Problem with MPLS TE VPLS

Andrey151 · August 23, 2016, 8:19am

Hi!

I have the following schema MPLS network:

CORE:

/mpls traffic-eng tunnel-path
add name=dyn_path

/interface traffic-eng
add bandwidth=50Mbps bandwidth-limit=100% disabled=no from-address=10.64.5.33 name=traffic-eng-to-rb1100-1 primary-path=dyn_path to-address=10.64.5.34

add auto-bandwidth-avg-interval=1m auto-bandwidth-update-interval=5m bandwidth=50Mbps bandwidth-limit=100% disabled=no from-address=10.64.5.33 name=traffic-eng-to-rb1100-2 primary-path=dyn_path to-address=10.64.5.35

/routing ospf area
add area-id=0.0.0.10 name=area10

/routing ospf instance
set [ find default=yes ] distribute-default=if-installed-as-type-1 mpls-te-area=area10 mpls-te-router-id=Loopback router-id=10.64.5.33

/routing ospf network
add area=area10 network=10.64.5.32/27

/interface bridge settings
set use-ip-firewall=yes use-ip-firewall-for-vlan=yes

/ip address

add address=10.64.5.33 interface=Loopback network=10.64.5.33
add address=10.64.5.41/30 interface=ether4 network=10.64.5.40
add address=10.64.5.45/30 interface=ether9 network=10.64.5.44

/mpls interface
set [ find default=yes ] mpls-mtu=1600

/mpls ldp
set enabled=yes lsr-id=10.64.5.33 transport-address=10.64.5.33

/mpls ldp advertise-filter
add prefix=10.64.5.34/32
add prefix=10.64.5.35/32
add prefix=10.64.5.36/32
add advertise=no

/mpls traffic-eng interface
add bandwidth=1Gbps interface=ether4
add bandwidth=1Gbps interface=ether9

R1:

/interface bridge
add name=Loopback

/interface vpls
add cisco-style=yes cisco-style-id=11 disabled=no l2mtu=1500 name=vpls_admin_1 remote-peer=10.64.5.33

add cisco-style=yes cisco-style-id=5 disabled=no l2mtu=1500 name=vpls_net_1 remote-peer=10.64.5.33

add cisco-style=yes cisco-style-id=12 disabled=no l2mtu=1500 name=vpls_video_1 remote-peer=10.64.5.33

/mpls traffic-eng tunnel-path
add name=dyn_path

/interface traffic-eng
add auto-bandwidth-avg-interval=1m auto-bandwidth-update-interval=5m bandwidth=50Mbps bandwidth-limit=100% disabled=no name=traffic-eng-to-ccr1036 primary-path=dyn_path record-route=yes to-address=10.64.5.33

add auto-bandwidth-avg-interval=1m auto-bandwidth-update-interval=5m bandwidth=50Mbps bandwidth-limit=100% disabled=no from-address=10.64.5.34 name=traffic-eng-to-rb1100-2 primary-path=dyn_path to-address=10.64.5.35

/routing ospf area
add area-id=0.0.0.10 name=area10

/routing ospf instance
set [ find default=yes ] mpls-te-area=area10 mpls-te-router-id=Loopback router-id=10.64.5.34

/interface bridge settings
set use-ip-firewall=yes use-ip-firewall-for-vlan=yes

/ip address
add address=10.64.5.42/30 interface=ether13 network=10.64.5.40
add address=10.64.5.34 interface=Loopback network=10.64.5.34
add address=10.64.5.49/30 interface=ether10 network=10.64.5.48


/mpls interface
set [ find default=yes ] mpls-mtu=1600

/mpls ldp
set enabled=yes lsr-id=10.64.5.34 transport-address=10.64.5.34

/mpls ldp advertise-filter
add prefix=10.64.5.33/32
add prefix=10.64.5.35/32
add prefix=10.64.5.36/32
add advertise=no prefix=0.0.0.0/32

/mpls traffic-eng interface
add bandwidth=1Gbps interface=ether13
add bandwidth=1Gbps interface=ether10

/routing ospf network
add area=area10 network=10.64.5.32/27

R2:

/interface bridge
add name=Loopback

/interface vpls
add cisco-style=yes cisco-style-id=11 disabled=no l2mtu=1500 name=vpls_admin remote-peer=10.64.5.33

add cisco-style=yes cisco-style-id=5 disabled=no l2mtu=1500 name=vpls_net remote-peer=10.64.5.33

