Mikrotik MPLS with VPLS

Mikrotik MPLS with VPLS

I’ve worked with MPLS circuits for a long time, but always with provider hand-offs. This is most people’s first and only real exposure to MPLS. The service provider gives the customer Ethernet connections and says, “This connection goes to Site A, this other connection goes to Site B, you have X amount of bandwidth, do whatever you want.” It’s magic, and the customer doesn’t need to have any idea how it works on the backend. It makes networking remote sites much easier for the customer, and it’s a lucrative value add for providers. Obviously there are a lot of other ways to network remote sites together. There is EoIP, GRE, IPSEC, GRE with IPSEC, and if you have Scrooge McDuck amounts of money you can run your own fiber too. With that being said, MPLS is extremely popular compared to other solutions because it’s transparent for the customer, the customer doesn’t have to administer the tunnels, and it’s all fairly turnkey. I wanted to learn what was going on behind the curtain, what it actually takes to provide these tunnels, and so I did.

Before we go any further you should be familiar with some terms, and I suggest reading up on basic MPLS. Two terms to be familiar with are LSR and LER, or Label Switch Router and Label Edge Router respectively. An LSR is a router running MPLS that only performs label switching in the core; it doesn’t add or remove labels at network ingress or egress. An LER is a router running MPLS that pushes (adds) or pops (removes) an MPLS label when a packet enters or exits the MPLS network. LSRs reside in the core, LERs reside at the edge.

This article describes how to set up a basic MPLS network in the core, supported by OSPF, and run VPLS tunnels over that core between customer sites. This lets you give the customer an Ethernet handoff on both sides of the tunnel, and basically tell them to pretend it’s a Cat5 cable strung between sites.

Here is the topology that we’re working with, with two customer devices attached to a Seattle and a Santa Fe provider router:

mplstopology

Mikrotik MPLS Topology

The customer wants to be able to connect to devices in Santa Fe from Seattle as if they were local devices. They don’t want to see hops, routes, etc – just make it work.

IP addresses are already configured on Ethernet interfaces, I won’t bore you with that. OSPF networks are all being advertised in the backbone for brevity. First we’ll set up the core routers in Seattle, Santa Fe, and Atlanta, creating loopbacks, then getting OSPF up, then MPLS with LDP. VPLS will run over the top of all that. OSPF will give us some resiliency if a link fails, like between the Seattle and Santa Fe LSRs.

On Seattle LSR:

/interface bridge add comment="MPLS Loopback" name="MPLS Loopback"

 /routing ospf instance set [ find default=yes ] router-id=72.156.28.150

/routing ospf network
add area=backbone network=72.156.28.0/30
add area=backbone network=72.156.28.8/30
add area=backbone network=72.156.28.150/32
add area=backbone network=72.156.29.0/24

 /mpls interface
set [ find default=yes ] interface=ether1 
add interface=ether2
add interface=ether3

/mpls ldp set enabled=yes lsr-id=72.156.28.150 transport-address=72.156.28.150

/mpls ldp interface
add interface=ether1
add interface=ether2
add interface=ether3

/mpls ldp neighbor
add transport=72.156.28.151
add transport=72.156.28.152
add transport=72.156.29.120

On Santa Fe LSR:

/interface bridge add comment="MPLS Loopback" name="MPLS Loopback"

/routing ospf instance set [ find default=yes ] router-id=72.156.28.151

/routing ospf network
add area=backbone network=72.156.28.8/30
add area=backbone network=72.156.28.4/30
add area=backbone network=72.156.30.0/24
add area=backbone network=72.156.28.151/32

/mpls interface
set [ find default=yes ] interface=ether2
add interface=ether3
add interface=ether1

/mpls ldp set enabled=yes lsr-id=72.156.28.151 transport-address=72.156.28.151

/mpls ldp interface
add interface=ether1
add interface=ether2
add interface=ether3

/mpls ldp neighbor
add transport=72.156.28.150
add transport=72.156.28.152
add transport=72.156.30.120

On Atlanta LSR:

/interface bridge add comment="MPLS Loopback" name="MPLS Loopback"

