Hi guys, hoping somebody could suggest an option here. We have a customer that we are doing a trunk for which goes from their office to our DC and then to them in that DC. It looks like: Local Site Data Centre Ether1 -> bridge -> EOIP Tunnel -> bridge ->Ether1 This has been setup this way so that they can just push whatever they want through the tunnel, which is basically 4 vlans, so with this design they should be able to send and receive tagged traffic between the two Ethernet ports without an issue. The problem we have is that we now need to supply an additional vlan to the DC end of the link, but because it's a layer 2 trunk I am not sure of the best way to approach this. I have thought of putting a vlan on the physical interface and another on the bridge interface and setting up a /30 between those two vlan interfaces but to be honest I don't know if that will actually work, has anybody experienced this before and have any suggestions before I just try it ? Basically we need to provide them a layer 3 connection as well as the layer two connection but into the same physical interface at the DC. Thanks Paul
Hey Paul, Whats the eoip running over? (and its MTU) I'd be inclined to suggest MPLS setup for something like this if your network permits. Depending on what you have to work with you could achieve it in a few different ways. Cheers, RJ -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Wednesday, 27 August 2014 2:09 PM To: public@talk.mikrotik.com.au Subject: [MT-AU Public] VLAN Injection..... Hi guys, hoping somebody could suggest an option here. We have a customer that we are doing a trunk for which goes from their office to our DC and then to them in that DC. It looks like: Local Site Data Centre Ether1 -> bridge -> EOIP Tunnel -> bridge ->Ether1 This has been setup this way so that they can just push whatever they want through the tunnel, which is basically 4 vlans, so with this design they should be able to send and receive tagged traffic between the two Ethernet ports without an issue. The problem we have is that we now need to supply an additional vlan to the DC end of the link, but because it's a layer 2 trunk I am not sure of the best way to approach this. I have thought of putting a vlan on the physical interface and another on the bridge interface and setting up a /30 between those two vlan interfaces but to be honest I don't know if that will actually work, has anybody experienced this before and have any suggestions before I just try it ? Basically we need to provide them a layer 3 connection as well as the layer two connection but into the same physical interface at the DC. Thanks Paul _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
Hi RJ, sorry I only just saw this message, we are looking to change to MPLS in the near future, looks like we have it working just as a vlan interface off the bridge at our DC end which was my original thought. Thanks for your response. Regards Paul -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of RJ Plummer Sent: Wednesday, 27 August 2014 4:16 PM To: MikroTik Australia Public List Subject: Re: [MT-AU Public] VLAN Injection..... Hey Paul, Whats the eoip running over? (and its MTU) I'd be inclined to suggest MPLS setup for something like this if your network permits. Depending on what you have to work with you could achieve it in a few different ways. Cheers, RJ -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Wednesday, 27 August 2014 2:09 PM To: public@talk.mikrotik.com.au Subject: [MT-AU Public] VLAN Injection..... Hi guys, hoping somebody could suggest an option here. We have a customer that we are doing a trunk for which goes from their office to our DC and then to them in that DC. It looks like: Local Site Data Centre Ether1 -> bridge -> EOIP Tunnel -> bridge ->Ether1 This has been setup this way so that they can just push whatever they want through the tunnel, which is basically 4 vlans, so with this design they should be able to send and receive tagged traffic between the two Ethernet ports without an issue. The problem we have is that we now need to supply an additional vlan to the DC end of the link, but because it's a layer 2 trunk I am not sure of the best way to approach this. I have thought of putting a vlan on the physical interface and another on the bridge interface and setting up a /30 between those two vlan interfaces but to be honest I don't know if that will actually work, has anybody experienced this before and have any suggestions before I just try it ? Basically we need to provide them a layer 3 connection as well as the layer two connection but into the same physical interface at the DC. Thanks Paul _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
Have you considered a second eoip tunnel? That way, you can add a vlan virtual interface on each side with the relevant tag ID, then bridge that virtual interface to the new eoip tunnel. As in: /interface vlan add interface=etherx vlanid=nn name=vlan-nn-ether-x /interface eoip name=eoip-nn local-address=a.b.c.d remote-address=c.d.e.f tunnel-id=mm /bridge add name=bridge-nn /bridge port add interface=vlan-nn-ether-x bridge=bridge-nn And same/similar on other end. Cheers! Mike. -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Wednesday, 27 August 2014 4:09 PM To: public@talk.mikrotik.com.au Subject: [MT-AU Public] VLAN Injection..... Hi guys, hoping somebody could suggest an option here. We have a customer that we are doing a trunk for which goes from their office to our DC and then to them in that DC. It looks like: Local Site Data Centre Ether1 -> bridge -> EOIP Tunnel -> bridge ->Ether1 This has been setup this way so that they can just push whatever they want through the tunnel, which is basically 4 vlans, so with this design they should be able to send and receive tagged traffic between the two Ethernet ports without an issue. The problem we have is that we now need to supply an additional vlan to the DC end of the link, but because it's a layer 2 trunk I am not sure of the best way to approach this. I have thought of putting a vlan on the physical interface and another on the bridge interface and setting up a /30 between those two vlan interfaces but to be honest I don't know if that will actually work, has anybody experienced this before and have any suggestions before I just try it ? Basically we need to provide them a layer 3 connection as well as the layer two connection but into the same physical interface at the DC. Thanks Paul _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
Thanks Mike I had yes, but the vlan only needs to be presented at one end of the link as it's coming in from our network. The customer has the trunk through our network and now wants some transit as well, as the trunk port is already plugged into their cross connect and we don't have another cross connect spare we need to try and get this other vlan into one end of the trunk. Regards Paul -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Mike Everest Sent: Thursday, 28 August 2014 9:08 AM To: 'MikroTik Australia Public List' Subject: Re: [MT-AU Public] VLAN Injection..... Have you considered a second eoip tunnel? That way, you can add a vlan virtual interface on each side with the relevant tag ID, then bridge that virtual interface to the new eoip tunnel. As in: /interface vlan add interface=etherx vlanid=nn name=vlan-nn-ether-x /interface eoip name=eoip-nn local-address=a.b.c.d remote-address=c.d.e.f tunnel-id=mm /bridge add name=bridge-nn /bridge port add interface=vlan-nn-ether-x bridge=bridge-nn And same/similar on other end. Cheers! Mike. -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Wednesday, 27 August 2014 4:09 PM To: public@talk.mikrotik.com.au Subject: [MT-AU Public] VLAN Injection..... Hi guys, hoping somebody could suggest an option here. We have a customer that we are doing a trunk for which goes from their office to our DC and then to them in that DC. It looks like: Local Site Data Centre Ether1 -> bridge -> EOIP Tunnel -> bridge ->Ether1 This has been setup this way so that they can just push whatever they want through the tunnel, which is basically 4 vlans, so with this design they should be able to send and receive tagged traffic between the two Ethernet ports without an issue. The problem we have is that we now need to supply an additional vlan to the DC end of the link, but because it's a layer 2 trunk I am not sure of the best way to approach this. I have thought of putting a vlan on the physical interface and another on the bridge interface and setting up a /30 between those two vlan interfaces but to be honest I don't know if that will actually work, has anybody experienced this before and have any suggestions before I just try it ? Basically we need to provide them a layer 3 connection as well as the layer two connection but into the same physical interface at the DC. Thanks Paul _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
