###### tags: `finished`
:::success
# AN Lab 2 - MPLS
**Author: Fige Polina**
:::
## Task 1 - Prepare your network topology
:::info
1. In the GNS3 project, select and install a virtual routing solution that you would like to use: for example, Mikrotik, Pfsense, vyos.
2. Prepare a simple network consisting of at least three routers and two hosts (for example, a bus topology with dynamic routing). Each one of them has a different subnet. Your network has to have routing protocols configured. That's why you can use your OSPF lab project from INR course
:::
I chose Mikrotik and this is the topology of my fourth lab with OSPF.
<center>
Figure 1 - My topology
</center>
## Task 2 - MPLS learning & configuring
:::info
1. Briefly answer the questions or give one-line description what is it: LSP, VPLS, PHP, LDP, MPLS L2VPN, CE-router, PE-router, LSR-router?
:::
* **LSP** - Label Switched Path - The label switching path is a unidirectional channel from Ingress LSP to Egress LSP.
* **VPLS** - Virtual Private LAN Service - a service that creates an emulated LAN segment for a given set of users, i.e. it creates a Layer 2 broadcast domain that is fully capable of learning and forwarding over Ethernet MAC addresses and that is closed to a specific set of users.
* **PHP** - Penultimate Hop Popping - the process of removing the label on the penultimate LSR.
* **LDP** - Label Distribution Protocol - one of the three basic protocols for the distribution of tags, it relies on the routing information of nodes.
* **MPLS L2VPN** - this is a set of different technologies used on MPLS LSP. Its main idea is the idea of PW - PseudoWire - a virtual cable thrown from one end of the network to the other.
* **CE-router** - Customer Edge router - the client's edge router that is connected to the provider's network.
* **PE-router** - Provider Edge router - the provider's edge router. Actually, CE is connected to it.
* **LSR-router** - Label Switch Router - this is any router in the MPLS network. It is so called because it performs some operations with labels.
:::info
2. Configure MPLS domain on your OSPF network, first without authentication.
:::
I changed the topology to a simpler one in order to better navigate between interfaces, including when configuring the VPLS client side.
<center>
Figure 2 - New topology
</center>
Let's start the chain with the **router R1-CE**. This router is located on the border of two OSPF areas (backbone and area1):
```
#let's put OSPF here
/interface bridge add name=loopback
/ip address
add address=10.255.255.10/32 interface=loopback network=10.255.255.10
add address=192.168.122.27/24 interface=ether1 network=192.168.122.0
add address=10.0.0.7/24 nterface=ether2 network=10.0.0.0
/routing ospf instance
set router-id=10.255.255.10
/routing ospf interface
add interface=ether1
/routing ospf area
add name=area1 area-id=0.0.0.1
/routing ospf network
add area=backbone network=10.255.255.10
add area=backbone network=192.168.122.0/24
add area=area1 network=10.0.0.0/24
```
<center>
Figure 3,4 - LSA and Routers of R1's OSPF
</center>
Configuration of **R2 as a PE router**, a VPLS for the client side is configured on this router, it is attached to the backbone of the OSPF area, and MPLS is also configured on it:
```
#adding a bridge
/interface bridge
add name=loopback
#for vpls
add name=vpn
/ip address
add address=10.255.255.1/32 interface=loopback network=10.255.255.1
add address=192.168.122.77/24 interface=ether1 network=192.168.122.0
add address=192.168.122.7/24 interface=ether2 network=192.168.122.0
/routing ospf instance
set router-id=10.255.255.1
/routing ospf interface
#joined dynamically
/routing ospf network
add area=backbone network=10.255.255.1
add area=backbone network=192.168.122.0/24
/mpls ldp
set enabled=yes lsr-id=10.255.255.1 transport-address=10.255.255.1
/mpls ldp interface
add interface=ether2
```
After that, we need to configure the **R3-P router**, we need OSPF and MPLS in it:
```
/interface bridge
add name=loopback
/ip address
add address=10.255.255.2/32 interface=loopback network=10.255.255.2
add address=192.168.122.17/24 interface=ether1 network=192.168.122.0
add address=172.16.122.17/24 interface=ether2
network=172.16.122.0
/routing ospf instance
set router-id=10.255.255.2
/routing ospf interface
add interface=ether1
add interface=ether2
/routing ospf network
add area=backbone network=10.255.255.2
add area=backbone network=192.168.122.0/24
add area=backbone network=172.16.122.0/24
/mpls ldp
set enabled=yes lsr-id=10.255.255.2 transport-address=10.255.255.2
/mpls ldp interface
add interface=ether1
add interface=ether2
```
I tried to transfer all the settings, but if suddenly there are not enough commands, then most likely I turned on these settings via Winbox (via vibr0).
