vaheeD khoshnouD

linux, mikrotik, macosx

Transparently Bridge two Networks using MPLS extended

Written by vaheeD on December 31, 2012
5.00 avg. rating (96% score) - 2 votes

Bonding two VPLS interfaces

This example extends Transparent Bridge using MPLS example. Mentioned example is using LDP signaled VPLS tunnel which is not suitable for two VPLS tunnels to the same device. Before continuing with the setup, basic knowledge of BGP and BGP signaled VPLS is needed.

Network Diagram

Vpls-bonding.png

 

There are two wireless links on router and LAN segment is connected to the ethernet side of each router.

Configuration

Lets consider that wireless interfaces are already configured and links are established so that we can start with IP and MPLS configuration.

IP addressing and MPLS

R1

/interface bridge
add name=lo
/ip address 
add address=192.168.222.1/24 interface=wlan1
add address=192.168.223.1/24 interface=wlan2
add address=222.222.222.1/32 interface=lo

/ip route
add dst-address=222.222.222.2/32 gateway=192.168.222.2

/mpls ldp
set enabled=yes lsr-id=222.222.222.1 transport-address=222.222.222.1
/mpls ldp interface
add interface=wlan1
add interface=wlan2

R2

/interface bridge
add name=lo
/ip address 
add address=192.168.222.2/24 interface=wlan1
add address=192.168.223.2/24 interface=wlan2
add address=222.222.222.2/32 interface=lo

/ip route
add dst-address=222.222.222.1/32 gateway=192.168.222.1

/mpls ldp
set enabled=yes lsr-id=222.222.222.2 transport-address=222.222.222.2
/mpls ldp interface
add interface=wlan1
add interface=wlan2

At this point ensure that LDP is running:

[admin@R1] /mpls ldp neighbor> print 
Flags: X - disabled, D - dynamic, O - operational, T - sending-targeted-hello, 
V - vpls 
 #      TRANSPORT       LOCAL-TRANSPORT PEER                       SEN
 0 DO   222.222.222.2   222.222.222.1   192.168.222.2:0            no

BGP signaled VPLS

R1

/routing bgp peer
add name=peer1 remote-address-192.168.222.2 remote-as=65530 address-families=l2vpn
add name=peer2 remote-address-192.168.223.2 remote-as=65530 address-families=l2vpn

R2

/routing bgp peer
add name=peer1 remote-address-192.168.222.1 remote-as=65530 address-families=l2vpn
add name=peer2 remote-address-192.168.223.1 remote-as=65530 address-families=l2vpn

BGP should be running and we can start VPLS configuration. Each of VPLS tunnels will have unique route distinguisher and route target:

R1

/interface vpls bgp-vpls
add export-route-targets=222:222 import-route-targets=222:222 name=bgp-vpls1 \
  route-distinguisher=222:222 site-id=1
add export-route-targets=223:223 import-route-targets=223:223 name=bgp-vpls2 \
  route-distinguisher=223:223 site-id=1

R2

/interface vpls bgp-vpls
add export-route-targets=222:222 import-route-targets=222:222 name=bgp-vpls1 \
  route-distinguisher=222:222 site-id=2
add export-route-targets=223:223 import-route-targets=223:223 name=bgp-vpls2 \
  route-distinguisher=223:223 site-id=2

At this point VPLS tunnels are signaled to both BGP peers. It means that VPLS tunnels are established over the same link (which update gets first).

To force other VPLS tunnel over another link we will use routign filters to filter out unnecessary updates:

R1 and R2

/routing bgp peer
set peer1 out-filter=bgp-out1
set peer2 out-filter=bgp-out2

/routing filter
add action=discard chain=bgp-out1 route-targets=223:223
add action=discard chain=bgp-out2 route-targets=222:222

Result

[admin@R1] /interface vpls> print 
Flags: X - disabled, R - running, D - dynamic, 
B - bgp-signaled, C - cisco-bgp-signaled 

 0 RDB name="vpls1" mtu=1500 l2mtu=1500 mac-address=02:A1:29:95:20:3B arp=enabled 
       disable-running-check=no remote-peer=192.168.223.2 cisco-style=no 
       cisco-style-id=0 advertised-l2mtu=1500 pw-type=raw-ethernet 
       vpls=bgp-vpls2 

 1 RDB name="vpls2" mtu=1500 l2mtu=1500 mac-address=02:A4:61:69:82:F1 arp=enabled 
       disable-running-check=no remote-peer=192.168.222.2 cisco-style=no 
       cisco-style-id=0 advertised-l2mtu=1500 pw-type=raw-ethernet 
       vpls=bgp-vpls1

Bonding

Bonding itself is quite simple

/interface bonding add name=bonding1 slaves=vpls1,vpls2

/interface bridge
add name=vpn protocol-mode=rstp
/interface bridge ports
add bridge=vpn interface=ether1
add bridge=vpn interface=bonding1
[admin@R1] /interface bonding> print 
Flags: X - disabled, R - running 
 0  R name="bonding1" mtu=1500 mac-address=02:A1:29:95:20:3B arp=enabled 
      slaves=vpls1,vpls2 mode=balance-rr primary=none link-monitoring=none 
      arp-interval=100ms mii-interval=100ms down-delay=0ms up-delay=0ms 
      lacp-rate=30secs transmit-hash-policy=layer-2

 

Note: As in this example VPLS tunnels are dynamically created, it means that if for some reason one VPLS goes down, bonding slave will become invalid. In this case some script is required which checks VPLS interface updates

5.00 avg. rating (96% score) - 2 votes

Posted Under: MikroTik, Network

About vaheeD

Leave a Reply

Your email address will not be published. Required fields are marked *

Protected by WP Anti Spam