Hello,

I have setup my first MPLS between two routers and all is working fine for the LAN's, I have a quick question, my internet is via router 1 using a PPPoE connection to my ISP. The internet works just fine on router 1 however I am unable to connect to the Internet via Router 2. On router 2 I have a default route for 0.0.0.0/0 via ether 1 to router 1 and I can see traffic from router 2 hitting router 1.

I can access all devices on both LAN's of router 1 and router 2 so I am guessing its just a rule I need to create on router 1 to allow access to the internet.

I have a single subnet on router 2 192.168.115.0/24 also I have created a nat rule on router 1 chain=srcnat action=masquerade src-address=192.168.115.0/24 log=yes
log-prefix=""

Can you provide the output of the following from both routers in question:

Hi TheCiscoGuy, many thanks, I have just tried without the PPPoE connection and the same issue in my lab with the below subnets, my Internet is now via 192.168.111.254 and not PPPoE, please see the below as requested.

Router 01 Output
dst-address=0.0.0.0/0 gateway=192.168.111.254
gateway-status=192.168.111.254 reachable via ether10 distance=1
scope=30 target-scope=10 vrf-interface=ether10

1 ADC dst-address=10.40.250.0/29 pref-src=10.40.250.1 gateway=ether1
gateway-status=ether1 reachable distance=0 scope=10

2 ADC dst-address=10.255.255.1/32 pref-src=10.255.255.1 gateway=lobridge
gateway-status=lobridge reachable distance=0 scope=10

3 ADo dst-address=10.255.255.2/32 gateway=10.40.250.2
gateway-status=10.40.250.2 reachable via ether1 distance=110 scope=20
target-scope=10 ospf-metric=30 ospf-type=external-type-1

4 ADC dst-address=192.168.1.0/24 pref-src=192.168.1.254 gateway=bridge_LAN01
gateway-status=bridge_LAN01 reachable distance=0 scope=10

5 ADC dst-address=192.168.2.0/24 pref-src=192.168.2.254 gateway=bridge_LAN02
gateway-status=bridge_LAN02 reachable distance=0 scope=10

Flags: H - hw-offload, L - ldp, V - vpls, T - traffic-eng
0 in-label=expl-null

1 L in-label=16 out-labels="" interface=ether1 nexthop=10.40.250.2
destination=192.168.3.0/24

2 L in-label=17 out-labels="" interface=*0 nexthop=0.0.0.0
destination=192.168.111.0/24

3 L in-label=18 out-labels="" interface=ether1 nexthop=10.40.250.2
destination=10.255.255.2/32

0 ADS dst-address=0.0.0.0/0 gateway=192.168.111.254
gateway-status=192.168.111.254 reachable via ether10 distance=1
scope=30 target-scope=10 vrf-interface=ether10

1 ADC dst-address=10.40.250.0/29 pref-src=10.40.250.1 gateway=ether1
gateway-status=ether1 reachable distance=0 scope=10

2 ADC dst-address=10.255.255.1/32 pref-src=10.255.255.1 gateway=lobridge
gateway-status=lobridge reachable distance=0 scope=10

3 ADo dst-address=10.255.255.2/32 gateway=10.40.250.2
gateway-status=10.40.250.2 reachable via ether1 distance=110 scope=20
target-scope=10 ospf-metric=30 ospf-type=external-type-1

4 ADC dst-address=192.168.1.0/24 pref-src=192.168.1.254 gateway=bridge_LAN01
gateway-status=bridge_LAN01 reachable distance=0 scope=10

5 ADC dst-address=192.168.2.0/24 pref-src=192.168.2.254 gateway=bridge_LAN02
gateway-status=bridge_LAN02 reachable distance=0 scope=10

6 ADo dst-address=192.168.3.0/24 gateway=10.40.250.2
gateway-status=10.40.250.2 reachable via ether1 distance=110 scope=20
target-scope=10 ospf-metric=30 ospf-type=external-type-1

7 ADC dst-address=192.168.111.0/24 pref-src=192.168.111.98 gateway=ether10
gateway-status=ether10 reachable distance=0 scope=10

Flags: H - hw-offload, L - ldp, V - vpls, T - traffic-eng
0 in-label=expl-null

1 L in-label=16 out-labels="" interface=ether1 nexthop=10.40.250.2
destination=192.168.3.0/24

2 L in-label=17 out-labels="" interface=*0 nexthop=0.0.0.0
destination=192.168.111.0/24

3 L in-label=18 out-labels="" interface=ether1 nexthop=10.40.250.2
destination=10.255.255.2/32

Flags: X - disabled, I - invalid, D - dynamic
0 address=10.255.255.1/32 network=10.255.255.1 interface=lobridge
actual-interface=lobridge

1 address=10.40.250.1/29 network=10.40.250.0 interface=ether1
actual-interface=ether1

2 address=192.168.1.254/24 network=192.168.1.0 interface=bridge_LAN01
actual-interface=bridge_LAN01

3 address=192.168.2.254/24 network=192.168.2.0 interface=bridge_LAN02
actual-interface=bridge_LAN02

4 D address=192.168.111.98/24 network=192.168.111.0 interface=ether10
actual-interface=ether10

/ip firewall nat
add action=masquerade chain=srcnat src-address=192.168.1.0/24
add action=masquerade chain=srcnat src-address=192.168.2.0/24
add action=masquerade chain=srcnat log=yes src-address=\
192.168.3.0/24
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes

Router 02
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
0 ADo dst-address=0.0.0.0/0 gateway=10.40.250.1
gateway-status=10.40.250.1 reachable via ether1 distance=110 scope=20
target-scope=10 ospf-metric=11 ospf-type=external-type-1

