ROSv7 BGP VPLS with Cisco IOS-XR

asoroka · September 26, 2023, 2:52pm

Hi guys,
I have a problem with BGP VPLS setup between MikroTik RoSV7 and my Cisco NCS540(IOS-XR). When creating BGP VPLS, I see that it is created as dynamic but does not go into the running state.
My configuration works fine on version 6, but it doesn’t work on 7.
My config will be below.
Mikrotik RoSv7

/mpls interface
add disabled=no input=yes interface=all mpls-mtu=1530
/mpls ldp
add afi=ip disabled=no loop-detect=yes lsr-id=10.254.254.12 preferred-afi=ip transport-addresses=10.254.254.12 \
    use-explicit-null=yes
/mpls ldp advertise-filter
add advertise=no disabled=yes neighbor=10.254.254.5/32 prefix=10.254.12.0/24 vrf=any
add advertise=no disabled=yes neighbor=10.254.254.5/32 prefix=10.254.12.22/32 vrf=any
/mpls ldp interface
add accept-dynamic-neighbors=yes afi=ip disabled=no interface=BDI1006 transport-addresses=10.254.254.12
/routing bgp connection
add address-families=ip,l2vpn,l2vpn-cisco,vpnv4 as=50401 disabled=no input.filter=bgp_in local.role=ibgp name=10.254.254.5 \
    output.filter-chain=bgp_out remote.address=10.254.254.5/32 .as=50401 router-id=10.254.254.12 routing-table=main \
    templates=AS50401
/routing bgp vpls
add bridge=VPLS bridge-cost=50 cisco-id=10.254.254.12&50401:2020 disabled=no export-route-targets=50401:2020 \
    import-route-targets=50401:2020 name=BNG_2020 pw-l2mtu=1530 pw-type=vpls rd=12:12

Cisco NCS540

RP/0/RP0/CPU0:bsw1-ap100.sh#show running-config interface gigabitEthernet 0/0/0/7
Tue Sep 26 17:41:59.132 EEST
interface GigabitEthernet0/0/0/7
 description sfp-plus1@msw1-vokzal.bar
 mtu 9230
 load-interval 30
!
RP/0/RP0/CPU0:bsw1-ap100.sh#show running-config interface gigabitEthernet 0/0/0/7.1
Tue Sep 26 17:42:04.173 EEST
interface GigabitEthernet0/0/0/7.1 l2transport
 description evc1@msw1-vokzal.bar
 encapsulation untagged
 lldp
  enable
 !
!
RP/0/RP0/CPU0:bsw1-ap100.sh#show running-config interface gigabitEthernet 0/0/0/7.1006
Tue Sep 26 17:42:07.281 EEST
interface GigabitEthernet0/0/0/7.1006
 description BDI1006@msw1-vokzal.bar
 ipv4 address 10.254.253.62 255.255.255.252
 mpls
  mtu 1530
 !
 encapsulation dot1q 1006
!
 !
 neighbor 10.254.254.12
  remote-as 50401
  description iBGP_msw1-vokzal.bar
  update-source Loopback0
  graceful-restart
  address-family ipv4 unicast
   route-policy iBGP_MPLS_VLAN10 out
   soft-reconfiguration inbound always
  !
  address-family vpnv4 unicast
  !
  address-family l2vpn vpls-vpws
  !
 !
 l2vpn
 bridge group BNG
  bridge-domain BNG_2020
   interface FortyGigE0/0/0/30.2020
   !
   vfi BNG_2020
    vpn-id 2020
    autodiscovery bgp
     rd auto
     route-target 50401:2020
     signaling-protocol ldp
      vpls-id 50401:2020
     !
    !
   !
  !
 !
!

clambert · September 27, 2023, 5:42pm

Assuming you are trying to establish BGP Autodiscovery LDP signaled VPLS (Cisco BGP VPLS), the address-family configuration is incorrect. Only l2vpn-cisco should be defined in “/routing bgp connection”.

