Transparently Bridge two Networks using MPLS extended
Written by vaheeD on December 31, 2012
Bonding two VPLS interfaces
This example extends Transparent Bridge using MPLS example. Mentioned example is using LDP signaled VPLS tunnel which is not suitable for two VPLS tunnels to the same device. Before continuing with the setup, basic knowledge of BGP and BGP signaled VPLS is needed.
Network Diagram
There are two wireless links on router and LAN segment is connected to the ethernet side of each router.
Configuration
Lets consider that wireless interfaces are already configured and links are established so that we can start with IP and MPLS configuration.
IP addressing and MPLS
R1
/interface bridge add name=lo /ip address add address=192.168.222.1/24 interface=wlan1 add address=192.168.223.1/24 interface=wlan2 add address=222.222.222.1/32 interface=lo /ip route add dst-address=222.222.222.2/32 gateway=192.168.222.2 /mpls ldp set enabled=yes lsr-id=222.222.222.1 transport-address=222.222.222.1 /mpls ldp interface add interface=wlan1 add interface=wlan2
R2
/interface bridge add name=lo /ip address add address=192.168.222.2/24 interface=wlan1 add address=192.168.223.2/24 interface=wlan2 add address=222.222.222.2/32 interface=lo /ip route add dst-address=222.222.222.1/32 gateway=192.168.222.1 /mpls ldp set enabled=yes lsr-id=222.222.222.2 transport-address=222.222.222.2 /mpls ldp interface add interface=wlan1 add interface=wlan2
At this point ensure that LDP is running:
[admin@R1] /mpls ldp neighbor> print Flags: X - disabled, D - dynamic, O - operational, T - sending-targeted-hello, V - vpls # TRANSPORT LOCAL-TRANSPORT PEER SEN 0 DO 222.222.222.2 222.222.222.1 192.168.222.2:0 no
BGP signaled VPLS
R1
/routing bgp peer add name=peer1 remote-address-192.168.222.2 remote-as=65530 address-families=l2vpn add name=peer2 remote-address-192.168.223.2 remote-as=65530 address-families=l2vpn
R2
/routing bgp peer add name=peer1 remote-address-192.168.222.1 remote-as=65530 address-families=l2vpn add name=peer2 remote-address-192.168.223.1 remote-as=65530 address-families=l2vpn
BGP should be running and we can start VPLS configuration. Each of VPLS tunnels will have unique route distinguisher and route target:
R1
/interface vpls bgp-vpls add export-route-targets=222:222 import-route-targets=222:222 name=bgp-vpls1 \ route-distinguisher=222:222 site-id=1 add export-route-targets=223:223 import-route-targets=223:223 name=bgp-vpls2 \ route-distinguisher=223:223 site-id=1
R2
/interface vpls bgp-vpls add export-route-targets=222:222 import-route-targets=222:222 name=bgp-vpls1 \ route-distinguisher=222:222 site-id=2 add export-route-targets=223:223 import-route-targets=223:223 name=bgp-vpls2 \ route-distinguisher=223:223 site-id=2
At this point VPLS tunnels are signaled to both BGP peers. It means that VPLS tunnels are established over the same link (which update gets first).
To force other VPLS tunnel over another link we will use routign filters to filter out unnecessary updates:
‘R1 and R2
/routing bgp peer set peer1 out-filter=bgp-out1 set peer2 out-filter=bgp-out2 /routing filter add action=discard chain=bgp-out1 route-targets=223:223 add action=discard chain=bgp-out2 route-targets=222:222
Result
[admin@R1] /interface vpls> print Flags: X - disabled, R - running, D - dynamic, B - bgp-signaled, C - cisco-bgp-signaled 0 RDB name="vpls1" mtu=1500 l2mtu=1500 mac-address=02:A1:29:95:20:3B arp=enabled disable-running-check=no remote-peer=192.168.223.2 cisco-style=no cisco-style-id=0 advertised-l2mtu=1500 pw-type=raw-ethernet vpls=bgp-vpls2 1 RDB name="vpls2" mtu=1500 l2mtu=1500 mac-address=02:A4:61:69:82:F1 arp=enabled disable-running-check=no remote-peer=192.168.222.2 cisco-style=no cisco-style-id=0 advertised-l2mtu=1500 pw-type=raw-ethernet vpls=bgp-vpls1
Bonding
Bonding itself is quite simple
/interface bonding add name=bonding1 slaves=vpls1,vpls2 /interface bridge add name=vpn protocol-mode=rstp /interface bridge ports add bridge=vpn interface=ether1 add bridge=vpn interface=bonding1
[admin@R1] /interface bonding> print Flags: X - disabled, R - running 0 R name="bonding1" mtu=1500 mac-address=02:A1:29:95:20:3B arp=enabled slaves=vpls1,vpls2 mode=balance-rr primary=none link-monitoring=none arp-interval=100ms mii-interval=100ms down-delay=0ms up-delay=0ms lacp-rate=30secs transmit-hash-policy=layer-2
Note: As in this example VPLS tunnels are dynamically created, it means that if for some reason one VPLS goes down, bonding slave will become invalid. In this case some script is required which checks VPLS interface updates