Community discussions

MikroTik App
 
jrbarna
just joined
Topic Author
Posts: 3
Joined: Thu Mar 14, 2019 4:03 pm

v7.1 MPLS/VPLS question

Tue Dec 21, 2021 10:51 am

Hi everybody!

Over the last few days, I have tried to create an MPLS / VPLS tunnel between two mikrotik routers on v7.1. I tried every option I know, but was unsuccessful. (We are currently using MPLS / VPLS on v6, so I have minimal experience with it.)
Both routers have v7.1. OSPF and MPLS seem to work, loopback IPs are reachable, the VPLS tunnel is created, but no data goes through it. The MTU is also set up well everywhere, I double checked it.
The documentation seems pretty incomplete for v7.1, so if anyone has an idea to make it work, please feel free to share it with me.
 
mikeeg02
Member Candidate
Member Candidate
Posts: 162
Joined: Fri Mar 30, 2018 2:28 am
Location: Pennsylvania

Re: v7.1 MPLS/VPLS question

Wed Dec 22, 2021 1:49 pm

Post your config. I have been able to successfully pass vpls traffic on my test bench with 7.1 between a few rb1100ahx4's I use for testing.
 
User avatar
edielson_atm
Trainer
Trainer
Posts: 30
Joined: Tue May 29, 2007 5:23 am
Location: Brasilia - Brasil
Contact:

Re: v7.1 MPLS/VPLS question

Wed Dec 22, 2021 9:19 pm

OSPF and MPLS configured, but VPLS is not UP

MK-06

/mpls interface
add disabled=no interface=all mpls-mtu=9000
/mpls ldp
add afi=ip,ipv6 disabled=no lsr-id=10.255.255.6 transport-addresses=10.255.255.6 vrf=main
/mpls ldp interface
add disabled=no interface=ether1 transport-addresses=""
add disabled=no interface=ether4 transport-addresses=""

/interface vpls
add arp=enabled bridge=vpls-cliente disabled=no mac-address=02:81:A6:BC:EF:77 \
mtu=1500 name=vpls1-cliente peer=10.255.255.7 pw-control-word=default \
pw-type=vpls vpls-id=2010:1


MK-07

/mpls interface
add disabled=no interface=all mpls-mtu=9000
/mpls ldp
add afi=ip,ipv6 disabled=no lsr-id=10.255.255.7 transport-addresses=10.255.255.7 vrf=main
/mpls ldp interface
add disabled=no interface=ether3 transport-addresses=""
add disabled=no interface=ether5 transport-addresses=""

/interface vpls
add arp=enabled bridge=vpls-cliente disabled=no mac-address=02:75:A3:36:BC:2B mtu=1500 name=vpls1-cliente peer=10.255.255.6 \
pw-control-word=default pw-type=vpls vpls-id=2010:1
 
Dude2048
Member Candidate
Member Candidate
Posts: 212
Joined: Thu Sep 01, 2016 4:04 pm

Re: v7.1 MPLS/VPLS question

Thu Dec 23, 2021 7:56 pm

What kind of router? Physical or say HyperV? HyperV requires an extra setting.
 
User avatar
edielson_atm
Trainer
Trainer
Posts: 30
Joined: Tue May 29, 2007 5:23 am
Location: Brasilia - Brasil
Contact:

Re: v7.1 MPLS/VPLS question

Thu Dec 23, 2021 8:18 pm

What kind of router? Physical or say HyperV? HyperV requires an extra setting.
CHR in EVE-NG (qemu)
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v7.1 MPLS/VPLS question

Thu Dec 23, 2021 8:23 pm

add disabled=no interface=ether1 transport-addresses=""
add disabled=no interface=ether4 transport-addresses=""
add disabled=no interface=ether3 transport-addresses=""
add disabled=no interface=ether5 transport-addresses=""
Unset these transport-addresses entirely rather than having them set to an empty string.
 
User avatar
edielson_atm
Trainer
Trainer
Posts: 30
Joined: Tue May 29, 2007 5:23 am
Location: Brasilia - Brasil
Contact:

Re: v7.1 MPLS/VPLS question

Thu Dec 23, 2021 8:31 pm

add disabled=no interface=ether1 transport-addresses=""
add disabled=no interface=ether4 transport-addresses=""
add disabled=no interface=ether3 transport-addresses=""
add disabled=no interface=ether5 transport-addresses=""
Unset these transport-addresses entirely rather than having them set to an empty string.
Captura de Tela 2021-12-23 às 15.29.35.png
It's already removed, I didn't even specify, export that showed
You do not have the required permissions to view the files attached to this post.
 
