Saturday, December 24, 2016

layer 3 vpn over mpls bgp using mikrotik router

*** network diagram

192.168.57.0/24 r1(bgp) ---> r2 --->r3 --->(bgp) r4 192.168.0.0/24
                         -------------------mpls--------------------------

r1: lo address: 10.0.0.1
r2: lo address: 10.0.0.2
r3: lo address: 10.0.0.3
r4: lo address: 10.0.0.4

ibgp between r1 and r4 using AS: 65530

using vrf and mols/bgp, the route 192.168.57.0/24, 192.168.0.0/24 are not distributed all the router. only r1 and r4 have the routes and those routes are isolated from the rest of the route with vrf.

*** r1 configuration ****
/interface bridge
add name=lo 


/ip address
add address=1.1.1.1/30 disabled=no interface=ether2 network=1.1.1.0
add address=10.0.0.1/32 disabled=no interface=lo network=10.0.0.1
add address=192.168.57.2/24 interface=ether4 network=192.168.57.0


/ip route rule
add action=lookup disabled=no dst-address=192.168.0.0/24 src-address=192.168.57.0/24 table=vrfroutetable1


/ip route vrf
add disabled=no export-route-targets=1:1 import-route-targets=1:1 interfaces=ether4 route-distinguisher=1:1 routing-mark=vrfroutetable1


/routing ospf interface
add interface=ether2 network-type=broadcast

add interface=lo network-type=broadcast

/routing ospf network
add area=backbone disabled=no network=1.1.1.0/30
add area=backbone disabled=no network=10.0.0.0/24 


/mpls
set dynamic-label-range=16-1048575 propagate-ttl=yes


/mpls ldp
set distribute-for-default-route=no enabled=yes hop-limit=255 loop-detect=no lsr-id=10.0.0.1 path-vector-limit=255 transport-address=10.0.0.1 use-explicit-null=no


/mpls ldp interface
add accept-dynamic-neighbors=yes disabled=no hello-interval=5s hold-time=15s interface=ether2 transport-address=0.0.0.0


/interface vpls bgp-vpls
add bridge=lo bridge-cost=0 bridge-horizon=1 disabled=no export-route-targets=1:1 import-route-targets=1:1 name=a pw-mtu=1500 pw-type=vpls route-distinguisher=1:1 site-id=1 use-control-word=yes


/routing bgp peer
add address-families=ip,l2vpn,vpnv4 as-override=no default-originate=never disabled=no hold-time=3m in-filter="" instance=default multihop=no name=peer1 nexthop-choice=default out-filter="" passive=no remote-address=10.0.0.4 remote-as=65530 remove-private-as=no route-reflect=no tcp-md5-key="" ttl=default update-source=lo use-bfd=no 


/routing bgp instance vrf
add disabled=no in-filter="" instance=default out-filter="" redistribute-connected=yes redistribute-ospf=no redistribute-other-bgp=no redistribute-rip=no redistribute-static=no routing-mark=vrfroutetable1










***r2 configuration ****
/interface bridge
add name=lo


/ip address
add address=1.1.1.2/30 disabled=no interface=ether2 network=1.1.1.0
add address=2.2.2.1/30 disabled=no interface=ether3 network=2.2.2.0
add address=10.0.0.2/32 disabled=no interface=lo network=10.0.0.2


/routing ospf interface
add interface=ether2 network-type=broadcast

add interface=ether3 network-type=broadcast
add interface=lo network-type=broadcast

/routing ospf network
add area=backbone disabled=no network=1.1.1.0/30

add area=backbone disabled=no network=2.2.2.0/30
add area=backbone disabled=no network=10.0.0.0/24 


/mpls
set dynamic-label-range=16-1048575 propagate-ttl=yes


/mpls ldp
set distribute-for-default-route=no enabled=yes hop-limit=255 loop-detect=no lsr-id=10.0.0.2 path-vector-limit=255 transport-address=10.0.0.2 use-explicit-null=no


/mpls ldp interface
add accept-dynamic-neighbors=yes disabled=no hello-interval=5s hold-time=15s interface=ether2 transport-address=0.0.0.0

add accept-dynamic-neighbors=yes disabled=no hello-interval=5s hold-time=15s interface=ether3 transport-address=0.0.0.0




***r3 configuration ****
/interface bridge
add name=lo


/ip address
add address=2.2.2.2/30 disabled=no interface=ether2 network=2.2.2.0
add address=3.3.3.1/30 disabled=no interface=ether3 network=3.3.3.0
add address=10.0.0.3/32 disabled=no interface=lo network=10.0.0.2


/routing ospf interface
add interface=ether2 network-type=broadcast

add interface=ether3 network-type=broadcast
add interface=lo network-type=broadcast

/routing ospf network
add area=backbone disabled=no network=2.2.2.0/30

add area=backbone disabled=no network=3.3.3.0/30
add area=backbone disabled=no network=10.0.0.0/24 