/routing ospf instance set [ find default=yes ] router-id=72.156.28.152

/routing ospf network
add area=backbone network=72.156.28.0/30
add area=backbone network=72.156.28.4/30
add area=backbone network=72.156.28.152/32

/mpls interface
set [ find default=yes ] interface=ether1
add interface=ether3

/mpls ldp set enabled=yes lsr-id=72.156.28.152 transport-address=72.156.28.152

/mpls ldp interface
add interface=ether1
add interface=ether3

/mpls ldp neighbor
add transport=72.156.28.150
add transport=72.156.28.151

At this point we have OSPF running in the core, and MPLS running as well on the LSR routers. From this point on we’ll focus on the LERs that actually connect to the customers. We’ll add an additional bridge for VPLS traffic, configure OSPF and MPLS with LDP on each of the LERs, then we’ll move on to building the VPLS tunnels.

On Seattle LER:

/interface bridge
add comment="MPLS Loopback" name="MPLS Loopback"
add comment="Customer #4306 Site 1" name="VPLS Customer 4306-1 Bridge"

/routing ospf instance set [ find default=yes ] router-id=72.156.29.120

/routing ospf network
add area=backbone network=72.156.29.0/24
add area=backbone network=72.156.29.120/32

/mpls interface set [ find default=yes ] interface=ether3

/mpls ldp set enabled=yes lsr-id=72.156.29.120 transport-address=72.156.29.120

/mpls ldp interface add interface=ether3

/mpls ldp neighbor add transport=72.156.28.150

On Santa Fe LER:

/interface bridge
add comment="MPLS Loopback" name="MPLS Loopback"
add comment="Customer #4306 Site 2" name="VPLS Customer 4306-2 Bridge"

/routing ospf instance set [ find default=yes ] router-id=72.156.30.120

/routing ospf network
add area=backbone network=72.156.30.0/24
add area=backbone network=72.156.30.120/32

/mpls interface set [ find default=yes ] interface=ether1

/mpls ldp set enabled=yes lsr-id=72.156.30.120 transport-address=72.156.30.120

/mpls ldp interface add interface=ether1

/mpls ldp neighbor add transport=72.156.28.151

At this point OSPF should be fully converged, and in the MPLS Bindings tab we should see some MPLS labels associated with destination addresses:

mpls1

Mikrotik MPLS Local Bindings

We should also see some entries in the Forwarding Table too:

mpls2

Mikrotik MPLS Forwarding Table

This is MPLS at work, associating routes with labels for quick lookup, which is what gives MPLS its trademark performance boost over regular end-to-end IP routing. We’re ready now to add the VPLS tunnels and start moving some traffic transparently between sites. The extra bridge interfaces that we added on the two LERs will be used to bridge the VPLS virtual interfaces with physical Ethernet interfaces that we hand off to the customer.

On Seattle LER:

/interface vpls
add comment="Customer 4306-2 VPLS" disabled=no l2mtu=1500 name="Customer 4306-2 VPLS" remote-peer=72.156.30.120 vpls-id=90:0

/interface bridge port
add bridge="VPLS Customer 4306-1 Bridge" interface=ether1
add bridge="VPLS Customer 4306-1 Bridge" interface="Customer 4306-2 VPLS"

On the Santa Fe LER:

/interface vpls
add comment="Customer 4306-1 VPLS" disabled=no l2mtu=1500 name="Customer 4306-1 VPLS" remote-peer=72.156.29.120 vpls-id=90:0
/interface bridge port
add bridge="VPLS Customer 4306-2 Bridge" interface=ether3
add bridge="VPLS Customer 4306-2 Bridge" interface="Customer 4306-1 VPLS"

At this point we’ve created a Layer 2 connection between whatever is plugged into ether1 in Seattle and ether3 in Santa Fe. The customer could throw routers on those connections, or switches, or plug servers directly in. For demonstration purposes I put a virtual Ubuntu server on each of those physical interfaces, given them the IP addresses 10.2.2.1 and 10.2.2.2, and run iperf both directions to test bandwidth as shown below:

speedtest1

Mikrotik MPLS IPerf Testing

Bandwidth testing shows a consistent, fast connection. This whole network and servers are virtualized, so while it isn’t running at gigabit wire speed it still performs well. One of the other requirements for this solution was that there be no hops between the two locations – this should all be transparent to the customer. Traceroute from 10.2.2.2 to 10.2.2.1 shows the following:

traceroute1

Mikrotik MPLS Traceroute

Exactly what we want to see, which is nothing. None of the provider routers in between, none of the hops. Next time we’ll cover MPLS with QoS and all the other fancy features!

credits to : https://www.manitonetworks.com/mikrotik/2016/5/24/mikrotik-mpls-with-vpls
This is for my reference.

