Mikrotik Routeros Training Inter-Networking

8/28/2014
Overview
MikroTik RouterOS
● BGP
Training ● BGP Basics (iBGP, eBGP)
● Distribution, filtering and BGP attributes
Inter-Networking ● MPLS
● Introduction to MPLS
● LDP
● L2 and L3 VPN's
● Traffic Engineering
©Mikrotik 2012 2
Lab Setup X – group number Lab Setup

AP SSID=AS100 band=2.4Ghz
192.168.x1.0/24
● Divide in groups by four AS100
● Make network setup as illustrated in next slide AP

10.20.0.1/24
192.168.x3.0/24
R1 192.168.x.1/30
● R1 and R2 routes connect to AP with SSID 10.20.0.x1/24
AS100 in 2.4Ghz band

10.20.0.x2/24 192.168.x.2/30
R3
● Each router has local network 192.168.xy.0/24 R2
192.168.x.5/30
192.168.x.9/30
where:
192.168.x.10/30
192.168.x.6/30
● X-group number R4
● Y-Routers number 192.168.x2.0/24
192.168.x4.0/24
©Mikrotik 2012 3 ©Mikrotik 2012 4
Autonomous system
● Set of routers under a single administrative
control
Border Gateway Protocol ● Routing exchange:
(BGP) ● Routers within AS use common IGP
● Routers between ASs use EGP
● Has its own number (ASN)
● Supports 16-bit value and 32-bit value
● Numbers 64 512 – 65 534 reserved for private use
Internetworking 1
8/28/2014
BGP Basics Path Vector Implementation

● Stands for Border Gateway Protocol ● Treats whole AS as a single point in the path
● Designed as Inter-AS routing protocol ● Prefix is advertised with the list of ASs along the
● Network topology is not exchanged, only path called AS path
reachability information. ● Hides network topology within an AS
● Only protocol that can handle Internet's size ● Cannot provide loopfree routing within an AS
networks
● Uses path vector algorithm
Path Vector Implementation BGP Capabilities

Add AS100
10.1.0.0/24 to the path
● BGP Speaker advertises supported capability codes
AS100
● If received capability is not supported, remote peer
AS200
sends back notification
Reject, AS100 ● BGP speaker attempts to peer without unsupported
already in
the path capability
Add AS200
to the path ● Some of RouterOS advertised capabilities:
Add AS300
to the path ● Route refresh
● Multi-protocol extension
AS300
● 4-byte AS support
BGP Transport Packet format

● Operates by exchanging NLRI (network layer ● Packet contains four main fields:
reachability information). ● Marker (128bits) – used for authentication
● NLRI includes a set of BGP attributes and one ● Length (16bits)
or more prefixes with which those attributes are ● Type (8bits) – BGP message type
associated ● Message body
● Uses TCP as the transport protocol (port 179)
● Initial full routing table exchange between peers
● Incremental updates after initial exchange
(maintains routing table version)
Internetworking 2
8/28/2014
BGP message types BGP session and updates

● Four message types: Open with ASN4 capability
AS100 AS200
● Open – First message sent after TCP connection Notification unsupported cap.
Passive
establishment, contains capability list. Confirmed by Open without capability BGP peer
keepalive. Keepalive
● Keepalive – does not contain data, sent to keep
hold timer from expiring
● Update – actual route updates. Contains:
AS100 AS200
– NLRI Route Refresh message
– Path attributes
Update
● Notification – sent when error condition occurs,
contains error code and sub-code
Networks Enable BGP

● Indicates what networks BGP should originate from
/routing bgp instance
the router. set default as=300 router-id=10.10.10.4
● By default network is advertised only if corresponding /routing bgp peer

add instance=default remote-address=10.10.10.1 remote-as=3000
route is present in routing table
● Synchronization can be turned off if: If router-id is not specified, it is automatically set to least IP address on
the router.
● Your AS does not provide transit service
Verify BGP connectivity. Any state other than established indicates that
● All the transit routers run BGP routers can not become neighbors (use print status for more details)
● Disabling sync allows BGP to converge faster. [admin@R1] /routing bgp peer> print
Flags: X - disabled, E - established
# INSTANCE REMOTE-ADDRESS REMOTE-AS
● Sync can be dangerous if routes are flapping a lot. 0 E default 10.10.10.1 3000
● Configurable from
/routing bgp network
Stub network Scenarios Private AS Removal

● Single homed Global net
– Private ASN is used (>64511) AS65500
ISP 172.16.0.0/24
– ISP originates only default route 172.16.0.0/16
– Actually no need for BGP ● Private AS cannot be

– Upstream ISP advertises networks leaked to public AS65501
172.16.1.0/24
AS300
– Stub network has the same policy as ISP ● Available for eBGP
ISP
Stub net
neighbors
0.0.0.0/0 AS65502
● Announce only aggregate route 172.16.2.0/24
172.16.0.0/16
Global net AS65500
172.16.0.0/24
● Use following command
AS300 /routing bgp peer
set <peer-name> remove-private-as=yes
Internetworking 3
8/28/2014
BGP Lab I BGP Lab I

X – group number
● Create BGP network setup as illustrated in next AP SSID=AS100 band=2.4Ghz
BGP peer 192.168.x1.0/24
slide: AS100 AS1x1

10.20.0.1/24
● BGP peer from R1 and R2 to AP AP 192.168.x3.0/24
R1 192.168.x.1/30
10.20.0.x1/24
● BGP peer from R2 to R4
● BGP peer from R1 to R3 10.20.0.x2/24 192.168.x.2/30 AS65500
R2 R3
● Advertise your local network AS1x2
192.168.x.5/30
192.168.x.9/30
● Private ASN should be removed 192.168.x.6/30 R4

192.168.x.10/30
● Originate default route to private AS routers 192.168.x2.0/24

AS65500
192.168.x4.0/24
Stub network Scenarios Non-stub Scenarios

● Multihomed ● Need to obtain AS number from ISP or RIR
– Private ASN is used ● Address range from Regional Internet Registry
– Can be used: ● Routing policy independent from ISPs
● As main/backup link ● Can be used: Global net
● Load sharing
– As main/backup link
– Upstream ISP advertises networks
– Load sharing AS200
– Stub network has the same policy as ISP AS100
ISP – More advanced
Stub net R3
routing policies R1
172.16.0.0/16
Global net AS65500
172.16.0.0/24
R2
AS300
AS300
BGP and connection tracking BGP Lab II

● Connection tracking is unable to keep valid ● Add R3 to the same AS as R1
track of connections with multi-homed BGP. ● Add R4 to the same AS as R2
● Packets related to one connection can travel ● Make BGP peer between R4 and R3
through different paths
● Set up OSPF between routers in the same AS
– Do not drop invalid connections in firewall
● Con-track should be turned off for better ● Set OSPF to distribute connected routes
performance ● Announce both local networks from AS
Internetworking 4
8/28/2014
BGP Lab II BGP Lab II