/mpls traffic-eng tunnel-path
add name=dyn_path

/interface traffic-eng

add bandwidth=50Mbps bandwidth-limit=100% disabled=no from-address=10.64.5.35 name=traffic-eng-10-64-5-33 primary-path=dyn_path to-address=10.64.5.33

add auto-bandwidth-avg-interval=1m auto-bandwidth-update-interval=5m bandwidth=50Mbps bandwidth-limit=100% disabled=no from-address=10.64.5.35 name=traffic-eng-to-rb1100-1 primary-path=dyn_path to-address=10.64.5.34

/routing ospf area
add area-id=0.0.0.10 name=area1

/routing ospf instance
set [ find default=yes ] mpls-te-area=area1 mpls-te-router-id=Loopback router-id=10.64.5.35

/routing ospf network
add area=area1 network=10.64.5.32/27

/ip address
add address=10.64.5.35 interface=Loopback network=10.64.5.35
add address=10.64.5.46/30 interface=ether13 network=10.64.5.44
add address=10.64.5.50/30 interface=ether10 network=10.64.5.48

/mpls interface
set [ find default=yes ] mpls-mtu=1600

/mpls ldp
set enabled=yes lsr-id=10.64.5.35 transport-address=10.64.5.35

/mpls ldp advertise-filter
add prefix=10.64.5.33/32
add prefix=10.64.5.34/32
add advertise=no prefix=0.0.0.0/32

/mpls traffic-eng interface
add bandwidth=1Gbps interface=ether13
add bandwidth=1Gbps interface=ether10

I have a strange problem on a TE tunnel. When I SHUTDOWN interface PORT13 on the RB1100-1 in the direction of the CORE, all TE tunnels and VPLS tunnels on the CORE change status on the down, and in the direction RB1100-1 and direction RB1100-2. After some time, all TE tunnels and VPLS tunnels is UP.

Active tunnels path: CORE-RB1100-1, CORE-RB1100-2. Why tunnel CORE-RB1100-2 change status on the down too? Can anyone point me to the troubleshoot of this problem?

mrz · August 23, 2016, 8:40am

Check TE tunnel path, maybe all tunnels run through RB1100-1

Andrey151 · August 23, 2016, 8:46am

No, active tunnels path is: CORE-RB1100-1, CORE-RB1100-2.

Andrey151 · August 24, 2016, 12:36am

When I SHUTDOWN interface PORT13 on the RB1100-1, two ospf interface on the CORE-CCR1036 are changed status.
This is BUG?

mrz · August 24, 2016, 8:04am

When you change something in the network OSPF need to recalculate the tree, so it is possible that interface may change the status depending on what new network looks like. This ospf change is also the cause of TE recalculations. Since routing table changes and you are using dynamic tunnel path with CSPF enabled, TE need to recalculate the path.

Andrey151 · August 24, 2016, 8:26am

So, if any ethernet link crash on my core, all active tunnels in other directions on my core changed status on the down. This is a normal situation?

Andrey151 · August 25, 2016, 6:14am

In log:

Aug/24/2016 12:28:14 interface,info ether4 link down
Aug/24/2016 12:28:14 route,ospf,info OSPFv2 neighbor 10.64.5.34: state change from Full to Down
Aug/24/2016 12:28:15 route,ospf,info Discarding packet: no neighbor with this source address
Aug/24/2016 12:28:15 route,ospf,info     RouterId=10.64.5.35
Aug/24/2016 12:28:15 route,ospf,info     source=10.64.5.46

Why, when neighbor 10.64.5.34 is down, router can’t find neighbor with this source address 10.64.5.46?

StefanM · August 25, 2016, 6:51pm

did you advertise your loopback ip as well or you only have it in instance id in ospf? and for advertise filter in mpls you can use /24 instead of /32.

Andrey151 · August 26, 2016, 1:17am

Loopback address is announced in ospf too. No, I can’t use for advertise filter in mpls /24 instead of /32.

Andrey151 · August 26, 2016, 1:25am

Now, for test I changed network topology.