Posted in Little Guides, Personal Projects | Tagged , , , , , , , , , | Leave a comment

Tips to building up a good credit report and score

images (1)This post is aimed at people who would like to build up there credit score and build a good credit report in the UK. This is not aimed at people who have completely screwed up there credit history and report, though the same principles below will help improve it moving forwards.

Lets define what credit is : Credit is the ability to make payments over time, you need to show that you can pay balances off over a period of time.

Do not just go and get a loan and pay it off 3 days later as this will not show that you can make payments over time. Instead get a loan and pay 2/3rd of it off and then pay the rest in instalments every month.

lets define your Credit Score, your score is just a number based on criteria that the credit reference agency use. This is used to predict how likely you are to make payments in the future.

Its based on the following:

35% – History – This will show if you have made payments successfully on time over a sustained period of time.

30% – Debt Ratio – This is the amount of credit available to you vs what you have spent, this ratio should be as low as possible

15% – Age of Accounts – This is the avg age of the credit accounts you have, providing you have never missed a payment this will have a positive effect on your report

10% – Mix of credit available to you – having 2-3 credit cards and a loan that you are able to pay off every month will have a positive impact on your report

10% – inquires – credit searches by credit companies. you should have as little of these as possible

Building credit – take out small loans and pay half the balance back and then pay 20 one month 50 next 30 next. if you can not get “credit” go to a bank and get a secured card, this is where you give the bank some money upfront and they put this on a card, this helps establish history.

How to pay on credit – Only use 10%-30% of your balance, so if your balance or available credit is £3,000 set your self a limit of £900 a month and do not spend more then this limit. you must be able to pay off this new limit in full every month.

Following some of the guides above should help you improve your report and scores

Posted in Little Guides | Tagged , , , , | Leave a comment

Connecting a Draytek 3100 to Cisco 1814/877 over SHDSL…

Connecting a Draytek 3100 to either a Cisco 877 or 1814

Draytek:

Draytek 3100 SHDSL to Cisco 1814 2Draytek 3100 SHDSL to Cisco 1814 3 Draytek 3100 SHDSL to Cisco 1814 1
Cisco

interface ATM0/1/0
 no ip address
 no snmp trap link-status
 no atm ilmi-keepalive
 dsl equipment-type CO
 dsl operating-mode GSHDSL symmetric annex A
 dsl linerate AUTO
!
interface ATM0/1/0.1 point-to-point
 ip address 192.168.1.1 255.255.255.252
 no snmp trap link-status
 pvc 2/100
  oam-pvc 0
  encapsulation aal5mux ip
 !
!

Posted in How To Guides, Personal Projects | Tagged , , , , , | Leave a comment

Hatteras Network HN-408-CPi BT EFM/SHDSL

Overview and Description (Commonly Used by BT EFM)

Hatteras Network HN-408-CPi 02Hatteras Network HN-408-CPi 03Hatteras Network HN-408-CPi 01Hatteras Network HN-408-CPi 04

Posted in Little Guides | Tagged , , , , , | Leave a comment

Cisco CLI Commands… reference guide…

Below I list a CLI Command reference for Cisco routers.