Dude2048
Member Candidate
Member Candidate
Posts: 212
Joined: Thu Sep 01, 2016 4:04 pm

Re: v7.1 MPLS/VPLS question

Thu Dec 23, 2021 8:49 pm

I don't know if Eve-NG supports mac-spoofing protection, but under hyperv I had problems with that setting until I disabled it,
 
mikeeg02
Member Candidate
Member Candidate
Posts: 162
Joined: Fri Mar 30, 2018 2:28 am
Location: Pennsylvania

Re: v7.1 MPLS/VPLS question

Thu Dec 23, 2021 10:35 pm

OSPF and MPLS configured, but VPLS is not UP

MK-06

/mpls interface
add disabled=no interface=all mpls-mtu=9000
/mpls ldp
add afi=ip,ipv6 disabled=no lsr-id=10.255.255.6 transport-addresses=10.255.255.6 vrf=main
/mpls ldp interface
add disabled=no interface=ether1 transport-addresses=""
add disabled=no interface=ether4 transport-addresses=""

/interface vpls
add arp=enabled bridge=vpls-cliente disabled=no mac-address=02:81:A6:BC:EF:77 \
mtu=1500 name=vpls1-cliente peer=10.255.255.7 pw-control-word=default \
pw-type=vpls vpls-id=2010:1


MK-07

/mpls interface
add disabled=no interface=all mpls-mtu=9000
/mpls ldp
add afi=ip,ipv6 disabled=no lsr-id=10.255.255.7 transport-addresses=10.255.255.7 vrf=main
/mpls ldp interface
add disabled=no interface=ether3 transport-addresses=""
add disabled=no interface=ether5 transport-addresses=""

/interface vpls
add arp=enabled bridge=vpls-cliente disabled=no mac-address=02:75:A3:36:BC:2B mtu=1500 name=vpls1-cliente peer=10.255.255.6 \
pw-control-word=default pw-type=vpls vpls-id=2010:1


for each /mpls ldp interface add "accept-dynamic-neighbors=yes" and set the transport address to your respective loopback ips.
/mpls ldp interface add accept-dynamic-neighbors=yes afi=ip disabled=no hello-interval=5s hold-time=10s interface="ether1 - v1590" transport-addresses=15.0.2.254

is how I have mine set and working.
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v7.1 MPLS/VPLS question

Thu Dec 23, 2021 11:06 pm

It's already removed, I didn't even specify, export that showed
Yes it is a winbox issue. Do this from the command line:
/mpls ldp interface
set 0 !transport-addresses
set 1 !transport-addresses
That should clear the empty string.
 
