabled cisco-style = no cisco-style-id = 0 \
comment = "" disable-running-check = no disabled = yes mac-address = \
02:9 C: CF: 7E: 06: D9 mtu = 1500 name = 2012_1062 pw-raw-type = ethernet \


RB433AH (4 not working) ROS 4.0RC1:
/ip address
add address=192.168.7.171/24 broadcast=192.168.7.255 comment="" disabled=no \
interface=1011_1063 network=192.168.7.0
add address=XXX.XXX.49.153/24 broadcast=XXX.XXX.49.255 comment="" disabled=no \
interface=2012_1063 network=XXX.XXX.49.0
add address=1.0.6.3/32 broadcast=1.0.6.3 comment="" disabled=no interface=\
lobridge network=1.0.6.3
add address=10.1.6.3/26 broadcast=10.1.6.63 comment="" disabled=no interface=\
ether2 network=10.1.6.0
add address=172.16.171.1/24 broadcast=172.16.171.255 comment="" disabled=no \
interface=1011_1063 network=172.16.171.0
add address=XXX.XXX.61.160/28 broadcast=XXX.XXX.61.175 comment="" disabled=no \
interface=1011_1063 network=XXX.XXX.61.160

/ip route
add check-gateway=ping comment="" disabled=no distance=1 dst-address=\
0.0.0.0/0 gateway=XXX.XXX.49.1 scope=30 target-scope=10



/ mpls
Set Dynamic-label-range = 16-1048575 propagate-ttl = yes
/ mpls interface
add comment = "" disabled = no interface = all-mpls mtu = 1508
/ mpls ldp
September distribute-for-default-route = no enabled = yes-hop limit = 255 loop-detect = no \
lsr-id = 1.0.6.3 path-vector-limit = 255 transport-address = 1.0.6.3 \
use-explicit-null = no
/ mpls ldp interface
add accept-dynamic-neighbors = yes comment = "" disabled = no hello-interval = 5s \
hold-time = 15s = interface Ether1 transport-address = 0.0.0.0
add accept-dynamic-neighbors = yes comment = "" disabled = no hello-interval = 5s \
hold-time = 15s = interface ether2 transport-address = 0.0.0.0
add accept-dynamic-neighbors = yes comment = "" disabled = no hello-interval = 5s \
hold-time = 15s = interface Ether3 transport-address = 0.0.0.0

/ interface vpls
add-advertised l2mtu = 1500 arp = enabled cisco-style = no cisco-style-id = 0 \
comment = "" disable-running-check = no disabled = no l2mtu = 1500 mac-address = \
02: F8: 63: BC: F9: B0 mtu = 1500 name = 1011_1063 pw-raw-type = ethernet \
remote-peer = 1.0.1.1 vpls-id = 1.0.6.3:0


I am open to any affectionate test that is suggested, at first thought he could be a problem related to summer plates so I left the two with the same version.
Thank you and more.

I have the same problem!! The only difference is when I have no intermediate router works!! The costumer has a complete outside access. But when i try to implement the vpls with a costumer using either intermediate router or bonding the routing for outside network doesn’t work, only the internal routing....
It’s not a solution but more details...

I have the same problem!! The only difference is when I have no intermediate router works!! The costumer has a complete access. But when i try to implement the vpls with a costumer using either intermediate router or bonding the routing for outside network doesn’t work, only the internal routing....
It’s not a solution but more details...

Have you solved?

When router encapsulates Ethernet frame to forward over VPLS pseudowire, it checks if packet size + VPLS CW + MPLS labels exceeds MPLS MTU of outgoing interface. If it does, VPLS will fragment frame. In this example 1514byte layer2 packets are forwarded over VPLS, router adds CW (8bytes) and one MPLS tag (4bytes) it means that to avoid fragmentation MPLS MTU must be increased to 1526
Ethernet port should be capable of sending 1526 byte L2MTU packets. For more information and supported L2MTU values on RouterBoards refer to http://wiki.mikrotik.com/wiki/Maximum_T ... uterBoards

Note: If interface does not support L2MTU specified as mpls-mtu, then packets will be silently dropped.

Enjoy.