MIKROTIK USANDO MPLS E VPLS PARA ENLACES

Share Button

Uma topologia para quem necessita transportar trafego até um determinado ponto da rede, mas não gostaria de utilizar WDS, ou simplesmente tem um outro equipamento que está  fechando o enlace, sendo ele Wireless, Elétrico ou Fibra Óptica.

Uma possibilidade que esse cenário possibilita é a possibilidade de usar mais de um VPLS para o mesmo destino podendo ser usando para redundância ou agregação do trafego.

mk-vpls

 

Abaixo Veremos a configuração do AP (Acess Point)

/interface wireless
set wlan1 disabled=no ssid=MPLS frequency=5180 band=5ghz mode=bridge

# Configurando o IP
/ip address
add address=172.16.0.1/30 interface=wlan1

# habilitando o protocolo LDP
/mpls ldp 
set enabled=yes lsr-id=172.16.0.1 transport-address=172.16.0.1
/mpls ldp interface
add interface=wlan1

#Configurando o Tunel VPLS
/interface vpls
add name=vpls1 remote-peer=172.16.0.2 vpls-id=1:1 disabled=no

# Adicionado o tunel VPLS e a porta de trafego que em nosso caso é a
# ether1
/interface bridge add name=bridge1
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=vpls1

Agora configuraremos o lado Station

# Configuração da interface wireless
/interface wireless
set wlan1 disabled=no ssid=MPLS band=5ghz mode=station

# Configurado o IP
/ip address
add address=172.16.0.2/30 interface=wlan1

# Habilitando o protocolo LDP nas interfaces
/mpls ldp 
set enabled=yes lsr-id=172.16.0.2 transport-address=172.16.0.2
/mpls ldp interface
add interface=wlan1

#Adicionando o tunel VPLS
/interface vpls
add name=vpls1 remote-peer=172.16.0.1 vpls-id=1:1 disabled=no

# Adicionado o tunel VPLS e a porta de trafego que em nosso caso é a
# ether1
/interface bridge add name=bridge1
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=vpls1

Antes de executar o próximo comando verifique se o link Wireless está estabelecido.

Após a confirmação é possível verificar o Status do LDP

[admin@MikroTik] /mpls ldp neighbor> print
Flags: X - disabled, D - dynamic, O - operational, T - sending-targeted-hello, V - vpls
 #      TRANSPORT    LOCAL-TRANSPORT PEER           SEND-TARGETED ADDRESSES
 0 DOTV 172.16.0.2   172.16.0.1      172.16.0.2:0   no            172.16.0.2
                                                                                 
[admin@MikroTik] /mpls ldp neighbor> .. .. forwarding-table print
Flags: L - ldp, V - vpls, T - traffic-eng
 #   IN-LABEL        OUT-LABELS      DESTINATION    INTERFACE    NEXTHOP
 0   expl-null
 1 V 18                              vpls1

Aqui podemos verificar se o VPLS está conectado

[admin@MikroTik] /interface vpls> monitor vpls1 once
       remote-label: 17
        local-label: 18
      remote-status:
  transport-nexthop: 172.16.0.2
     imposed-labels: 17

Caso necessite fazer um ponto-multi-ponto é necessário alterar o modo da AP de bridge para AP-Bridge e adicionar no novo tunel VPLS como segue abaixo.

# Alterando do bridge para AP-Bridge
/interface wireless
set wlan1 mode=ap-bridge

# Configurando o novo Tunel VPLS
/interface vpls
add name=vpls2 remote-peer=172.16.0.3 vpls-id=2:2 disabled=no

# Adicionando o tunel na bridge
/interface bridge port
add bridge=bridge1 interface=vpls2

Aqui é como deve ficar a nova station que participará do novo tunel.

# Configurando a interface wirelss
/interface wireless
set wlan1 disabled=no ssid=MPLS band=5ghz mode=station

# Configurando o IP
/ip address
add address=172.16.0.3/30 interface=wlan1

# Habilitando o LDP
/mpls ldp 
set enabled=yes lsr-id=172.16.0.3 transport-address=172.16.0.3
/mpls ldp interface
add interface=wlan1

# Adicionando o Tunel VPLS
/interface vpls
add name=vpls1 remote-peer=172.16.0.1 vpls-id=2:2 disabled=no

# Adicionando as portas na bridge
/interface bridge add name=bridge1
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=vpls1

Quando utilizamos MPLS o tamanho adicionamos os labels aos IP frames isso altera o tamanho de MTU minimo, nesse caso é necessário alterar a MTU das interfaces para não gerarmos pacotes fragmentados nessa rede. Faremos isso com o comando abaixo.