jrbarna
just joined
Topic Author
Posts: 3
Joined: Thu Mar 14, 2019 4:03 pm

Re: v7.1 MPLS/VPLS question

Wed Feb 09, 2022 3:49 pm

Post your config. I have been able to successfully pass vpls traffic on my test bench with 7.1 between a few rb1100ahx4's I use for testing.
These are the last configs of the two RBs used for testing. They are connected directly with ethernet.
# feb/09/2022 14:25:54 by RouterOS 7.2rc3
# model = 1100AHx2
/interface bridge
add admin-mac=32:3E:39:11:B6:18 auto-mac=no name=loopback protocol-mode=none
/interface ethernet
set [ find default-name=ether10 ] l2mtu=9498 name=ether10_RB2011
set [ find default-name=ether1 ] name=ether12
set [ find default-name=ether2 ] l2mtu=9000 name=ether13_mgmt
/interface vpls
add arp=enabled cisco-static-id=10 disabled=no mac-address=02:A8:6C:37:29:04 mtu=1500 name=vpls1 peer=10.50.50.101 pw-control-word=disabled pw-l2mtu=1508 pw-type=raw-ethernet
/interface lte apn
set [ find default=yes ] ip-type=ipv4
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/port
set 0 name=serial0
set 1 name=serial1
/routing ospf instance
add name=default-v2 redistribute=connected,static router-id=10.50.50.100
/routing ospf area
add instance=default-v2 name=backbone-v2
/ip neighbor discovery-settings
set discover-interface-list=all
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set max-neighbor-entries=8192
/interface ovpn-server server
set auth=sha1,md5
/ip address
add address=10.50.50.100 interface=loopback network=10.50.50.100
add address=10.254.1.21/30 interface=ether10_RB2011 network=10.254.1.20
add address=10.254.1.202/30 interface=vpls1 network=10.254.1.200
/ip dhcp-client
add disabled=yes interface=ether13_mgmt
/ip dns
set servers=8.8.8.8
/ip service
set www-ssl certificate=root-cert disabled=no
/mpls interface
add disabled=no interface=all mpls-mtu=1600
/mpls ldp
add afi=ip disabled=no lsr-id=10.50.50.100 transport-addresses=10.50.50.100 vrf=main
/mpls ldp interface
add accept-dynamic-neighbors=yes disabled=no hello-interval=5s hold-time=15s interface=ether10_RB2011
/routing ospf interface-template
add area=backbone-v2 comment=2011 cost=10 interfaces=ether10_RB2011 networks=10.254.1.20/30 type=ptp
add area=backbone-v2 cost=10 interfaces=loopback networks=10.50.50.100/32
/system clock
set time-zone-name=Europe/Budapest
/system identity
set name="Test RB1100AHx2 v7"
/system ntp client
set enabled=yes
/system ntp client servers
add address=pool.ntp.org
/system package update
set channel=testing
/system routerboard settings
set auto-upgrade=yes
/tool romon
set enabled=yes
#
#
#
#-----------------
#
#
#
# feb/09/2022 14:23:25 by RouterOS 7.2rc3
# model = 2011UiAS
/interface bridge
add name=loopback protocol-mode=none
/interface ethernet
set [ find default-name=ether1 ] l2mtu=4074 name=ether1_RB1100
/interface vpls
add arp=enabled cisco-static-id=10 disabled=no mac-address=02:17:D7:9F:72:3E mtu=1500 name=vpls1 peer=10.50.50.100 pw-control-word=disabled pw-l2mtu=1508 pw-type=raw-ethernet
/interface lte apn
set [ find default=yes ] ip-type=ipv4
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/port
set 0 name=serial0
/routing ospf instance
add name=default-v2 redistribute=connected,static router-id=10.50.50.101
/routing ospf area
add instance=default-v2 name=backbone-v2
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface ovpn-server server
set auth=sha1,md5
/ip address
add address=10.254.1.22/30 interface=ether1_RB1100 network=10.254.1.20
add address=10.50.50.101 interface=loopback network=10.50.50.101
/ip dns
set servers=8.8.8.8
/mpls interface
add disabled=no interface=all mpls-mtu=1600
/mpls ldp
add afi=ip disabled=no lsr-id=10.50.50.101 transport-addresses=10.50.50.101 vrf=main
/mpls ldp interface
add accept-dynamic-neighbors=yes disabled=no hello-interval=5s hold-time=15s interface=ether1_RB1100
/routing ospf interface-template
add area=backbone-v2 auth-id=1 auth-key="" cost=10 interfaces=ether1_RB1100 networks=10.254.1.20/30 priority=1 type=ptp
add area=backbone-v2 interfaces=loopback networks=10.50.50.101/32 passive
/system clock
set time-zone-name=Europe/Budapest
/system identity
set name="Test RB2011 v7"
/system ntp client
set enabled=yes
/system ntp client servers
add address=162.159.200.1
/system package update
set channel=testing
/system routerboard settings
set auto-upgrade=yes
/tool romon
set enabled=yes
The problem is the same: VPLS tunnel shows "R", but they are not really working, there is no rx data, only tx.
I have already tested with three RBs, with the same result.
If anybody has a worcing config, please share with me, beacause I slowly rip my hair out :) (just kidding...I'm bald :D )
You do not have the required permissions to view the files attached to this post.
 
mikeeg02
Member Candidate
Member Candidate
Posts: 162
Joined: Fri Mar 30, 2018 2:28 am
Location: Pennsylvania

Re: v7.1 MPLS/VPLS question  [SOLVED]

Sun Feb 13, 2022 5:25 pm

Some things to consider. Max phy MTU on the rb2011 is limited much lower than you appear to have set on the 1100.

