MIkroTik MTCINE Course contents details

MTCINE stands for MikroTik Certified Inter-Networking Engineer

1. Autonomous System
AS stands for Autonomous System. AS number needed because exchange routing information
with other systems.

Usually AS 16bit address but It’s extended to 32bit.

There are two classes of AS

1.​ Public AS
2.​ Private AS
Public AS range:1-64511
Private AS range:64512-65535

2.What is BGP?
BGP stands for Border Gateway Protocol.It's designed to exchange routing and reachability
information among autonomous systems (AS) on the Internet.

Types of BGP
1. Interior BGP
2. Exterior BGP

Interior BGP
When BGP runs between two peers in the same autonomous system (AS), it is referred to as
Internal BGP (i-BGP)

Exterior BGP
When it runs between different autonomous systems, it is called External BGP (eBGP or
Exterior Border Gateway Protocol).

Version of BGP
Current version of BGP is 4

Path Vector algorithm

Path vector algorithm use for select best path in internet routing.

How to select the best path?

Using attribute select the best path
BGP Attributes

1.Highest weight (Prefer the path with the highest WEIGHT.A route without assigned WEIGHT
have a default value of 0.)
2.Highest Local Preference (Prefer the path with the highest LOCAL_PREF. It is used only
within an AS.A path without LOCAL_PREF attribute have a value of 100 by default.)
3.Shortest AS Path
4.Originate (source of the route)
5.Lowest Origin
6.Lowest MED (Prefer the path with the lowest multi-exit discriminator (MED).Paths without
explicit MED value are treated as with MED of 0)
7.eBGP Path over iBGP
8.Router ID (Prefer the route that comes from the BGP router with the lowest router ID.)
9. Shortest route refection cluster list
10. Lowest Neighbor IP address

BGP Transport and packet types

bgp transport
BGP is unique in using TCP as its transport protocol.

BGP message types

1.Open message
2.Update message
3.keepalive message
4.Notification message
Open message
After a TCP connection is established between two BGP systems, they exchange BGP open
messages to create a BGP connection between them.

Update message
BGP systems send update messages to exchange network reachability information.

keepalive message
BGP systems exchange keepalive messages to determine whether a link or host has failed or is
no longer available.

Notification message
BGP systems send notification messages when an error condition is detected.

Type of BGP
1.iBGP
2.eBGP

iBGP
iBGP stands for Internal BGP.IBGP is between same AS. iBGP connections are those within
your company.It's administrative distance of 200.

eBGP
eBGP stands for External BGP.EBGP is peering between two different AS.eBGP connections
are those between two companies or Autonomous Systems (AS).
EBGP routes have administrative distance of 20.
Stub network scenarios
A stub network has only one default path to non-local hosts.Stub networks are dead-end LANs
that know of only one network exit.
Stub networks may have multiple connections but use one path to single points of destination.

stub network Private AS removal

(One ISP)

Private range AS numbers (64512 – 65535).Private AS numbers should not be used on the
Internet since they are not unique like public AS numbers.
Sometimes, private AS numbers are used for customer networks that are behind a single
ISP.The advantage of doing this is that we will save some public AS numbers.
the disadvantage is that if you ever plan to connect to another ISP, you should switch to a public
AS number and remove private AS number.
Cisco IOS routers support the "remove-private-as" command for remove private as.
Non-stub scenarios
Not-so-stubby area (NSSA) is useful when it is required to inject external routes, but injection
of type 5 LSA routes is not required.
Look at the image above. There are two areas (backbone and area1) and RIP connection to
area1. We need Area1 to be configured as stub area, but it is also required to inject external
routes from RIP protocol.
Area1 should be configured as NSSA in this case.
iBGP and eBGP multihop and loopback usage
Loopback interface
In MikroTik, loopback interfaces are typically used for IBGP peering sessions. This is because
loopback interfaces are always up and reachable, even if the physical interfaces that connect
the routers are down. This ensures that the BGP session between the routers will remain up,
even if there is a problem with the physical links.
Multihop
The multihop configuration setting is used to allow BGP to communicate with peers that
are not directly connected.
.Specifies whether the remote peer is more than one hop away. The multihop is used only for
external BGP and not for internal BGP.
you must ensure that the TTL field in the BGP packets is set to a value that is greater than the
number of hops between the two BGP peers.