CCR config:

/interface bridge
add name=Loopback

/interface ethernet
set [ find default-name=sfp1 ] l2mtu=1600 mtu=1600

/interface vpls
add cisco-style=yes cisco-style-id=11 disabled=no l2mtu=1500 name=vpls_admin_1 remote-peer=10.64.5.34

add cisco-style=yes cisco-style-id=11 disabled=no l2mtu=1500 name=vpls_admin_rb2 remote-peer=10.64.5.35

add cisco-style=yes cisco-style-id=5 disabled=no l2mtu=1500 name=vpls_net_1 remote-peer=10.64.5.34

add cisco-style=yes cisco-style-id=5 disabled=no l2mtu=1500 name=vpls_net_rb2 remote-peer=10.64.5.35

add cisco-style=yes cisco-style-id=12 disabled=no l2mtu=1500 name=vpls_video_1 remote-peer=10.64.5.34

/ip neighbor discovery
set sfp1 discover=no
set Loopback discover=no
set vpls_admin_1 discover=no
set vpls_admin_rb2 discover=no
set vpls_net_1 discover=no
set vpls_net_rb2 discover=no
set vpls_video_1 discover=no

/mpls traffic-eng tunnel-path
add name=dyn_path

/interface traffic-eng
add bandwidth=50Mbps bandwidth-limit=100% disabled=no from-address=10.64.5.33 name=traffic-eng-to-rb1100-1 primary-path=dyn_path record-route=yes secondary-paths=dyn_path to-address=10.64.5.34

add auto-bandwidth-avg-interval=1m auto-bandwidth-update-interval=5m bandwidth=50Mbps bandwidth-limit=100% disabled=no from-address=10.64.5.33 name=traffic-eng-to-rb1100-2 primary-path=dyn_path record-route=yes to-address=10.64.5.35

/ip neighbor discovery
set traffic-eng-to-rb1100-1 discover=no
set traffic-eng-to-rb1100-2 discover=no

/routing ospf area
add area-id=0.0.0.10 name=area10

/routing ospf instance
set [ find default=yes ] distribute-default=if-installed-as-type-1 mpls-te-area=area10 mpls-te-router-id=Loopback router-id=10.64.5.33

/routing ospf network
add area=area10 network=10.64.5.32/27

/interface bridge settings
set use-ip-firewall=yes use-ip-firewall-for-vlan=yes

/ip address
add address=10.64.5.33 interface=Loopback network=10.64.5.33
add address=10.64.5.53/30 interface=sfp1 network=10.64.5.52

/mpls interface
set [ find default=yes ] mpls-mtu=1600

/mpls ldp
set enabled=yes lsr-id=10.64.5.33 transport-address=10.64.5.33

/mpls ldp advertise-filter
add prefix=10.64.5.34/32
add prefix=10.64.5.35/32
add prefix=10.64.5.36/32
add advertise=no

/mpls traffic-eng interface
add bandwidth=1Gbps interface=sfp1

RB1100-1 config:

/interface bridge
add name=Loopback

/interface ethernet
set [ find default-name=ether13 ] comment=TO_10.64.5.41 mtu=1600

/interface vpls
add cisco-style=yes cisco-style-id=11 disabled=no l2mtu=1500 name=vpls_admin_1 remote-peer=10.64.5.33
add cisco-style=yes cisco-style-id=5 disabled=no l2mtu=1500 name=vpls_net_1 remote-peer=10.64.5.33
add cisco-style=yes cisco-style-id=12 disabled=no l2mtu=1500 name=vpls_video_1 remote-peer=10.64.5.33

/ip neighbor discovery
set ether13 comment=PSN-CORE-CCR1036 discover=no
set Loopback discover=no
set vpls_admin_1 discover=no
set vpls_net_1 discover=no
set vpls_video_1 discover=no

/mpls traffic-eng tunnel-path
add name=dyn_path

/interface traffic-eng
add auto-bandwidth-avg-interval=1m auto-bandwidth-update-interval=5m bandwidth=50Mbps bandwidth-limit=100% disabled=no name=traffic-eng-to-ccr1036 primary-path=dyn_path record-route=yes to-address=10.64.5.33

/ip neighbor discovery
set traffic-eng-to-ccr1036 discover=no

/routing ospf area
add area-id=0.0.0.10 name=area10

/routing ospf instance
set [ find default=yes ] mpls-te-area=area10 mpls-te-router-id=Loopback router-id=10.64.5.34

/routing ospf network
add area=area10 network=10.64.5.32/27

/interface bridge settings
set use-ip-firewall=yes use-ip-firewall-for-vlan=yes

/ip address
add address=10.64.5.42/30 interface=ether13 network=10.64.5.40
add address=10.64.5.34 interface=Loopback network=10.64.5.34

/mpls interface
set [ find default=yes ] mpls-mtu=1600

/mpls ldp
set enabled=yes lsr-id=10.64.5.34 transport-address=10.64.5.34

/mpls ldp advertise-filter
add prefix=10.64.5.33/32
add prefix=10.64.5.35/32
add prefix=10.64.5.36/32
add advertise=no prefix=0.0.0.0/32

