STP Over VPLS

RouterOS Forwarding Protocols
1

Hello Everyone,

I have a query on the strange behavior of STP over VPLS. I have some PE routers[MikroTik CCR1036] configured for LDP and full mesh VPLS pseudo-wires over it. For additional clarity, please refer to the attached VPLS network design.

If you look into my design, there are three PE routers R1,R2 and R3 and two PE Switches Sw1(C3750) & Sw2(C2950)] and they are connected to their respective PE routers.

Additionally, I have a Cisco3750 CE switch which is connected to both the PE Switches via dual Fiber uplinks.

I have configured three VLANs on my switches VLAN1, VLAN301 and VLAN302 and Cisco PVST+ on all the switches in order to prevent possible loop that can occur via VPLS cloud, i.e. Sw1=>Sw3=>Sw2=>PE(R2)=>PE(R3)=>Sw1.

Now, if I pass only one of the VLANs, it works and the interface Fa2/0/3 port of Sw3 gets blocked by STP.

Sw3#sh spanning-tree vlan 301

VLAN0301
Spanning tree enabled protocol rstp
Root ID Priority 24877
Address 001b.0c17.b780
Cost 19
Port 58 (FastEthernet2/0/2)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 33069 (priority 32768 sys-id-ext 301)
Address 001c.f900.e600
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec

Interface Role Sts Cost Prio.Nbr Type

Fa2/0/2 Root FWD 19 128.58 P2p
Fa2/0/3 Altn BLK 19 128.59 P2p

But, whenever I pass one more VLAN via VPLS bridge, the interfaces connected to PE routers get into "PVST_Inconsistent" mode. Here is the output.

Sw1:

*Mar 1 10:24:33.865: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 301 on FastEthernet1/0/1 VLAN302.
*Mar 1 10:24:33.865: %SPANTREE-2-BLOCK_PVID_PEER: Blocking FastEthernet1/0/1 on VLAN0301. Inconsistent peer vlan.
*Mar 1 10:24:33.865: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking FastEthernet1/0/1 on VLAN0302. Inconsistent local vlan.

Sw2:

23:46:41: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 301 on FastEthernet0/2 VLAN302.
23:46:41: %SPANTREE-2-BLOCK_PVID_PEER: Blocking FastEthernet0/2 on VLAN0301. Inconsistent peer vlan.
23:46:41: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking FastEthernet0/2 on VLAN0302. Inconsistent local vlan.

Sw2#show spanning-tree inconsistentports

Name Interface Inconsistency

VLAN0301 FastEthernet0/2 Port VLAN ID Mismatch
VLAN0302 FastEthernet0/2 Port VLAN ID Mismatch

Number of inconsistent ports (segments) in the system : 2

Sw1#show spanning-tree inconsistentports

Name Interface Inconsistency

VLAN0301 FastEthernet1/0/1 Port VLAN ID Mismatch
VLAN0302 FastEthernet1/0/1 Port VLAN ID Mismatch

Number of inconsistent ports (segments) in the system : 2

R1 Configuration:

[admin@R1] > mpls ldp export

jan/02/1970 22:45:20 by RouterOS 6.15

/mpls ldp
set enabled=yes lsr-id=1.1.1.1 transport-address=1.1.1.1
/mpls ldp interface
add interface=sfp1
[admin@R1] > inter vpls export

/interface vpls
add advertised-l2mtu=1532 cisco-style=yes cisco-style-id=1 disabled=no l2mtu=1532 mac-address=02:EA:17:FC:FB:DB name=VPLS_CLOUD pw-type=
tagged-ethernet remote-peer=2.2.2.2 use-control-word=no vpls-id=10:1

[admin@R1] > inter bridge export
/interface bridge
add l2mtu=1532 name=L2VPN
add name=Loopback0
/interface bridge port
add bridge=L2VPN interface=VLAN301
add bridge=L2VPN interface=VPLS_CLOUD
add bridge=L2VPN interface=VLAN302
[admin@R1] > inter vlan ex
/interface vlan
add interface=ether1 l2mtu=1586 name=VLAN1 vlan-id=1
add interface=ether1 l2mtu=1586 name=VLAN301 vlan-id=301
add interface=ether1 l2mtu=1586 name=VLAN302 vlan-id=302
[admin@R1] >

R2 Configuration:

[admin@R2] > mpls ldp export

jan/02/1970 22:09:03 by RouterOS 6.5

/mpls ldp
set enabled=yes lsr-id=2.2.2.2 transport-address=2.2.2.2
/mpls ldp interface
add interface=sfp1

