MPLS/VPLS Public Statics

jkjkrules · May 22, 2017, 4:53pm

I’m trying to find a way to setup public statics without subnetting at each router and losing ips.
I’m running ospf with a management ip address. I was able to get MPLS setup but I turned it back off because everything was trying to go thru it and I just want to use it for the statics. Would I need to setup a vlan for this? Would I need a different loopback ip from the one i’m using for ospf?
Would I do something like this? (simplified version there’s more routers then that)

/interface bridge add name=lobridge
/ip address add address=192.168.255.1/32 interface=Management

/routing ospf instance
set distribute-default=never redistribute-connected=as-type-1 router-id=192.168.255.1
/routing ospf network
add area=backbone network=(networks)

/mpls ldp
set enabled=yes lsr-id=192.168.255.1 transport-address=192.168.255.1
/mpls ldp interface
add interface=ether1
add interface=ether7
add interface=ether8

/interface vpls add name=A1toA2 remote-peer=192.168.255.10 mac-address=00:00:00:00:00:a1 vpls-id=1:0 disabled=no
/interface vpls add name=A1toA3 remote-peer=192.168.255.7 mac-address=00:00:00:00:00:a1 vpls-id=1:0 disabled=no
/interface vpls add name=A1toA4 remote-peer=192.168.255.9 mac-address=00:00:00:00:00:a1 vpls-id=1:0 disabled=no
/interface vpls add name=A1toA5 remote-peer=192.168.255.6 mac-address=00:00:00:00:00:a1 vpls-id=1:0 disabled=no

/interface bridge add name=lobridge
/ip address add address=192.168.255.10/32 interface=Management

/routing ospf instance
set distribute-default=never redistribute-connected=as-type-1 router-id=192.168.255.10
/routing ospf network
add area=backbone network=(networks)

/mpls ldp
set enabled=yes lsr-id=192.168.255.10 transport-address=192.168.255.10
/mpls ldp interface
add interface=ether8

/interface vpls add name=A2toA1 remote-peer=192.168.255.1 mac-address=00:00:00:00:00:a2 vpls-id=1:0 disabled=no

/interface bridge add name=lobridge
/ip address add address=192.168.255.7/32 interface=Management

/routing ospf instance
set distribute-default=never redistribute-connected=as-type-1 router-id=192.168.255.7
/routing ospf network
add area=backbone network=(networks)

/mpls ldp
set enabled=yes lsr-id=192.168.255.7 transport-address=192.168.255.7
/mpls ldp interface
add interface=ether8
add interface=ether7

/interface vpls add name=A3toA1 remote-peer=192.168.255.1 mac-address=00:00:00:00:00:a3 vpls-id=1:0 disabled=no
/interface vpls add name=A3toA5 remote-peer=192.168.255.6 mac-address=00:00:00:00:00:a3 vpls-id=1:0 disabled=no

/interface bridge add name=lobridge
/ip address add address=192.168.255.9/32 interface=Management

/routing ospf instance
set distribute-default=never redistribute-connected=as-type-1 router-id=192.168.255.9
/routing ospf network
add area=backbone network=(networks)

/mpls ldp
set enabled=yes lsr-id=192.168.255.9 transport-address=192.168.255.9
/mpls ldp interface
add interface=ether8

/interface vpls add name=A4toA1 remote-peer=192.168.255.1 mac-address=00:00:00:00:00:a4 vpls-id=1:0 disabled=no

/interface bridge add name=lobridge
/ip address add address=192.168.255.6/32 interface=Management

/routing ospf instance
set distribute-default=never redistribute-connected=as-type-1 router-id=192.168.255.6
/routing ospf network
add area=backbone network=(networks)

/mpls ldp
set enabled=yes lsr-id=192.168.255.6 transport-address=192.168.255.6
/mpls ldp interface
add interface=ether8

/interface vpls add name=A5toA1 remote-peer=192.168.255.1 mac-address=00:00:00:00:00:a3 vpls-id=1:0 disabled=no
/interface vpls add name=A5toA3 remote-peer=192.168.255.7 mac-address=00:00:00:00:00:a3 vpls-id=1:0 disabled=no

jkjkrules · May 24, 2017, 2:05pm

bump

jkarras · June 1, 2017, 4:05am

Network diagram would help.

troy · June 1, 2017, 6:10pm

+1 on a diagram, but from the configs you posted, you’ve got a ways to go. It would also help if you were to use

[code/]

tags to make your configs more readable.

In your VPLS config, you need to specify a unique vpls-id for each tunnel and generally speaking, endpoints do not need to connect to each other, only to the gateway.

Your traffic isn’t actually going over VPLS, but once MPLS is enabled, all traffic will be labeled and a traceroute will reflect that:

 # ADDRESS                          LOSS SENT    LAST     AVG    BEST   WORST STD-DEV STATUS                                                 
 1 172.17.85.201                      0%    4  11.6ms    20.9    11.2    36.7    10.5 <MPLS:L=1154,E=0>                                      
 2 172.17.88.38                       0%    4   7.9ms    12.9     7.9    24.5     6.8 <MPLS:L=4377,E=0>                                      
 3 172.17.88.77                       0%    4   7.4ms    10.7     7.4    15.3     3.4 <MPLS:L=7042,E=0>                                      
 4 172.17.85.235                      0%    3   6.5ms     8.6     6.5    11.2       2 <MPLS:L=19,E=0>                                        
 5 172.17.82.1                        0%    3  13.7ms     9.6     5.7    13.7     3.3

On that particular network, every site has a VPLS tunnel back to our core router, which sounds an awful lot like what you’re wanting to do. VPLS, on it’s own, will not keep your L3 traffic separated. Use the VPLS tunnels to connect bridge interfaces on each of your routers and go from there.

