Problems with MPLS IPv4 VPN

It is stable on our network. Thanks Mikrotik, this should tide us through until v7

Rock solid and stable here. All my routers is now upgraded to 6.5.

We have just ordered 16 new CCR’s, and will start the rollout of a lot of new equipment now (18Ghz 400 MB/s fiber radioes)

If MT removes the stupid 1 box per channel in scanlist to 6.x units now. I will also make a upgrade to all unlicensed wireless units.

Hi there,

sorry to bring this up again, haven’t been in touch with this recently, but are L3VPNs really safe so far? Are there still any known stability problems or did they finally manage to fix it?

Hi crtee,

I can say they are stable on 6.5 as that is what we have running in production. Any newer version YMMV.

We have had one issue doing CE originated routes to our PE router where the initial send of the routes appeared in the VRF but were not reachable, dropping the BGP session and re-establishing fixed it. So I suspect there may still be a few little issues, but nothing that stops us from being able to use it in production.

Given the recent dramas with RouterOS stability I am scared to even attempt an upgrade past 6.5 for fear that it will break something.

Thanks for your reply. I’m already at 6.9, however I’ll give it a try and post my results here.

Okay, my conclusion so far: don’t try to run L3VPN and a full IPv4 BGP table on the same box. The routing process is unable to keep up with everything, maybe unless you take some top-end Xeon box, put it in liquid nitrogen and crank the clock beyond 5 Ghz.

However, VPLS works great. Waiting for 7.0 and the “new routing engine”

Mikrotik have not confirmed when “new routing” will arrive. I have been hearing about it from them for about 3 years now, but still have not seen it.

Hopefully it does come in v7 and we see it soon!

There are a number of issues/missing features on v4/5/6 that are affecting us

• No RIPv2 from VRF’s so cannot use it for PE-CE
• Cannot view BGP advertisements sent to/received from a peer when running PE-CE from a VRF
• Cannot view L2VPN information sent/received from a BGP peer
• Cannot view L3VPN information sent/received from a BGP peer
• BGP is not multi-core optimized making complex filters, full tables and large updates very very slow
• A lot of configuration is still CLI only, e.g. BGP VRF out-filters
• Config database sync issues, often the running config is different from what is shown in Winbox/CLI.
• VPLS tunnel state changes are not logged
• Can not specify which VRF router management services are available from, e.g. WinBox, SSH, Webfig
• Cannot specify which VRF PPP connections terminate to
• OSPF interface to instance mapping seems inconsistent with the rest of RouterOS (uses instance ID’s rather than names)

I run witout any troble. Still - annoing to not be able to set sevice/vrf. Solution is to run more boxes, and put services utside the vrf’s.

I dont run full bgp to CE, just instide core/MPLS cloud, using “ebgp” just annoncing IP’s inside the actual vrf to CE ( outside the vrf itself).
l2vpn Distributed by ospf (MPLS)

We are running reliably now on 6.5, we just find compared to other platforms we run (Juniper, Cisco and Extreme) that RouterOS is lacking a lot of basic “service provider” routing features.

We are currently doing BGP for PE-CE, which works fine but is a lot more configuration than using RIPv2. Ideally we would like to use BGP for PE-CE at large customer sites, and RIPv2 for smaller branch sites. This is a pretty standard model for service providers, as it means you can use engineers with less experience to configure the CE routers for the bulk of the sites.

Not being able to view advertisements on PE-CE connections is a major though, generally we do not have access to the CE routers as they are managed by a 3rd party (as is normal for service providers) and we have no idea what prefixes are being sent to/received from CE routers and if route filters are working correctly. Quite scary.

I still cannot se exactly why CE Devices want to know about all vrf’s and routing’s in MPLS cloud. It should know about it own routes, and Gateways. If running a bgp outside the MPLS, but inside the vrf, CE should still have the full Routing table that is usful to Customer, and would update the vrf With internal “own” subnets/routes. I just let CE know about the default (Routing table) via ospf (if CE should have l2VPN) and just running a bgp, without internal confederation and l3VPN at last point (PE-CE) (without default Routing table). This also make the problem about what vrf to run services to to dissappere. Its a bit annoing to not have managment to Devices, but its possible to have a link net to just have mgmt, and not run full ospf/bgp/MPLS to just do managment. Usualy my vrf’s is Public IP’s from different ISP’s and my default via ospf, is rfc1918 for ospf/MPLS/loopback. Bgp via vpn4, l2vpn-cisco and confederation inside different AS set. All MPLS routers would have its own internal AS in the confederation and produce the non agregated table for AS set that peer With global transits.