X – group number
AP SSID=AS100 band=2.4Ghz [admin@R1] /ip route> print
BGP peer 192.168.x1.0/24
Flags: X - disabled, A - active, D - dynamic,
AS100 C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
AP
10.20.0.1/24
192.168.x3.0/24
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
AS1x1 0 ADb 0.0.0.0/0 10.20.0.1 20
R1 192.168.x.1/30 1 ADC 10.20.0.0/24 10.20.0.11 R1_AP 0
10.20.0.x1/24
2 ADC 192.168.1.0/30 192.168.1.1 R1_R3 0
3 ADo 192.168.1.8/30 192.168.1.2 110
4 ADC 192.168.11.0/24 192.168.11.0 local 0
10.20.0.x2/24 192.168.x.2/30
R3 5 Db 192.168.11.0/24 192.168.1.2 200
R2
192.168.x.5/30
6 ADb 192.168.12.0/24 192.168.1.10 200
192.168.x.9/30 7 Db 192.168.12.0/24 10.20.0.12 20
8 ADo 192.168.13.0/24 192.168.1.2 110
192.168.x.10/30 9 Db 192.168.13.0/24 192.168.1.2 200
192.168.x.6/30 R4 10 ADb 192.168.14.0/24 192.168.1.10 200
11 Db 192.168.14.0/24 10.20.0.12 20
AS1x2
192.168.x2.0/24
192.168.x4.0/24
BGP Lab II Interior and Exterior BGP

[admin@R3] /ip route> print
Flags: X - disabled, A - active, D - dynamic, ● iBGP – peering between routers inside an AS
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
● eBGP – peering between routers from different ASs
0 ADb 0.0.0.0/0 192.168.1.1 200
1 ADo 10.20.0.0/24 192.168.1.1 110 AS200
2 ADC 192.168.1.0/30 192.168.1.2 R3_R1 0
3 ADC 192.168.1.8/30 192.168.1.9 R3_R4 0 R2
4 ADo 192.168.11.0/24 192.168.1.1 110 eBGP AS300
5 Db 192.168.11.0/24 192.168.1.1 200
6 ADb 192.168.12.0/24 192.168.1.10 20 AS100 R3
7 ADC 192.168.13.0/24 192.168.13.0 local 0
8 Db 192.168.13.0/24 192.168.1.1 200 R1
9 ADb 192.168.14.0/24 192.168.1.10 20 R4
R5
iBGP
R6
BGP redistributes only best route. Since on R1 best route is one received from R3,
eBGP
router R1 does not redistribute .12/024 and .14.0/24 back to R3
AS400
eBGP eBGP Multihop example

Lo: 10.1.1.2 Lo: 10.1.1.1
● Almost always formed between directly AS100 AS200
connected peers (AS edge routers). R1

172.16.1.1 172.16.1.2 R2
Eth1 Eth1 Eth2
● Multi-hop configuration is required if peers are

not directly connected
/routing bgp peer
add remote-address=10.1.1.x remote-as=x multihop=yes \
● Adds AS to advertised prefix's path update-source=lo
● By default Next-hop is changed to self

Configuration requires static routes or enabled IGP so that the neighbors
can reach each other.
Setting eBGP to Loopback addresses can protect BGP from DOS attacks
Internetworking 5
8/28/2014
[admin@R1] /ip route> print

iBGP C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
● Next-hop is not changed by default: 0 ADb 0.0.0.0/0 10.20.0.1 20
1 ADb 10.1.101.0/24 10.20.0.1 20
● Uses IGP (RIP,OSPF,static) to ensure network 2 ADC 10.20.0.0/24 10.20.0.11 ether1 0
3 ADC 192.168.1.0/30 192.168.1.1 ether2 0
reachability within an AS 4 ADC 192.168.11.0/24 192.168.11.1 dummy 0
5 Db 192.168.12.0/24 192.168.1.10 200
● Attributes learned from iBGP are not changed to 6 ADb 192.168.12.0/24 10.20.0.12 20
7 ADb 192.168.13.0/24 192.168.1.2 200
impact the path selection to reach outside network 8 Db 192.168.14.0/24 192.168.1.10 200
9 ADb 192.168.14.0/24 10.20.0.12 20
● AS path is not manipulated
8 Db dst-address=192.168.14.0/24 gateway=192.168.1.10
● Provides ways to control exit point from an AS gateway-status=192.168.1.10 unreachable distance=200 scope=40
target-scope=30 bgp-as-path="112" bgp-local-pref=100 bgp-origin=igp
received-from=peer2
● Received external route from iBGP peer is not
propagated to other iBGP peers: 9 ADb dst-address=192.168.14.0/24 gateway=10.20.0.12
gateway-status=10.20.0.12 reachable ether1 distance=20 scope=40
target-scope=10 bgp-as-path="100,112" bgp-origin=igp
● Requires full mesh between iBGP peers. received-from=peer1
Loopback BGP Lab III

● Eliminates dependency from physical interface to
make TCP connection.
● Improve your setup by using loopback
addresses between iBGP peers
● Mostly used between iBGP peers 10.255.x.y/32, where
● In RouterOS empty bridge can be used as loopback x – group number
Lo: 10.1.1.2 Lo: 10.1.1.1 y – router's number
AS100
R2
● Add loopback address to OSPF networks
R1
Eth1 Eth1 Eth2
● Set loopback address as ospf and bgp router-id
/interface bridge add name=lo
/ip address add address=10.1.1.x/32 interface=lo
/routing bgp peer
add remote-peer=10.1.1.x remote-as=100 update-source=lo
Route Distribution Distribution Example

10.1.1.0/24
● IGP (Static, OSPF, RIP, connected) routes can AS200
AS100
be redistributed R1 R2
set default redistribute-static=yes
set default redistribute-ospf=yes
/ip route add dst-address=10.1.1.0/24 type=unreachable
● Prefix origin is “incomplete” /routing bgp instance set default redistribute-static=yes
● Risk of advertising all IGP routes

● Packets will be ceased unless more specific
● Always use routing filters to avoid unwanted route is present
route advertisements
● Good way to advertise supernet
Internetworking 6
8/28/2014
Routing Filters Filter Chain example

/routing bgp instance set default out-filter=bgp-o
● Main tool to control and modify routing /routing bgp peer set peer1 out-filter=bgp-peer-o
information /routing filter

add chain=bgp-o prefix=10.1.1.0/24 action=accept \
set-bgp-communities=30:30
● Organized in chains similar to firewall add chain=bgp-o action=discard
add chain=bgp-peer-o prefix=10.1.1.0/24 action=passthrough \
● Specify in BGP peer's configuration which set-out-nexthop=192.168.99.1
chains to use or BGP instance out filter