Route distribution and routing filters

Prefixes that are advertised by routing protocols like OSPF, EIGRP , RIP and BGP can be
filtered.One way of doing this is by using a distribute-list. Filtering can occur inbound or
outbound. ​
Route distribution reduces the number of unnecessary routing updates.
This is the most common way to distribute routes in BGP. You can redistribute routes from other
routing protocols, such as OSPF or RIP, into BGP. You can also redistribute routes from static
routes.

bgp best path selection algorithm

Border Gateway Protocol (BGP) routers typically receive multiple paths to the same destination.
The BGP best path algorithm decides which is the best path to install in the IP routing table and
to use for traffic forwarding
How the Best Path Algorithm Works
1.Weight - Prefer the path with the highest WEIGHT.
2.Local Preference - Prefer the path with the highest LOCAL_PREF
3.Network or Aggregate- Prefer the path that was locally originated via a network or aggregate
BGP subcommand or through redistribution from an IGP.
4. Shortest AS_PATH-Prefer the path with the shortest AS_PATH
5.Lowest origin type- Prefer the path with the lowest origin type
6. Lowest multi-exit discriminator (MED) -Prefer the path with the lowest multi-exit
discriminator (MED).
7.eBGP over iBGP- Prefer eBGP over iBGP paths.
8. Lowest IGP metric -Prefer the path with the lowest IGP metric to the BGP next hop.
9. Multiple paths-Determine if multiple paths require installation in the routing table for BGP
Multipath.
10.External paths- When both paths are external, prefer the path that was received first (the
oldest one).
11. Lowest router ID -Prefer the route that comes from the BGP router with the lowest router
ID.
12. Minimum cluster list-If the originator or router ID is the same for multiple paths, prefer the
path with the minimum cluster list length.
13.Lowest neighbor address- Prefer the path that comes from the lowest neighbor address.
BGP prefix attributes and their usage
BGP route reflectors and confederations
To reduce the number of IBGP peerings there are two techniques. Confederations and route
reflectors
n(n-1)/2=Number of ibgp peering

Confederations
A BGP confederation divides our AS into sub-ASes to reduce the number of required IBGP
peerings.
Within a sub-AS we still require full-mesh IBGP but between these sub-ASes we use something
that looks
like EBGP but behaves like IBGP (called confederation BGP).confederations are typically used
to divide an extremely large AS in to manageable zones.
route reflector
A route reflector is BGP router that is allowed to break the iBGP loop avoidance rule.
Route reflectors can advertise updates received from an iBGP peer to another iBGP peer under
specific conditions.
By breaking the rules, route reflectors are used to eliminate the full mesh requirement and allow
for building iBGP networks that scale easily and cleanly.
What is MPLS?
https://wiki.mikrotik.com/wiki/Manual:Basic_MPLS_setup_example
MPLS stands for Multi-protocol label switching. MPLS is a way to insure reliable connections for
real-time applications, but it's expensive.MPLS or Multiprotocol Label Switching is used widely
for it's performance and traffic engineering possibilities.

MPLS labels consist of four parts:

MPLS header can consist 32 bit
Label value: 20 bits
Experimental: 3 bits
Bottom of stack: 1 bit
Time to live: 8 bits
MPLS first 16 reserve

Static Label Mapping

label switching routers (LSRs) dynamically learn the labels they should use to label-switch
packets by means of label distribution protocols. Label Distribution Protocol use for bind labels
to network addresses
MPLS static lebels features configure two ways
1. The bindings between a label and an Ipv4 prefix
2. The contents of an LFIB crossconnect entry

The bindings between a label and an Ipv4 prefix

Static bindings between labels and IPv4 prefixes can be configured to support MPLS
hop-by-hop forwarding through neighbor routers

The contents of an LFIB crossconnect entry

Static crossconnects can be configured to support MPLS Label Switched Path (LSP) midpoints

Label Distribution Protocol (LDP)

The Label Distribution Protocol (LDP) is a protocol for the purpose of distributing labels in an
MPLS environment.
LDP first establishes a neighbor adjacency before it exchanges label information. First we send
UDP multicast hello packets to discover other neighbors. Once two routers decide to become
neighbors, they build the neighbor adjacency using a TCP connection. This connection is then
used for the exchange of label information. Normally a loopback interface is used for the
neighbor adjacency.Uses UDP (port 646) for session discovery and TCP (port 646) for
exchange of LDP messages

Configuring LDP
/mpls ldp set enabled=yes transport-address=1.1.1.1 lsr-id=2.2.2.2
/mpls ldp interface add interface=ether3
Dynamic level
What is Penultimate-hop-popping
PHP is penultimate hop popping which means remove the label one hop before its
destination.packet is removed by a Label Switch Router (LSR) before the packet is passed to an
adjacent Label Edge Router(LER).
The process is important in a Layer 3 MPLS VPN environment as it reduces the load on the
LER. If this process didn’t happen, the LER would have to perform at least 2 label lookups:
The outer label, identifying that the packet was destined to have its label stripped on this router.
The inner label, to identify which Virtual Routing and Forwarding (VRF) instance to use for the
subsequent IP routing lookup.
So that, In a large network this can result in the CPU load on the LER reaching unacceptable
levels. To avoid this extra work on the very last (ultimate) LSR, MPLS uses a feature called
penultimate hop popping (PHP).

