VPLS having problems passing traffic

RouterOS Forwarding Protocols
1

Running Milrotik Group of Routers , all peered with OSPF and BGP.

Have VPLS tunnel setup between 2 routers and link works, is able to pass ping’s no problem.
Continuous Ping works fine

The problem happens when trying to use certain network resources. https starts but then goes to blank screen.

the setup of the tunnel themselves is very simple just putting in the source and destination ip’s (similar to the EIOP Tunnels)
I have enabled LDP on the loopback address ..
The tunnels come up and then I bridge them to Local interfaces

Any Ideas where the config may need to be tweeked?
Thanx

Router A
0 R name=“PRIVATE” mtu=1500 l2mtu=1500 mac-address=02:19:29:4D:12:2F
arp=proxy-arp disable-running-check=no remote-peer=a.b.c.31
vpls-id=0:1 cisco-style=no cisco-style-id=0 advertised-l2mtu=1500
pw-type=raw-ethernet

Router B
0 R name=“PRIVATE” mtu=1500 l2mtu=1500 mac-address=02:C4:EC:DC:4C:5C
arp=proxy-arp disable-running-check=no remote-peer=A.B.C.D.29
vpls-id=0:1 cisco-style=no cisco-style-id=0 advertised-l2mtu=1500
pw-type=raw-ethernet

PPPoE on central router OR on each tower
Transporting VLANs over VPLS??
2

Hi Cris,

Sounds like MTU problems to me, can you provide the output of:

/interface ethernet print

and

/mpls interface print
3

Router A Bridges VPLS to ether 9

NAME MTU MAC-ADDRESS ARP MASTER-PORT SWITCH

0 R ether12 1500 00:0C:42:9A:22:62 enabled
1 R ether13 1500 00:0C:42:9A:22:63 enabled
2 R ether11 1500 00:0C:42:9A:22:61 enabled
3 ether6 1500 00:0C:42:9A:22:5C enabled none switch2
4 ether7 1500 00:0C:42:9A:22:5D enabled none switch2
5 ether8 1500 00:0C:42:9A:22:5E enabled none switch2
6 R ether9 1528 00:0C:42:9A:22:5F enabled none switch2
7 ether10 1500 00:0C:42:9A:22:60 enabled none switch2
8 ether1 1500 00:0C:42:9A:22:57 enabled none switch1
9 ether2 1500 00:0C:42:9A:22:58 enabled none switch1
10 ether3 1500 00:0C:42:9A:22:59 enabled none switch1
11 ether4 1500 00:0C:42:9A:22:5A enabled none switch1
12 ether5 1500 00:0C:42:9A:22:5B enabled none switch1

INTERFACE MPLS-MTU

0 all 1500




Router B

NAME MTU MAC-ADDRESS ARP MASTER-PORT SWITCH

0 R ether12 1500 D4:CA:6D:20:61:30 enabled
1 R ether13 1500 D4:CA:6D:20:61:31 enabled
2 ether1 1500 D4:CA:6D:20:61:25 enabled none switch2
3 ether2 1500 D4:CA:6D:20:61:26 enabled none switch2
4 ether3 1500 D4:CA:6D:20:61:27 enabled none switch2
5 ether4 1500 D4:CA:6D:20:61:28 enabled none switch2
6 ether5 1500 D4:CA:6D:20:61:29 enabled none switch2
7 ether6 1500 D4:CA:6D:20:61:2A enabled none switch1
8 ether7 1500 D4:CA:6D:20:61:2B enabled none switch1
9 ether8 1500 D4:CA:6D:20:61:2C enabled none switch1
10 R ether9 1500 D4:CA:6D:20:61:2D enabled none switch1
11 ether10 1500 D4:CA:6D:20:61:2E enabled none switch1
12 ether11 1500 D4:CA:6D:20:61:2F enabled

----------- Note on one side the vpls connection is bridged into a VLAN--- Below is the appropriate interface info
5 R ;;; PRIVATE-VPLS
VLAN107 1528 enabled 107 ether12

INTERFACE MPLS-MTU

0 * all 1500


Thanks for looking at this .. appreciate any help

4

Hi Cris,

Your MPLS MTU is too small, it needs to be a minimum of 1508 to get a basic “raw ethernet” style VPLS tunnel running. The L2MTU on the physical interface will also need to be a minimum of 1508bytes as will the path-MTU e.g. every hop in between the two routers needs to support 1508byte frames.

You can find more information on the required MTU’s in the presentation I gave at the AU MUM last year http://mum.mikrotik.com/presentations/AU11/au-thrift.pdf

or on the Mikrotik Wiki http://wiki.mikrotik.com/wiki/Manual:Maximum_Transmission_Unit_on_RouterBoards#MPLS.2FLayer-2.5.2FL2.5_MTU

an easy way to test if the path-MTU is large enough is to ping end to end with a 1508byte packet and the DF bit set. e.g.

ping 10.88.88.2 size=1508 do-not-fragment

I hope this points you in the right direction!

5

the 2 routers are directly connected with switches no other routers in between
I have set the mpls mtu to be larger 1522 and the l2mtu to is defaulted to 1600..
router to router pinging the loopback addresses (Bridge) It fragments at 1500 and through the vpls tunnel it fragments at 1450
on each side I have the vpls configured to bridge to a local port or a vlan.. do I need to modify the mtu’s on them also?
currently those are all set to be 1500

6

Hi all,
I have a similar problem and, I think, the problem is olso MTU but I don’t know where…

Look at attached network layout:
rb1-core, rb2-core, rb-core-tower-a and rb-core-tower-b run MPLS with MPLS-MTU interface configured to 1526 in according of my previous (post replys.

