BGP + MPLS

cmurrayis · October 3, 2018, 2:31am

Hi All,

Have spent the last week playing in a lab setup for a deployment I am planning. I have created the lab in the basic sense of four nodes connected in a ring. My issue arises when I pass a customer VRF Site 1 > Site 2 the network functions correctly via the shortest/direct connected path however if I break this path the sites connectivity never recover.

BGP sessions are established between each node to a /32 loopback with static routes for each leg.

Topology:

Configurations:

Brisbane-1

/interface bridge
add fast-forward=no name=lo1
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=10.0.0.2-10.0.0.254
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=ether4 name=dhcp1
/routing bgp instance
add as=1234 name=ISP-Name redistribute-connected=yes redistribute-other-bgp=yes redistribute-static=yes \
    router-id=172.16.0.1
/routing ospf instance
set [ find default=yes ] disabled=yes router-id=172.16.0.1
/ip address
add address=192.168.10.1/30 interface=ether1 network=192.168.10.0
add address=192.168.40.2/30 interface=ether2 network=192.168.40.0
add address=172.16.0.1 interface=lo1 network=172.16.0.1
add address=10.0.0.1/24 interface=ether4 network=10.0.0.0
/ip dhcp-client
add disabled=no interface=ether1
add dhcp-options=hostname,clientid disabled=no interface=ether5
/ip dhcp-server network
add address=10.0.0.0/24 gateway=10.0.0.1
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether5
/ip route
add distance=1 dst-address=172.16.0.2/32 gateway=192.168.10.2
add distance=1 dst-address=172.16.0.4/32 gateway=192.168.40.1
/ip route vrf
add export-route-targets=0:1 import-route-targets=0:1 route-distinguisher=0:1 routing-mark=vrf-customer
/mpls
set propagate-ttl=no
/mpls ldp
set enabled=yes loop-detect=yes lsr-id=172.16.0.1 transport-address=172.16.0.1
/mpls ldp interface
add interface=ether1
add interface=ether2
/routing bgp instance vrf
add instance=ISP-Name redistribute-connected=yes redistribute-ospf=yes redistribute-other-bgp=yes \
    redistribute-rip=yes redistribute-static=yes routing-mark=vrf-customer
/routing bgp peer
add address-families=ip,ipv6,l2vpn,l2vpn-cisco,vpnv4 default-originate=always instance=ISP-Name name=peer1 \
    remote-address=192.168.10.2 remote-as=1234 route-reflect=yes update-source=ether1
add address-families=ip,ipv6,l2vpn,l2vpn-cisco,vpnv4 default-originate=always instance=ISP-Name name=peer2 \
    remote-address=192.168.40.1 remote-as=1234 route-reflect=yes update-source=ether2
/system identity
set name=BNE1

Brisbane-2

/interface bridge
add name=lo1
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=192.168.101.2-192.168.101.254
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=ether5 name=dhcp1
/routing bgp instance
set default disabled=yes
add as=1234 name=ISP-Name redistribute-connected=yes redistribute-other-bgp=\
    yes redistribute-static=yes router-id=172.16.0.4
/routing ospf instance
set [ find default=yes ] router-id=172.16.0.4
/ip address
add address=192.168.101.1/24 interface=ether5 network=192.168.101.0
add address=192.168.30.1/30 interface=ether2 network=192.168.30.0
add address=192.168.40.1/30 interface=ether1 network=192.168.40.0
add address=172.16.0.4 interface=lo1 network=172.16.0.4
/ip dhcp-client
add disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.101.0/24 dns-server=1.1.1.1 gateway=192.168.101.1
/ip route
add distance=1 dst-address=172.16.0.1/32 gateway=192.168.40.2
add distance=1 dst-address=172.16.0.3/32 gateway=192.168.30.2
/ip route vrf
add export-route-targets=0:1 import-route-targets=0:1 interfaces=ether5 \
    route-distinguisher=0:1 routing-mark=vrf-customer
/mpls
set propagate-ttl=no
/mpls ldp
set enabled=yes loop-detect=yes lsr-id=172.16.0.4 transport-address=\
    172.16.0.4
/mpls ldp interface
add interface=ether1
add interface=ether2
/routing bgp instance vrf
add instance=ISP-Name redistribute-connected=yes redistribute-ospf=yes \
    redistribute-other-bgp=yes redistribute-rip=yes redistribute-static=yes \
    routing-mark=vrf-customer
/routing bgp peer
add address-families=ip,ipv6,l2vpn,l2vpn-cisco,vpnv4 instance=ISP-Name name=\
    peer1 remote-address=192.168.30.2 remote-as=1234 route-reflect=yes \
    update-source=ether2
add address-families=ip,ipv6,l2vpn,l2vpn-cisco,vpnv4 instance=ISP-Name name=\
    peer2 remote-address=192.168.40.2 remote-as=1234 route-reflect=yes \
    update-source=ether1
/system identity
set name=BNE-2