Not sure if I am reading correctly, but would it be a possibility to have 2 VLANs on the cross connect, set up the EOIP to run over one VLAN (then your customer runs all of their VLANs inside the EOIP tunnel) and then use the new VLAN for your transit? -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Thursday, 28 August 2014 9:14 AM To: 'MikroTik Australia Public List' Subject: Re: [MT-AU Public] VLAN Injection..... Thanks Mike I had yes, but the vlan only needs to be presented at one end of the link as it's coming in from our network. The customer has the trunk through our network and now wants some transit as well, as the trunk port is already plugged into their cross connect and we don't have another cross connect spare we need to try and get this other vlan into one end of the trunk. Regards Paul -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Mike Everest Sent: Thursday, 28 August 2014 9:08 AM To: 'MikroTik Australia Public List' Subject: Re: [MT-AU Public] VLAN Injection..... Have you considered a second eoip tunnel? That way, you can add a vlan virtual interface on each side with the relevant tag ID, then bridge that virtual interface to the new eoip tunnel. As in: /interface vlan add interface=etherx vlanid=nn name=vlan-nn-ether-x /interface eoip name=eoip-nn local-address=a.b.c.d remote-address=c.d.e.f tunnel-id=mm /bridge add name=bridge-nn /bridge port add interface=vlan-nn-ether-x bridge=bridge-nn And same/similar on other end. Cheers! Mike. -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Wednesday, 27 August 2014 4:09 PM To: public@talk.mikrotik.com.au Subject: [MT-AU Public] VLAN Injection..... Hi guys, hoping somebody could suggest an option here. We have a customer that we are doing a trunk for which goes from their office to our DC and then to them in that DC. It looks like: Local Site Data Centre Ether1 -> bridge -> EOIP Tunnel -> bridge ->Ether1 This has been setup this way so that they can just push whatever they want through the tunnel, which is basically 4 vlans, so with this design they should be able to send and receive tagged traffic between the two Ethernet ports without an issue. The problem we have is that we now need to supply an additional vlan to the DC end of the link, but because it's a layer 2 trunk I am not sure of the best way to approach this. I have thought of putting a vlan on the physical interface and another on the bridge interface and setting up a /30 between those two vlan interfaces but to be honest I don't know if that will actually work, has anybody experienced this before and have any suggestions before I just try it ? Basically we need to provide them a layer 3 connection as well as the layer two connection but into the same physical interface at the DC. Thanks Paul _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
OK, umm, ... I don't think I understand what you have or what you need :-} So they want to add transit to an existing private link that passes through your network? So you need to kind of 'break out' a vlan at some point where there is no existing routing node? Cheers, Mike. -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Thursday, 28 August 2014 9:14 AM To: 'MikroTik Australia Public List' Subject: Re: [MT-AU Public] VLAN Injection..... Thanks Mike I had yes, but the vlan only needs to be presented at one end of the link as it's coming in from our network. The customer has the trunk through our network and now wants some transit as well, as the trunk port is already plugged into their cross connect and we don't have another cross connect spare we need to try and get this other vlan into one end of the trunk. Regards Paul -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Mike Everest Sent: Thursday, 28 August 2014 9:08 AM To: 'MikroTik Australia Public List' Subject: Re: [MT-AU Public] VLAN Injection..... Have you considered a second eoip tunnel? That way, you can add a vlan virtual interface on each side with the relevant tag ID, then bridge that virtual interface to the new eoip tunnel. As in: /interface vlan add interface=etherx vlanid=nn name=vlan-nn-ether-x /interface eoip name=eoip-nn local-address=a.b.c.d remote-address=c.d.e.f tunnel-id=mm /bridge add name=bridge-nn /bridge port add interface=vlan-nn-ether-x bridge=bridge-nn And same/similar on other end. Cheers! Mike. -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Wednesday, 27 August 2014 4:09 PM To: public@talk.mikrotik.com.au Subject: [MT-AU Public] VLAN Injection..... Hi guys, hoping somebody could suggest an option here. We have a customer that we are doing a trunk for which goes from their office to our DC and then to them in that DC. It looks like: Local Site Data Centre Ether1 -> bridge -> EOIP Tunnel -> bridge ->Ether1 This has been setup this way so that they can just push whatever they want through the tunnel, which is basically 4 vlans, so with this design they should be able to send and receive tagged traffic between the two Ethernet ports without an issue. The problem we have is that we now need to supply an additional vlan to the DC end of the link, but because it's a layer 2 trunk I am not sure of the best way to approach this. I have thought of putting a vlan on the physical interface and another on the bridge interface and setting up a /30 between those two vlan interfaces but to be honest I don't know if that will actually work, has anybody experienced this before and have any suggestions before I just try it ? Basically we need to provide them a layer 3 connection as well as the layer two connection but into the same physical interface at the DC. Thanks Paul _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