I have setup MPLS/BGP/OSPF to Cisco, juniper, and ZTE. (some test to huawei) I have seen no problems at all to Routing. (but i use as less parameters as possible). I run into more problems using rip and ospf, than bgp, connecting to other vendors equipment. And there is other more annoing problems, like 100mb/s to Cisco, that make the CCR’s freeze etc. (We had 1500 CPE Down today, couse of this problem a technican put wrong GE on a cisco to 100mb/s) (No its not fixed in 6.10, like it supposed to)

Using this, i will se all annonced at CE Devices, and have prefix Count “counting” at PE. CE (and PE) would show both prefix Count and advertisements to the bgp. Usually its not that interessed, and in most cases, it could be aggregated into “pipes” since CE dont have to manny PE Devices as Gateways. The PE always shows routes annyway. Both in advertisements and VPN4 Routes.

The issue we have is that there is no working equivalent of the IOS/JunOS commands:

show ip bgp vpnv4 vrf vrf-nzr-wan neighbors 172.16.95.1 advertised-routes
show ip bgp vpnv4 vrf vrf-nzr-wan neighbors 172.16.95.1 received-routes
show ip bgp vpnv4 vrf vrf-nzr-wan neighbors 172.16.95.1 routes

in RouterOS. This prevents us from seeing what prefixes we are advertising/receiving/using to/from CE routers with BGP. Most of the time we are just advertising everything in the customers VRF, but occasionally we want to block leaked management ranges from being advertised to the customers CE device, at the moment we cannot easily confirm that our filters are working correctly, or what ranges we are receiving from a peer inside a routing instance.

Yes this problem is extremely annoying, we too are still experiencing this issue. Connect a CCR to a Cisco device and set the port at 100mbit FDX, after a random period of time (from within hours, to 6 weeks) connectivity will drop completely, you check the port config on the CCR and notice it somehow now has a speed of 1gbps listed, the only fix at the moment is to reboot the CCR We had to dig a bunch of HP1800’s out of retirement to sit between CCR’s and Cisco devices and convert from 1gbps/AUTO to 100/FDX just so our client networks stopped dropping out.

Hey guys.

It’s been a while since this was last discussed - what’s the current feel on stability of the layer 3 VPN’s, particularly with BGP as PE-CE protocol? Good for production?

Rich

Hi Rich,

Yes it works well. We run 6.5 and 6.19 iin production with L3VPN and use BGP for PE-CE routing.

If you are filtering routes just be careful sometimes(a lot of the time) route filters won’t work at all and you will need to delete them and re-re-add them. This has been an ongoing problem with RouterOS. It will likely be fixed in v7

Andrew

Sweet. Thanks for that.

Rich

We have also seen a lot of stability improvements running L3VPN in RouterOS since it was fixed a few versions ago. We are also using BGP for the PE / CE handoff for most deployments.

Now we just need fast reroute

Also need LSP ping and TE Auto-tunnel !

Did anyone else notice mplsguy from Mikrotik has disappeared ?
He was brilliant at giving answers on the more complex aspects of RouterOS.

Interesting…I wonder who deals with MPLS more often at MikroTik? We are always working on complex multi-vendor MPLS networks that involve MikroTik and it’s nice to have a product expert to bounce the high level development stuff off of.

I have dealt with two people at Mikrotik in regards to MPLS over the past 5 years. In the last 2 years though I have only dealt with one.

Mikrotik support seem to allocate certain engineers to the more specialist areas e.g. wireless and MPLS.
For other areas I have had responses from many different people.

We are working on an MPLS network that includes x86 routers and routerboards which has been running well on MPLS with VPLS on 6.24, but in converting to L3VPN recently, we experienced some issues with LDP neighbors flapping. We haven’t completely ruled out MTU issues in the transport, but did see a few bugs as we experimented with different versions.

Just curious to see of those of you running MPLS networks what your experience has been using MPLS/BGP/OSPF in Versions 6.20 through 6.29

Hi,
would like to know if some have experiment issue with bug fix version 6.30 and more, using BGP/MPLS/VPNv4 ?

Don’t see any other post on these since june 2015… I guess all is fine ?!

Regards,
Michael Plourde