Here’s a partial configuration from my core router:

/mpls ldp
set enabled=yes lsr-id=172.17.84.1 transport-address=172.17.84.1

/mpls ldp interface
add interface=ether5
add interface=sfp2
add interface=ether10

/interface vpls
add advertised-l2mtu=1508 disabled=no l2mtu=1508 mac-address=02:54:3A:64:E9:90 name=vpls.41 remote-peer=172.17.85.41 vpls-id=84:41
add advertised-l2mtu=1508 disabled=no l2mtu=1508 mac-address=02:BD:1E:04:5E:3B name=vpls.49 remote-peer=172.17.84.49 vpls-id=84:49

/interface bridge
add mtu=1500 name=Bridge.VPLS priority=0x2000
add mtu=1500 name=lo0 protocol-mode=none

/interface bridge port
add bridge=Bridge.VPLS horizon=2 interface=vpls.41
add bridge=Bridge.VPLS horizon=2 interface=vpls.49

/interface vlan
add comment="ISP1" interface=Bridge.VPLS name=Bridge.VPLS.1530 vlan-id=1530
add comment="ISP2" interface=Bridge.VPLS name=Bridge.VPLS.1540 vlan-id=1540

At that point, I can then either add a Layer-3 gateway to the VLANs or continue with Layer-2 transport to their equipment.

Here’s a config from one of my end points:

/mpls ldp
set enabled=yes lsr-id=172.17.85.41 transport-address=172.17.85.41

/mpls ldp interface
add interface=ether1
add interface=ether2
add interface=sfp1

/interface vpls
add advertised-l2mtu=1508 disabled=no l2mtu=1508 mac-address=02:DE:A5:6E:86:2D name=vpls.core remote-peer=172.17.84.1 vpls-id=84:41

/interface bridge
add name=LAN_Bridge
add name=lo0

/interface bridge port
add bridge=LAN_Bridge horizon=1 interface=vpls.core
add bridge=LAN_Bridge horizon=2 interface=ether3

Now… if you only have a few static IPs to worry about and you already have OSPF running, then there’s a MUCH easier way to do this. Say you need to assign a static IP of 100.69.212.14 to a customer. On your router, add an address:

/ip address add address=100.69.212.1/32 network=100.69.212.14 interface=LAN

This will create a gateway address and a route. The customer’s config will look 100% normal to them:

IP Address: 100.65.212.14
Netmask: 255.255.255.240
Gatway: 100.69.212.1

jkjkrules · June 20, 2017, 3:41pm

Thanks for your reply Troy. It was very helpful. I’m still a little confused but it’s coming together.

I had a few questions about your config on the end point

/mpls ldp interface
add interface=ether1
add interface=ether2
add interface=sfp1

/interface bridge port
add bridge=LAN_Bridge horizon=1 interface=vpls.core
add bridge=LAN_Bridge horizon=2 interface=ether3

What are these ports?
I’m guessing the mpls interfaces are
sfp1 = to core
ether1 = other router
ether2 = other router
and the ether3 is that the port that will send data thru the tunnel to the core router?

Also the vlans would they be added to the LAN_Bridge in the other routers?

thanks

troy · June 22, 2017, 5:05pm

jkjkrules:

Thanks for your reply Troy. It was very helpful. I’m still a little confused but it’s coming together.

I had a few questions about your config on the end point
/mpls ldp interface
add interface=ether1
add interface=ether2
add interface=sfp1

/interface bridge port
add bridge=LAN_Bridge horizon=1 interface=vpls.core
add bridge=LAN_Bridge horizon=2 interface=ether3
What are these ports?
I’m guessing the mpls interfaces are
sfp1 = to core
ether1 = other router
ether2 = other router
and the ether3 is that the port that will send data thru the tunnel to the core router?

Also the vlans would they be added to the LAN_Bridge in the other routers?

thanks

Sorry about taking so long to respond… I really don’t spend much time here.

You got it. Those interfaces connect to other routers in my OSPF / MPLS network.

Ether3 might connect to a switch, access point, or something else. At one site, we have a Cisco ME 3400. Each port is configured for the appropriate VLAN. For wireless, we either let the AP figure out the VLANs or manually configure the CPE (vlan on wlan bridged to ethernet).

You can also interact locally with VLANs on the VPLS tunnel by adding them to the bridge interface:

/interface vlan
add interface=LAN_Bridge vlan-id=100 name=LAN_Bridge.100
/interface bridge
add name=VLAN.100
/interface bridge port
add bridge=VLAN.100 interface=LAN_Bridge.100
add bridge=VLAN.100 interface=ether12

Now when you plug a device into ether12, you’ll be on VLAN 100 all the way back to your L3 gateway.

Your best bet would be to fire up a bunch of CHR images and build yourself a virtual network. Start here: https://wiki.mikrotik.com/wiki/Manual:MPLSVPLS