RB2011 series ether1-ether5:4074; ether6-ether10:2028; sfp1:4074

RB1100AH ether1-ether10:9498; ether11:9500, ether12-ether13:9116

https://wiki.mikrotik.com/wiki/Manual:M ... uterBoards


I cant remember if this is necessary or not but set your mpls interface input=yes

/mpls interface set 0 input=yes

You also have your mpls MTU set to 1600 and your interface MTU appears to be default 1500.

I have not tested with as new of a version as you are using though, but it *should* still be working.
 
jrbarna
just joined
Topic Author
Posts: 3
Joined: Thu Mar 14, 2019 4:03 pm

Re: v7.1 MPLS/VPLS question

Fri Feb 18, 2022 12:53 am

Some things to consider. Max phy MTU on the rb2011 is limited much lower than you appear to have set on the 1100.

RB2011 series ether1-ether5:4074; ether6-ether10:2028; sfp1:4074

RB1100AH ether1-ether10:9498; ether11:9500, ether12-ether13:9116

https://wiki.mikrotik.com/wiki/Manual:M ... uterBoards


I cant remember if this is necessary or not but set your mpls interface input=yes

/mpls interface set 0 input=yes

You also have your mpls MTU set to 1600 and your interface MTU appears to be default 1500.

I have not tested with as new of a version as you are using though, but it *should* still be working.
The MTUs are all ok, but that "/mpls interface set 0 input=yes" saved my day. I set it on both routers and it worked like charm. Thank you very much!
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v7.1 MPLS/VPLS question

Fri Feb 18, 2022 2:15 am

I was missing the input=yes in my config. Adding it improved things - instead of the VPLS tunnel not doing anything and then the devices freezing, I get exactly one ping through and then the devices freeze and have to be power cycled.
 
marlab
newbie
Posts: 25
Joined: Sun Mar 15, 2015 2:48 pm
Location: EU

Re: v7.1 MPLS/VPLS question

Sat Mar 12, 2022 11:55 pm

I was missing the input=yes in my config. Adding it improved things - instead of the VPLS tunnel not doing anything and then the devices freezing, I get exactly one ping through and then the devices freeze and have to be power cycled.

I have the same problem with 7.1.3 - VPLS is still not working correctly. Actually, sometimes it starts working after I disable/enable the VPSL in config (I can see packets sent/receive), just then after a few seconds my router gets frozen, and the only method to restart it is to power cycle the router.

In my case, I'm trying to establish VPLS between bridges on RB3011 UiAS and hAP AC2. It used to work perfectly with RouterOS v6, just I'd like to migrate to v7 due to WireGuard.
 
okoun
Member Candidate
Member Candidate
Posts: 103
Joined: Fri Feb 18, 2011 3:11 pm

Re: v7.1 MPLS/VPLS question

Fri Mar 18, 2022 6:26 pm

Unfortunately, the VPLS does not work with an MTU greater than 1500. When I set the PW L2MTU higher, it does nothing. L2MTU is not displayed at all :(
 
dominiaz
just joined
Posts: 20
Joined: Sat Jan 08, 2011 7:17 am

Re: v7.1 MPLS/VPLS question

Sun Mar 20, 2022 11:54 am

Unfortunately, the VPLS does not work with an MTU greater than 1500. When I set the PW L2MTU higher, it does nothing. L2MTU is not displayed at all :(
Yes, I can confirm that issue.
v7.1.3 and 7.2rc4:

ping 172.16.70.1 do-not-fragment size=1501
  SEQ HOST                                     SIZE TTL TIME       STATUS                                                
    0 172.16.70.1                                                  timeout                                               
    1 172.16.70.1                                                  timeout                                               
    2 172.16.70.1                                                  timeout                                               
    sent=3 received=0 packet-loss=100% 

v6.48.6:

ping 172.16.70.1 do-not-fragment size=1501
  SEQ HOST                                     SIZE TTL TIME       STATUS                                                
    0 172.16.70.1                              1501  64 1ms594us  
    1 172.16.70.1                              1501  64 1ms601us  
    2 172.16.70.1                              1501  64 1ms634us  
    sent=3 received=3 packet-loss=0% min-rtt=1ms594us avg-rtt=1ms609us max-rtt=1ms634us
Mikrotik when it will be fixed?

Who is online

Users browsing this forum: No registered users and 23 guests