/mpls traffic-eng interface
add bandwidth=1Gbps interface=ether13

RB1100-2 config:

/interface ethernet
set [ find default-name=ether13 ] comment=TO_10.64.5.45 mtu=1600

/interface bridge
add name=Loopback

/interface vpls
add cisco-style=yes cisco-style-id=11 disabled=no l2mtu=1500 name=vpls_admin remote-peer=10.64.5.33
add cisco-style=yes cisco-style-id=17 disabled=no l2mtu=1500 name=vpls_gps remote-peer=10.64.5.33
add cisco-style=yes cisco-style-id=5 disabled=no l2mtu=1500 name=vpls_net remote-peer=10.64.5.33

/ip neighbor discovery
set ether13 discover=no
set Loopback discover=no
set vpls_admin discover=no
set vpls_gps discover=no
set vpls_net discover=no

/mpls traffic-eng tunnel-path
add name=dyn_path

/interface traffic-eng
add bandwidth=50Mbps bandwidth-limit=100% disabled=no from-address=10.64.5.35 name=traffic-eng-10-64-5-33 primary-path=dyn_path record-route=yes to-address=10.64.5.33

/ip neighbor discovery
set traffic-eng-10-64-5-33 discover=no

/routing ospf area
add area-id=0.0.0.10 name=area10

/routing ospf instance
set [ find default=yes ] mpls-te-area=area10 mpls-te-router-id=Loopback router-id=10.64.5.35

/routing ospf network
add area=area10 network=10.64.5.32/27

/interface bridge settings
set use-ip-firewall=yes use-ip-firewall-for-vlan=yes

/ip firewall connection tracking
set enabled=yes

/ip address
add address=10.64.5.35 interface=Loopback network=10.64.5.35
add address=10.64.5.46/30 interface=ether13 network=10.64.5.44

/mpls interface
set [ find default=yes ] mpls-mtu=1600

/mpls ldp
set enabled=yes lsr-id=10.64.5.35 transport-address=10.64.5.35

/mpls ldp advertise-filter
add prefix=10.64.5.33/32
add prefix=10.64.5.34/32
add advertise=no prefix=0.0.0.0/32

/mpls traffic-eng interface
add bandwidth=1Gbps interface=ether13

And now, when i am rebooted mikrotik rb1100 10.64.5.34, all tunnels on the ccr1036 is changing status on the DOWN, and all created VPLS tunnels too. Why? This is a configuration error or bug in ROS?

mducharme · August 26, 2016, 10:36pm

Your problems might be caused by the way you are advertising your networks via OSPF?

/routing ospf network
add area=area10 network=10.64.5.32/27

It looks like you are trying to advertise multiple subnets with a summary. What if you advertise things separately instead?

Andrey151 · August 28, 2016, 5:32am

Ok, changed are settings:

CCR1036:
/routing ospf network add area=area10 network=10.64.5.52/30
/routing ospf instance set [ find default=yes ] redistribute-connected=as-type-1

CISCO:
router ospf 10
redistribute connected subnets
network 10.64.5.40 0.0.0.3 area 10
network 10.64.5.52 0.0.0.3 area 10

RB1100 10.64.5.34:
/routing ospf network add area=area10 network=10.64.5.40/30
/routing ospf instance set [ find default=yes ] redistribute-connected=as-type-1

RB1100 10.64.5.35:
/routing ospf network add area=area10 network=10.64.5.44/30
/routing ospf instance set [ find default=yes ] redistribute-connected=as-type-1

The problem is not gone. When i am rebooted mikrotik rb1100 10.64.5.34, all tunnels on the ccr1036 is changing status on the DOWN, and all created VPLS tunnels too.

shaoranrch · August 28, 2016, 4:39pm

Just to clarify, this statement doesn’t actually advertise a summary, when you add a network statement here you are just telling the router to “add” ospf on whatever interface happens to have an IP from that range.

The LSA from the advertisements will always include the mask set on the IP address the interface currently has, not the mask set here.

In OSPF you can only summary at the ABR level going from an area to another.

mducharme · October 5, 2016, 10:21pm

This is an old thread, but I had another idea regarding this (and yes, I know it is not really a true ‘summary route’, but I didn’t know how else to describe the practice of using a subnet mask larger than the network other than ‘summary’).

Check the TE tunnel source address. I find sometimes the TE tunnels set themselves to originate from some random interface rather than the loopback. Perhaps this is causing some issues.