● Prefix passes instance chain, then moves to 3 ADb dst-address=10.255.1.2/32 gateway=10.20.0.12
gateway-status=192.168.99.1 reachable ether2 distance=20 scope=40
peer's chain
/routing bgp peer set 0 in-filter=bgp-in out-filter=bgp-out
target-scope=10 bgp-as-path="112" bgp-origin=igp
bgp-communities=30:30 received-from=peer2
/routing filter add chain=bgp-out prefix=10.1.1.0/24 \
action=discard invert-match=yes
Prefix filtering AS Path filtering

10.1.1.0/24
AS400 AS100 ● Can be configured to allow updates only to/from

R4 AS300
R1 certain AS
R3 ● Supports regular expressions
10.1.2.0/24
● “.” - any single character
AS200
● “^” - start of the as-path
R2
● “$” - end of the as-path
● “_” - matches comma, space, start and end of as-path
# config on R3
/routing bgp peer set peer1 out-filter=bgp-out # config on R3
/routing filter add prefix=10.1.0.0/16 prefix-length=16-32 \ /routing filter add chain=bgp-out action=discard \
chain=bgp-out action=discard bgp-as-path=_200_
BGP Soft Reconfiguration BGP Lab IV

● When action=discard is used, routes are not updated
● Set up routing filters in the way that:
after filter change.
● R1 does not receive 192.168.x2.0/24 prefix via AP
● Solution
● R2 does not receive 192.168.x1.0/24 prefix via AP
● Use action=reject to keep routes in the memory
● R3 does not receive 192.168.x4.0/24 prefix from R4
● Dynamic (Peer must support refresh capability):
● R4 does not receive 192.168.x3.0/24 prefix from R3
– Peer refreshes the routes after the changes are
done.
– No additional memory is used
– It is not done automatically - need to run
“refresh” command
Internetworking 7
8/28/2014
BGP Lab IV BGP decision algorithm

Lets look at R3. If set up properly traceroutes to network ● BGP uses single best path to reach the
x2 should go over R4 and traceroutes to x4 should go destination
over AP
● BGP always propagates the best path to the
[admin@R3] /ip address> /tool traceroute 192.168.12.1 \
src-address=192.168.13.1 neighbors
# ADDRESS RT1 RT2 RT3 STATUS
1 192.168.1.6 4ms 4ms 4ms
2 192.168.12.1 3ms 4ms 4ms ● Different prefix attributes are used to determine
[admin@R3] /ip address> /tool traceroute 192.168.14.1 \
best path, like weight, next-hop, as-path, local-
src-address=192.168.13.1 pref etc.
1 192.168.1.1 2ms 2ms 2ms
2 10.20.0.12 3ms 4ms 4ms ● Setting peer to loopback address can force
3 192.168.14.1 6ms 6ms 6ms
BGP to install ECMP route (for load balancing).
Best path selection Nexthop

● Next-hop validation
● Highest WEIGHT (default 0) ● IP address that is used to reach a certain destination
● Highest LOCAL-PREF (default 100) ● For eBGP nexthop is neighbor's IP address
● Shortest AS-PATH ● eBGP advertised nexthop is carried into iBGP.
● Locally originated path (aggregate, BGP network)
Dst: 172.16.0.0/24
● Lowest origin type (IGP,EGP,Incomplete) AS100 next-hop:10.1.1.1
Dst: 172.16.0.0/24
● Lowest MED (default 0) R1 10.1.1.1 next-hop:10.1.1.1
172.16.0.0/24
● Prefer eBGP over iBGP R3
10.1.1.2 R2
● Prefer the route with lowest router ID or ORIGINATOR_ID 10.30.1.1 10.30.1.2
AS200
● Shortest route reflection cluster (default 0)
● Prefer the path that comes©Mikrotik
from 2012the lowest neighbor address 45 ©Mikrotik 2012 46
Nexthop self Weight

Force BGP to use specific IP as a nexthop ● Weight is assigned locally to the router
# config on R2 ● Prefix without assigned weight have default value of 0
/routing bgp peer set peer1 nexthop-choice=force-self
● Route with higher weight is preferred
Dst: 172.16.0.0/24
AS200
AS100 next-hop:10.1.1.1 AS100
Dst: 172.16.0.0/24
R1 10.1.1.1 next-hop:10.30.1.1 R3
R1
172.16.0.0/24
R3 172.16.0.0/24
10.1.1.2 R2 172.16.0.0/24 Weight=50
R2
Weight=100
10.30.1.1 10.30.1.2
AS200 AS300
Internetworking 8
8/28/2014
Local Preference AS Path

● List of AS numbers that an update has traversed.
● Indicates which path has preference to exit AS
● Path with higher Local Pref is preferred (default: 100)
● Advertised within AS 10.1.1.0/24 AS200
AS300
AS100 AS200
R2
R3
R1 R5 10.1.1.0/24
AS-path:200,100 AS-path:100 AS100

AS400
AS300 R1
R4 Local-pref = 100
Local-pref = 200 R2 R4
R3
AS-path: 300,200,100
AS-Path Prepend Origin

AS-Path manipulations can be used to influence ● Information of route origin:
best path selection on upstream routers. ● IGP – interior or originating AS route.
● EGP – route learned via Exterior Gateway protocol
172.16.0.0/24
Incomplete – origin is unknown, occurs when route
172.16.0.0/24
AS-Path: 100,300,300 AS-Path: 200,300 ●
AS200 is redistributed into BGP.

AS100
R3
R1
Prepend = 2 R2
172.16.0.0/24 AS300
MED MED Example

AS300
● Multi Exit Discriminator or Metric – hint to external AS100
Med=10
Med=0
neighbor about path preference into an AS R1 R4
● Lower metric is preferred (Default: 0) Med=50
● Exchanged between AS and used to make decision inside Med=100
that AS, not passed to third AS. R2 R3
● Ignored if received from different ASs AS200
R1, R2 and R3 advertises the same network to R4 with different med

values. R4 only compares MEDs coming from R2 and R3, MED coming
from R1 is ignored (other attributes are used to select best path).
Internetworking 9
8/28/2014
X – group number BGP Lab V Community

192.168.x1.0/24
AS100 ● Attribute that groups destinations

192.168.x1.0/24
AP
AS1x1
192.168.x3.0/24 ● Filters can be easily applied to whole group
R1
● Default groups:
192.168.x2.0/24
R2 192.168.x3.0/24 R3
● No-export – do not advertise to eBGP peer
● No-advertise – do not advertise to any peer
192.168.x4.0/24
R4 ● Internet – advertise to Internet community
192.168.x2.0/24
AS1x2
● Local-as – do not send outside local AS (in non-
confederation network the same as no-export)
192.168.x4.0/24
Use as-path prepend to set up BGP fail-over and load sharing as illustrated
Community Example Community cont.

