mpls/vpls over vlan

RouterOS Forwarding Protocols
1

Hey i’ve been working on getting mpls/vpls to work with a vlan for use with public ip customers later. This is the code from a test network that I setup. In the real network the links between the routers will be ubiquiti wireless backhauls and there will be unifi routers. I was hoping to see if someone could look over my code and see if anything looks weird it’s working in the test environment but I need to make sure it will be working when I role it out. I was wondering about my mtu i have it set to 1508 (not sure if that’s right) and I guess i’ll have to change the mtu on the switch and wireless backhaul too? For something like this I probably wont need to change anything to proxy-arp right? I just had a lot of trouble figuring this out for some reason so wanted to double check it.

thanks

Edge router

/interface bridge
add name=Managment
add name=bridge2
add fast-forward=no name=vpls protocol-mode=none
/interface ethernet
set [ find default-name=ether1 ] arp=proxy-arp comment=Internet mtu=1508 \
    speed=100Mbps
set [ find default-name=ether2 ] comment=Jlkz mtu=1508 speed=100Mbps
set [ find default-name=ether3 ] comment=Elroy speed=100Mbps
set [ find default-name=ether4 ] speed=100Mbps
set [ find default-name=ether5 ] speed=100Mbps
set [ find default-name=ether6 ] speed=100Mbps
set [ find default-name=ether7 ] speed=100Mbps
set [ find default-name=ether8 ] speed=100Mbps
set [ find default-name=ether9 ] speed=100Mbps
/interface vpls
add advertised-l2mtu=1508 disabled=no l2mtu=1508 mac-address=\
    02:FE:FF:13:D6:48 mtu=1508 name=vpls.jlkz remote-peer=192.168.255.101 \
    vpls-id=1:1
add advertised-l2mtu=1508 disabled=no l2mtu=1508 mac-address=\
    02:FE:FF:13:D6:48 mtu=1508 name=vpls.sonya remote-peer=192.168.255.103 \
    vpls-id=3:3
/interface vlan
add interface=ether1 mtu=1508 name=vlan140 vlan-id=140
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=10.20.2.50-10.20.3.254
add name=pool1 ranges=192.168.10.10-192.168.10.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge2 name=DHCP
add address-pool=pool1 disabled=no interface=vpls name=test
/routing bgp instance
set default as=27
/routing ospf instance
set [ find default=yes ] distribute-default=always-as-type-1 mpls-te-area=\
    backbone mpls-te-router-id=Managment router-id=192.168.255.100
/interface bridge port
add bridge=bridge2 hw=no interface=ether6
add bridge=bridge2 hw=no interface=ether7
add bridge=bridge2 hw=no interface=ether8
add bridge=bridge2 hw=no interface=ether9
add bridge=vpls interface=vlan140
add bridge=vpls interface=vpls.jlkz
add bridge=vpls interface=vpls.sonya
/ip address
add address=192.168.255.100 interface=Managment network=192.168.255.100
add address=172.20.0.1/29 comment=jlkz interface=ether2 network=172.20.0.0
add address=10.0.0.45/23 interface=ether1 network=10.0.0.0
add address=10.20.2.1/23 interface=bridge2 network=10.20.2.0
add address=172.20.0.9/29 comment=Elroy interface=ether3 network=172.20.0.8
add address=192.168.10.1/24 interface=vlan140 network=192.168.10.0
/ip dhcp-server network
add address=10.20.2.0/23 dns-server=8.8.8.8,8.8.4.4 gateway=10.20.2.1
add address=192.168.10.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.10.1
/ip dns
set servers=8.8.8.8,8.8.4.4
/ip firewall address-list
add address=10.20.2.0/23 list=routers
add address=172.20.0.0/24 list=routers
add address=10.20.8.0/23 list=routers
add address=10.20.4.0/23 list=routers
add address=192.168.10.0/24 list=routers
add address=10.20.6.0/23 list=routers
add address=10.20.10.0/23 list=routers
add address=10.20.12.0/23 list=routers
/ip firewall nat
add action=masquerade chain=srcnat src-address-list=routers
/ip route
add distance=1 gateway=10.0.0.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/mpls ldp
set enabled=yes loop-detect=yes lsr-id=192.168.255.100 transport-address=\
    192.168.255.100
/mpls ldp interface
add interface=ether2
/routing bgp network
add network=10.20.2.0/23 synchronize=no
add disabled=yes network=192.168.10.0/24 synchronize=no
/routing bgp peer
add in-filter=ospf-in name=Jlkz out-filter=ospf-out remote-address=\
    192.168.255.101 remote-as=27 route-reflect=yes ttl=default update-source=\
    Managment
add in-filter=ospf-in name=Elroy out-filter=ospf-out remote-address=\
    192.168.255.102 remote-as=27 route-reflect=yes ttl=default update-source=\
    Managment
/routing ospf interface
add cost=2 interface=ether2 network-type=point-to-point
add cost=2 interface=ether3 network-type=point-to-point
/routing ospf network
add area=backbone network=192.168.255.100/32
add area=backbone comment=jlkz network=172.20.0.0/29
add area=backbone comment=Elroy network=172.20.0.8/29
/system clock
set time-zone-name=America/New_York
/system identity
set name=edge2
/system routerboard settings
set silent-boot=no

