MikroTik MP-BGP L3VPN with Route Reflectors (Full Lab)
ฝัง
- เผยแพร่เมื่อ 11 ก.ค. 2024
- In this full lab, we'll be configuring Mikrotik's MP-BGP route reflector for L3VPN. This lab is designed to help you to understand the concepts behind BGP route reflection, and to practice configuring BGP route reflectors on a real router for more scalable solutions.
If you're new to BGP route reflection, or if you're looking to beef up your BGP skills, this lab is a great way to start! In this lab, you'll learn how to configure route reflectors on a Mikrotik router, and then use these reflectors to create a L3VPN tunnel. This lab is designed for intermediate to advanced users, and is filled with detailed step-by-step instructions.
👊Thanks for taking time to watch my video. If you could, pressing LIKE and SUBSCRIBING helps more people discover my videos. Feel free to leave a comment for any other topics you would like to see me cover or what your general opinion is of the video.
🕘Timestamps🕘
📕00:00 - Introduction
📕00:53 - Lab Overview
📕02:30 - Basic Provider Network Setup
📕23:18 - PE-CE Setup
📕42:24 - Route Reflector Setup
📕48:53 - BGP VPN Setup
Support the Channel:
⭐Become a Patreon: / thenetworkberg
⭐Become a TH-cam Member: / @thenetworkberg
Social Media:
🌏 / thenetworkberg
🌏 / bergnetwork
🌏 / the-network-berg-39451...
MTCRE Playlist:
• Free MTCRE RoSv6
MTCNA Playlist:
• Free MTCNA RoSv6
Credits:
Thumbnail: Created on Canva
Intro: Created on Canva
Music by Alumo
Songs used:
Dioitic
Outland 85
Music by Bensound.com/free-music-for-videos
• Bensound: "The Elevato...
Thanks again for watching
![โจทย์โหดเหมือนโกรธเป็ดถีบ [อะไรอยู่บนหัวกูวะ ... EP.4]](http://i.ytimg.com/vi/Dqlb7EZ9PGk/mqdefault.jpg)
Hello Mr Berg and everyone, i just tested the lab made from scratch, with version 7.6 i had a problem after setting up the L3VPN, the new routes (dy) they was appiring and disappiring every few seconds, ping also failed, i double checked the config on all devices, everything was fine, then I used version 7.13 (with eveng) and its working perfectly! i used "role=ibgp-rr-client" from begining, i saw the comment referring to that. Keep up the good work, best regards!
Great video!!
keep it up, you’re the best resource for us homelabbers dedicated to mikrotik
Thank you for providing your labfile!! SUPER useful! Looking forward to lab this asap.
Excited as much as you are! I have proposal for some next video: dual route reflectors with l3vpn and failover. Thank you so much for sharing your passion. 🍻
Also looking for some guidance on using a pair of router reflectors for redundancy. Trouble is, I cannot get the reflectors toadvertise to each other. All route reflector clients are working as expected. Literally just the 2 reflectors that wont advertise
big thanks for your sharing always new content, always watch you videos. 🙏
I had the exact same happiness feeling few days ago when 7.9 got out, so I completely understand your excitement 😁 Thanks for informing the Mtik users!!! ...I can smell BFD in the air
That you for this!
Thank you Mr berg . Although I was able to get it working but not by this method . Now I know this method . Also I grew up to this stage because of your help .and I say Thank you
Thank you for watching! If my work has helped you to grow in any way then that makes me feel happy, I hope that it can help others grow as well :D!
thank you SO MUCH for that video!
also loved the troubleshooting with the subnet typo on PE2 ;)
those things happen all the time everywhere if one is not careful - and i had those issues myself at work too by myself as by coworkers too xD
25:37 ... haha i do know that feeling when things start to work and i feel you there. awesome and sick xD
Congratulations and thanks
Thank u sir
nice, we are waiting now for VPN6, on v7.10
Hello Mr. Berg..! Great as always..! i will be very createful if you guide me on a BGP and MPLS videos tutorials, so i can really go deep on those topic.