1 ADC dst-address=10.40.250.0/29 pref-src=10.40.250.2 gateway=ether1
gateway-status=ether1 reachable distance=0 scope=10

2 DC dst-address=10.50.250.0/29 pref-src=10.50.250.1 gateway=ether2
gateway-status=ether2 unreachable distance=255 scope=10

3 ADo dst-address=10.255.255.1/32 gateway=10.40.250.1
gateway-status=10.40.250.1 reachable via ether1 distance=110 scope=20
target-scope=10 ospf-metric=30 ospf-type=external-type-1

4 ADC dst-address=10.255.255.2/32 pref-src=10.255.255.2 gateway=lobridge
gateway-status=lobridge reachable distance=0 scope=10

5 ADo dst-address=192.168.1.0/24 gateway=10.40.250.1
gateway-status=10.40.250.1 reachable via ether1 distance=110 scope=20
target-scope=10 ospf-metric=30 ospf-type=external-type-1

Flags: H - hw-offload, L - ldp, V - vpls, T - traffic-eng
0 in-label=expl-null

1 L in-label=16 out-labels="" interface=ether1 nexthop=10.40.250.1
destination=192.168.1.0/24

2 L in-label=17 out-labels="" interface=ether1 nexthop=10.40.250.1
destination=192.168.2.0/24

3 L in-label=18 out-labels="" interface=ether1 nexthop=10.40.250.1
destination=10.255.255.1/32

4 L in-label=19 out-labels=17 interface=ether1 nexthop=10.40.250.1
destination=192.168.111.0/24

Flags: X - disabled, I - invalid, D - dynamic
0 address=10.255.255.2/32 network=10.255.255.2 interface=lobridge
actual-interface=lobridge

1 address=10.40.250.2/29 network=10.40.250.0 interface=ether1
actual-interface=ether1

2 address=10.50.250.1/29 network=10.50.250.0 interface=ether2
actual-interface=ether2

3 address=192.168.3.254/24 network=192.168.3.0 interface=bridge_LAN03
actual-interface=bridge_LAN03

# jan/05/2019 08:22:58 by RouterOS 6.43.8
# software id = XNDX-E7FK
#
# model = RB4011iGS+

I ran in to similar issue in my lab setup.

Reducing the MTU on the MPLS interface from 1508 to something lower (1472) worked for me. Had to do it on all MPLS devices.

From which source subnet are you trying to access the Internet? 192.168.115.0/24 doesn't seem to be visible in the output.

Hi elbob2002, have just tried your suggestion and I still have the same issue

Forgot to say. I have created a lab since to replicate the issue in our office which is why i went away from the PPPoE

Router 1
LAN1 192.168.1.0/24 can access LAN2, LAN3 and internet
LAN2 192.168.2.0/24 can access LAN1, LAN3 and internet
WAN 192.168.111.98 GW 192.168.111.254

Router 2
LAN3 192.168.3.0/24 can access LAN1, LAN2 can ping 192.168.111.98 but no internet and can't ping 192.168.111.254

The ip route print detail output from R2 is missing a connected route (C) to 192.168.3.0/24, did you post the fuil output?

Hi Sorry,

You are correct, please see the below.

6 ADo dst-address=192.168.2.0/24 gateway=10.40.250.1
gateway-status=10.40.250.1 reachable via ether1 distance=110 scope=20
target-scope=10 ospf-metric=30 ospf-type=external-type-1

7 ADC dst-address=192.168.3.0/24 pref-src=192.168.3.254 gateway=bridge_LAN03
gateway-status=bridge_LAN03 reachable distance=0 scope=10

8 ADo dst-address=192.168.111.0/24 gateway=10.40.250.1
gateway-status=10.40.250.1 reachable via ether1 distance=110 scope=20
target-scope=10 ospf-metric=30 ospf-type=external-type-1

On R1, what do you need the "vrf-interface=ether10" for? Have you tried to remove it?

Hi PeterH

Just removed the VRF however it has still not made any change for router 2 still can't ping 192.168.111.254 or the internet

[admin@Router01] > /ip route print detail
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
0 A S dst-address=0.0.0.0/0 gateway=192.168.111.254
gateway-status=192.168.111.254 reachable via ether10 distance=1
scope=30 target-scope=10

1 ADC dst-address=10.40.250.0/29 pref-src=10.40.250.1 gateway=ether1
gateway-status=ether1 reachable distance=0 scope=10

2 ADC dst-address=10.255.255.1/32 pref-src=10.255.255.1 gateway=lobridge
gateway-status=lobridge reachable distance=0 scope=10

3 ADo dst-address=10.255.255.2/32 gateway=10.40.250.2
gateway-status=10.40.250.2 reachable via ether1 distance=110 scope=20
target-scope=10 ospf-metric=30 ospf-type=external-type-1

4 ADC dst-address=192.168.1.0/24 pref-src=192.168.1.254 gateway=bridge_LAN01
gateway-status=bridge_LAN01 reachable distance=0 scope=10

5 ADC dst-address=192.168.2.0/24 pref-src=192.168.2.254 gateway=bridge_LAN02
gateway-status=bridge_LAN02 reachable distance=0 scope=10

6 ADo dst-address=192.168.3.0/24 gateway=10.40.250.2
gateway-status=10.40.250.2 reachable via ether1 distance=110 scope=20
target-scope=10 ospf-metric=30 ospf-type=external-type-1

7 ADC dst-address=192.168.111.0/24 pref-src=192.168.111.98 gateway=ether10
gateway-status=ether10 reachable distance=0 scope=10
[admin@Router01] >

Did you try to use the sniffer to find out on which router the flow is failing?

Hi PeterH,

I will give that ago shortly and let you know the results,

Many thanks.