[admin@R2] > inter vpls export
/interface vpls
add advertised-l2mtu=1532 cisco-style=yes cisco-style-id=1 disabled=no l2mtu=1532 mac-address=02:1F:7C:99:74:3D name=VPLS_CLOUD pw-type=
tagged-ethernet remote-peer=1.1.1.1 use-control-word=no vpls-id=10:1

[admin@R2] > inter bridge export
/interface bridge
add l2mtu=1532 name=L2VPN
add name=Loopback0
/interface bridge port
add bridge=L2VPN interface=VLAN301
add bridge=L2VPN interface=VPLS_CLOUD
add bridge=L2VPN interface=VLAN302

[admin@R2] > interface vlan ex
/interface vlan
add interface=ether1 l2mtu=1586 name=VLAN1 vlan-id=1
add interface=ether1 l2mtu=1586 name=VLAN301 vlan-id=301
add interface=ether1 l2mtu=1586 name=VLAN302 vlan-id=302

R1 Outputs:

[admin@R1] > ip address print
Flags: X - disabled, I - invalid, D - dynamic

ADDRESS NETWORK INTERFACE

0 10.1.12.1/24 10.1.12.0 sfp1
1 1.1.1.1/32 1.1.1.1 Loopback0
[admin@R1] >

[admin@R1] > mpls ldp nei print
Flags: X - disabled, D - dynamic, O - operational, T - sending-targeted-hello, V - vpls

TRANSPORT LOCAL-TRANSPORT PEER SEND-TARGETED ADDRESSES

0 DOTV 2.2.2.2 1.1.1.1 2.2.2.2:0 yes 2.2.2.2
10.1.12.2
[admin@R1] > inter vpls print
Flags: X - disabled, R - running, D - dynamic, B - bgp-signaled, C - cisco-bgp-signaled
0 R name="VPLS_CLOUD" mtu=1500 l2mtu=1532 mac-address=02:EA:17:FC:FB:DB arp=enabled disable-running-check=no remote-peer=2.2.2.2 vpls-id=10:1
cisco-style=yes cisco-style-id=1 advertised-l2mtu=1532 pw-type=tagged-ethernet use-control-word=no
[admin@R1] >

R2 Outputs:

[admin@R2] > ip add print
Flags: X - disabled, I - invalid, D - dynamic

ADDRESS NETWORK INTERFACE

0 10.1.12.2/24 10.1.12.0 sfp1
1 2.2.2.2/32 2.2.2.2 Loopback0
[admin@R2] >

[admin@R2] > mpls ldp neighbor print
Flags: X - disabled, D - dynamic, O - operational, T - sending-targeted-hello, V - vpls

TRANSPORT LOCAL-TRANSPORT PEER SEND-TARGETED ADDRESSES

0 DOTV 1.1.1.1 2.2.2.2 1.1.1.1:0 yes 1.1.1.1
10.1.12.1
[admin@R2] > inter vpls print
Flags: X - disabled, R - running, D - dynamic, B - bgp-signaled, C - cisco-bgp-signaled
0 R name="VPLS_CLOUD" mtu=1500 l2mtu=1532 mac-address=02:1F:7C:99:74:3D arp=enabled disable-running-check=no remote-peer=1.1.1.1 vpls-id=10:1
cisco-style=yes cisco-style-id=1 advertised-l2mtu=1532 pw-type=tagged-ethernet use-control-word=no

As we know that R1 doesn't need be configured for any loop prevention mechanism since there is a feature called "split-horizon" in VPLS, which makes us to ensure the L2 path to be loop free. So, you can ignore R1 as part of this scenario. Hope I have been able to explain my design properly and expecting someones input on the same. If you need any additional information, please let me know.

Thanks in Advance!!

Regards,
2XCCIE

VPLS_Diagram1.png
VPLS_Diagram1.png667×513 38.9 KB

2

Still no one to answer? I heard there are lots of MTCINEs in this forum. Please help me as soon as you can.

Again, thanks in advance!

3

Can you post the output of
interface bridge print verboseWould like to see what spanning tree looks like on your bridges

4

Hi,

Thanks for your reply!

I can’t issue that particular command argument “verbose” as it is unavailable at least in this version. However, I would like to provide you similar information here.