1000 like.
first comment, go Network Berg !
Hey guys, just some reference material and a link to download the EVE-NG Lab file. I'm really super happy with this change! One thing that I have absolutely incorrect and I really need to amend is that the local.role for ibgp-rr-client works, I recall having issues with this before, but this is not the case anymore since I just tested this after publishing the video.
Providing MPLS Services to Customers:
th-cam.com/video/vt_0BB6oV1w/w-d-xo.html
BGP CE-PE Configuration:
th-cam.com/video/3aT8jB-786Q/w-d-xo.html
MikroTik BGP Docs:
help.mikrotik.com/docs/display/ROS/BGP
MikroTik VRF Docs:
help.mikrotik.com/docs/pages/viewpage.action?pageId=328206
Lab File:
t.co/lqGt4ZlVuT
I’m able to redistribute all kinds of routes dynamic and static from the VRF/VPN except the default route (redistributed from RR)
Thx for this guide! Can you show a video where MPLS Per-VRF NAT for internet access to L3VPNs is implemented in this example?
I can definitely suggest a few solutions. Some people tend to use route leaking, although it's probably easier to just put in a Firewall where all VRFs can connect to and this firewall will connect to an "Internet Router" where CGNAT etc can be performed if required. Will see if I can make a separate video for this, some of my past live streams have covered it but I am not sure which video exactly.
Great Video I Love your Mikrotik topics. Nevertheless, BGP signaled L3VPN/VRF were working (with some caveats) already in 6.x. RR's not though maybe?
Yeah we currently use BGP to span VRFs in our v6 production environment, since this and BFD hasn't worked on v7 we have had no plans to upgrade to v7 until it met all of our current requirements. Just a couple of more updates and I will be more than happy to upgrade (more likely replace with 2k hardware)
Thank you, this is great stuff, one question how do I add internet breakout for CE1/CE2. Thank you.
Few ways to achieve this, but this is where we start looking at things like CGNAT and route leaking or pushing traffic out to an "internet" router and having VLANs in the different VRFs connected to this internet traffic
Could create a video on the subject as well.
@@TheNetworkBerg Would be great if you can spare some time for a video, as cust to cust is great, now if the cust 1 wants to go out, they cannot, I tried to use vrf on CE1, but failed. :)
Hi, Berg! Could you tell me what a CCIE network engineer needs to know? What distinguishes him from a network engineer with CCNP consciousnesses? It would be interesting to make a separate video about this.
Well, I guess it's that little I in the CCIE that makes all the difference between it and a CCNP. CCIE's are expected to be able to understand how (I)nternetworking works. This means understanding not only the routing inside your own networks, but also how the internet and other network providers function. For routing and switching this may be intricate knowledge of how stuff like BGP functions so that you can manage inter-connects and cross-connects between other network operators and implementing these solutions in a clear and concise manner. Or Layer-2 technologies like VPLS or EVPN to deliver services between datacenters that might be in different locations.
I am not a CCIE though, but any vendor that has an internetworking engineer certificate expects this type of knowledge for its highest level certification, like MikroTiks MTCINE or Juniper's JNCIE. CCNP's will also learn about many of these technologies, but aren't always expected to deliver the same service that a CCIE can.
Starts the series for this MPLS and BGP and all the stuff on ROSv7 now? 🙂
In this scenario should the P1-RR mark the default-originate=always to ALL of his intra AS peers?
On Linux I use a Winbox docker container instead of installing Wine. IIRC there is a Winbox container for eve-ng as well.
Hmmmmm pretty wicked idea, might do it myself too.
i have a question, whats the difference with mpls and vxlan? when to use mpls and vxlan? thanks
That's indeed very awesome!! But couldn't you still do BGP EVPN (vxlan) and use FRR at the edge? Will ROS forward the Type 2/5 routes?
