Feature Request: VRF radius/local user attribute - MPLS IPv6 support - fast reroute - EVPN - and redundancy beside VRRP

cbabcock · July 6, 2015, 5:26am

Hey Mikrotik,

I’m designing an MPLS network for corporate site to site VPN service and have a few requests based on what I have encountered.

Radius/local user VRF attribute like Cisco/Juniper et al
IPv6 MPLS support(I thought Mikrotik is used a lot in developing countries where IPv6 is a necessity)
MPLS fast reroute
Ethernet VPN (EVPN) and Provider Backbone Bridging EVPN (PBB-EVPN) support IETF RFC 7432
Some type of technology for fail over beside VRRP
Bug tracker

Keep up the great work!

Chris

nz_monkey · July 6, 2015, 7:57am

The first 4 have been requested many times over the years. Who knows, we might see them in RouterOS v7

cbabcock · July 7, 2015, 2:26pm

Well nz_monkey, hope springs eternal. If we are lucky, squeaky wheel gets the grease?!

Are there any other solution for the VRP attribute issue? I’m using l2tp server static user bindings per site/tunnel, but with hundreds of sites it’s brutal admin time. I did search the forums, but may hours later I couldn’t get anything else to work.

Chris

nz_monkey · July 8, 2015, 12:35pm

Hi Chris,

You can send the Mikrotik-Address-List attribute, with a unique address list name per VRF. This will then add the Framed-IP-Address to the specified address-list. Then use mangle to put traffic to/from IP’s in that address-list in to the right VRF (mark them with the routing-mark)

It is a bit too hacky for my liking though

We currently use Cisco to terminate L2TP and place into VRF’s due to Mikrotik not having the right attributes.

Unfortunately there are quite a few useful RADIUS attributes missing from RouterOS. If only RouterOS had an equivalent to the Cisco AV-Pair attribute.

There are a few other gotchas with RADIUS on RouterOS v5 and v6:

If you use Framed-Route’s RouterOS will NOT add these to any dynamic queues or address-list’s that have been specified.
When using DHCP+RADIUS, if an attribute changes or is removed, on DHCP renew RouterOS does NOT compare the live settings with the returned attributes in all cases, so Rate-Limit’s do not get changed, Framed-Route’s do not get removed.

adrianlewis · July 11, 2015, 2:55am

Just in case it makes any difference, here’s my +1 again for these

bronx · December 7, 2015, 9:07am

+1 required

andersonlich · December 26, 2015, 11:22am

Yes yes, evpn and pbb-vpn should be supported.
Mikrotik should be considered about this, cause mikrotik maybe the 1st manufacturer which able give evpn solution with affordable price. We know evpn has been implemented on highly priced hardware. We have to use juniper mx, Cisco asr9k and alu 77xx series to have this feature(evpn).

This should be awesome.