L3 mpls vpn between cisco 7600 and mikrotik

Posted: Thu Jun 30, 2011 9:03 pm
by msprouffske
My topology is as follows:


My CE's are mikrotiks and the PE's are cisco 7600's. I have mpls, bgp, and ldp up and working on all devices. I can see all the vpn routes in all tables. My issue is, from CE1 I can only ping vrf address that are attached to PE1 and from CE2 I can only ping vrf ips on PE2. I cannot get any CE device to ping through a PE device. I verified that the PE devices can ping the vrf interfaces on each other but cannot ping the mikrotiks vrf.

Is there something that I am missing in order to make this work? I can setup cisco's as the CE devices and I have no issues.

Posted: Fri Jul 01, 2011 11:22 am
by Mplsguy
Please explain your setup in more detail and post config of devices (addresses, routes, routing protocol config) and traceroute results. In classic VPNv4 setup CE devices do not need VRFs (VRF is necessary only on PE routers), CE devices only need "main" routing table where routes are added either statically or by some IGP from respective PE router. Only provider edge devices (PE) are "vpn aware". Customer devices (CE) do not know (and do not need to know) what means are used in provider network to reach remote C network.

Also note that RouterOS currently can only operate single LDP instance and it is operated for "main" routing table.

Posted: Fri Jul 01, 2011 8:25 pm
by msprouffske
I worded that wrong. We are putting the mikrotiks on site for customers and running bgp on them. I did figure out that the issue was on our core routing. The issue has been fixed and everything is all well now.

I do notice that when I use iperf across the vpn that my cpu on the 450g goes to 100% and the cpu on my 433 is around 60%. I find that to be a little strange since the 450G has much better hardware specs.