jlkz router


/interface bridge
add name=Managment
add name=bridge4
add fast-forward=no name=vpls protocol-mode=none
/interface ethernet
set [ find default-name=ether1 ] comment=Edge mtu=1508 speed=100Mbps
set [ find default-name=ether2 ] comment=Sonya mtu=1508 speed=100Mbps
set [ find default-name=ether3 ] speed=100Mbps
set [ find default-name=ether4 ] speed=100Mbps
set [ find default-name=ether5 ] speed=100Mbps
set [ find default-name=ether6 ] speed=100Mbps
set [ find default-name=ether7 ] speed=100Mbps
set [ find default-name=ether8 ] speed=100Mbps
set [ find default-name=ether9 ] speed=100Mbps
/interface vpls
add advertised-l2mtu=1508 disabled=no l2mtu=1508 mac-address=\
    02:40:35:FB:F5:F3 mtu=1508 name=vpls.edge remote-peer=192.168.255.100 \
    vpls-id=1:1
/interface vlan
add interface=bridge4 mtu=1508 name=vlan140 vlan-id=140
add interface=bridge4 name=vlan600 vlan-id=600
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
add hotspot-address=10.21.4.1 login-by=mac,http-chap,http-pap \
    mac-auth-password=visp name=hsprof1 use-radius=yes
/ip hotspot
add disabled=no idle-timeout=50m interface=vlan600 name=hotspot1 profile=\
    hsprof1
/ip hotspot user profile
set [ find default=yes ] add-mac-cookie=no on-logout="/ip hotspot host remove \
    [find where address=\94\$address\94 and !authorized and !bypassed] "
/ip pool
add name=DHCP_Pool ranges=10.20.4.50-10.20.5.254
add name=hs-pool-19 ranges=10.21.4.50-10.21.5.254
/ip dhcp-server
add address-pool=DHCP_Pool disabled=no interface=bridge4 name=DHCP
add address-pool=hs-pool-19 disabled=no interface=vlan600 lease-time=1h name=\
    dhcp1
/queue type
set 9 kind=red
/routing bgp instance
set default as=27
/routing ospf instance
set [ find default=yes ] mpls-te-area=backbone mpls-te-router-id=Managment \
    router-id=192.168.255.101
/interface bridge port
add bridge=bridge4 hw=no interface=ether7
add bridge=bridge4 hw=no interface=ether8
add bridge=bridge4 hw=no interface=ether6
add bridge=vpls interface=vlan140
add bridge=vpls interface=vpls.edge
add bridge=vpls disabled=yes interface=ether1
/ip address
add address=172.20.0.2/29 comment=Edge interface=ether1 network=172.20.0.0
add address=192.168.255.101 interface=Managment network=192.168.255.101
add address=10.20.4.1/23 interface=bridge4 network=10.20.4.0
add address=172.20.0.17/29 comment=Sonya interface=ether2 network=172.20.0.16
add address=10.21.4.1/23 interface=vlan600 network=10.21.4.0
/ip dhcp-server network
add address=10.20.4.0/23 dns-server=8.8.8.8,8.8.4.4 gateway=10.20.4.1
add address=10.21.4.0/23 comment="hotspot network" gateway=10.21.4.1
/ip dns
set servers=8.8.8.8,8.8.4.4
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    src-address=10.21.4.0/23
/ip hotspot ip-binding
add address=10.20.4.0/23 type=bypassed
add address=10.21.4.0/23
add address=0.0.0.0/0 type=blocked
/ip hotspot user
add name=admin password=????
/ip hotspot walled-garden
add comment="place hotspot rules here" disabled=yes
/ip hotspot walled-garden ip
add action=accept disabled=no !dst-address !dst-address-list dst-host=\
    ocsp.godaddy.com !dst-port !protocol !src-address !src-address-list
add action=accept disabled=no !dst-address !dst-address-list dst-host=\
    secure7.userservices.net !dst-port !protocol !src-address \
    !src-address-list
add action=accept disabled=no !dst-address !dst-address-list dst-host=\
    wlogin.userservices.net !dst-port !protocol !src-address \
    !src-address-list
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/mpls ldp
set enabled=yes loop-detect=yes lsr-id=192.168.255.101 transport-address=\
    192.168.255.101
/mpls ldp interface
add interface=ether1
add interface=ether2
/radius
???
/radius incoming
set accept=yes
/routing bgp network
add network=10.20.4.0/23 synchronize=no
/routing bgp peer
add name=edge remote-address=192.168.255.100 remote-as=27 route-reflect=yes \
    ttl=default update-source=Managment
add name=Sonya remote-address=192.168.255.103 remote-as=27 route-reflect=yes \
    ttl=default update-source=Managment
/routing ospf interface
add cost=2 interface=ether1 network-type=point-to-point
add cost=2 interface=ether2 network-type=point-to-point
/routing ospf network
add area=backbone network=192.168.255.101/32
add area=backbone network=172.20.0.0/29
add area=backbone network=172.20.0.16/29
/system clock
set time-zone-name=America/New_York
/system identity
set name=Jlkz
/system ntp client
set enabled=yes primary-ntp=209.51.161.238 secondary-ntp=50.129.194.189
/system routerboard settings
set silent-boot=no

