Establishing a VPLS tunnel across locations
Establishing a VPLS tunnel across locations
I configured a VPLS tunnel between two Mikrotik hEX devices in lab mode, with direct connections and private WAN IPs. It functions perfectly. Now I'm wondering if it's possible to move this setup to an internet-based configuration without ISP help between sites on different providers. I've updated the tunnel endpoints to actual WAN IPs, adjusted LSRs and negotiated LDP, and can see remote networks in MPLS data. However, the VPLS tunnel isn't activating. The main difference from the lab is that one site uses a PPPoE VLAN10 interface for WAN, which I've modified firewall rules around. I'm unsure if this will work across the internet without ISP awareness. Would creating a GRE tunnel with MPLS/VPLS inside be an option? This setup performed much better than an IPSec tunnel (around 30-60Mbps). Any suggestions would be appreciated. @Lurick @KuJoe @LAwLz
I haven't worked much with VPLS, so I won't be the top answer. However, you might want to try using a GRE tunnel first to see if it helps bring VPLS online. @mynameisjuan
Consider testing EoIP given your Mikrotik setup at both sides: https://wiki.mikrotik.com/wiki/Manual:Interface/EoIP. You can run it directly or connect it to IPSec, which is hardware-accelerated and supports up to 470Mbps: https://www.manitonetworks.com/mikrotik/...oip-tunnel. The main point of confusion is aligning the straightforward IPSec configuration within EoIP with the hardware acceleration in the hEX—you may need to create a tunnel using the acceleration profile, then layer EoIP on top, possibly opting for VPLS instead.
-I used to think my heartbeats had stopped... We set up the MikroTik and I’ve got plenty of hands-on experience, though I haven’t used VPLS before. I could give it a shot in my lab soon.
The issue is that it functions in the lab but not in real life for him... but I'm excited about any updates you make.
Prefer not to work with Mikrotik much? So far it outperforms ERLite, though the hEX model lacks a solid VLAN-capable switch chip and the bridge VLAN features feel odd. Getting a port to act as a trunk for VLANs and pairing it with another PVID seems problematic at present. Progress is mixed—two steps forward, one step back. It might be worth investing more if tunneling options like VXLAN become viable, but then the choices could overwhelm you... Maybe I’ll stick with my Fortigate 60D at the end of the tunnel instead.
I really like Mikrotik, but its quirky setup sometimes confuses me. Vlan trunking was tough to grasp at first—it took time to understand its logic and get it right. I already have a config where native vlan works on the trunk port. Just need to locate it, lol.
I haven't worked with VPLS yet. It's unclear if it would function if the tunnels face WAN addresses and both switches can communicate via regular traffic.