Sorry, I know it's confusing..... So we have a customer at a site, at that site we bridge ether1 on their Mikrotik to an EOIP tunnel. That EOIP tunnel then goes through our network to our edge router at a data centre where we then bridge the EOIP tunnel to ether4 on our edge router. The customer then plugs their cross connect to that Ethernet port. So right now we have a layer 2 bridge between ether1 at their site and ether4 on our edge router at the DC, they can effectively do whatever they want across that, vlans, layer 3 traffic, whatever. Problem is that now they want some transit from us, but they only have one cross connect to us at the DC, so somehow we need to be able to feed them a vlan into that ether4 port at the DC so that they can pick up that transit from the vlan. My current thoughts are to add the vlan to the bridge interface which bridges the EOIP tunnel and ether4 at the DC, then they configure that vlan ID on their kit that plugs into ether4 on our router and then we have a /30 across that vlan which we feed them the transit on. Any thoughts ? Regards Paul -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Mike Everest Sent: Thursday, 28 August 2014 9:45 AM To: 'MikroTik Australia Public List' Subject: Re: [MT-AU Public] VLAN Injection..... OK, umm, ... I don't think I understand what you have or what you need :-} So they want to add transit to an existing private link that passes through your network? So you need to kind of 'break out' a vlan at some point where there is no existing routing node? Cheers, Mike. -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Thursday, 28 August 2014 9:14 AM To: 'MikroTik Australia Public List' Subject: Re: [MT-AU Public] VLAN Injection..... Thanks Mike I had yes, but the vlan only needs to be presented at one end of the link as it's coming in from our network. The customer has the trunk through our network and now wants some transit as well, as the trunk port is already plugged into their cross connect and we don't have another cross connect spare we need to try and get this other vlan into one end of the trunk. Regards Paul -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Mike Everest Sent: Thursday, 28 August 2014 9:08 AM To: 'MikroTik Australia Public List' Subject: Re: [MT-AU Public] VLAN Injection..... Have you considered a second eoip tunnel? That way, you can add a vlan virtual interface on each side with the relevant tag ID, then bridge that virtual interface to the new eoip tunnel. As in: /interface vlan add interface=etherx vlanid=nn name=vlan-nn-ether-x /interface eoip name=eoip-nn local-address=a.b.c.d remote-address=c.d.e.f tunnel-id=mm /bridge add name=bridge-nn /bridge port add interface=vlan-nn-ether-x bridge=bridge-nn And same/similar on other end. Cheers! Mike. -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Wednesday, 27 August 2014 4:09 PM To: public@talk.mikrotik.com.au Subject: [MT-AU Public] VLAN Injection..... Hi guys, hoping somebody could suggest an option here. We have a customer that we are doing a trunk for which goes from their office to our DC and then to them in that DC. It looks like: Local Site Data Centre Ether1 -> bridge -> EOIP Tunnel -> bridge ->Ether1 This has been setup this way so that they can just push whatever they want through the tunnel, which is basically 4 vlans, so with this design they should be able to send and receive tagged traffic between the two Ethernet ports without an issue. The problem we have is that we now need to supply an additional vlan to the DC end of the link, but because it's a layer 2 trunk I am not sure of the best way to approach this. I have thought of putting a vlan on the physical interface and another on the bridge interface and setting up a /30 between those two vlan interfaces but to be honest I don't know if that will actually work, has anybody experienced this before and have any suggestions before I just try it ? Basically we need to provide them a layer 3 connection as well as the layer two connection but into the same physical interface at the DC. Thanks Paul _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
How does your transit present to that edge router? -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Thursday, 28 August 2014 9:53 AM To: 'MikroTik Australia Public List' Subject: Re: [MT-AU Public] VLAN Injection..... Sorry, I know it's confusing..... So we have a customer at a site, at that site we bridge ether1 on their Mikrotik to an EOIP tunnel. That EOIP tunnel then goes through our network to our edge router at a data centre where we then bridge the EOIP tunnel to ether4 on our edge router. The customer then plugs their cross connect to that Ethernet port. So right now we have a layer 2 bridge between ether1 at their site and ether4 on our edge router at the DC, they can effectively do whatever they want across that, vlans, layer 3 traffic, whatever. Problem is that now they want some transit from us, but they only have one cross connect to us at the DC, so somehow we need to be able to feed them a vlan into that ether4 port at the DC so that they can pick up that transit from the vlan. My current thoughts are to add the vlan to the bridge interface which bridges the EOIP tunnel and ether4 at the DC, then they configure that vlan ID on their kit that plugs into ether4 on our router and then we have a /30 across that vlan which we feed them the transit on. Any thoughts ? Regards Paul -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Mike Everest Sent: Thursday, 28 August 2014 9:45 AM To: 'MikroTik Australia Public List' Subject: Re: [MT-AU Public] VLAN Injection..... OK, umm, ... I don't think I understand what you have or what you need :-} So they want to add transit to an existing private link that passes through your network? So you need to kind of 'break out' a vlan at some point where there is no existing routing node? Cheers, Mike. -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Thursday, 28 August 2014 9:14 AM To: 'MikroTik Australia Public List' Subject: Re: [MT-AU Public] VLAN Injection..... Thanks Mike I had yes, but the vlan only needs to be presented at one end of the link as it's coming in from our network. The customer has the trunk through our network and now wants some transit as well, as the trunk port is already plugged into their cross connect and we don't have another cross connect spare we need to try and get this other vlan into one end of the trunk. Regards Paul -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Mike Everest Sent: Thursday, 28 August 2014 9:08 AM To: 'MikroTik Australia Public List' Subject: Re: [MT-AU Public] VLAN Injection..... Have you considered a second eoip tunnel? That way, you can add a vlan virtual interface on each side with the relevant tag ID, then bridge that virtual interface to the new eoip tunnel. As in: /interface vlan add interface=etherx vlanid=nn name=vlan-nn-ether-x /interface eoip name=eoip-nn local-address=a.b.c.d remote-address=c.d.e.f tunnel-id=mm /bridge add name=bridge-nn /bridge port add interface=vlan-nn-ether-x bridge=bridge-nn And same/similar on other end. Cheers! Mike. -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Wednesday, 27 August 2014 4:09 PM To: public@talk.mikrotik.com.au Subject: [MT-AU Public] VLAN Injection..... Hi guys, hoping somebody could suggest an option here. We have a customer that we are doing a trunk for which goes from their office to our DC and then to them in that DC. It looks like: Local Site Data Centre Ether1 -> bridge -> EOIP Tunnel -> bridge ->Ether1 This has been setup this way so that they can just push whatever they want through the tunnel, which is basically 4 vlans, so with this design they should be able to send and receive tagged traffic between the two Ethernet ports without an issue. The problem we have is that we now need to supply an additional vlan to the DC end of the link, but because it's a layer 2 trunk I am not sure of the best way to approach this. I have thought of putting a vlan on the physical interface and another on the bridge interface and setting up a /30 between those two vlan interfaces but to be honest I don't know if that will actually work, has anybody experienced this before and have any suggestions before I just try it ? Basically we need to provide them a layer 3 connection as well as the layer two connection but into the same physical interface at the DC. Thanks Paul _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