[admin@R2] > inter bridge print detail
Flags: X - disabled, R - running
0 R name=“L2VPN” mtu=1500 l2mtu=1500 arp=enabled mac-address=02:1F:7C:99:74:3D protocol-mode=none priority=0x8000 auto-mac=yes
admin-mac=00:00:00:00:00:00 max-message-age=20s forward-delay=15s transmit-hold-count=6 ageing-time=5m

1 R name=“Loopback0” mtu=1500 l2mtu=65535 arp=enabled mac-address=00:00:00:00:00:00 protocol-mode=none priority=0x8000 auto-mac=yes
admin-mac=00:00:00:00:00:00 max-message-age=20s forward-delay=15s transmit-hold-count=6 ageing-time=5m

Hope this does make sense!

Thanks!

5

Gotcha…wanted to see if RSTP was enabled or not on the bridge. Can you post the running config of the Cisco switch trunk interfaces as well as the full config export of each MPLS PE router?

6

Hi,

I have very minimal configuration on my switches. I’ve just set the ports as trunk with “switchport mode trunk” command towards PE.

Here is the configuration of PE R2 and R3:

R3:

/interface bridge
add name=Loopback1 protocol-mode=none
add l2mtu=1532 name=VPLS_CLOUD protocol-mode=none
/interface bridge port
add bridge=VPLS_CLOUD interface=VLAN301
add bridge=VPLS_CLOUD interface=VLAN302
add bridge=VPLS_CLOUD interface=L2VPN

/interface vlan
add name=VLAN1 vlan-id=1
add interface=ether1 l2mtu=1586 name=VLAN301 vlan-id=301
add interface=ether1 l2mtu=1586 name=VLAN302 vlan-id=302


/interface vpls
add advertised-l2mtu=1532 cisco-style=yes cisco-style-id=1 disabled=no l2mtu=1532 mac-address=02:3A:2E:CC:D8:3B name=L2VPN pw-type=tagged-ethernet remote-peer=2.2.2.2
vpls-id=10:1


R2:

/interface bridge
add name=Loopback protocol-mode=none
add l2mtu=1532 name=VPLS_CLOUD protocol-mode=none
/interface bridge port
add bridge=VPLS_CLOUD interface=VLAN301
add bridge=VPLS_CLOUD interface=VLAN302
add bridge=VPLS_CLOUD interface=L2VPN

/interface vlan
add name=VLAN1 vlan-id=1
add interface=ether1 l2mtu=1586 name=VLAN301 vlan-id=301
add interface=ether1 l2mtu=1586 name=VLAN302 vlan-id=302

/interface vpls
add advertised-l2mtu=1532 cisco-style=yes cisco-style-id=1 disabled=no l2mtu=1532 mac-address=02:73:57:E7:90:CE name=L2VPN pw-type=tagged-ethernet remote-peer=3.3.3.3
vpls-id=11:1

Hope this works!

7

Hi,

Can someone please revert back? Not hearing any response!

In other vendors like Cisco and Juniper, there is no such an issue. So, please help me giving your valuable input. The resources available in MikroTik wiki are very useful in configuration part but not really helpful for such issues or OS bugs etc. I also wonder to see if there is any command like “debug” to view real-time log of entire process on CLI not on GUI.

Thanks!

8

Hi IPANetEngineer,

Can you please revert back? I’m not getting any answers on my query. So, not sure how to get my issues fixed soon.

9

Everything looks right on your config…couple more questions:

  1. What are your RouterOS versions…have you tried others?
  2. You currently don’t have RSTP enabled on the bridge (which I would recommend in most cases to pass the STP bpdu through the pseudowire) Have you tried enabling it on one or both sides?
10

Most likely you are not running STP or RSTP, but one of Ciscos proprietary CST or PVST

11

Hi both,

Thanks for your responses!

Basically, I have PVST+ running on Cisco switches since per VLAN is Cisco’s default implementation and we can’t change it to anything other than MST. So, I have to pass multiple BPDUs from the pseudo wire, which is the major issue in my design. I have already tried with RSTP on bridge but I don’t think any of the PE have to run STP.

For your additional clarity, please go through the output below:

[admin@R1] > system resource print
uptime: 1w8h10m34s
version: 6.15
build-time: Jun/12/2014 12:25:29
free-memory: 15.6GiB
total-memory: 15.9GiB
cpu: tilegx
cpu-count: 36
cpu-frequency: 1200MHz
cpu-load: 0%
free-hdd-space: 887.6MiB
total-hdd-space: 1024.0MiB
architecture-name: tile
board-name: CCR1036-12G-4S
platform: MikroTik
[admin@R1] >

Thanks again!

12

Did you ever find a solution for this? I am having the same issue. STP is off on all Mikrotik Bridge Interfaces, however I still get BDPUs at the Cisco.

13

Is the issue because your effectively stripping the VLAN tags as traffic enters the VPLS tunnel.

Your current config shows the port plus the three VLANs bridged together.