Assume that you don't want R2 to propagate routes ● 32-bit value written in format “xx:yy”
learned from R1 10.1.1.0/24
AS100
● Gives customer more policy control
AS300
R3 AS200
R1 ● Simplifies upstream configuration
R2 ● Can be used by ISPs for:
– AS prepending options
– Geographic restrictions
# config on R1
– Blackholing, etc.
/routing filter add chain=bgp-out action=passthrough \
set-bgp-communities=no-export ● Check Internet Routing Registry (IRR)
Community Example cont. Community Example cont.

# AS300 router config
/routing bgp peer set toAS100 out-filter=bgp-out-as100
● AS 100 defined public communities
/routing filter
● 100:500 – advertise to all peers add prefix=10.1.1.0/24 action=accept\
chain=bgp-out-as100 set-bgp-communities=100:500
● 100:501 – advertise to AS 400 add prefix=10.2.2.0/24 action=accept\
chain=bgp-out-as100 set-bgp-communities=100:501
10.1.1.0/24 community=100:500 AS 400

10.2.2.0/24 community=100:501 # AS100 router config
/routing bgp peer set toAS500 out-filter=bgp-out-as500
ISP
AS100 /routing filter
add bgp-communities=100:501 action=discard\
AS300 AS 500 chain=bgp-out-as500
Internetworking 10
8/28/2014
ISP example Extended Communities

aut-num: AS2588
as-name: LatnetServiss-AS
descr: LATNET ISP ● Used to carry additional fields in L2VPN and
member-of: AS-LATVIA
remarks: +-------------------------------------------------- VPNv4 setups
remarks: |
remarks: | x=0 Announce as is
remarks: | x=1 Prepend +1 ● Some additional fields carried:
remarks: | x=2 Prepend +2
remarks:
remarks:
|
|
x=3 Prepend +3
x=4 Prepend +4
● Route Targets
remarks: | x=5 Prepend +5
remarks: | ● Site of Origin
remarks: | 2588:400 Latvian Nets
remarks:
remarks:
|
|
2588:500 Announce to LIX (Latvian Internet Exchange)
2588:666 Don't announce (blackhole)
● Control flags
remarks: | 2588:70x Announce to uplinks with $x prepend
remarks: | 2588:900 Recieved from LIX (Latvian Internet Exchange) ● MTU
remarks: |
remarks: | For more information please use the email address ● Encapsulation flags
remarks: | iproute (at) latnet (dot) lv
remarks: +--------------------------------------------------
Aggregation BGP Route Reflector

Summarization of more specific routes into supernet. ● Re-advertises iBGP routes to avoid full mesh
Can be used to hide topology.
Works only on the same instance BGP routes
● Reduces communication message count
AS100
● Minimizes amount of data per message:
R1
AS400 10.1.1.0/24
10.0.0.0/8
● Only best path is reflected
R4 AS300 AS200
AS200
R3 10.1.2.0/24 AS200
R1 R3 R1 R3
R2
# config on R3
/routing bgp aggregate add instance=default summary-only=yes \ R2
prefix=10.0.0.0/8 action=passthrough inherit-attributes=no R2 RR
Route Reflector Configuration BGP Confederation

● Divides AS into multiple ASs
● RR is configured by enabling client to client
● To outside world confederation appears as single AS
reflection:
/routing bgp instance ● Each AS must be fully meshed iBGP (or route
set default client-to-client-reflection=yes reflectors)
/routing bgp peer
add route-reflect=yes remote-peer=x.x.x.x ... ● EBGP between confederation ASs exchange routing
like iBGP
● Route-reflect should be enabled only on route
reflector router ● AS-Path inside confederation is in scopes:
as-path=(30,20)
● RouterOS can not be configured as pure route # confederation setup
reflector /routing bgp instance set default confederation=100 \

confederation-peers=20,30
Internetworking 11
8/28/2014
BGP Confederation Lab VI: Confederation

X – group number
AS300 192.168.x1.0/24
AS200 AS100
AS-Path: 100,300 R9
R8 AP 192.168.x3.0/24
R1
R3 R4 Confederation
AS xx00 AS1x1
AS20
R1
AS-Path:(20,30) R3
R2
AS10 R5 R6
R2 AS1x2
AS30 R4
AS100
AS400
192.168.x2.0/24
R7
192.168.x4.0/24
Confederation AS-Path MultiProtocol BGP

[admin@R1] /ip route> print detail ● BGP packet format is designed for Ipv4
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, ● Address family attribute was created to carry
... new type of addresses.
8 ADb dst-address=192.168.12.0/24 gateway=192.168.1.10
gateway-status=192.168.1.10 recursive via 192.168.1.2 ● RouterOS supported address families:
distance=200 scope=40 target-scope=30 bgp-as-path="(112)"
bgp-local-pref=100 bgp-origin=igp received-from=peer2
● IPv6
● L2VPN
● VPN4
● Cisco style L2VPN
BGP Instances
● Each BGP instance runs its own BGP selection
algorithm
Multi-protocol Label Switching
Routes between instances are elected by other
(MPLS)
●
means (like distance)

● Routes from one instance are not redistributed
automatically to another instance LDP, VPNs (layer2,layer3), TE
● Needs:
set <id> redistribute-other-bgp=yes
● BGP attributes are inherited from another

instance
Internetworking 12
8/28/2014
X – group number MPLS Lab Setup MPLS Lab Setup

192.168.x1.0/24
AS100
● Reset router's configuration
AP
10.20.0.1/24
192.168.x3.0/24
● Set up configuration as illustrated
R1 192.168.x.1/30
10.20.0.x1/24 ● Set up loopback addresses and run OSPF on
Lo:10.255.x.1
all links
10.20.0.x2/24 192.168.x.2/30
R3 Lo:10.255.x.3
Lo:10.255.x.2 R2
192.168.x.5/30
● Add loopback addresses to OSPF networks
192.168.x.9/30
192.168.x.10/30
192.168.x.6/30 R4
Lo:10.255.x.4
192.168.x2.0/24
192.168.x4.0/24
MPLS Basics MPLS Basics

●Technology used to forward packets, based on ● LER – Label Edge Router or Provider Edge router (PE)
short labels ● LSR – Label Switch Router or Provider router (P)
Packets are classified and
labeled at ingress LER LSRs forward packets
●Initial goal: more efficient forwarding than IP using label swapping
routing (similar to ATM switching)
Serves as foundation for some “Advanced
●
Services”:
Label is removed at
● Layer3 VPNs MPLS egress LER
Backbone
● Any Transport over MPLS (AtoM), Layer2 VPNs
● MPLS Traffic Engineering
● Guaranteed bandwidth services
MPLS Basics MPLS Basics