On tower sides the eth1 of each rb1200 are the only interface configured in mpls interfaces and are linked with ethernet cable to each rb411 (where the wlan1 and eth1 are bridged).
Olso on core side the eth1 of each router os x86 (i have virtual machine with router os for x86) are the only interfaces configured in mpls interface and are linked with ethernet cable to each rb411 (where the wlan1 and eth1 are bridged).

The mpls run over an ospf routing between routers (rb1-core, rb2-core, rb-core-tower-a and rb-core-tower-b) that annunce the 192.168.17.0/24 network, on all router there are olso a loopback interfaces used for transport address (ldp interface) with 172.16.0.x/32.
There are olso configured vpls between rb-core-tower-a and rb1-core/rb2-core and rb-core-tower-b and rb1-core/rb2-core
From tower side this vpls are bridged with other eth interfaces of rb1200 where are linked other rb411 for customer collection (customer use pppoe-client with sxt to open connection).
From core side the vpls are bridged to a standalone bridge where is in listen a centralized pppoe-server (i prefer to have pppoeserver on a virtual interface like bridge who not have problem of link up/down).

Evrithing work fine but some user tell me that few site (some governament web site or free webmail service) don’t load.
The workaround to work, but don’t use vpls/mpls, is to insert eth1 of tower side in to the bridge that contain vpls.

The only thing that I’m not able to change is the L2MTU value of eth1 of core side (the virtual machine with router OS).

What is wrong? I have some difficult to comprend MTU End to End!!
What command can i use to troubleshoot mtu problem?

Thanks in advance.
Luciano
wireless-network-esempio-forum.jpg

7

Hi Cris,

No you do not need to modify the MTU on the LAN side ports. You only need to have it larger on the ports that are running LDP.
If you cannot pass packets greater than 1500bytes there is a definite MTU problems on the interfaces running LDP. I typically set the MTU to 1526 on my LDP interfaces and set the MPLS MTU to this as well. This will allow you to transport vlan tagged frames inside VPLS without control word.


If you need some more in-depth help, pop me an email andrew@networklabs.co.nz

8

Hi Luciano,

Use the ping command I posted above to test that your path can pass appropriate sized frames. If not, check the MTU on all your LDP interfaces.

9

I was able to get mine to work by dropping down the VPLS MTU to be 1440 for the time being I’m leaving it be. and will work more on this via test bed… it would be good it there was a basic config in the Mikrotik site/manual/wiki on how to set this up.
something as basic as 2 routers connected together with ethernet and passing a vpls connection
with exact configs … the wiki is vague on alot of stuff

10

I have checked with ping command as you described and the result is “packet too large and cannot be fragmented”.

From my previous post I understand that the L2MTU value of LDP interface must higher 1526 :frowning:
Can you try to clarify me?

This is the export of my running config on tower-a side:

[admin@rb-core-tower-a] > mpls ldp export
# jun/06/2012 18:22:48 by RouterOS 5.14
# software id = P9S2-RZYT
#
/mpls ldp
set distribute-for-default-route=no enabled=yes hop-limit=255 loop-detect=no lsr-id=172.16.0.252 path-vector-limit=255 transport-address=172.16.0.252 use-explicit-null=no
/mpls ldp interface
add accept-dynamic-neighbors=yes disabled=no hello-interval=5s hold-time=15s interface=ether1 transport-address=0.0.0.0


[admin@rb-core-tower-a] > interface print 
Flags: D - dynamic, X - disabled, R - running, S - slave 
 #     NAME                                                    TYPE               MTU L2MTU  MAX-L2MTU
 0     ether10                                                 ether             1500  1600       9116
 1     ether9                                                  ether             1500  1600       9116
 2     ;;; Management 
       ether7                                                  ether             1500  1600       4080
 3     ether8                                                  ether             1500  1600       4080
 4     ether6                                                  ether             1500  1600       4080
 5     ether5                                                  ether             1500  1598       4078
 6  R  ;;; rb9 est
       ether4                                                  ether             1500  1598       4078
 7  R  ;;; rb10 ovest
       ether3                                                  ether             1500  1598       4078
 8  R  ;;; rb7
       ether2                                                  ether             1500  1598       4078
 9  R  ;;; rb6 (link verso core)
       ether1                                                  ether             1500  1598       4078
10  R  loopback                                                bridge            1500 65535

The value MTU to 1526 must be setted on eth1 or on loopback (bridge) interface? The transport address of ldp is the same address assigned to loopback.

From the core side I have the same situation.

Thanks in advance.

Best regards,
Luciano

11

Try finding out what the largest mtu you can pass correctly is..
using the ping command start dropping the mtu by 10 till it works.

After that… set the MTU on the VPLS interfaces to be 10 less …
That worked for me… It increased the fragmentation making all the packet sizes work.

Wish there was a basic setup too..

12

Im not sure if this would help, I had mtu problem on my rb1200 routers with mpls, turned out was bug, had to upgrade.

rb1200 ether6,ether7,ether8 did not support big packets when linked at 10/100Mbps;

My 2 cents

S

13

mrz or other forum expert please reply to my question or try to explain how to do a great job in mtu/l2mtu/mpls-mtu configuration.

Thanks in advance.
Luciano

14

Dears

Hi..

I had the same problem.. with passing traffic on VPLS/MPLS over Ethernet

Finally its work with set up the Vpls mtu to 1504 as I have vlan in my network.
And change the MPLS mtu to 1500 ..

now ping and TCP traffic both working fine

You can visit the Subject of EoMPLS/VPLS all are description is there

Ali