MikroTik

I have attached a map of the test network. It is the ring in the lower right corner.

One out of 5 routers I setup with MPLS doesn't respond to Winbox well after enabled. I can ping it, I can telnet into it, but I can't Winbox into it. Once I disable MPLS, all is well. Below is the MPLS export for the failing router. To the best of my knowledge I followed the directions on the wiki.



[admin@HammettFarms] > /mpls export
# jan/01/1970 00:21:07 by RouterOS 3.17
# software id = EDV4-LTT
#
/mpls
set dynamic-label-range=16-1048575
/mpls interface
add comment="" disabled=no interface=all mpls-mtu=1508
/mpls ldp
set distribute-for-default-route=no enabled=no hop-limit=255 loop-detect=no lsr-id=10.1.255.3 path-vector-limit=255 transport-address=10.1.255.3 use-explicit-null=no
/mpls ldp interface
add accept-dynamic-neighbors=yes comment="" disabled=no hello-interval=5s hold-time=15s interface="South PPPoE" transport-address=0.0.0.0
add accept-dynamic-neighbors=yes comment="" disabled=no hello-interval=5s hold-time=15s interface="ICS Private" transport-address=0.0.0.0
/mpls ldp neighbor
add comment="" disabled=no send-targeted=no transport=10.1.255.2
add comment="" disabled=no send-targeted=no transport=10.1.255.5

*bump*

Hammy, MPLS as such does not directly affect any application - be it winbox, telnet or anything else. The information you have provided about your network is not enough to figure out where the problem could be - you should start by figuring out if winbox connection gets to the router, whether response traffic can get through and such.

Just imaging possible causes, the first that comes to mind (assuming you really can ping and telnet to the same router address that you try to connect with winbox) - if you are doing some NAT and running MPLS bypasses that NAT.

I have discovered that when I:

/mpls ldp set enabled=no, everything works just fine.

/mpls ldp set enabled=yes, I cannot Winbox. When I telnet or mac-telnet in, I cannot issue a print command anywhere. I can't disable a port on a bridge.

There is low CPU usage 5% or less, but those commands will not work until I disable LDP.

It's just like the router can't do anything complex when MPLS is enabled.

Hammy, MPLS as such does not directly affect any application - be it winbox, telnet or anything else. The information you have provided about your network is not enough to figure out where the problem could be - you should start by figuring out if winbox connection gets to the router, whether response traffic can get through and such.

Just imaging possible causes, the first that comes to mind (assuming you really can ping and telnet to the same router address that you try to connect with winbox) - if you are doing some NAT and running MPLS bypasses that NAT.

There's no NAT involved anywhere between me and the router in question.

What version and what packages are you using?

What version and what packages are you using?

3.17 with updated firmware and the standard packages, no tests.

you have to install MPLS-test & routing-test and see if that brings in any changes. All fixes, upgrades, new features go into these packets.

you have to install MPLS-test & routing-test and see if that brings in any changes. All fixes, upgrades, new features go into these packets.

That kind of goes against convention. Normally the test package is the buggy one and the release version is the stable one.

what do you call 'normally'? =))

I don't know about "normally", but the regular package is on a feature freeze. It works fine, but all improvements and fixes are going into the "test" package.

what do you call 'normally'? =))

Other vendors.

I don't know about "normally", but the regular package is on a feature freeze. It works fine, but all improvements and fixes are going into the "test" package.

I sent a supout to support, but I haven't heard anything back. I'd think it's been over a week since I did that.

MikroTik support was offline during Christmas

MikroTik support was offline during Christmas

I figured so. That's why I didn't get too upset.

MikroTik support was offline during Christmas

I sent it in on the 18th. I submitted more information (saying that the test packages didn't help at all and the supout showing that), but haven't heard anything.

MikroTik support was offline during Christmas

I sent it in on the 18th. I submitted more information (saying that the test packages didn't help at all and the supout showing that), but haven't heard anything.

what's your ticket number, because I don't see any unanswered mails about it

MikroTik support was offline during Christmas

I sent it in on the 18th. I submitted more information (saying that the test packages didn't help at all and the supout showing that), but haven't heard anything.

what's your ticket number, because I don't see any unanswered mails about it

I received this not even a minute ago:

Hello,

Thank you for report, we will check and try to fix this issue.
Currently you can remove or disable manually added LDP neighbors which has send-targeted=yes and winbox should work fine.

Regards,
Maris

Hammy, it is highly possible that your problem is caused by some link in your setup not supporting the MPLS MTU that is configured (default value is 1508), can you elaborate on what type of hardware you have in path between host connecting with winbox and router? You notice this with winbox because it starts sending max size packets (that are not generated when using telnet or regular ping).

Anyway, thanks to your report, issue with MPLS implementation has been identified (and will get fixed in upcoming 3.18) - when router originates packets, it (mistakenly) considers that path MTU is MPLS MTU (1508 bytes) minus label stack size (4 bytes), not interface (layer 3) MTU as it should. With this problem router prepares 1504 byte winbox connection packets (which should not be fatal, but is still wrong).

Even with this fix - MPLS MTU should be configured properly so that it does not exceed the abilities of hardware. If there was no this problem - probably you would never experience this, because winbox would prepare 1500 byte packets, resulting in 1504 bytes with MPLS label and probably your hardware can handle that. But you would get in trouble as soon as you tried to use some other MPLS application that adds more than one label.