● Also called 2.5 layer protocol ● More than one label is allowed.
● Shim header (32 bit) placed between OSI Layer2 ● Labels are grouped into label stack
and Layer3:
● LSRs always use the top label of the stack
● Label (20 bits)
● EXP (3 bits) - CoS ● Several Label distribution methods exist:
● End of stack flag(1 bit) – whether current label is the last in ● Static Label mapping
the stack
● LDP – maps unicast IP destination into label
● TTL (8 bits) L2 MPLS L3
● BGP – external labels (VPN)
Label EXP S TTL ● RSVP,CR-LDP – used for traffic engineering and
resource reservation
Internetworking 13
8/28/2014
Static Label Mapping Static Label Mapping

Lo:1.1.1.1 Lo:2.2.2.2 Lo:3.3.3.3
● RouterOS allows to add static local and remote
bindings for every destination.
● MPLS dynamic label range must be adjusted to
Local: DST LABEL DST LABEL DST LABEL
free labels for static bindings. 1.1.1.1 impl-null 1.1.1.1 21 1.1.1.1 21
2.2.2.2 22 2.2.2.2 impl-null 2.2.2.2 22
/mpls set dynamic-label-range=100-1048575 3.3.3.3 23 3.3.3.3 23 3.3.3.3 impl-null
/mpls local-bindings
/mpls remote-bindings DST HOP LABEL DST HOP LABEL DST HOP LABEL
/mpls forwarding-table Remote: 2.2.2.2 R2 impl-null 1.1.1.1 R1 impl-null 2.2.2.2 R2 impl-null
3.3.3.3 R2 23 3.3.3.3 R3 impl-null 1.1.1.1 R2 21
IN OUT DST IN OUT DST IN OUT DST
Fwd: 22 2.2.2.2 21 1.1.1.1 21 21 1.1.1.1
23 23 3.3.3.3 23 3.3.3.3 22 2.2.2.2
Test with traceroute Static Mapping LAB

● Create static label bindings for loopback
[admin@R1] /mpls forwarding-table> print
Flags: L - ldp, V - vpls, T - traffic-eng addresses
# IN-LABEL OUT-LABELS DESTINATION INTERFACE NEXTHOP
0 expl-null ● Since ECMP is not used in label binding,
...
4 L 23 23 3.3.3.3/32 ether1 10.20.0.11
[admin@R1] >/tool traceroute 3.3.3.3 src-address=1.1.1.1
choose only first gateway
1 10.20.0.11 2ms 1ms 2ms <MPLS:L=23,E=0> ● Test if labels are set with traceroute:
2 3.3.3.3 1ms 1ms 2ms
/tool traceroute 10.255.1.1 src-address=10.255.1.3
LDP Label space

● Stands for Label Distribution Protocol ● Per interface label space – packet is forwarded
● Relies on routing information provided by IGP – based on both the incoming interface and the
creates a local label binding to each IP prefix label
and distributes to LDP neighbors ● Per platform label space – label is not unique
Remote bindings
per interface
IGP Prefix 10.1.1.0/24 10.1.1.0/24 10.1.1.0/24
10.1.1.0/24 Label 21 Label 22 Label 23
Label1 Label1
Path 1 Path 1 Path 1
Path 1
Path 2
Local binding Local binding Local binding Label1 Label1

Label 21 Label 22 Label 23 Path 2 Path 1
Internetworking 14
8/28/2014
Distribution Modes Well known numbers

● Downstream-on-Demand (DoD) – each LSR ● LDP Hello messages – UDP port 646
requests its next-hop label binding. ● LDP transport session establishment – TCP port
(Not yet implemented) 646
● Unsolicited Downstream (UD) – LSR distributes ● Hellos are sent to “all routers in this subnet”
a binding all adjacent LSRs even if LSRs are multicast address (224.0.0.2)
requesting a label.
Configuring LDP LDP Lab

● Can be configured in “/mpls ldp” menu ● Remove all static mapping from previous lab
/mpls ldp set enabled=yes transport-address=x.x.x.x \
lsr-id=x.x.x.x
● Enable LDP and set lsr-id and transport
/mpls ldp interface add interface=ether1 address the same as loopback address
● Add LDP interfaces connecting neighbor routers
● Setting transport address ensures proper
penultimate hop popping behavior ● Verify if LDP neighbors are created
/mpls ldp neighbor print
● Check MPLS forwarding-table
/mpls forwarding-table print
Reserved Labels
● Labels from 0 to 15 are reserved, but only 4 are
used at this point:
● 0 – explicit NULL PHP
Implicit NULL
● 1 – router alert
● 2 – Ipv6 explicit NULL
● 3 – implicit NULL 0
PHP
Explicit NULL
Internetworking 15
8/28/2014
Penultimate Hop Popping Explicit NULL

● Router is egress point for network that is ● If configured, penultimate LSR forwards packet
directly connected to it, next hop for traffic is not with NULL label, instead of popping stack.
MPLS router
● Useful to preserve QoS
● Advertised with “implicit null” label
● Not required if stack contains at least two labels
● Penultimate hop popping ensures that routers (inner label can still carry QoS value)
do not have to do unnecessary label lookup
● Implicit NULL is used by default
when it is known in advance that router will
have to route packet
MPLS Traceroute Targeted LDP Sessions

● ICMP error messages are switched further ● In some cases it is necessary to set up targeted
along LSP LDP session (session between not directy
connected LSRs)
● It will give false increase in latency for that hop
● Configuration:
/mpls ldp neighbor add transport=<remote_ip> \
Label: 12 Label: 23 Label: 34
send-targeted=yes
Targeted LDP
R1 R2 R3 R4
Label: 32 Label: 43 LDP LDP LDP
Label Binding Filtering Label Binding LAB

● Can be used to distribute only specified sets of
labels to reduce resource usage
● Set up label binding filters so that only bindings
● Two types of binding filters: to loopback addresses from your group are sent
● Which bindings should be advertised and received.
/mpls ldp advertise-filter
● Check forwarding table to make sure filters
● Which bindings should be accepted
/mpls ldp accept-filter worked
● Filters are applied only to incoming/outgoing ● Check if packets are label switched or L3
advertisements. Any changes to filters requires forwarded with traceroute
ldpldp
/mpls disable/enable
advertise-filter add prefix=9.9.9.0/24 advertise=yes
/mpls ldp advertise-filter add prefix=0.0.0.0/0 advertise=no
Internetworking 16
8/28/2014
VRF
● Virtual Routing and Forwarding
● Based on policy routing
● Functionality of completely independent routing
Layer3 VPN
tables on one router.
VRF
● Multiple VRFs solves the problem of
overlapping customer IP prefixes
● When nexthop resolving fails it is not resolved
in main table (compared to policy routing)
Route Leaking VRF and Router Management

● Route leaking is route exchange between ● Any router management is not possible from vrf
separate VRFs side (winbox, telnet, ssh ...)
● Static Inter-VRF route: ● Ping and traceroute tools are updated to
● Explicitly specified routing table (works with “main”) support VRFs
/ip route
add gateway=10.3.0.1@main routing-mark=vrf1 ● OSPF and BGP can be used as CE-PE protocol
● Explicitly specify interface