<center>
Figure 5 - MPLS interface of R3
</center>
The next router is the twin brother of the R2 - **R4-PE** router:
```
#adding a bridge
/interface bridge
add name=loopback
#for vpls
add name=vpn
/ip address
add address=10.255.255.3/32 interface=loopback network=10.255.255.3
add address=172.16.122.7/24 interface=ether1 network=172.16.122.0
add address=172.16.122.77/24 interface=ether2 network=172.16.122.0
/routing ospf instance
set router-id=10.255.255.3
/routing ospf interface
#joined dynamically
/routing ospf network
add area=backbone network=10.255.255.3
add area=backbone network=172.16.122.0/24
/mpls ldp
set enabled=yes lsr-id=10.255.255.3 transport-address=10.255.255.3
/mpls ldp interface
add interface=ether1
```
And the last router is **R5-CE**:
```
#let's put OSPF here
/interface bridge add name=loopback
/ip address
add address=10.255.255.20/32 interface=loopback network=10.255.255.20
add address=172.16.122.27/24 interface=ether1 network=172.16.122.0
add address=10.0.1.7/24 nterface=ether2 network=10.0.1.0
/routing ospf instance
set router-id=10.255.255.20
/routing ospf interface
add interface=ether1
/routing ospf area
add name=area2 area-id=0.0.0.2
/routing ospf network
add area=backbone network=10.255.255.20
add area=backbone network=172.16.122.0/24
add area=area2 network=10.0.1.0/24
```
<center>
FIgure 6,7 - LSA and Routers of R5’s OSPF
</center>
:::info
3. Enable authentication (what kind of authentication did you use)? Make sure that you can ping and trace all your network.
:::
MikroTik provides two authentication methods, plain text and MD5. I chose MD5 because this method is less vulnerable and, unlike a simple authentication method, keys are not exchanged over the network.
```
#R2
/routing ospf interface
add interface=ether2 authentication=md5 authentication-key=password authentication-key-id=2
#R3
/routing ospf interface
add interface=ether2 authentication=md5 authentication-key=password authentication-key-id=2
add interface=ether1 authentication=md5 authentication-key=password authentication-key-id=2
#R4
/routing ospf interface
add interface=ether1 authentication=md5 authentication-key=password authentication-key-id=2
```
<center>
Figure 8 - Checking the availability of hosts
</center>
## Task 3 - Verification
:::info
1. Show your LDP neighbors.
:::
<center>
Figure 9 - LDP neighbors
</center>
:::info
2. Show your local LDP bindings and remote LDP peer labels
:::
<center>
Figure 10 - Local LDP bindings
Figure 11 - Remote LDP peer labels
</center>
:::info
3. Show your MPLS labels
:::
As an example, I opened the table of deleted bindings to show more labels. To decipher their meanings, I used the IANA web page [[5](https://www.iana.org/assignments/mpls-label-values/mpls-label-values.xml)]. Perhaps the most interesting label is `impl-null`, which denotes label, used between the penultimate LSR and egress LSR.
<center>
Figure 12 - Lables of Remote bindings for example
</center>
:::info
4. Show your forwarding table
:::
<center>
Figure 13 - Forwarding tables
</center>
:::info
5. Show your network path from one customer edge to the other customer edge
:::
As a routing for CE, I used OSPF, so they have all the same settings as in both PE and P routers, with the exception of MPLS, respectively. But, unfortunately, it does not work, because R2 fails and its configuration has to be prescribed anew, and sometimes the settings get lost on R4.
## Task 4 - MPLS packets analysis
:::info
1. Can you use Wireshark to see the MPLS packets?
2. 2. Look deeper into the MPLS packets: can you identify MAC address, ICMP, Ethernet header or something else useful?
:::
<center>
Figure 15 - MPLS packet (Ethertype 8847)
Figure 16 - MPLS label
</center>
## Task 5 - VPLS
:::info
1. Configure VPLS between the 2 hosts edges
:::
Well, you have already seen the tables before with a part of VPLS configured, now I will show its settings on R4-PE and R2-PE, respectively.
<center>
Figure 17 - VPLS settings
</center>
And an example of commands in the console for the router R2-PE:
```
/interface vpls
add cisco-style=yes cisco-style-id=5 disabled=no l2mtu=1526 \
name=lab remote-peer=10.255.255.3
/interface bridge port
add bridge=vpn interface=ether2
add bridge=vpn interface=lab horizon=1
```
We use the `horizon` parameter to avoid loops.
:::info
2. Show your LDP neighbors again, what has been changed?
:::
Oh! Absolutely everything, because the VPLS settings knock out my MPLS, only empty forwarding tables remain from it.
## References:
1. [RFC4762: VPLS](https://datatracker.ietf.org/doc/html/rfc4762)
2. [Manual:Interface/Bridge](https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge)
3. [Manual:OSPF Case Studies: Authentication](https://wiki.mikrotik.com/wiki/Manual:OSPF_Case_Studies#Authentication)
4. [Manual:Basic MPLS setup example](https://wiki.mikrotik.com/wiki/Manual:Basic_MPLS_setup_example)
5. [IANA: MPLS Lables values](https://www.iana.org/assignments/mpls-label-values/mpls-label-values.xml)
Sign in with Wallet
Connect another wallet