# Configure Interfaces

interface FastEthernet0/0
description SOMEDESCRIPTION
ip address 192.168.1.1 255.255.255.0
no ip proxy-arp
duplex auto
speed auto

OR

interface FastEthernet0
 description Local LAN1
!
interface FastEthernet1
 description Local LAN1
!
interface FastEthernet2
 description Local LAN1
!
interface FastEthernet3
 description Local LAN1
!
interface Vlan1
 description Local LAN
 ip address 192.168.1.1 255.255.255.0

# Configure DHCP

ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool pool1
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 8.8.8.8
option 66 ascii "http://provisioning.domain.local/yeslink.php"

# Configure default routes

ip route 192.168.1.0 255.255.255.0 10.0.0.25

route of last resort resort

ip route 0.0.0.0 0.0.0.0 10.0.0.96

# Configure NAT to access the internet

interface vlan1
 description LAN
 ip address 10.10.11.1 255.255.255.0
 ip nat inside
 ip virtualreassembly in
!
!
ip access-list extended NAT
 permit ip 10.10.11.0 0.0.0.255 any
 remark access list for NAT
 ip nat inside source list NAT interface Dialer1 overload
!

# Configuring a sample NAT (Network Address Translation) Rule

# Configuring a sample PAT (Port Address Translation) Rule

object network WebServer-HTTP
host 192.168.102.5
nat (inside,outside) static 192.168.1.194 service tcp 80 80

# Configure TelNET

Setting up an access list

ip access-list standard telnet-in
permit 192.168.1.0 0.0.0.255
deny any

Setting up the ports

line vty 0
 session-timeout 30
 access-class telnet-in in
 password password
 login
 transport input all

# Configure system user environments

hostname ROUTERNAME
username test privledge 15 password 0 password

# Configure Vlans

interface Vlan1
 description LAN
 ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
 description VOICE
 ip address 192.168.2.1 255.255.255.0
!
interface Vlan3
 description CCTV
 ip address 192.168.3.1 255.255.255.0
interface FastEthernet0
switch port access vlan 1
 description Local LAN
!
interface FastEthernet1
switch port access vlan 2
 description Local Voice
!
interface FastEthernet2
switch port access vlan 3
 description Local CCTV
!
interface FastEthernet3
switch port access vlan 1
 description Local LAN
!

# Configure FTTC / VDSL

how to configure a Cisco 887 router for VDSL vlan 101 (based on a BT Infinity service – UK)

VDSL Interface and subinterface

interface Ethernet0
no ip address
interface Ethernet0.101
encapsulation dot1Q 101
pppoe enable
pppoe-client dial-pool-number 1

Shut down the ATM interface and subinterfaces

interface ATM0
shutdown

Create the Dialer1 interface

interface Dialer1
description Dialer interface for VDSL
mtu 1492
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
ppp authentication pap chap ms-chap callin
ppp chap hostname xxxx
ppp chap password xxxx
ppp ipcp address accept
no cdp enable

# Configure Controller DSL 0

controller DSL 0
 mode atm
 line-term cpe
 line-mode 2-wire line-zero
 dsl-mode shdsl symmetric annex B
 line-rate auto
!
interface ATM0
 no ip address
 ip broadcast-address 0.0.0.0
 no atm ilmi-keepalive
!
interface ATM0.1 point-to-point
 ip broadcast-address 0.0.0.0
 snmp trap link-status
 pvc 0/38
  encapsulation aal5mux ppp Virtual-Template1
 !
!
interface ATM0.2 point-to-point
 ip broadcast-address 0.0.0.0
 snmp trap link-status
 pvc 0/21
  oam-pvc manage cc segment direction sink
 !
!
interface Virtual-Template1
 bandwidth 2000
 ip address negotiated
 keepalive 1
 ppp chap hostname USERNAME
 ppp chap password 0 PASSWORD
 ppp pap sent-username USERNAME password 0 PASSWORD
 ppp ipcp route default
 service-policy output parent
 hold-queue 224 in
!

# Configure Configure ATM0/0/0

interface ATM0
 no ip address
 load-interval 30
 no atm ilmi-keepalive
!
interface ATM0.1 point-to-point
 ip address 192.168.1.6 255.255.255.252
 pvc 2/100 
  no oam-pvc manage
  encapsulation aal5mux ip
 !
!