/ip route
add dst-address=5.5.5.0/24 gateway=10.3.0.1%ether2 \
routing-mark=main
BGP/MPLS IP VPN L3VPN

● Works in Layer3 unlike BGP based VPLS. VPN A
RR
Site 1
● Also called L3VPN CE CE
VPN B
● Multiprotocol BGP is used to distribute routes Site 2
PE PE
between VRFs even in router itself.
CE
● Provider network MUST be MPLS enabled CE
VPN B PE VPN A
Site 1 Site 2
CE
VPN A
BGP
VPN B Site 3
OSPF as CE-PE
Site 3
Internetworking 17
8/28/2014
Route Distinguisher Route Target

● Route distinguisher (RD) is used to make IPv4 ● Route Targets (RTs) were introduced for the
prefixes unique ability to have interconnection between the sites
● RD+IPv4 prefix=vpnv4 prefix of different companies, called extranet VPNs.
● Format ● Route Targets are BGP extended community to

specify what vpnv4 prefixes will be imported into
● IP:num
VRF table.
● ASn:num
● Exporting RT - vpnv4 receives an additional
● Note: Some complex scenarios may require BGP extended community
more than one RD by VPN
● Importing RT – received vpnv4 route is checked
for a matching RT
Route Target Configuring L3VPN

VPN A
Site 1
● Create VRF instance
VPN B CE /ip route vrf
Site 1 CE add routing-mark=vrf1
route-distinguisher=100:1
Import: 100:1 export-route-targets=100:1
100:4
Export: 100:2
import-route-targets=100:1
Import: 100:3
100:2 ● Configure BGP to use VRF and vpnv4 address
Export: 100:1
family
/routing bgp instance vrf
Import: 100:1
Export: 100:3 CE add instance=default routing-mark=vrf1 \
VPN A Import: 100:2 redistribute-connected=yes
Export: 100:4 VPN B /routing bgp peer
Site 2 Site 2
CE add address-families=vpnv4 update-source=lo ...
● Results
©Mikrotik 2012 105 /routing bgp vpn vpnv4-route
©Mikrotik 2012 print 106
VPNV4 Lab BGP peers

X – group number VPNV4 Lab
● Choose Route Reflector and set up iBGP (group AS:
X00) Blue 192.168.x1.0/24
Site 1
AS100
● Set up VPNV4 BGP
AP RR 192.168.x3.0/24
Green
● Create VRF with interface where your laptop is R1 Site 2
connected
Lo:10.255.x.1
● Route Distinguisher and export RT: X00:Y
R2 GroupAS: X00 R3 Lo:10.255.x.3
Lo:10.255.x.2
● Set up proper import route targets, so that only Green
sites and Blue sites exchange routes (see next slide) Green
Site 1 R4
● Set up route leaking to access internet from VRF
Lo:10.255.x.4
192.168.x2.0/24 Blue
Site 2
192.168.x4.0/24
Internetworking 18
8/28/2014
OSPF and eBGP as CE-PE

● Distributes routes between CE and PE router's VRF
● On PE router specify which VRF to use
/routing ospf instance
set default routing-table=vrf1 redistribute-bgp=as-type-1 Layer 2 VPN
● New instance to use eBGP as CE-PE LDP Based VPLS
add name=ebgp as=100 routing-table=vrf1
BGP Based VPLS
CE-PE BGP CE-PE BGP
AP instance instance AP
CE CE
BGP peer
PE PE
MPLS Cloud
CE CE
OSPF ©Mikrotik 2012 OSPF 109 ©Mikrotik 2012 110
LDP based VPLS LDP based VPLS

● Also called L2VPN or EoMPLS Customer's L2 frame
PW label
● Glues together individual LANs across MPLS Site 1

SN label
L2 header
● Uses LDP to negotiate VPLS tunnels CE1

PE1 PE2
● Pseudowire demultiplexor field (PW label) is Site 3

P1
used to identify VPLS tunnel CE3
● Pseudowire has MAC learning, flooding and PE3 MPLS backbone

forwarding functions Site 2
Pseudo wire
CE - customer's edge router

CE2
PE - provider's edge router
P – Provider's core router
Configuring VPLS Configuring VPLS

● Add VPLS tunnel termination points: ● Add VPLS tunnel termination points:
/interface vpls /interface vpls
add remote-peer=x.x.x.x vpls-id=x:x add remote-peer=x.x.x.x vpls-id=x:x
● Dynamic targeted LDP neighbor is added ● Dynamic targeted LDP neighbor is added
● VPLS tunnel ID must be unique for every VPLS ● VPLS tunnel ID must be unique for every VPLS
● Related VPLS tunnel information can be viewed ● Related VPLS tunnel information can be viewed
by /interface vpls monitor command by /interface vpls monitor command
● Bridge VPLS interface with local one to provide ● Bridge VPLS interface with local one to provide
transparent connectivity transparent connectivity
Internetworking 19
8/28/2014
Split Horizon LDP VPLS Lab

● Forward Ethernet frame coming from PE to connected CEs
● Create VPLS tunnels between all routers from
● Packets are not forwarded to interfaces with the same
the group (VPLS ID x:x)
horizon value
● Horizon value is set in bridge port configuration ● Bridge VPLS interfaces with local interface on
/interface bridge port your router.
add bridge=vpn interface=vpls1 horizon=1
● VPN network is 192.168.x0.0/24 where:
CE1 CE3 ● x - group number
PE1 PE3
1 ● Set up Split horizon to avoid loops
1
CE2 1 1 CE4 ● Test connectivity between laptops in your group
PE2
LDP VPLS Lab VPLS tunnel

X – group number LDP VPLS Lab
● Create VPLS tunnels between all routers from AP SSID=AS100 band=2.4Ghz
192.168.x0.1/24
Site 1
the group (VPLS ID x:x) AS100
RR
● Bridge VPLS interfaces with local interface on AP 192.168.x0.3/24
R1 Site 3
your router. VPN network:
192.168.x0.0/24
Lo:10.255.x.1
● VPN network is 192.168.x0.0/24 where:
R2 R3 Lo:10.255.x.3
Lo:10.255.x.2
● x - group number
● Set up Split horizon to avoid loops Site 2
R4
● Test connectivity between laptops in your group Lo:10.255.x.4
192.168.x0.2/24 Site 4
192.168.x0.4/24
[admin@R4] /mpls ldp neighbor> print