/mpls interface set 0 mpls-mtu=1522

MPLS E VPLS COM LSP EM ROTEADORES JUNIPER

Share Button

English Title: MPLS and VPLS with LSP in Juniper Routers

Com a necessidade de interligar dois sites com uma rede L2, surgiu a idéia de fazer um VPLS, o cenário criado é um cenário de testes roando em Linux com KVM e Libvirt, rodando verções virtuais do Juniper MX e Mikrotik Router)S

Equipamentos virtualizados

3 – vMX (Juniper MX virtualized)

2 – CHR (Mikrotik RouterOS Cloud Hosted Router)

Topologia

topologia

Algums acronomos usados:

MPLS – Multi Protocol Label Switching

OSPF – Open Shortest Path First

VPLS – Virtual Private LAN Service

LDP – Label Distribution Protocol

RSVP – Resource Reservation Protocol

LSP – Label Switching Path

A ideia inicial éra que os equipamento mikrotik-1 e mikortik-2 se comunicassem a nivel de L2 usando uma VLAN para isso, mas a ideia amadureceu para o funcionamento de 802qinq no tunel VPLS.

Sendo assim os exeplos abaixo mostram como foi configurado todos os protocooos como OSPF, MPLS, LDP, RSVP e tabém o LSP para que funcione o QinQ no tunel VPLS, ambas LSPs são balanceadas e ativas, sendo assim em caso de queda de um LSP o tunel VPLS continua funcionando sem nenhuma interrupção.

Configurações do R1

system {
    host-name R1;
    services {
        ssh {
            protocol-version v2;
        }
    }
    syslog {
        user * {
            any emergency;
        }
        file messages {
            any notice;
            authorization info;
        }
        file interactive-commands {
            interactive-commands any;
        }
    }
}
interfaces {
    ge-0/0/0 {
        mtu 2000;
        mac 52:54:00:69:dc:34;
        unit 0 {
            family inet {
                address 10.0.0.1/30;
            }
            family mpls;
        }
    }
    ge-0/0/1 {
        mtu 2000;                       
        mac 52:54:00:cc:d5:ac;
        unit 0 {
            family inet {
                address 10.0.3.1/30;
            }
            family mpls;
        }
    }
    ge-0/0/2 {
        mtu 2000;
        flexible-vlan-tagging;
		encapsulation flexible-ethernet-services;
        mac 52:54:00:eb:23:b4;
        unit 800 {
            encapsulation vlan-vpls;
            vlan-id 800;
            family vpls;
        }
    }
    fxp0 {
        unit 0 {
            family inet {
                address 192.168.0.101/24;
            }
        }
    }
    lo0 {
        unit 0 {                        
            family inet {
                address 10.1.1.1/32;
            }
        }
    }
}
protocols {
    rsvp {
        load-balance bandwidth;
        interface ge-0/0/1.0;
        interface ge-0/0/0.0;
    }
    mpls {
        label-switched-path NORMAL {
            to 10.2.1.1;
            primary DIRETO;
        }
        label-switched-path SECUNDARIA {
            to 10.2.1.1;
            primary VIAR3;
        }
        path DIRETO {
            10.2.1.1;
        }
        path VIAR3 {
            10.3.1.1;
            10.2.1.1;
        }
        interface ge-0/0/0.0;
        interface ge-0/0/1.0;
    }
    ospf {
        traffic-engineering;
        area 0.0.0.0 {
            interface ge-0/0/0.0;       
            interface ge-0/0/1.0;
            interface ge-0/0/2.0;
            interface lo0.0;
        }
    }
    ldp {
        interface ge-0/0/0.0;
        interface ge-0/0/1.0;
        interface lo0.0;
    }
}
routing-instances {
    VPN {
        instance-type vpls;
        vlan-id 800;
        interface ge-0/0/2.800;
        protocols {
            vpls {
                encapsulation-type ethernet-vlan;
                site-range 10;
                interface ge-0/0/2.800;
                no-tunnel-services;
                site mk1 {
                    site-identifier 1;
                }
                vpls-id 101;
                neighbor 10.2.1.1;
            }
        }
    }
}

