Download - MPLS - mum.mikrotik.com
![Page 1: MPLS - mum.mikrotik.com](https://reader036.vdocuments.net/reader036/viewer/2022071613/6157da7ece5a9d02d46fd7f9/html5/thumbnails/1.jpg)
1
MPLS on practice withRouterOS
MPLS Case study. Implementation in the network of Skywire Technologies, Pty. South Africa
![Page 2: MPLS - mum.mikrotik.com](https://reader036.vdocuments.net/reader036/viewer/2022071613/6157da7ece5a9d02d46fd7f9/html5/thumbnails/2.jpg)
2
About me
● Alex Vishnyakov, Mikrotik trainer, CiscoCCNP, FreeBSD, Linux
● Main areas — BGP and dynamic routing,MPLS, security
● Currently working as ISP network teamleader, Skywire Technologies Pty, SouthAfrica
![Page 3: MPLS - mum.mikrotik.com](https://reader036.vdocuments.net/reader036/viewer/2022071613/6157da7ece5a9d02d46fd7f9/html5/thumbnails/3.jpg)
3
It's time for Africa
![Page 4: MPLS - mum.mikrotik.com](https://reader036.vdocuments.net/reader036/viewer/2022071613/6157da7ece5a9d02d46fd7f9/html5/thumbnails/4.jpg)
4
It's time for Africa
![Page 5: MPLS - mum.mikrotik.com](https://reader036.vdocuments.net/reader036/viewer/2022071613/6157da7ece5a9d02d46fd7f9/html5/thumbnails/5.jpg)
5
Network description
● B2B only services in SA
● Presence in all big cities of SA, more than 1500Km wide network
● Over thousand of mid-size/large enterprises
● Last mile services for 2nd largiest Telco in SA
● Transit of IPv4, L2 and BGPv4 for small ISPs
● Many VPNs for corporates
● Over 100 big towers and several hundreds of APs
![Page 6: MPLS - mum.mikrotik.com](https://reader036.vdocuments.net/reader036/viewer/2022071613/6157da7ece5a9d02d46fd7f9/html5/thumbnails/6.jpg)
6
Tasks and goals
Transit and last mile services for ISPs :
1. Provide hundreds of L2 tunnels for Large ISP
2. Provide L3 transit and BGPv4 transit for several smaller ISPs
3. Separate transit IPv4 traffic from our own IPv4 traffic
Internet and voice services for end users :
4. Provide VPN site to site tunnels for customers betweenbranches. Point to point, point to multipoint.
5. Separate Voice, Internet and Management traffic and routing
![Page 7: MPLS - mum.mikrotik.com](https://reader036.vdocuments.net/reader036/viewer/2022071613/6157da7ece5a9d02d46fd7f9/html5/thumbnails/7.jpg)
7
Task 1 (solution: eoip, l2tp, vlans - ?)
1. Provide hundreds of L2 tunnels for Large ISP (last mile)
![Page 8: MPLS - mum.mikrotik.com](https://reader036.vdocuments.net/reader036/viewer/2022071613/6157da7ece5a9d02d46fd7f9/html5/thumbnails/8.jpg)
8
Task 1
1. Provide hundreds of L2 tunnels for Large ISP (last mile)
L2 VPN MPLS
VPLS,LDP based
![Page 9: MPLS - mum.mikrotik.com](https://reader036.vdocuments.net/reader036/viewer/2022071613/6157da7ece5a9d02d46fd7f9/html5/thumbnails/9.jpg)
9
Task 2 (solution: static routes, ospf - ?)
2. Provide L3 transit(last mile) and BGPv4 transit for several smaller ISPs
![Page 10: MPLS - mum.mikrotik.com](https://reader036.vdocuments.net/reader036/viewer/2022071613/6157da7ece5a9d02d46fd7f9/html5/thumbnails/10.jpg)
10
Task 2
2. Provide L3 transit(last mile) and BGPv4 transit for several smaller ISPs
L3 VPN MPLS VRF, MP-BGP
![Page 11: MPLS - mum.mikrotik.com](https://reader036.vdocuments.net/reader036/viewer/2022071613/6157da7ece5a9d02d46fd7f9/html5/thumbnails/11.jpg)
11
Task 4 (solution: eoip, l2tp, ipip, gre, pptp, ipsec - ?)
