A have two Mikrotik routers with public ip addresses.
Need to establish L2VPN between them.
Basic scheme:
--LAN 192.168.0.0---> R1(v6.10) <---internet---> R2(v6.37.1) <---LAN 192.168.0.0---
1. I tried L2TP (PPTP) + BCP bridging -> routers can ping each other, and ARP table is filled with MAC's of computers in both sides of LANs,
but copmuters in LAN's cannot ping each other (firewall is disabled on both routers)
http://wiki.mikrotik.com/wiki/Manual:In ... #Read_More
http://wiki.mikrotik.com/wiki/Manual:BC ... _bridging)
2. Tried MPLS+VPLS, but can't do this since does not have OSPF neighborship via internet. Or if i establish OSPF neighborship via tonnel (PPTP+BCP) then a cant bind VPLS to LAN interface as he is already binded to BCP.
http://wiki.mikrotik.com/wiki/Manual:MP ... vs_Juniper
Guess i do it in the wrong way.
Re: Site-to-Site L2VPN
You want to do Site-to-Site L2TP? just follow the part of that. You got the link of that. Did you try to do? Show us your config.
Re: Site-to-Site L2VPN
Ok i'am explain in more detail.
I want not only Site-to-Site VPN, but also L2 bridging.
Configured PPTP + BCP Bridging like in this instruction http://wiki.mikrotik.com/wiki/Manual:BC ... _bridging)
or another config - L2TP + EoIP bridge
http://wiki.mikrotik.com/wiki/Manual:Interface/L2TP
https://ru.scribd.com/document/48678295/Mikrotik-VPN
The result is the same.
Host1 <--LAN 192.168.0.0-->[bare metal Mikrotik]<---Internet--->[CHR vm Mikrotik]<--LAN 192.168.0.0> Host2
Ping test (LAN):
Host1 -> CHR vm Mikrotik - OK
Host1 -> Host2 - Fail
bare metal Mikrotik -> CHR vm Mikrotik - OK
bare metal Mikrotik -> Host2 - Fail
Host2 -> bare metal Mikrotik - Fail
Host2 -> Host1 - Fail
CHR vm Mikrotik -> bare metal Mikrotik - OK
CHR vm Mikrotik -> Host1 - OK
CHR vm Mikrotik (PPTP server):
bare metal Mikrotik (PPTP client):
I want not only Site-to-Site VPN, but also L2 bridging.
Configured PPTP + BCP Bridging like in this instruction http://wiki.mikrotik.com/wiki/Manual:BC ... _bridging)
or another config - L2TP + EoIP bridge
http://wiki.mikrotik.com/wiki/Manual:Interface/L2TP
https://ru.scribd.com/document/48678295/Mikrotik-VPN
The result is the same.
Host1 <--LAN 192.168.0.0-->[bare metal Mikrotik]<---Internet--->[CHR vm Mikrotik]<--LAN 192.168.0.0> Host2
Ping test (LAN):
Host1 -> CHR vm Mikrotik - OK
Host1 -> Host2 - Fail
bare metal Mikrotik -> CHR vm Mikrotik - OK
bare metal Mikrotik -> Host2 - Fail
Host2 -> bare metal Mikrotik - Fail
Host2 -> Host1 - Fail
CHR vm Mikrotik -> bare metal Mikrotik - OK
CHR vm Mikrotik -> Host1 - OK
CHR vm Mikrotik (PPTP server):
Code: Select all
[admin@MikroTik] > interface pptp-server print detail
Flags: X - disabled, D - dynamic, R - running
0 DR name="<pptp-ppp1>" user="ppp1" mtu=1450 mru=1460
client-address="xx.xx.xx.xx" uptime=39m6s
encoding="MPPE128 stateless"
Code: Select all
[admin@MikroTik] > interface bridge print
1 R name="bridge_local" mtu=1500 actual-mtu=1500 l2mtu=65535 arp=enabled
arp-timeout=auto mac-address=00:50:56:01:07:95 protocol-mode=rstp
priority=0x8000 auto-mac=no admin-mac=00:50:56:01:07:95
max-message-age=20s forward-delay=15s transmit-hold-count=6
ageing-time=5m
Code: Select all
[admin@MikroTik] > interface bridge port print
Flags: X - disabled, I - inactive, D - dynamic
# INTERFACE BRIDGE PRIORITY PATH-COST HORIZON
0 ether1 bridge_local 0x80 10 none
1 D <pptp-ppp1> bridge_local 0x80 10 none
Code: Select all
[admin@MikroTik] > ip address print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK INTERFACE
0 yy.yy.yy.yy/24 yy.yy.yy.yy ether2
1 192.168.120.1/24 192.168.120.0 bridge_local
Code: Select all