# Configure Dual xDSL connection (ATM 0/0/0 & ATM 0/1/0)

interface ATM0/0/0
no ip address
ip broadcast-address 0.0.0.0
shutdown
no atm ilmi-keepalive
dsl equipment-type CPE
dsl operating-mode GSHDSL symmetric annex B
dsl linerate AUTO
!
interface ATM0/0/0.1 point-to-point
ip broadcast-address 0.0.0.0
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface ATM0/0/0.2 point-to-point
ip broadcast-address 0.0.0.0
pvc 0/21
oam-pvc manage cc segment direction sink
!
!
interface ATM0/1/0
no ip address
ip broadcast-address 0.0.0.0
shutdown
no atm ilmi-keepalive
dsl equipment-type CPE
dsl operating-mode GSHDSL symmetric annex B
dsl linerate AUTO
!
interface ATM0/1/0.1 point-to-point
ip broadcast-address 0.0.0.0
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface ATM0/1/0.2 point-to-point
ip broadcast-address 0.0.0.0
pvc 0/21
oam-pvc manage cc segment direction sink
!
!
interface Dialer0
description ADSL Connection to Internet
ip address negotiated
encapsulation ppp
load-interval 30
dialer pool 1
dialer-group 1
keepalive 1
no cdp enable
ppp chap hostname USERNAME
ppp chap password 0 PASSWORD
ppp pap sent-username USERNAME password 0 PASSWORD
ppp multilink
ppp multilink links maximum 2
ppp multilink links minimum 2
ppp timeout retry 1

# Simple VRF config

ip vrf TABLE1
ip vrf TABLE2

interfaces fa0/0
ip vrf forwarding TABLE1
ip address 1.1.1.1 255.255.255.0

interfaces fa0/0
ip vrf forwarding TABLE2
ip address 2.2.2.2 255.255.255.0

Show ip vrf status

show ip vrf

Using VRF in OSPF

router ospf 1 vrf TABLE1
network 1.1.1.1 0.0.0.0 area 0

router ospf 2 vrf TABLE2
network 2.2.2.2 0.0.0.0 area 0

seeing global routes

show ip route

Seeing routes in table1

show ip route vrf TABLE1

Seeing routes in table2

show ip route vrf TABLE2

# Rip Configuration

router rip
network 10.0.0.0
network 192.168.1.1
no auto-summary

# OSPF Configuration

router ospf 1
 network 10.0.0.0 0.255.255.255 area 0
 network 20.0.0.0 0.255.255.255 area 0
!

# BGP Configuration

router bgp 65501
 neighbor 10.10.10.2 
 remote-as 2000
 password 
 ebgp-multihop 2
 update-source loopback0
 address-family ipv4 unicast 
  route-policy xxxxx in 
 !
!
!
router static
 address-family ipv4 unicast
 10.10.10.2/32 TenGigE0/1
 commit
!

# Connect two Cisco Routers together with G.SHDSL Point-Point
ROUTER 1 : Cisco 1841

interface ATM0/0/0
 ip address 192.168.1.1 255.255.255.252
 no atm ilmi-keepalive
 dsl equipment-type CO
 dsl operating-mode GSHDSL symmetric annex A
 dsl linerate AUTO
!
interface ATM0/0/0.1 point-to-point
 no snmp trap link-status
 pvc 2/100 
  oam-pvc 0
  encapsulation aal5mux ip
 !
!
interface ATM0/1/0
 ip address 192.168.1.5 255.255.255.252
 no atm ilmi-keepalive
 dsl equipment-type CO
 dsl operating-mode GSHDSL symmetric annex A
 dsl linerate AUTO
!
interface ATM0/1/0.1 point-to-point
 no snmp trap link-status
 pvc 2/100 
  oam-pvc 0
  encapsulation aal5mux ip
 !
!

Router 2 : Cisco 877

controller DSL 0
 mode atm
 line-term cpe
 line-mode auto enhanced
 dsl-mode shdsl symmetric annex A
interface ATM0
 no ip address
 load-interval 30
 no atm ilmi-keepalive
!
interface ATM0.1 point-to-point
 ip address 192.168.1.6 255.255.255.252
 pvc 2/100 
  no oam-pvc manage
  encapsulation aal5mux ip

# Factory Reset Vyatta

erase nvram: all
Posted in How To Guides | Tagged , , , , , , , , , , , , , , | Leave a comment