/mpls
set dynamic-label-range=16-1048575 propagate-ttl=yes


/mpls ldp
set distribute-for-default-route=no enabled=yes hop-limit=255 loop-detect=no lsr-id=10.0.0.3 path-vector-limit=255 transport-address=10.0.0.3 use-explicit-null=no


/mpls ldp interface
add accept-dynamic-neighbors=yes disabled=no hello-interval=5s hold-time=15s interface=ether2 transport-address=0.0.0.0

add accept-dynamic-neighbors=yes disabled=no hello-interval=5s hold-time=15s interface=ether3 transport-address=0.0.0.0



***r4 configuration ****
/interface bridge
add name=lo

/ip address
add address=3.3.3.2/30 disabled=no interface=ether2 network=3.3.3.0
add address=10.0.0.4/32 disabled=no interface=lo network=10.0.0.4
add address=192.168.0.1/24 interface=ether4 network=192.168.0.0 


/ip route vrf
add disabled=no export-route-targets=1:1 import-route-targets=1:1 interfaces=ether4 route-distinguisher=1:1 routing-mark=vrftable1



/routing ospf interface
add interface=ether2 network-type=broadcast

add interface=lo network-type=broadcast

/routing ospf network
add area=backbone disabled=no network=3.3.3.0/30
add area=backbone disabled=no network=10.0.0.0/24 


/mpls
set dynamic-label-range=16-1048575 propagate-ttl=yes


/mpls ldp
set distribute-for-default-route=no enabled=yes hop-limit=255 loop-detect=no lsr-id=10.0.0.4 path-vector-limit=255 transport-address=10.0.0.4 use-explicit-null=no


/mpls ldp interface
add accept-dynamic-neighbors=yes disabled=no hello-interval=5s hold-time=15s interface=ether2 transport-address=0.0.0.0

/interface vpls bgp-vpls
add bridge=lo bridge-cost=0 bridge-horizon=1 disabled=no export-route-targets=1:1 import-route-targets=1:1 name=a pw-mtu=1500 pw-type=vpls route-distinguisher=1:1 site-id=4 use-control-word=yes


/routing bgp peer
add address-families=ip,l2vpn,vpnv4 as-override=no default-originate=never disabled=no hold-time=3m in-filter="" instance=default multihop=no name=peer1 nexthop-choice=default out-filter="" passive=no remote-address=10.0.0.1 remote-as=65530 remove-private-as=no route-reflect=no tcp-md5-key="" ttl=default update-source=lo use-bfd=no


/routing bgp instance vrf
add disabled=no in-filter="" instance=default out-filter="" redistribute-connected=yes redistribute-ospf=no redistribute-other-bgp=no redistribute-rip=no redistribute-static=no routing-mark=vrfroutetable1





*******show/testing part


1- mpls working when there is/are neighbors forming

/mpls ldp neighbor print
Flags: X - disabled, D - dynamic, O - operational, T - sending-targeted-hello, V - vpls
 #      TRANSPORT       LOCAL-TRANSPORT PEER                       SEND-TARGETED ADDRESSES     
 0 DO   10.0.0.2        10.0.0.1        10.0.0.2:0                 no            1.1.1.2       
                                                                                 2.2.2.1       
                                                                                 10.0.0.2


2- mpls-bgp (vpn4, l2vpn) working, when vpls is dynamically created (r1/r4)

/interface vpls print
Flags: X - disabled, R - running, D - dynamic, B - bgp-signaled, C - cisco-bgp-signaled

 1 RDB name="vpls2" mtu=1500 l2mtu=1500 mac-address=02:4F:83:E0:F1:AB arp=enabled disable-running-check=no remote-peer=10.0.0.1 cisco-style=no cisco-style-id=0
       advertised-l2mtu=1500 pw-type=raw-ethernet use-control-word=yes vpls=a

3- verify undate route using vrf working,
/routing bgp vpnv4-route print
Flags: L - label-present
 #   ROUTE-DISTINGUISHER                                 DST-ADDRESS        GATEWAY                                  INTERFACE                            IN-LABEL  OUT-LABEL
 0 L 1:1                                                 192.168.57.0/24    10.0.0.1                                 ether2                                     44         44
 1 L 1:1                                                 192.168.0.0/24                                              ether4                                     46


or

/ip route print detail
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit

 1 ADb  dst-address=192.168.57.0/24 gateway=10.0.0.1 gateway-status=10.0.0.1 recursive via 3.3.3.1 ether2 distance=200 scope=40 target-scope=30 routing-mark=vrftable1
        bgp-local-pref=100 bgp-origin=incomplete bgp-ext-communities="RT:1:1"




4- using client connect to router r1 and traceroute to 192.168.0.1
~$ traceroute -n 192.168.0.1
traceroute to 192.168.0.1 (192.168.0.1), 30 hops max, 60 byte packets
 1  192.168.57.2  0.239 ms  0.241 ms  0.274 ms
 2  * * *
 3  * * *
 4  192.168.0.1  1.054 ms  1.112 ms  1.124 ms

No comments:

Post a Comment