asoroka · October 2, 2023, 9:02am

it didn’t work, i get the same result

mrz · October 2, 2023, 9:51am

most likely MTU related. Try to increase MPLS MTU or set lower pw l2mtu

asoroka · October 2, 2023, 11:25am

I assembled a lab in PnetLab but between Cisco IOS XE. My tunnel is up but it keeps going down. In addition, in the traffic dump I see the message “Malformed packet BGP”. With Cisco NCS540, my tunnel does not start at all, but I also see the message “Malformed packet BGP” in the updates. I also want to note that pw-l2mtu is not the cause, exactly the same configuration on RoS version 6 works great. The screenshot below is from the lab in PnetLab

clambert · October 2, 2023, 12:29pm

Could you show the output of the command:

show mpls l2transport vc 2020 detail

on Cisco IOS-XR.

asoroka · October 2, 2023, 1:44pm

The command you provided refers to ios xe, on ios xr this command looks different. But the fact is that pseudowire 2020 is down on version 7, on version 6 it is up. I emphasize once again that I have a laboratory in which rosv6 installs bgp vpls for vlan 2020 with csr1000 and it works, but version 7, which establishes a connection with csr1000 for vlan 2021, flaps all the time and pseudowire 2021 is down. For ios xr it doesn’t work at all. I am attaching a diagram of my lab so that it is clearer what I am talking about.

clambert · October 4, 2023, 4:21pm

I have had flapping problems with Cisco BGP VPLS in ROSv7, and I have been able to “solve” it by allowing both communities to be sent in BGP peering, instead of only send extended.
As far as I know, IOS-XR sends both communities by default, but maybe you can try modifying that setting.

asoroka · October 5, 2023, 7:16am

Hi, can you show this part of the configuration?

clambert · October 5, 2023, 11:00am

This configuration is for IOS 12:

router bgp 50401
 neighbor 10.254.254.12 remote-as 50401
 neighbor 10.254.254.12 update-source Loopback0
 address-family l2vpn vpls
  neighbor 10.254.254.12 activate
  neighbor 10.254.254.12 send-community both

If I replace the last line with:

  neighbor 10.254.254.12 send-community extended

VPLS interfaces begin to flap.

mrz · October 5, 2023, 2:34pm

Malformed packet means that it is just a cisco style encoding, change to correct encoding in wireshark and it will not be “malformed”.
Ciscos that you are trying to peer with, do not use old cisco style vpls anymore. Do not set cisco-style in ROS side and all should be fine.

asoroka · December 1, 2023, 2:15pm

Hi, I’ve been putting this question off for a while, but now I’ve decided to finish this thing.

You are incorrect about IOS XR not using the old Cisco style method
I was able to connect my router(RoSv6) to IOS XR using Cisco style
I finally made progress and my VPLS between Cisco IOS XE and MikroTik no longer drops, had to choose the same PW type(raw ethernet)
Between IOS XR and MikroTik VPLS, the tunnel does not want to go up, it is created as dynamic with the mark D, but at the same time it does not go into running
Also there is a question why in mpls/ldp/neighbors some of my neighbors are marked as P(passive)? What does it depend on?
And while analyzing the problem, I noticed something. I made a traffic dump from MikroTik RoS v7 to IOS XE and IOS XR, and I see that for some reason there is no path attribute EXTENDED_COMMUNITIES in updates to IOS XR, but this attribute is present in updates to IOS XE

asoroka · December 4, 2023, 9:01am

I figured out what the problem is. The problem is that a $3,000 router cannot send the following attributes in updates:

EXTENDED_COMMUNITIES
MP_REACH_NLRI
Because the processor architecture is ARM 64bit.
But my home HAP AC^3 with ARM architecture and costing only $100 can do it. It seems to me that it would be better if you sold your company to other people who would not treat their customers so carelessly. It’s just horrible. That is, people, you understand that it is easier for you to add a new IS-IS protocol than to fix known bugs of your equipment, how to understand it at all. And your support is simply rock bottom.

nz_monkey · December 4, 2023, 1:28pm

Have you logged a support ticket ?

Mikrotik are usually very responsive on such problems

asoroka · December 4, 2023, 3:38pm

Yes I do. But they closed my application as a duplicate, and did not write anything back, even though the deadlines were announced. We took this “misunderstanding” for 3 thousand dollars, we have 10 days left to return the product, and support simply closes the appeal and does not write anything at the same time. Terrible service.