That router is just part of our network so we would just give them a /30 across the vlan and route a subnet across that to them, we run OSPF on that edge router so the IP's will just get injected into the routing table as a connected route and then a static route for the subnet. Regards Paul -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Mike Everest Sent: Thursday, 28 August 2014 10:23 AM To: 'MikroTik Australia Public List' Subject: Re: [MT-AU Public] VLAN Injection..... How does your transit present to that edge router? -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Thursday, 28 August 2014 9:53 AM To: 'MikroTik Australia Public List' Subject: Re: [MT-AU Public] VLAN Injection..... Sorry, I know it's confusing..... So we have a customer at a site, at that site we bridge ether1 on their Mikrotik to an EOIP tunnel. That EOIP tunnel then goes through our network to our edge router at a data centre where we then bridge the EOIP tunnel to ether4 on our edge router. The customer then plugs their cross connect to that Ethernet port. So right now we have a layer 2 bridge between ether1 at their site and ether4 on our edge router at the DC, they can effectively do whatever they want across that, vlans, layer 3 traffic, whatever. Problem is that now they want some transit from us, but they only have one cross connect to us at the DC, so somehow we need to be able to feed them a vlan into that ether4 port at the DC so that they can pick up that transit from the vlan. My current thoughts are to add the vlan to the bridge interface which bridges the EOIP tunnel and ether4 at the DC, then they configure that vlan ID on their kit that plugs into ether4 on our router and then we have a /30 across that vlan which we feed them the transit on. Any thoughts ? Regards Paul -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Mike Everest Sent: Thursday, 28 August 2014 9:45 AM To: 'MikroTik Australia Public List' Subject: Re: [MT-AU Public] VLAN Injection..... OK, umm, ... I don't think I understand what you have or what you need :-} So they want to add transit to an existing private link that passes through your network? So you need to kind of 'break out' a vlan at some point where there is no existing routing node? Cheers, Mike. -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Thursday, 28 August 2014 9:14 AM To: 'MikroTik Australia Public List' Subject: Re: [MT-AU Public] VLAN Injection..... Thanks Mike I had yes, but the vlan only needs to be presented at one end of the link as it's coming in from our network. The customer has the trunk through our network and now wants some transit as well, as the trunk port is already plugged into their cross connect and we don't have another cross connect spare we need to try and get this other vlan into one end of the trunk. Regards Paul -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Mike Everest Sent: Thursday, 28 August 2014 9:08 AM To: 'MikroTik Australia Public List' Subject: Re: [MT-AU Public] VLAN Injection..... Have you considered a second eoip tunnel? That way, you can add a vlan virtual interface on each side with the relevant tag ID, then bridge that virtual interface to the new eoip tunnel. As in: /interface vlan add interface=etherx vlanid=nn name=vlan-nn-ether-x /interface eoip name=eoip-nn local-address=a.b.c.d remote-address=c.d.e.f tunnel-id=mm /bridge add name=bridge-nn /bridge port add interface=vlan-nn-ether-x bridge=bridge-nn And same/similar on other end. Cheers! Mike. -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Wednesday, 27 August 2014 4:09 PM To: public@talk.mikrotik.com.au Subject: [MT-AU Public] VLAN Injection..... Hi guys, hoping somebody could suggest an option here. We have a customer that we are doing a trunk for which goes from their office to our DC and then to them in that DC. It looks like: Local Site Data Centre Ether1 -> bridge -> EOIP Tunnel -> bridge ->Ether1 This has been setup this way so that they can just push whatever they want through the tunnel, which is basically 4 vlans, so with this design they should be able to send and receive tagged traffic between the two Ethernet ports without an issue. The problem we have is that we now need to supply an additional vlan to the DC end of the link, but because it's a layer 2 trunk I am not sure of the best way to approach this. I have thought of putting a vlan on the physical interface and another on the bridge interface and setting up a /30 between those two vlan interfaces but to be honest I don't know if that will actually work, has anybody experienced this before and have any suggestions before I just try it ? Basically we need to provide them a layer 3 connection as well as the layer two connection but into the same physical interface at the DC. Thanks Paul _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
Maybe you are over-thinking the problem, or maybe I am still not properly understanding the design constraints ;-) Why not just choose a vlan tag and create a virtual interface on the bridge, then your /30 on that vlan interface allow them to deal with the transit tagged traffic however they want to: /interface vlan add name=transit-vlan interface=[eoip-tunnel-bridge] vlan-id=nn /ip address add interface= transit-vlan address=a.b.c.d/30 Then they just see another vlan-id among the traffic on their trunk that they present to their router in whatever way they care to, and configure the other end of that /30 subnet. If you want to, you can even bridge that transit-vlan to a physical interface or some other virtual interface so that you don't even need to route via that router if it is easier to route it by some other device. Seems like you have already been thinking similar, though I don't know what your reference to 'vlan on the physical interface' is intended for... Cheers! -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Thursday, 28 August 2014 10:32 AM To: 'MikroTik Australia Public List' Subject: Re: [MT-AU Public] VLAN Injection..... That router is just part of our network so we would just give them a /30 across the vlan and route a subnet across that to them, we run OSPF on that edge router so the IP's will just get injected into the routing table as a connected route and then a static route for the subnet. Regards Paul -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Mike Everest Sent: Thursday, 28 August 2014 10:23 AM To: 'MikroTik Australia Public List' Subject: Re: [MT-AU Public] VLAN Injection..... How does your transit present to that edge router? -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Thursday, 28 August 2014 9:53 AM To: 'MikroTik Australia Public List' Subject: Re: [MT-AU Public] VLAN Injection..... Sorry, I know it's confusing..... So we have a customer at a site, at that site we bridge ether1 on their Mikrotik to an EOIP tunnel. That EOIP tunnel then goes through our network to our edge router at a data centre where we then bridge the EOIP tunnel to ether4 on our edge router. The customer then plugs their cross connect to that Ethernet port. So right now we have a layer 2 bridge between ether1 at their site and ether4 on our edge router at the DC, they can effectively do whatever they want across that, vlans, layer 3 traffic, whatever. Problem is that now they want some transit from us, but they only have one cross connect to us at the DC, so somehow we need to be able to feed them a vlan into that ether4 port at the DC so that they can pick up that transit from the vlan. My current thoughts are to add the vlan to the bridge interface which bridges the EOIP tunnel and ether4 at the DC, then they configure that vlan ID on their kit that plugs into ether4 on our router and then we have a /30 across that vlan which we feed them the transit on. Any thoughts ? Regards Paul -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Mike Everest Sent: Thursday, 28 August 2014 9:45 AM To: 'MikroTik Australia Public List' Subject: Re: [MT-AU Public] VLAN Injection..... OK, umm, ... I don't think I understand what you have or what you need :-} So they want to add transit to an existing private link that passes through your network? So you need to