Flags: X - disabled, D - dynamic, O - operational, T - sending-
targeted-hello, V - vpls
# TRANSPORT LOCAL-TRANSPORT PEER SEND-TARGETED ADDRESSES
LDP based VPN drawbacks
0 DOTV 10.255.0.3 10.255.0.4 10.255.0.3:0 no 10.255.0.3
192.168.1.2 ● Scalability issues due to static nature
1 DOTV 10.255.0.2 10.255.0.4 10.255.0.2:0 no 10.20.0.12
10.255.0.2 ● Requirement to maintain full mesh of LDP
2 DOTV 10.255.0.1 10.255.0.4 10.255.0.1:0 yes 10.20.0.11
tunnels
10.255.0.1
● Configuration adjustment on all routers forming
[admin@R4] /interface vpls> monitor 0
remote-label: 40 VPLS
local-label: 28
remote-status:
transport: 10.255.0.1/32
transport-nexthop: 192.168.1.9
imposed-labels: 22,40
Internetworking 20
8/28/2014
L2/MPLS MTU Importance L2MTU: 1500 Eth(14) IP(20) DATA(1480)
● MPLS MTU = IP MTU (L3) + MPLS headers R1
● MPLS MTU is adjustable from L2MTU: 1526 Eth(14) MPLS(4)VPLS(4) CW(4) Eth(14) IP(20) DATA(1480)
“/mpls interface” menu R2
● If MTU is too large and next header is IP L2MTU: 1526 Eth(14) MPLS(4)VPLS(4) CW(4) Eth(14) IP(20) DATA(1480)
● Then generate “ICMP Need Fragment error”

R3
● Else silently discard packet
L2MTU: 1522 Eth(14) VPLS(4) CW(4) Eth(14) IP(20) DATA(1480)
Eth(14) VLAN(4) MPLS(4) IP(20) DATA(1480)
IP (L3) MTU
R4
MPLS MTU
L2 MTU L2MTU: 1500 Eth(14) IP(20) DATA(1480)
Full Frame
VPLS Control Word

● 4-byte Control Word (CW) is used for packet
fragmentation and reassembly inside VPLS
tunnel
● Optional CW is added between PW label and
packet payload
● CW can be turned off for compatibility with other
vendors (some Cisco BGP based VPLS)
BGP Based VPLS BGP Based VPLS configuration

● BGP VPLS functionality ● Configure BGP instance
● Autodiscovery – no need to configure each VPLS ● Enable l2vpn in BGP peer's address-families
router to use BGP multi protocol capability
● Signaling – labels for VPLS tunnels distributed in
● Use loopback address as BGP peers address
BGP updates.
by specifying update-source, in order for
● No need for targeted LDP sessions penultimate hop popping to work properly.
● No scalability issues /routing bgp peer
add remote address=1.1.1.1 remote-as=100 update-source=lo
address-families=l2vpn
● No significant advantages over LDP in case of
full mesh BGP.
Internetworking 21
8/28/2014
BGP Based VPLS configuration BGP based VPLS Lab

● Configure VPN bridge
● Choose which one of routers will be Route
● Configure BGP signaled VPLS interface reflector (for example R1)
/interface vpls bgp-vpls
add bridge=<bridge> bridge-horizon=1 site-id=1 \ ● Set BGP peering only between RR
route-distinguisher=1:1 import-route-targer=1:1 \
export-route-target=1:1 ● Replace all statically created VPLS with BGP
● Dynamic VPLS tunnel gets created and added VPLS
to bridge ports ● Set import/export route targets the same as
– route-distinguisher – value that gets attached to VPLS route distinguisher.
NLRI to distinguish advertisements, value should be
unique for each VPLS
– site-id – unique setting among members of particular
VPLS ©Mikrotik 2012 127 ©Mikrotik 2012 128
IP Routing Limitation
● After two IP traffic flows for the same
destination are merged, it is impossible to split
them and reroute over different paths
Traffic Engineering
● Overloaded link from Router C to Router E
E
A C F
D
40Mbps traffic from A to F
B 40Mbps traffic from B to F
Traffic Engineering Traffic Engineering

● TE solves the problem
● Expands the capabilities of L2 ATM and Frame
● Can be used to steer traffic to less utilized links relay networks
● Constraint based routing - path for the traffic
flow is shortest path that meets resource
E
A C F requirements (constraints)
D
● Eliminates the need of overplayed L2 mesh.
B TE Tunnel1 50Mbps
TE Tunnel2 50Mbps
Internetworking 22
8/28/2014
How it works TE Tunnel Path Options

● TE establishes/maintains the tunnel using ● Tunnel path is routed based on routing table
RSVP (Resource Reservation Protocol) Tunnel path: use-cspf=no and empty hops
● Tunnel path at any point is determined based ● Statically configured explicit path
on network resources and tunnel requirements Tunnel path: use-cspf=no hops=<explicit hop config>
● Available resources are flooded via OSPF ● Constrained Shortest Path First (CSPF) – head
● Tunnel paths are calculated at the tunnel head end router calculates path to tail end using
based on a fit between required and available knowledge of network state. Needs assistance
resources (constraint-based routing) form IGP.
Tunnel path: use-cspf=yes, empty hops or explicitly
● RSVP TE tunnels are unidirectional configured hops
How it works TE configuration

● Tunnel head end appears as interface
● Set OSPF to use TE and configure TE on all
● Auto TE works within the range of one area interfaces participating in TE tunnel
● Traffic can be forwarded automatically to TE if /routing ospf set mpls-te-area=backbone
mpls-te-router-id=loopback
/mpls traffic-eng interface
● Remote endpoint of pseudowire is the same as TE add interface=ether1 bandwidth=50Mbps
endpoint
● BGP nexthop is tunnel endpoint ( can be turned off ● Configure TE tunnel itself
/mpls traffic-eng tunnel-path
by setting “use-te-nexthop=no”) add use-cspf=no name=rt
/interface traffic-eng
add bandwidth=10Mbps primary-path=rt
from-address=10.255.1.2 to-address=10.255.1.3
TE configuration TE configuration
● OSPF Result (should have opaque LSAs) ● TE tunnel path and reservation state
[admin@R2] /mpls traffic-eng path-state> print
● TE tunnel monitoring Flags: L - locally-originated, E - egress, F - forwarding, P - sending-
path, R - sending-resv
[admin@R2] /interface traffic-eng> monitor 0 # SRC DST BANDWIDTH OUT.. OUT-NEXT-HOP
tunnel-id: 3 0 LFP 10.255.1.2:1 10.255.1.3:3 10.0Mbps R2_R4 10.20.0.11
primary-path-state: established [admin@R2] /mpls traffic-eng resv-state> print
primary-path: rt Flags: E - egress, A - active, N - non-output, S - shared
secondary-path-state: not-necessary # SRC DST BANDWIDTH LABEL INT...
active-path: rt 0 AS 10.255.1.2:1 10.255.1.3:3 10.0Mbps 124 R2_R4
active-lspid: 1
active-label: 124 [admin@R2] /mpls traffic-eng interface> print
recorded-route: 192.168.1.1[124],192.168.1.2[0] Flags: X - disabled, I - invalid
reserved-bandwidth: 10.0Mbps # INTERFACE BANDWIDTH TE-METRIC REMAINING-BW
0 R2_R1 50Mbps 1 50.0Mbps
[admin@R2] /interface vpls> monitor 0 1 R2_R4 50Mbps 1 40.0Mbps
remote-label: 114
local-label: 113
remote-status:
transport: traffic-eng1
transport-nexthop: 10.20.0.11
imposed-labels: 124,114
Internetworking 23
8/28/2014
Static Path Static path example