[admin@MikroTik] > interface pptp-client print detail
Flags: X - disabled, R - running
0 R name="pptp-out1" max-mtu=1450 max-mru=1450 mrru=disabled
connect-to=yy.yy.yy.yy user="ppp1" password="xxx"
profile=ppp_bridging keepalive-timeout=disabled add-default-route=no
dial-on-demand=no allow=mschap1,mschap2
Code: Select all
[admin@MikroTik] > interface bridge print
1 R name="bridge_local" mtu=1500 l2mtu=1588 arp=enabled
mac-address=4C:5E:0C:98:B9:BB protocol-mode=rstp priority=0x8000
auto-mac=no admin-mac=4C:5E:0C:98:B9:BB max-message-age=20s
forward-delay=15s transmit-hold-count=6 ageing-time=5m
Code: Select all
[admin@MikroTik] > interface bridge port print
Flags: X - disabled, I - inactive, D - dynamic
# INTERFACE BRIDGE PRIORITY PATH-COST HORIZON
0 ether1-master-local bridge_local 0x80 10 none
1 D (unknown) bridge_local 0x80 10 none
Code: Select all
[admin@MikroTik] > ip address print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK INTERFACE
0 ;;; lan
192.168.120.203/24 192.168.120.0 bridge_local
1 ;;; internet
xx.xx.xx.xx/30 xx.xx.xx.xx ether2-slave-local
...
-
-
haiderasyed
just joined
- Posts: 4
- Joined:
Re: Site-to-Site L2VPN
Dear All,
We are trying to configure l2vpn by using targeted ldp between two CEs using mikrotik as PE on one side and juniper on other side.
| |
|- - - - - - - - - L2 Circuit - - - - - - - - - - - - |
| |
CE - - - -> Mikrotik - - - - -> MPLS CLOUD - - - - -> Juniper - - - -> CE
(PE) (PE)
L2circuit is up but the CE devices are not able to ping each other. Below given is the configuration of both ends. Do anyone have any idea what is missing?
Mikrotik:
/mpls ldp
set enabled=yes lsr-id=192.168.112.254 transport-address=192.168.112.254
/mpls ldp neighbor
add transport=202.163.74.254
/mpls traffic-eng interface
add bandwidth=700Mbps interface=gre-tunnel1
/interface vpls
add advertised-l2mtu=1550 cisco-style=yes cisco-style-id=513 disabled=no l2mtu=1550 mac-address=02:98:F3:FD:8D:60 mtu=1550 name=l2-qta pw-type=tagged-ethernet \
remote-peer=202.163.74.254
/routing bgp peer
add address-families=l2vpn,vpnv4 name=quetta remote-address=202.163.74.254 remote-as=9541 tcp-md5-key=cyb3rn3t ttl=default update-source=192.168.112.254
Juniper:
show configuration protocols bgp
group internal {
type internal;
local-address 202.163.74.254;
log-updown;
family inet {
unicast;
}
family inet-vpn {
unicast;
}
authentication-key "$9$Escyrvdb2oaUVb.5z6u0X7N-Yo"; ## SECRET-DATA
export NHS;
tcp-mss 512;
neighbor 192.168.112.254 {
description " *** mikrotik-engg-lab ***";
}
}
show configuration protocols mpls label-switched-path qtacore-mikrotik-engg-lab-loose
from 202.163.74.254;
to 192.168.112.254;
metric 250;
no-cspf;
optimize-timer 300;
adaptive;
show configuration protocols l2circuit
neighbor 192.168.112.254 {
interface ge-0/0/1.513 {
virtual-circuit-id 513;
description mikrotik-engg-l2;
no-control-word;
mtu 1550;
}
}
show configuration interfaces ge-0/0/1.513
description "*** mikrotik-engg-l2 ***";
encapsulation vlan-ccc;
vlan-id 513;
family ccc;
l2circuit status:
Juniper:
Neighbor: 192.168.112.254
Interface Type St Time last up # Up trans
ge-0/0/1.513(vc 513) rmt Up Apr 23 17:19:50 2018 1
Local interface: ge-0/0/1.513, Status: Up, Encapsulation: VLAN
Description: mikrotik-engg-l2
Remote PE: 192.168.112.254, Negotiated control-word: No
Incoming label: 188288, Outgoing label: 6711
Mikrotik:
[admin@MikroTik] /interface vpls> monitor 2
remote-label: 188288
local-label: 6711
remote-status:
We are trying to configure l2vpn by using targeted ldp between two CEs using mikrotik as PE on one side and juniper on other side.