kind of 'break out' a vlan at some point where there is no existing routing node? Cheers, Mike. -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Thursday, 28 August 2014 9:14 AM To: 'MikroTik Australia Public List' Subject: Re: [MT-AU Public] VLAN Injection..... Thanks Mike I had yes, but the vlan only needs to be presented at one end of the link as it's coming in from our network. The customer has the trunk through our network and now wants some transit as well, as the trunk port is already plugged into their cross connect and we don't have another cross connect spare we need to try and get this other vlan into one end of the trunk. Regards Paul -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Mike Everest Sent: Thursday, 28 August 2014 9:08 AM To: 'MikroTik Australia Public List' Subject: Re: [MT-AU Public] VLAN Injection..... Have you considered a second eoip tunnel? That way, you can add a vlan virtual interface on each side with the relevant tag ID, then bridge that virtual interface to the new eoip tunnel. As in: /interface vlan add interface=etherx vlanid=nn name=vlan-nn-ether-x /interface eoip name=eoip-nn local-address=a.b.c.d remote-address=c.d.e.f tunnel-id=mm /bridge add name=bridge-nn /bridge port add interface=vlan-nn-ether-x bridge=bridge-nn And same/similar on other end. Cheers! Mike. -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Wednesday, 27 August 2014 4:09 PM To: public@talk.mikrotik.com.au Subject: [MT-AU Public] VLAN Injection..... Hi guys, hoping somebody could suggest an option here. We have a customer that we are doing a trunk for which goes from their office to our DC and then to them in that DC. It looks like: Local Site Data Centre Ether1 -> bridge -> EOIP Tunnel -> bridge ->Ether1 This has been setup this way so that they can just push whatever they want through the tunnel, which is basically 4 vlans, so with this design they should be able to send and receive tagged traffic between the two Ethernet ports without an issue. The problem we have is that we now need to supply an additional vlan to the DC end of the link, but because it's a layer 2 trunk I am not sure of the best way to approach this. I have thought of putting a vlan on the physical interface and another on the bridge interface and setting up a /30 between those two vlan interfaces but to be honest I don't know if that will actually work, has anybody experienced this before and have any suggestions before I just try it ? Basically we need to provide them a layer 3 connection as well as the layer two connection but into the same physical interface at the DC. Thanks Paul _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
Hi Mike, that's exactly what I have done and thought should work fine, adding a vlan interface onto the bridge, I can't see any reason why it shouldn't work. I might have a play with the VRF option though just to see how it works, it could be a good option to consider for the future which I didn't think of. Thanks for the advice everybody. Regards Paul -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Mike Everest Sent: Thursday, 28 August 2014 11:51 AM To: 'MikroTik Australia Public List' Subject: Re: [MT-AU Public] VLAN Injection..... Maybe you are over-thinking the problem, or maybe I am still not properly understanding the design constraints ;-) Why not just choose a vlan tag and create a virtual interface on the bridge, then your /30 on that vlan interface allow them to deal with the transit tagged traffic however they want to: /interface vlan add name=transit-vlan interface=[eoip-tunnel-bridge] vlan-id=nn /ip address add interface= transit-vlan address=a.b.c.d/30 Then they just see another vlan-id among the traffic on their trunk that they present to their router in whatever way they care to, and configure the other end of that /30 subnet. If you want to, you can even bridge that transit-vlan to a physical interface or some other virtual interface so that you don't even need to route via that router if it is easier to route it by some other device. Seems like you have already been thinking similar, though I don't know what your reference to 'vlan on the physical interface' is intended for... Cheers! -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Thursday, 28 August 2014 10:32 AM To: 'MikroTik Australia Public List' Subject: Re: [MT-AU Public] VLAN Injection..... That router is just part of our network so we would just give them a /30 across the vlan and route a subnet across that to them, we run OSPF on that edge router so the IP's will just get injected into the routing table as a connected route and then a static route for the subnet. Regards Paul -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Mike Everest Sent: Thursday, 28 August 2014 10:23 AM To: 'MikroTik Australia Public List' Subject: Re: [MT-AU Public] VLAN Injection..... How does your transit present to that edge router? -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Thursday, 28 August 2014 9:53 AM To: 'MikroTik Australia Public List' Subject: Re: [MT-AU Public] VLAN Injection..... Sorry, I know it's confusing..... So we have a customer at a site, at that site we bridge ether1 on their Mikrotik to an EOIP tunnel. That EOIP tunnel then goes through our network to our edge router at a data centre where we then bridge the EOIP tunnel to ether4 on our edge router. The customer then plugs their cross connect to that Ethernet port. So right now we have a layer 2 bridge between ether1 at their site and ether4 on our edge router at the DC, they can effectively do whatever they want across that, vlans, layer 3 traffic, whatever. Problem is that now they want some transit from us, but they only have one cross connect to us at the DC, so somehow we need to be able to feed them a vlan into that ether4 port at the DC so that they can pick up that transit from the vlan. My current thoughts are to add the vlan to the bridge interface which bridges the EOIP tunnel and ether4 at the DC, then they configure that vlan ID on their kit that plugs into ether4 on our router and then we have a /30 across that vlan which we feed them the transit on. Any thoughts ? Regards Paul -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Mike Everest Sent: Thursday, 28 August 2014 9:45 AM To: 'MikroTik Australia Public List' Subject: Re: [MT-AU Public] VLAN Injection..... OK, umm, ... I don't think I understand what you have or what you need :-} So they want to add transit to an existing private link that passes through your network? So you need to kind of 'break out' a vlan at some point where there is no existing routing node? Cheers, Mike. -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Thursday, 28 August 2014 9:14 AM To: 'MikroTik Australia Public List' Subject: Re: [MT-AU Public] VLAN Injection..... Thanks Mike I had yes, but the vlan only needs to be presented at one end of the link as it's coming in from our network. The customer has the trunk through our network and now wants some transit as well, as the trunk port is already plugged into their cross connect and we don't have another cross connect spare we need to try and get this other vlan into one end of the trunk. Regards Paul -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Mike Everest Sent: Thursday, 28 August 2014 9:08 AM To: 'MikroTik Australia Public List' Subject: Re: [MT-AU Public] VLAN Injection..... Have you considered a second eoip tunnel? That way, you can add a vlan virtual interface on each side with the relevant tag ID, then bridge that virtual interface to the new eoip tunnel. As in: /interface vlan add interface=etherx vlanid=nn name=vlan-nn-ether-x /interface eoip name=eoip-nn local-address=a.b.c.d remote-address=c.d.e.f tunnel-id=mm /bridge add name=bridge-nn /bridge port add interface=vlan-nn-ether-x bridge=bridge-nn