4. Provide VPN site to site tunnels for customers between branches.Point to point, point to multipoint
![Page 12: MPLS - mum.mikrotik.com](https://reader036.vdocuments.net/reader036/viewer/2022071613/6157da7ece5a9d02d46fd7f9/html5/thumbnails/12.jpg)
12
Task 4
4. Provide VPN site to site tunnels for customers between branches.Point to point, point to multipoint
L2/L3 VPNs MPLS, MP-BGP
![Page 13: MPLS - mum.mikrotik.com](https://reader036.vdocuments.net/reader036/viewer/2022071613/6157da7ece5a9d02d46fd7f9/html5/thumbnails/13.jpg)
13
Task 3,5 (solution: different routers, PBR - ?)
3. Separate transit IPv4 traffic from our IPv4 customers
5. Separate Voice, Internet and Management traffic and routing
![Page 14: MPLS - mum.mikrotik.com](https://reader036.vdocuments.net/reader036/viewer/2022071613/6157da7ece5a9d02d46fd7f9/html5/thumbnails/14.jpg)
14
Task 3,5 (solution: different routers, PBR - ?)
3. Separate transit IPv4 traffic from our IPv4 customers
5. Separate Voice, Internet and Management traffic and routing
L3 VPN MPLSVRF, MP-BGP
![Page 15: MPLS - mum.mikrotik.com](https://reader036.vdocuments.net/reader036/viewer/2022071613/6157da7ece5a9d02d46fd7f9/html5/thumbnails/15.jpg)
15
MPLS is the solution
One common, vendor-independent, strongtechnology for tunnels = MPLS
![Page 16: MPLS - mum.mikrotik.com](https://reader036.vdocuments.net/reader036/viewer/2022071613/6157da7ece5a9d02d46fd7f9/html5/thumbnails/16.jpg)
16
P and PE routers
Cisco, Juniper — not cheap at all
Linux, BSD — no stable implementation
Mikrotik — CCR routers
![Page 17: MPLS - mum.mikrotik.com](https://reader036.vdocuments.net/reader036/viewer/2022071613/6157da7ece5a9d02d46fd7f9/html5/thumbnails/17.jpg)
17
MPLS on Mikrotik(before we started ...)
Results of tests and case studies :
- Stable VPLS, MPLS switching, L2 tunnels
Presentations from MUMs of Tierry Wehr(2014), Tomas Kirnak (2013), Pat Harris (2013)
- Unstable VRFs ?
http://forum.mikrotik.com/viewtopic.php?t=73820
![Page 18: MPLS - mum.mikrotik.com](https://reader036.vdocuments.net/reader036/viewer/2022071613/6157da7ece5a9d02d46fd7f9/html5/thumbnails/18.jpg)
18
Implementation output(… after we finished)VPLS
- L2 tunnels are stable, both MP-BPG and LDP based
- Be careful with MTU on switches
VRF
- By itself is stable in latest RouterOS version (>6.5)
- PPPoE cannot bind to VRF dynamically → we use DHCP
- Traceroute inside VRFs not shown→ we don't propogate TTL
- VRF route leaking issues → we use additional routers
- Route withdraw. Sometimes VRF has static/dynamic routes withdrawproblem … (we don't use dynamic routing between PE-CE). → we haveconnected routes mainly + work carefully with redistribution of static
- VRF BGP path selection has issues with choosing right BGP metric → weuse filter with distance manipulation
![Page 19: MPLS - mum.mikrotik.com](https://reader036.vdocuments.net/reader036/viewer/2022071613/6157da7ece5a9d02d46fd7f9/html5/thumbnails/19.jpg)
19
MPLS topology
![Page 20: MPLS - mum.mikrotik.com](https://reader036.vdocuments.net/reader036/viewer/2022071613/6157da7ece5a9d02d46fd7f9/html5/thumbnails/20.jpg)