| |
|- - - - - - - - - L2 Circuit - - - - - - - - - - - - |
| |
CE - - - -> Mikrotik - - - - -> MPLS CLOUD - - - - -> Juniper - - - -> CE
(PE) (PE)
L2circuit is up but the CE devices are not able to ping each other. Below given is the configuration of both ends. Do anyone have any idea what is missing?
Mikrotik:
/mpls ldp
set enabled=yes lsr-id=192.168.112.254 transport-address=192.168.112.254
/mpls ldp neighbor
add transport=202.163.74.254
/mpls traffic-eng interface
add bandwidth=700Mbps interface=gre-tunnel1
/interface vpls
add advertised-l2mtu=1550 cisco-style=yes cisco-style-id=513 disabled=no l2mtu=1550 mac-address=02:98:F3:FD:8D:60 mtu=1550 name=l2-qta pw-type=tagged-ethernet \
remote-peer=202.163.74.254
/routing bgp peer
add address-families=l2vpn,vpnv4 name=quetta remote-address=202.163.74.254 remote-as=9541 tcp-md5-key=cyb3rn3t ttl=default update-source=192.168.112.254
Juniper:
show configuration protocols bgp
group internal {
type internal;
local-address 202.163.74.254;
log-updown;
family inet {
unicast;
}
family inet-vpn {
unicast;
}
authentication-key "$9$Escyrvdb2oaUVb.5z6u0X7N-Yo"; ## SECRET-DATA
export NHS;
tcp-mss 512;
neighbor 192.168.112.254 {
description " *** mikrotik-engg-lab ***";
}
}
show configuration protocols mpls label-switched-path qtacore-mikrotik-engg-lab-loose
from 202.163.74.254;
to 192.168.112.254;
metric 250;
no-cspf;
optimize-timer 300;
adaptive;
show configuration protocols l2circuit
neighbor 192.168.112.254 {
interface ge-0/0/1.513 {
virtual-circuit-id 513;
description mikrotik-engg-l2;
no-control-word;
mtu 1550;
}
}
show configuration interfaces ge-0/0/1.513
description "*** mikrotik-engg-l2 ***";
encapsulation vlan-ccc;
vlan-id 513;
family ccc;
l2circuit status:
Juniper:
Neighbor: 192.168.112.254
Interface Type St Time last up # Up trans
ge-0/0/1.513(vc 513) rmt Up Apr 23 17:19:50 2018 1
Local interface: ge-0/0/1.513, Status: Up, Encapsulation: VLAN
Description: mikrotik-engg-l2
Remote PE: 192.168.112.254, Negotiated control-word: No
Incoming label: 188288, Outgoing label: 6711
Mikrotik:
[admin@MikroTik] /interface vpls> monitor 2
remote-label: 188288
local-label: 6711
remote-status:
Who is online
Users browsing this forum: Amazon [Bot], darkmastor and 38 guests