And same/similar on other end. Cheers! Mike. -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Wednesday, 27 August 2014 4:09 PM To: public@talk.mikrotik.com.au Subject: [MT-AU Public] VLAN Injection..... Hi guys, hoping somebody could suggest an option here. We have a customer that we are doing a trunk for which goes from their office to our DC and then to them in that DC. It looks like: Local Site Data Centre Ether1 -> bridge -> EOIP Tunnel -> bridge ->Ether1 This has been setup this way so that they can just push whatever they want through the tunnel, which is basically 4 vlans, so with this design they should be able to send and receive tagged traffic between the two Ethernet ports without an issue. The problem we have is that we now need to supply an additional vlan to the DC end of the link, but because it's a layer 2 trunk I am not sure of the best way to approach this. I have thought of putting a vlan on the physical interface and another on the bridge interface and setting up a /30 between those two vlan interfaces but to be honest I don't know if that will actually work, has anybody experienced this before and have any suggestions before I just try it ? Basically we need to provide them a layer 3 connection as well as the layer two connection but into the same physical interface at the DC. Thanks Paul _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
Paul I would suggest putting them min a separate VRF in your DC router. That way everything of theirs is separate to yours. We have done this on our DC router (a cisco), and our clients come in via a layer 2 service. -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Thursday, 28 August 2014 9:53 AM To: 'MikroTik Australia Public List' Subject: Re: [MT-AU Public] VLAN Injection..... Sorry, I know it's confusing..... So we have a customer at a site, at that site we bridge ether1 on their Mikrotik to an EOIP tunnel. That EOIP tunnel then goes through our network to our edge router at a data centre where we then bridge the EOIP tunnel to ether4 on our edge router. The customer then plugs their cross connect to that Ethernet port. So right now we have a layer 2 bridge between ether1 at their site and ether4 on our edge router at the DC, they can effectively do whatever they want across that, vlans, layer 3 traffic, whatever. Problem is that now they want some transit from us, but they only have one cross connect to us at the DC, so somehow we need to be able to feed them a vlan into that ether4 port at the DC so that they can pick up that transit from the vlan. My current thoughts are to add the vlan to the bridge interface which bridges the EOIP tunnel and ether4 at the DC, then they configure that vlan ID on their kit that plugs into ether4 on our router and then we have a /30 across that vlan which we feed them the transit on. Any thoughts ? Regards Paul -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Mike Everest Sent: Thursday, 28 August 2014 9:45 AM To: 'MikroTik Australia Public List' Subject: Re: [MT-AU Public] VLAN Injection..... OK, umm, ... I don't think I understand what you have or what you need :-} So they want to add transit to an existing private link that passes through your network? So you need to kind of 'break out' a vlan at some point where there is no existing routing node? Cheers, Mike. -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Thursday, 28 August 2014 9:14 AM To: 'MikroTik Australia Public List' Subject: Re: [MT-AU Public] VLAN Injection..... Thanks Mike I had yes, but the vlan only needs to be presented at one end of the link as it's coming in from our network. The customer has the trunk through our network and now wants some transit as well, as the trunk port is already plugged into their cross connect and we don't have another cross connect spare we need to try and get this other vlan into one end of the trunk. Regards Paul -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Mike Everest Sent: Thursday, 28 August 2014 9:08 AM To: 'MikroTik Australia Public List' Subject: Re: [MT-AU Public] VLAN Injection..... Have you considered a second eoip tunnel? That way, you can add a vlan virtual interface on each side with the relevant tag ID, then bridge that virtual interface to the new eoip tunnel. As in: /interface vlan add interface=etherx vlanid=nn name=vlan-nn-ether-x /interface eoip name=eoip-nn local-address=a.b.c.d remote-address=c.d.e.f tunnel-id=mm /bridge add name=bridge-nn /bridge port add interface=vlan-nn-ether-x bridge=bridge-nn And same/similar on other end. Cheers! Mike. -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Wednesday, 27 August 2014 4:09 PM To: public@talk.mikrotik.com.au Subject: [MT-AU Public] VLAN Injection..... Hi guys, hoping somebody could suggest an option here. We have a customer that we are doing a trunk for which goes from their office to our DC and then to them in that DC. It looks like: Local Site Data Centre Ether1 -> bridge -> EOIP Tunnel -> bridge ->Ether1 This has been setup this way so that they can just push whatever they want through the tunnel, which is basically 4 vlans, so with this design they should be able to send and receive tagged traffic between the two Ethernet ports without an issue. The problem we have is that we now need to supply an additional vlan to the DC end of the link, but because it's a layer 2 trunk I am not sure of the best way to approach this. I have thought of putting a vlan on the physical interface and another on the bridge interface and setting up a /30 between those two vlan interfaces but to be honest I don't know if that will actually work, has anybody experienced this before and have any suggestions before I just try it ? Basically we need to provide them a layer 3 connection as well as the layer two connection but into the same physical interface at the DC. Thanks Paul _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
Thanks Paul for your suggestion, however I think the VRF will only help if everything is layer 3, the customer currently has a purely layer 2 connection between their sites and through our network, and we need to add another layer 2 connection for them at one end to deliver this transit across. If I am wrong here please correct me as VRF's aren't one of my strong points but I thought that they were for layer 3. Regards Paul -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Azad Sent: Thursday, 28 August 2014 11:32 AM To: MikroTik Australia Public List Subject: Re: [MT-AU Public] VLAN Injection..... Paul I would suggest putting them min a separate VRF in your DC router. That way everything of theirs is separate to yours. We have done this on our DC router (a cisco), and our clients come in via a layer 2 service. -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Thursday, 28 August 2014 9:53 AM To: 'MikroTik Australia Public List' Subject: Re: [MT-AU Public] VLAN Injection..... Sorry, I know it's confusing..... So we have a customer at a site, at that site we bridge ether1 on their Mikrotik to an EOIP tunnel. That EOIP tunnel then goes through our network to our edge router at a data centre where we then bridge the EOIP tunnel to ether4 on our edge router. The customer then plugs their cross connect to that Ethernet port. So right now we have a layer 2 bridge between ether1 at their site and ether4 on our edge router at the DC, they can effectively do whatever they want across that, vlans, layer 3 traffic, whatever. Problem is that now they want some transit from us, but they only have one cross connect to us at the DC, so somehow we need to be able to feed them a vlan into that ether4 port at the DC so that they can pick up that transit from the vlan. My current thoughts are to add the vlan to the bridge interface which bridges the EOIP tunnel and ether4 at the DC, then they