sonya router 
/interface bridge
add name=Managment
add name=bridge8
add fast-forward=no name=vpls protocol-mode=none
/interface ethernet
set [ find default-name=ether1 ] comment=jlkz mtu=1508 speed=100Mbps
set [ find default-name=ether2 ] speed=100Mbps
set [ find default-name=ether3 ] comment="To josh c" speed=100Mbps
set [ find default-name=ether4 ] speed=100Mbps
set [ find default-name=ether5 ] speed=100Mbps
set [ find default-name=ether6 ] speed=100Mbps
set [ find default-name=ether7 ] speed=100Mbps
set [ find default-name=ether8 ] speed=100Mbps
set [ find default-name=ether9 ] speed=100Mbps
/interface vpls
add advertised-l2mtu=1508 disabled=no l2mtu=1508 mac-address=\
    02:18:A9:AC:C6:C4 mtu=1508 name=vpls.edge remote-peer=192.168.255.100 \
    vpls-id=3:3
/interface vlan
add interface=bridge8 mtu=1508 name=vlan140 vlan-id=140
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=DHCP_Pool ranges=10.20.8.50-10.20.9.254
/ip dhcp-server
add address-pool=DHCP_Pool disabled=no interface=bridge8 name=DHCP
/routing bgp instance
set default as=27
/routing ospf instance
set [ find default=yes ] router-id=192.168.255.103
/interface bridge port
add bridge=bridge8 hw=no interface=ether9
add bridge=bridge8 hw=no interface=ether8
add bridge=bridge8 hw=no interface=ether7
add bridge=bridge8 hw=no interface=ether6
add bridge=vpls interface=vlan140
add bridge=vpls interface=vpls.edge
/ip address
add address=10.20.8.1/23 interface=bridge8 network=10.20.8.0
add address=192.168.255.103 interface=Managment network=192.168.255.103
add address=172.20.0.18/29 comment=jlkz interface=ether1 network=172.20.0.16
add address=172.20.0.34/29 comment="Josh C" interface=ether3 network=\
    172.20.0.32
/ip dhcp-server network
add address=10.20.8.0/23 dns-server=8.8.8.8,8.8.4.4 gateway=10.20.8.1
/ip dns
set servers=8.8.8.8,8.8.4.4
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/mpls ldp
set enabled=yes loop-detect=yes lsr-id=192.168.255.103 transport-address=\
    192.168.255.103
/mpls ldp interface
add interface=ether1
/routing bgp network
add network=10.20.8.0/23 synchronize=no
/routing bgp peer
add name=jlkz remote-address=192.168.255.101 remote-as=27 route-reflect=yes \
    ttl=default update-source=Managment
add in-filter=ospf-in name=joshc out-filter=ospf-out remote-address=\
    192.168.255.105 remote-as=27 route-reflect=yes ttl=default update-source=\
    Managment
/routing ospf interface
add cost=2 interface=ether1 network-type=point-to-point
add cost=3 interface=ether3 network-type=point-to-point
/routing ospf network
add area=backbone network=192.168.255.103/32
add area=backbone comment=jlkz network=172.20.0.16/29
add area=backbone comment="Josh C" network=172.20.0.32/29
/system clock
set time-zone-name=America/New_York
/system identity
set name=Sonya
/system routerboard settings
set silent-boot=no
2

Oh yeah also would it be better to switch the vpls to (bgp vpls)?

3

Ok so changed the MTU back to 1500 I think the first time i tried it I didn’t change it under mpls interface. Still seems to be working.

4

Take a look at this if you want an example of a production deployment with HA for VPLS and public subnets.

Configs are in this post - https://www.stubarea51.net/2018/04/23/wisp-design-building-highly-available-vpls-for-public-subnets/

5

Why the Interfaces who goes in OSPF,you setting ip dhcp client,like..

/routing ospf network
add area=backbone network=10.1.1.0/24

/ip dhcp-client
add disabled=no interface=ether1




Thanks

6

Would mpls/vpls work with two internet connections? In our real network we have two fiber lines in different locations with different static ip blocks from spectrum. each fiber has routers that use them as their main link but if something goes down they can switch to the other for backup.