Perth-1

/interface bridge
add name=lo1
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/routing bgp instance
add as=1234 name=ISP-Name redistribute-connected=yes redistribute-other-bgp=yes redistribute-static=yes \
    router-id=172.16.0.2
/routing ospf instance
set [ find default=yes ] router-id=172.16.0.2
/ip address
add address=192.168.10.2/30 interface=ether2 network=192.168.10.0
add address=192.168.20.1/30 interface=ether1 network=192.168.20.0
add address=172.16.0.2 interface=lo1 network=172.16.0.2
/ip dhcp-client
add disabled=no interface=ether1
/ip route
add distance=1 dst-address=172.16.0.1/32 gateway=192.168.10.1
add distance=1 dst-address=172.16.0.3/32 gateway=192.168.20.2
/ip route vrf
add export-route-targets=0:1 import-route-targets=0:1 route-distinguisher=0:1 routing-mark=vrf-customer
/mpls
set propagate-ttl=no
/mpls ldp
set enabled=yes loop-detect=yes lsr-id=172.16.0.2 transport-address=172.16.0.2
/mpls ldp interface
add interface=ether1
add interface=ether2
/routing bgp instance vrf
add instance=ISP-Name redistribute-connected=yes redistribute-ospf=yes redistribute-other-bgp=yes \
    redistribute-rip=yes redistribute-static=yes routing-mark=vrf-customer
/routing bgp peer
add address-families=ip,ipv6,l2vpn,l2vpn-cisco,vpnv4 default-originate=always instance=ISP-Name name=peer1 \
    remote-address=192.168.20.2 remote-as=1234 route-reflect=yes update-source=ether1
add address-families=ip,ipv6,l2vpn,l2vpn-cisco,vpnv4 default-originate=if-installed instance=ISP-Name name=\
    peer2 remote-address=192.168.10.1 remote-as=1234 route-reflect=yes update-source=ether2
/system identity
set name=Perth-1

Perth 2

/interface bridge
add name=lo1
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=192.168.8.2-192.168.8.254
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=ether5 name=dhcp1
/routing bgp instance
add as=1234 name=ISP-Name redistribute-connected=yes redistribute-other-bgp=\
    yes redistribute-static=yes router-id=172.16.0.3
/routing ospf instance
set [ find default=yes ] router-id=172.16.0.3
/ip address
add address=192.168.8.1/24 interface=ether5 network=192.168.8.0
add address=192.168.30.2/30 interface=ether1 network=192.168.30.0
add address=192.168.20.2/30 interface=ether2 network=192.168.20.0
add address=172.16.0.3 interface=lo1 network=172.16.0.3
/ip dhcp-client
add disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.8.0/24 dns-server=1.1.1.1 gateway=192.168.8.1
/ip route
add distance=1 dst-address=172.16.0.2/32 gateway=192.168.20.1
add distance=1 dst-address=172.16.0.4/32 gateway=192.168.30.1
/ip route vrf
add export-route-targets=0:1 import-route-targets=0:1 interfaces=ether5 \
    route-distinguisher=0:1 routing-mark=vrf-customer
/mpls
set propagate-ttl=no
/mpls ldp
set enabled=yes loop-detect=yes lsr-id=172.16.0.3 transport-address=\
    172.16.0.3
/mpls ldp interface
add interface=ether1
add interface=ether2
/routing bgp instance vrf
add instance=ISP-Name redistribute-connected=yes redistribute-ospf=yes \
    redistribute-other-bgp=yes redistribute-rip=yes redistribute-static=yes \
    routing-mark=vrf-customer
/routing bgp peer
add address-families=ip,ipv6,l2vpn,l2vpn-cisco,vpnv4 default-originate=\
    if-installed instance=ISP-Name name=peer1 remote-address=192.168.20.1 \
    remote-as=1234 route-reflect=yes update-source=ether2
add address-families=ip,ipv6,l2vpn,l2vpn-cisco,vpnv4 default-originate=\
    if-installed instance=ISP-Name name=peer2 remote-address=192.168.30.1 \
    remote-as=1234 route-reflect=yes update-source=ether1
/system identity
set name=Perth-2

Any assistance is appreciated.

Anumrak · October 3, 2018, 7:11am

MPLS works only with link-state protocols enabled(In Brisbane 1 it’s disabled). So, first of all, enable OSPF, then make sure LDP works correctly, and only then try to troubleshoot your MP-BGP.

cmurrayis · October 3, 2018, 8:04am

Ok I will do that thank you.

In regards to the static routes for the loopbacks; should they be used or removed and rely on ospf to create the table or keep them with arp check and a distance of eg. 255?

Anumrak · October 3, 2018, 11:11am

They better be reachable via OSPF advertisments for redundancy.

cmurrayis · October 8, 2018, 2:04am

Ok thanks - We seem to have another issue now where because we hold a full BGP table on our edge routers we filter only the default to other routers whcih is stopping MPLS from working.

What is the best way to allow all internal MPLS etc through?

Anumrak · October 8, 2018, 11:19am

First of all, do filtering in bgp routes only, not in OSPF. Second, disable IGP synchronization in BGP:
/routing bgp network synchronize=no. It means that bgp won’t compare his routing info with IGP routing table.