10.1.3.1
● Static path is established by setting strict or loose 10.1.1.1 10.1.4.1
hops: A C
E
F
● Strict - defines that there must not be any other hops
between previous hop and "strict" hop (fully specified D
path)
B
10.1.2.1
● Loose - there are acceptable other hops between
10.1.0.1
previous hop and defined hop (not fully specified path).
10.1.2.1:loose
/mpls traffic-eng tunnel-path 10.1.1.1:strict,10.1.2.1:strict, 10.1.4.1:loose
add use-cspf=no \
hops=10.1.1.1:strict,10.1.3.1:loose,10.1.4.1:strict 10.1.1.1:strict,10.1.2.1:strict,10.1.3.1:strict,10.1.4.1:strict
TE Lab I VPLS tunnel

X – group number TE Lab I
192.168.x0.1/24
● Set up TE tunnels so that VPLS tunnels uses AS100
Site 1
following switching paths: RR
AP 192.168.x0.3/24
● VPLS: R1<->R4; TE Path: R1-R3-R4 primary VPN network: R1 Site 3
192.168.x0.0/24
● VPLS: R2<->R3: TE Path: R2-R4-R3 primary Lo:10.255.x.1
● Experiment with different TE path types. Lo:10.255.x.2 R2 R3 Lo:10.255.x.3
Site 2
R4
Lo:10.255.x.4
192.168.x0.2/24 Site 4
192.168.x0.4/24
Secondary TE Tunnel Path Auto Bandwidth

● TE does not switch paths automatically to ● By default TE tunnels do not apply rate limitations,
“bandwidth” settings are only for reservation accounting
secondary, tunnel must be reoptimized:
● To make tunnels more flexible two features were added:
● Manually (“optimize” command);
● “bandwidth-limit” – hard rate limit allowed to enter the
● Automatically (at configured“reoptimize-interval”) tunnel, limit is percent of tunnel bandwidth.
● TE tries to switch back to primary every minute ● Auto bandwidth adjustment – measures average rate
(can be changed by “primary-retry-interval”) during “auto-bandwidth-avg-interval”, tunnel keeps
highest avg rate seen during “auto-bandwidth-update-
● Switching paths may take some time, depends interval”. When update interval expires, tunnel chooses
on: OSPF timeouts, routing table updates, TE new highest rate from “auto-bandwidth-range”.
timeout settings. ● Both options can be used in combination.
Internetworking 24
8/28/2014
TE Lab II VPLS tunnel

X – group number TE Lab II
192.168.x0.1/24
● Set up TE tunnels so that VPLS tunnels uses AS100
Site 1
following primary and backup switching paths: RR
AP 192.168.x0.3/24
● VPLS: R1<->R4; TE Path: R1-R3-R4 primary, R1- VPN network: R1 Site 3
192.168.x0.0/24
R2-R4 backup Lo:10.255.x.1
● VPLS: R2<->R3: TE Path: R2-R1-R3 primary, R2-
R2 R3 Lo:10.255.x.3
R4-R3 backup Lo:10.255.x.2
● Set up TE tunnel bandwidth limit (automatic and

Site 2
static) and test limitation with bandwidth test. R4
Lo:10.255.x.4
192.168.x0.2/24 Site 4
192.168.x0.4/24
Overall Summary
● MPLS improves performance
● Very easy to enable over existing core
configuration
● Very easy to migrate from EoIP to VPLS
● New possibilities for ISPs to offer new services
©Mikrotik 2012 147
Internetworking 25

Mikrotik Routeros Training Inter-Networking

Uploaded by

Copyright:

Available Formats

Mikrotik Routeros Training Inter-Networking

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Mikrotik Routeros Training Inter-Networking

Uploaded by

Copyright:

Available Formats

8/28/2014

Lab Setup X – group number Lab Setup

● Make network setup as illustrated in next slide AP

AS100 in 2.4Ghz band

● Y-Routers number 192.168.x2.0/24

©Mikrotik 2012 5 ©Mikrotik 2012 6

BGP Basics Path Vector Implementation

©Mikrotik 2012 7 ©Mikrotik 2012 8

Path Vector Implementation BGP Capabilities

BGP Transport Packet format

BGP message types BGP session and updates

Networks Enable BGP

● By default network is advertised only if corresponding /routing bgp peer

Stub network Scenarios Private AS Removal

– Actually no need for BGP ● Private AS cannot be

BGP Lab I BGP Lab I

slide: AS100 AS1x1

● Private ASN should be removed 192.168.x.6/30 R4

● Originate default route to private AS routers 192.168.x2.0/24

Stub network Scenarios Non-stub Scenarios

BGP and connection tracking BGP Lab II

©Mikrotik 2012 23 ©Mikrotik 2012 24

BGP Lab II BGP Lab II

BGP Lab II Interior and Exterior BGP

©Mikrotik 2012 27 ©Mikrotik 2012 28

eBGP eBGP Multihop example

● Almost always formed between directly AS100 AS200

connected peers (AS edge routers). R1

● Multi-hop configuration is required if peers are

● By default Next-hop is changed to self

©Mikrotik 2012 29 ©Mikrotik 2012 30

[admin@R1] /ip route> print

Loopback BGP Lab III

Route Distribution Distribution Example

● Risk of advertising all IGP routes

Routing Filters Filter Chain example

information /routing filter

chains to use or BGP instance out filter

©Mikrotik 2012 37 ©Mikrotik 2012 38

Prefix filtering AS Path filtering

AS400 AS100 ● Can be configured to allow updates only to/from

©Mikrotik 2012 39 ©Mikrotik 2012 40

BGP Soft Reconfiguration BGP Lab IV

BGP Lab IV BGP decision algorithm

Best path selection Nexthop

Nexthop self Weight

©Mikrotik 2012 47 ©Mikrotik 2012 48

Local Preference AS Path

AS-path:200,100 AS-path:100 AS100

©Mikrotik 2012 49 ©Mikrotik 2012 50

AS-Path Prepend Origin

AS200 is redistributed into BGP.

©Mikrotik 2012 51 ©Mikrotik 2012 52

MED MED Example

neighbor about path preference into an AS R1 R4

● Lower metric is preferred (Default: 0) Med=50

● Exchanged between AS and used to make decision inside Med=100

that AS, not passed to third AS. R2 R3

● Ignored if received from different ASs AS200