configure that vlan ID on their kit that plugs into ether4 on our router and then we have a /30 across that vlan which we feed them the transit on. Any thoughts ? Regards Paul -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Mike Everest Sent: Thursday, 28 August 2014 9:45 AM To: 'MikroTik Australia Public List' Subject: Re: [MT-AU Public] VLAN Injection..... OK, umm, ... I don't think I understand what you have or what you need :-} So they want to add transit to an existing private link that passes through your network? So you need to kind of 'break out' a vlan at some point where there is no existing routing node? Cheers, Mike. -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Thursday, 28 August 2014 9:14 AM To: 'MikroTik Australia Public List' Subject: Re: [MT-AU Public] VLAN Injection..... Thanks Mike I had yes, but the vlan only needs to be presented at one end of the link as it's coming in from our network. The customer has the trunk through our network and now wants some transit as well, as the trunk port is already plugged into their cross connect and we don't have another cross connect spare we need to try and get this other vlan into one end of the trunk. Regards Paul -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Mike Everest Sent: Thursday, 28 August 2014 9:08 AM To: 'MikroTik Australia Public List' Subject: Re: [MT-AU Public] VLAN Injection..... Have you considered a second eoip tunnel? That way, you can add a vlan virtual interface on each side with the relevant tag ID, then bridge that virtual interface to the new eoip tunnel. As in: /interface vlan add interface=etherx vlanid=nn name=vlan-nn-ether-x /interface eoip name=eoip-nn local-address=a.b.c.d remote-address=c.d.e.f tunnel-id=mm /bridge add name=bridge-nn /bridge port add interface=vlan-nn-ether-x bridge=bridge-nn And same/similar on other end. Cheers! Mike. -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Wednesday, 27 August 2014 4:09 PM To: public@talk.mikrotik.com.au Subject: [MT-AU Public] VLAN Injection..... Hi guys, hoping somebody could suggest an option here. We have a customer that we are doing a trunk for which goes from their office to our DC and then to them in that DC. It looks like: Local Site Data Centre Ether1 -> bridge -> EOIP Tunnel -> bridge ->Ether1 This has been setup this way so that they can just push whatever they want through the tunnel, which is basically 4 vlans, so with this design they should be able to send and receive tagged traffic between the two Ethernet ports without an issue. The problem we have is that we now need to supply an additional vlan to the DC end of the link, but because it's a layer 2 trunk I am not sure of the best way to approach this. I have thought of putting a vlan on the physical interface and another on the bridge interface and setting up a /30 between those two vlan interfaces but to be honest I don't know if that will actually work, has anybody experienced this before and have any suggestions before I just try it ? Basically we need to provide them a layer 3 connection as well as the layer two connection but into the same physical interface at the DC. Thanks Paul _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
Hey Paul We are using VRF's for layer 2 services. Our clients PPPoE into us, and the RADIUS server gives them a static /32 IP and puts them in a VRF (CUSTOMERNAME_VRF). All there sites are in the same postion, just with different IPs. We then router a /24 IP over their /32 IP address and we can do what you are thinking, and also apply QOS through the RADIUS server as well. The other great thing is that their IP address will never conflict with ours, or our other clients. You could do this same thing if they come in via a VPN tunnel. -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Thursday, 28 August 2014 11:38 AM To: 'MikroTik Australia Public List' Subject: Re: [MT-AU Public] VLAN Injection..... Thanks Paul for your suggestion, however I think the VRF will only help if everything is layer 3, the customer currently has a purely layer 2 connection between their sites and through our network, and we need to add another layer 2 connection for them at one end to deliver this transit across. If I am wrong here please correct me as VRF's aren't one of my strong points but I thought that they were for layer 3. Regards Paul -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Azad Sent: Thursday, 28 August 2014 11:32 AM To: MikroTik Australia Public List Subject: Re: [MT-AU Public] VLAN Injection..... Paul I would suggest putting them min a separate VRF in your DC router. That way everything of theirs is separate to yours. We have done this on our DC router (a cisco), and our clients come in via a layer 2 service. -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Thursday, 28 August 2014 9:53 AM To: 'MikroTik Australia Public List' Subject: Re: [MT-AU Public] VLAN Injection..... Sorry, I know it's confusing..... So we have a customer at a site, at that site we bridge ether1 on their Mikrotik to an EOIP tunnel. That EOIP tunnel then goes through our network to our edge router at a data centre where we then bridge the EOIP tunnel to ether4 on our edge router. The customer then plugs their cross connect to that Ethernet port. So right now we have a layer 2 bridge between ether1 at their site and ether4 on our edge router at the DC, they can effectively do whatever they want across that, vlans, layer 3 traffic, whatever. Problem is that now they want some transit from us, but they only have one cross connect to us at the DC, so somehow we need to be able to feed them a vlan into that ether4 port at the DC so that they can pick up that transit from the vlan. My current thoughts are to add the vlan to the bridge interface which bridges the EOIP tunnel and ether4 at the DC, then they configure that vlan ID on their kit that plugs into ether4 on our router and then we have a /30 across that vlan which we feed them the transit on. Any thoughts ? Regards Paul -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Mike Everest Sent: Thursday, 28 August 2014 9:45 AM To: 'MikroTik Australia Public List' Subject: Re: [MT-AU Public] VLAN Injection..... OK, umm, ... I don't think I understand what you have or what you need :-} So they want to add transit to an existing private link that passes through your network? So you need to kind of 'break out' a vlan at some point where there is no existing routing node? Cheers, Mike. -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Thursday, 28 August 2014 9:14 AM To: 'MikroTik Australia Public List' Subject: Re: [MT-AU Public] VLAN Injection..... Thanks Mike I had yes, but the vlan only needs to be presented at one end of the link as it's coming in from our network. The customer has the trunk through our network and now wants some transit as well, as the trunk port is already plugged into their cross connect and we don't have another cross connect spare we need to try and get this other vlan into one end of the trunk. Regards Paul -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Mike Everest Sent: Thursday, 28 August 2014 9:08 AM To: 'MikroTik Australia Public List' Subject: Re: [MT-AU Public] VLAN Injection..... Have you considered a second eoip tunnel? That way, you can add a vlan virtual interface on each side with the relevant tag ID, then bridge that virtual interface to the new eoip tunnel. As in: /interface vlan add interface=etherx vlanid=nn name=vlan-nn-ether-x /interface eoip name=eoip-nn local-address=a.b.c.d remote-address=c.d.e.f tunnel-id=mm /bridge add name=bridge-nn /bridge port add interface=vlan-nn-ether-x bridge=bridge-nn And same/similar on other end. Cheers! Mike. -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Wednesday, 27 August 2014 4:09 PM To: public@talk.mikrotik.com.au