20
MPLS topology
L2 bridging OSPF, LDP, iBGP, MPLS
![Page 21: MPLS - mum.mikrotik.com](https://reader036.vdocuments.net/reader036/viewer/2022071613/6157da7ece5a9d02d46fd7f9/html5/thumbnails/21.jpg)
21
Let's implement MPLS
Steps :
1. Bring customer on L2 to PE router
2. OSPF on Distribution/Core layer
3. LDP activation between PE, P routers, MPLS tags
4. iBGP, Route reflectors configuration
5. MP-BGP activation
6. L2 VPLS configuration (LDP based)
7. VRF configuration(L3 tunnels, isolation of traffic)
![Page 22: MPLS - mum.mikrotik.com](https://reader036.vdocuments.net/reader036/viewer/2022071613/6157da7ece5a9d02d46fd7f9/html5/thumbnails/22.jpg)
22
Step 1 — L2 bridging
Bring customer on L2 to PE routerAdvantages:
- no need for /30 networks, can be used /24 for all users on one PE
- each customer appear on PE as interface, so we can put him to VPLS or VRF
- different VLANs for different services
- VRF works fine in that setup :-)
Disadvantages:
- Large L2 domains (broadcasts)
- CPEs on one L2 line (can see each other)
ToDo:
- No «default forward» on wireless
- Port isolation (PVLAN isolated) on switches, split horizon on bridges
![Page 23: MPLS - mum.mikrotik.com](https://reader036.vdocuments.net/reader036/viewer/2022071613/6157da7ece5a9d02d46fd7f9/html5/thumbnails/23.jpg)
23
Step 2 — OSPF incore/distribution
![Page 24: MPLS - mum.mikrotik.com](https://reader036.vdocuments.net/reader036/viewer/2022071613/6157da7ece5a9d02d46fd7f9/html5/thumbnails/24.jpg)
24
Step 3 — LDP activation
![Page 25: MPLS - mum.mikrotik.com](https://reader036.vdocuments.net/reader036/viewer/2022071613/6157da7ece5a9d02d46fd7f9/html5/thumbnails/25.jpg)
25
Step 3 — MPLS tags
![Page 26: MPLS - mum.mikrotik.com](https://reader036.vdocuments.net/reader036/viewer/2022071613/6157da7ece5a9d02d46fd7f9/html5/thumbnails/26.jpg)
26
Step 4 — Address family
MP-BGP configuration
![Page 27: MPLS - mum.mikrotik.com](https://reader036.vdocuments.net/reader036/viewer/2022071613/6157da7ece5a9d02d46fd7f9/html5/thumbnails/27.jpg)
27
Step 5 — iBGP RR
![Page 28: MPLS - mum.mikrotik.com](https://reader036.vdocuments.net/reader036/viewer/2022071613/6157da7ece5a9d02d46fd7f9/html5/thumbnails/28.jpg)
28
Step 6 — VPLS setups
![Page 29: MPLS - mum.mikrotik.com](https://reader036.vdocuments.net/reader036/viewer/2022071613/6157da7ece5a9d02d46fd7f9/html5/thumbnails/29.jpg)
29
Step 7 — VRF setup
![Page 30: MPLS - mum.mikrotik.com](https://reader036.vdocuments.net/reader036/viewer/2022071613/6157da7ece5a9d02d46fd7f9/html5/thumbnails/30.jpg)
30
Step 7 — VRF setup
![Page 31: MPLS - mum.mikrotik.com](https://reader036.vdocuments.net/reader036/viewer/2022071613/6157da7ece5a9d02d46fd7f9/html5/thumbnails/31.jpg)
31
ConclusionPrerequisites➔ At lease MTCINE training
Advantages:➔ Not expensive solid MPLS solution➔ Fast, reliable L2 tunnels➔ Use VRF if you have similar setup to ours➔ Smart routing and TE can be implemented
Disadvantages:➔ Not full L3 VRF features (route leaking, route withdraw)➔ Don't provide L3 site to site tunnels over MPLS yet