MPLS traceroute differences

The traceroute facility is a useful troubleshooting tool that allows you to trace the path a packet
takes from an IP source to an IP destination. This tool is used extensively in the IP community.
Although the MPLS architecture does not change the inherent behavior of the traceroute facility,
it does handle the forwarding of traceroute packets slightly differently to a normal IP network.
MPLS Ping is different from normal ping, normal ping uses ICMP echo packets whereas MPLS
ping uses UDP Packets. Some times it is not possible to detect the MPLS problems with normal
ping we have to use MPLS ping. If the LSP is broken or any interface in middle of LSP is not
enabled with MPLS then MPLS Ping will return with " B " code that means we can reach
destination via IP not via Labels. If you are getting the "B" Code when using MPLS Ping then we
can use MPLS Traceroute to identify where the Label Switch Path is broken. Also, The MPLS
traceroute command works slightly differently from the normal traceroute command because the
routers running MPLS exchange labels to make forwarding decisions instead of IP routing
information.

LDP based VPLS tunnels

VPLS stands for Virtual private LAN Service. We know L2TPv3 which allows only point-to-point
layer 2 tunnels.Where as VPLS is a way to provide Ethernet-based multipoint to multipoint
communication over IP or MPLS networks.
LDP- Label Distribution Protocol. The LDP method of PE auto-discovery is based on that used
by the Label Distribution Protocol to distribute labels across P and PE routers within a single
autonomous system.

/interface vpls monitor

What is Bridge Split Horizon

Use split horizon bridging to prevent bridging loops. Set the same value for group of ports, to
prevent them from sending data to ports with the same horizon value.
Bridge Port Split Horizon is a feature that allows the efficient management of Traffic flow
between ports. Bridge Port Split Horizon was primarily developed as a loop avoidance
Technology on VPLS meshed Layer 2 Networks.
Create bridge> Set STP as none.
as well as when adding port in bridge there is a option Horizon

VPLS Control Word (CW) usage

In RouterOS Control Word is used for packet fragmentation and reassembly inside VPLS tunnel
and is done by utilizing optional Control Word (CW). CW is added between PW label
(demultiplexor) and packet payload and adds additional 4-byte overhead.
L2MTU importance and MPLS fragmentation
L2MTU
MTU stands for Maximum Transmission Unit. As well as, L2MTU stands for Layer-2 Maximum
Transmission Unit. MTU was introduced because of the high error rates and low speed of
communications.
Type of MTU
1. IP/Layer-3/L3 MTU
2. MPLS/Layer-2.5/L2.5 MTU
3. MAC/Layer-2/L2 MTU
4. Full frame MTU
we will take a closer look at required L2MTU of all Ethernet like interfaces including Bridge,
VLAN, VPLS interfaces.

#Q-in-Q router - this router will receive standard 1500 byte Ethernet frame and will add two
VLAN tags to the packet. Then packet will be sent out via Ethernet network to the second router
# VPLS router - this router will remove outer VLAN tag and will bridge packet with the remaining
VLAN tag with VPLS tunnel. VPLS tunnel will take packet through the MPLS network to the third
router.
#MPLS Edge router - will remove VPLS and VLAN tags and bridge packet to the client Ethernet
network.
MPLS fragmentation
Fragmentation of the data stream gives ability to correct corruption errors only by resending
corrupted fragment, not the whole stream.
an LSR receives a labeled packet that is too big to be sent out on a data link, the packet should
be fragmented. This is similar to fragmenting an IP packet. If a labeled packet is received and
the LSR notices that the outgoing MTU is not big enough for this packet, the LSR strips off the
label stack, fragments the IP packet, puts the label stack (after the pop, swap, or push
operation) onto all fragments, and forwards the fragments. Only if the IP header has the Don't
Fragment (DF) bit set does the LSR not fragment the IP packet, but it drops the packet and
returns an ICMP error message "Fragmentation needed and do not fragment bit set" (ICMP type
3, code 4) to the originator of the IP packet. As with the ICMP message "time exceeded" (type
11, code 0), which is sent when the TTL expires of a labeled packet, the "Fragmentation needed
and do not fragment bit set" ICMP message is sent, using a label stack that is the outgoing label
stack for the packet that caused the ICMP message to be created. This means that the ICMP
message travels further down the LSP until it reaches the egress LSR of that LSP. Then it is
returned to the originator of the packet with the DF bit set.