Subject: [MT-AU Public] VLAN Injection..... Hi guys, hoping somebody could suggest an option here. We have a customer that we are doing a trunk for which goes from their office to our DC and then to them in that DC. It looks like: Local Site Data Centre Ether1 -> bridge -> EOIP Tunnel -> bridge ->Ether1 This has been setup this way so that they can just push whatever they want through the tunnel, which is basically 4 vlans, so with this design they should be able to send and receive tagged traffic between the two Ethernet ports without an issue. The problem we have is that we now need to supply an additional vlan to the DC end of the link, but because it's a layer 2 trunk I am not sure of the best way to approach this. I have thought of putting a vlan on the physical interface and another on the bridge interface and setting up a /30 between those two vlan interfaces but to be honest I don't know if that will actually work, has anybody experienced this before and have any suggestions before I just try it ? Basically we need to provide them a layer 3 connection as well as the layer two connection but into the same physical interface at the DC. Thanks Paul _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
Mmm, OK, I should check this out then, so are you doing this on a Mikrotik or Cisco or something else ?, I didn't think the Mikrotik could do dynamic VRF allocation ? Sounds like it would be the best option though if it works, I could bring the EOIP tunnel into a VRF from their office, then put the Ethernet interface facing them in the DC into the VRF, then put a VLAN interface into the VRF I suppose if it all works. Thanks for the ideas Paul I will investigate Regards Paul -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Azad Sent: Thursday, 28 August 2014 11:44 AM To: MikroTik Australia Public List Subject: Re: [MT-AU Public] VLAN Injection..... Hey Paul We are using VRF's for layer 2 services. Our clients PPPoE into us, and the RADIUS server gives them a static /32 IP and puts them in a VRF (CUSTOMERNAME_VRF). All there sites are in the same postion, just with different IPs. We then router a /24 IP over their /32 IP address and we can do what you are thinking, and also apply QOS through the RADIUS server as well. The other great thing is that their IP address will never conflict with ours, or our other clients. You could do this same thing if they come in via a VPN tunnel. -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Thursday, 28 August 2014 11:38 AM To: 'MikroTik Australia Public List' Subject: Re: [MT-AU Public] VLAN Injection..... Thanks Paul for your suggestion, however I think the VRF will only help if everything is layer 3, the customer currently has a purely layer 2 connection between their sites and through our network, and we need to add another layer 2 connection for them at one end to deliver this transit across. If I am wrong here please correct me as VRF's aren't one of my strong points but I thought that they were for layer 3. Regards Paul -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Azad Sent: Thursday, 28 August 2014 11:32 AM To: MikroTik Australia Public List Subject: Re: [MT-AU Public] VLAN Injection..... Paul I would suggest putting them min a separate VRF in your DC router. That way everything of theirs is separate to yours. We have done this on our DC router (a cisco), and our clients come in via a layer 2 service. -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Thursday, 28 August 2014 9:53 AM To: 'MikroTik Australia Public List' Subject: Re: [MT-AU Public] VLAN Injection..... Sorry, I know it's confusing..... So we have a customer at a site, at that site we bridge ether1 on their Mikrotik to an EOIP tunnel. That EOIP tunnel then goes through our network to our edge router at a data centre where we then bridge the EOIP tunnel to ether4 on our edge router. The customer then plugs their cross connect to that Ethernet port. So right now we have a layer 2 bridge between ether1 at their site and ether4 on our edge router at the DC, they can effectively do whatever they want across that, vlans, layer 3 traffic, whatever. Problem is that now they want some transit from us, but they only have one cross connect to us at the DC, so somehow we need to be able to feed them a vlan into that ether4 port at the DC so that they can pick up that transit from the vlan. My current thoughts are to add the vlan to the bridge interface which bridges the EOIP tunnel and ether4 at the DC, then they configure that vlan ID on their kit that plugs into ether4 on our router and then we have a /30 across that vlan which we feed them the transit on. Any thoughts ? Regards Paul -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Mike Everest Sent: Thursday, 28 August 2014 9:45 AM To: 'MikroTik Australia Public List' Subject: Re: [MT-AU Public] VLAN Injection..... OK, umm, ... I don't think I understand what you have or what you need :-} So they want to add transit to an existing private link that passes through your network? So you need to kind of 'break out' a vlan at some point where there is no existing routing node? Cheers, Mike. -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Thursday, 28 August 2014 9:14 AM To: 'MikroTik Australia Public List' Subject: Re: [MT-AU Public] VLAN Injection..... Thanks Mike I had yes, but the vlan only needs to be presented at one end of the link as it's coming in from our network. The customer has the trunk through our network and now wants some transit as well, as the trunk port is already plugged into their cross connect and we don't have another cross connect spare we need to try and get this other vlan into one end of the trunk. Regards Paul -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Mike Everest Sent: Thursday, 28 August 2014 9:08 AM To: 'MikroTik Australia Public List' Subject: Re: [MT-AU Public] VLAN Injection..... Have you considered a second eoip tunnel? That way, you can add a vlan virtual interface on each side with the relevant tag ID, then bridge that virtual interface to the new eoip tunnel. As in: /interface vlan add interface=etherx vlanid=nn name=vlan-nn-ether-x /interface eoip name=eoip-nn local-address=a.b.c.d remote-address=c.d.e.f tunnel-id=mm /bridge add name=bridge-nn /bridge port add interface=vlan-nn-ether-x bridge=bridge-nn And same/similar on other end. Cheers! Mike. -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Wednesday, 27 August 2014 4:09 PM To: public@talk.mikrotik.com.au Subject: [MT-AU Public] VLAN Injection..... Hi guys, hoping somebody could suggest an option here. We have a customer that we are doing a trunk for which goes from their office to our DC and then to them in that DC. It looks like: Local Site Data Centre Ether1 -> bridge -> EOIP Tunnel -> bridge ->Ether1 This has been setup this way so that they can just push whatever they want through the tunnel, which is basically 4 vlans, so with this design they should be able to send and receive tagged traffic between the two Ethernet ports without an issue. The problem we have is that we now need to supply an additional vlan to the DC end of the link, but because it's a layer 2 trunk I am not sure of the best way to approach this. I have thought of putting a vlan on the physical interface and another on the bridge interface and setting up a /30 between those two vlan interfaces but to be honest I don't know if that will actually work, has anybody experienced this before and have any suggestions before I just try it ? Basically we need to provide them a layer 3 connection as well as the layer two connection but into the same physical interface at the DC. Thanks Paul _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
participants (5)
-
Mike Everest
-
Paul Azad
-
Paul Julian
-
RJ Plummer
-
Thomas Jackson