Configurações do R2

system {
    host-name R2;
    services {
        ssh {
            protocol-version v2;
        }
    }
    syslog {
        user * {
            any emergency;
        }
        file messages {
            any notice;
            authorization info;
        }
        file interactive-commands {
            interactive-commands any;
        }
    }
}
interfaces {
    ge-0/0/0 {
        mtu 2000;
        mac 52:54:00:dc:47:dc;
        unit 0 {
            family inet {
                address 10.0.0.2/30;
            }
            family mpls;
        }
    }
    ge-0/0/1 {
        mtu 2000;                       
        mac 52:54:00:18:3a:d0;
        unit 0 {
            family inet {
                address 10.0.2.1/30;
            }
            family mpls;
        }
    }
    ge-0/0/2 {
        mtu 2000;
        flexible-vlan-tagging;
		encapsulation flexible-ethernet-services;
        mac 52:54:00:70:f2:ce;
        unit 800 {
            encapsulation vlan-vpls;
            vlan-id 800;
            family vpls;
        }
    }
    fxp0 {
        unit 0 {
            family inet {
                address 192.168.0.102/24;
            }
        }
    }
    lo0 {
        unit 0 {                        
            family inet {
                address 10.2.1.1/32;
            }
        }
    }
}
protocols {
    rsvp {
        load-balance bandwidth;
        interface ge-0/0/1.0;
        interface ge-0/0/0.0;
    }
    mpls {
        interface ge-0/0/0.0;
        interface ge-0/0/1.0;
    }
    ospf {
        traffic-engineering;
        area 0.0.0.0 {
            interface ge-0/0/0.0;
            interface ge-0/0/1.0;
            interface ge-0/0/2.0;
            interface lo0.0;
        }
    }
    ldp {
        interface ge-0/0/0.0;
        interface ge-0/0/1.0;
        interface lo0.0;
    }
}
routing-instances {
    VPN {
        instance-type vpls;
        vlan-id 800;
        interface ge-0/0/2.800;
        protocols {                     
            vpls {
                encapsulation-type ethernet-vlan;
                site-range 10;
                interface ge-0/0/2.800;
                no-tunnel-services;
                site mk2 {
                    site-identifier 2;
                }
                vpls-id 101;
                neighbor 10.1.1.1;
            }
        }
    }
}

Configurações do R3

system {
    host-name R3;
    services {
        ssh {
            protocol-version v2;
        }
    }
    syslog {
        user * {
            any emergency;
        }
        file messages {
            any notice;
            authorization info;
        }
        file interactive-commands {
            interactive-commands any;
        }
    }
}
interfaces {
    ge-0/0/0 {
        mtu 2000;
        mac 52:54:00:bf:a1:0d;
        unit 0 {
            family inet {
                address 10.0.2.2/30;
            }
            family mpls;
        }
    }
    ge-0/0/1 {
        mtu 2000;                       
        mac 52:54:00:29:54:42;
        unit 0 {
            family inet {
                address 10.0.3.2/30;
            }
            family mpls;
        }
    }
    fxp0 {
        unit 0 {
            family inet {
                address 192.168.0.103/24;
            }
        }
    }
    lo0 {
        unit 0 {
            family inet {
                address 10.3.1.1/32;
            }
        }
    }
}
protocols {
    rsvp {
        load-balance bandwidth;
        interface ge-0/0/0.0;
        interface ge-0/0/1.0;
    }
    mpls {
        interface ge-0/0/0.0;           
        interface ge-0/0/1.0;
    }
    ospf {
        traffic-engineering;
        area 0.0.0.0 {
            interface ge-0/0/0.0;
            interface ge-0/0/1.0;
            interface lo0.0;
        }
    }
    ldp {
        interface ge-0/0/0.0;
        interface ge-0/0/1.0;
        interface lo0.0;
    }
}

[edit]

Configuraṍes do Mikrotik 1

/system identity
set name=MIKROTIK-01
/interface vlan
add interface=ether2 name=vlan1 vlan-id=800
add interface=vlan1 name=vlan2 vlan-id=900
/ip address
add address=192.168.0.104/24 interface=ether1 network=192.168.0.0
add address=10.10.10.1/30 interface=vlan1 network=10.10.10.0
add address=10.20.10.1/30 interface=vlan2 network=10.20.10.0

Configuraṍes do Mikrotik 2

/system identity
set name=MIKROTIK-02
/interface vlan
add interface=ether1 name=vlan1 vlan-id=800
add interface=vlan1 name=vlan2 vlan-id=900
/ip address
add address=192.168.0.105/24 interface=ether2 network=192.168.0.0
add address=10.10.10.2/30 interface=vlan1 network=10.10.10.0
add address=10.20.10.2/30 interface=vlan2 network=10.20.10.0

Testes

Visualizando no R1 o status da conexão VPLS

vpls status

Testes de ping do Mikrotik-01 para o Mikrotik-02

mk-test