MikroTik still doesn't really do EVPN, unlike VPLS that can create dynamic and scalable tunnels using BGP, you cannot do that with MikroTik at the moment. But I suppose it could be done, will need to test myself (Could also change out the provider equipment with something else like VYOS if we want EVPN)
@@TheNetworkBerg that's unfortunate! But yeah VyOS is pretty awesome too
Can you please make a video on lpsec/ikev2 rsa vpn configuration in mikrotik?
And can you make a video about VPLS with BGP? I don´t looking over that stuff
Sure, someone else also asked for a similar video as they couldn't get VPLS working on v7.
how to reject some as-path ?
Hello, thanks!
Is there way to setup PE/CE routers without using output.default-originate=yes, i.e. push nets on ether2 between CE1/CE2?
I try to enable output.redistribute=bgp-mpls-vpn, but it add route on CE1/CE2 to net PE1-CE1/PE2-CE2 only (without network 192.0.*.0/24 on CE1/CE2 ether2).
interesting. if I setup ospf in PE1-CE1 and enable redistribute=bgp-mpls-vpn on PE1 ospf instance than CE1 import all 192.0.*.0/24 routes from CE2, but if I use ebgp on PE1-CE1 this option has different behavior
hoping to see a L2 Solution is vpls replaced by vxlan ?
I think VXLAN (and EVPN) is definitely the evolution of VPLS and can potentially replace it, biggest factor is not needing to run MPLS underneath it. I'm hoping MT brings in EVPN into the mix which makes VXLAN just a much more scalable solution, think of it as VPLS tunnels spanned using BGP but now with VXLAN.
45:51 On my Lab it works when I set it to ibgp-rr-client
Yeah I mentioned that in the pinned comment as well, it seems to work with both ibgp and ibgp-rr-client
@@TheNetworkBerg there are different redistributing rules, when a prefix or other stuff come from a non-rr-client than from an rr-client
4:43 I must add the interfaces also under "/mpls/interfaces"? Is that not necessary?
For LDP to work, no, you do not need to specify MPLS interfaces. I've never really had to use them in my own network, but from the MikroTik docs it appears to be more or less to set MTU values and assign labels yourself
help.mikrotik.com/docs/display/ROS/MPLS+MTU%2C+Forwarding+and+Label+Bindings
@@TheNetworkBerg ok, I was told that it would doesn't work without that, because we are doing MPLS?
Great video, may i ask what is your system specs to run eve-ng so smooth 🙂.
And L2VPN/BGP Signaled VPLS doesn't work over RR yet!
Yeah I tested again and this still doesn't work, can only get VPLS to work properly between direct neighborships. Not ideal.
@@TheNetworkBerg the VPLS packets are send to the RR instead to the other neighbor say's my wireshark😅
fyi, bgp connect and listen default to "yes", so no need to explicitly configure them.
Thanks for the info, I have seen ported config from 6 to 7 explicitly have this set and I do not recall it being set during the betas so it's just out of habit I do it I guess, but didn't know it was set explicitly so thanks again 😄
@@TheNetworkBerg i think export config arguments do not dynamically pull from a checklist of default values.
for example, when adding a route it's always by default routing-table=main scope=30 target-scope=10 suppress-hw-offload=no but it'll still explicitly show up in exported config anyway.
@@BattousaiHBr Hmmm I just tested in EVE and listen and connect is not explicitly set (unless it is hidden) though exporting verbose configs it is still hidden. Very interesting, wonder if it actually works with "broadcast" BGP if you do not set connect and listen.
OMG, i suffer a lot with the local role BGP, RR the server and ibgp for the clients, thats not intuitive. thanks
But this with the Route Leaking will doesn´t run in my Lab. 😒
hi thanks for your videos im having a hard time differentiating this Setup vs the one without RR made by you previously th-cam.com/video/vt_0BB6oV1w/w-d-xo.html you actually made one session to PE1 from P1 (RR) and another session to PE2 from P1 (RR)
How fast you can type?
I don't know, I haven't used any type programs to check in a while. I don't think I type very fast, but I don't think I type slow either.
@@TheNetworkBerg you type very fast, i type with the 10 finger system and be slower