In general, fragmentation causes a performance impact and should be avoided. A good method
to avoid fragmentation is using the Path MTU Discovery method
One method to avoid fragmentation is Path MTU Discovery, which most modern IP hosts
perform automatically. In that case, the IP packets sent out have the "Don't Fragment" (DF) bit
set. When a packet encounters a router that cannot forward the packet without fragmenting it,
the router notices that the DF bit is set, drops the packet, and sends an ICMP error message
"Fragmentation needed and do not fragment bit set" (ICMP type 3, code 4) to the originator of
the IP packet. The originator of the IP packet then lowers the size of the packet and retransmits
the packet. If a problem still exists, the host can lower the size of the packet again. This
continues until no ICMP message is received for the IP packet. The size of the last IP packet
successfully sent is then used as maximum packet size for all subsequent IP traffic between the
specific source and destination; hence, it is the MTU of the path.

BGP based VPLS

VPLS stands for Virtual Private LAN Service. VPLS is a virtual private network (VPN)
technology. VPLS is a way to provide Ethernet-based multipoint to multipoint communication
over IP or MPLS networks.
Since VPLS emulates a LAN, full mesh connectivity is required. There are two methods for full
mesh establishment for VPLS: using Border Gateway Protocol (BGP) and using Label
Distribution Protocol (LDP).
BGP based autodiscovery and signaling of VPLS tunnels can help to avoid complexity of
configuration at the expense of running BGP protocol between VPLS routers. In general, BGP
based VPLS serves two purposes:
autodiscovery: there is no need to configure each VPLS router with all remote endpoints of
VPLS tunnels, provided there are means to deliver BGP multiprotocol NLRIs between them -
routers figure out remote endpoints of tunnels from received BGP Updates;
signaling: labels used for VPLS tunnels by remote endpoints are distributed in the same BGP
Updates, this means there is no need for targeted LDP sessions between tunnel endpoints as in
case of LDP signaled VPLS.
/Interface>VPLS
routing>BGP>Peer> add remote address and remote AS> address-families=l2vpn

VRF and route leaking

VRF is stands for Virtual Routing and Forwarding. VRF allows us to use multiple routing tables
on a router. In MPLS network connect two remote PC.
VRF VPNs work in Layer 3 and as such exchange IP prefixes between routers. VRFs solve the
problem of overlapping IP prefixes, and provide the required privacy (via separated routing for
different VPNs).
To create a VRF, configure it under /ip route vrf. You can now add routes to that VRF - simply
specify routing-mark attribute. Connected routes from interfaces belonging to a VRF will be
installed in the right routing table automatically.

Technically VRFs are based on policy routing. There is exactly one policy route table for each
active VRF.

There are two options to achieve this:

1.Static Routes
2. MP-BGP
/ip route vrf
L3VPN (BGP based Layer3 tunnels)
L3VPN stands for Layer3 Virtual Private Network. L3VPN also called is VPRN(Virtual Private
Routed Network). L3 VPNs are typically not deployed on utility networks due to their complexity;
however, a L3 VPN could be used to route traffic between corporate or datacenter locations.
Technologies used:
We can deploy layer-3 VPN
1. LDP for MPLS label distribution
2. BGP for VPNv4 route distribution
3. OSPF as CE - PE routing protocol

OSPF as CE-PE protocol

OSPF=Open Shortest Path Fast
CE= Customer Edge Router
PE=Provider Edge Router
OSPF as the VPN inter-site routing protocol in an MPLS VPN environment. We can configure
OSPF (version 2 or version 3) to distribute VPN-related routes between PE and CE routers.
What is traffic engineering and how it works
TE stands for Traffic Engineering. Traffic Engineering which is used for manipulating traffic to fit
a particular network.
Both path in use
/mpls traffic-eng interface
add interface=ether1 bandwidth=10Mbps
add interface=ether2 bandwidth=10Mbps

https://wiki.mikrotik.com/wiki/Manual:Simple_TE

RSVP, Static path, dynamic path (CSPF)

RSVP
RSVP- Resource Reservation Protocol of Traffic Engineering. It supports the reservation of
resources across an IP network. Applications running on IP end systems can use RSVP to
indicate to other nodes the nature (bandwidth, jitter, maximum burst, and so forth) of the packet
streams they want to receive. RSVP runs on both IPv4 and IPv6.
Setting Resource Reservation
set up TE resource for every interface on which we might want to run TE tunnel.
Configuration on all the routers are the same:
/mpls traffic-eng interface
add interface=ether1 bandwidth=10Mbps
add interface=ether2 bandwidth=10Mbps

Static path

Since our primary goal is to strictly forward traffic over specific path we will use static path
configuration as primary,
/mpls traffic-eng tunnel-path
add name=dyn use-cspf=yes
add name=tun-first-link use-cspf=no \
 hops=192.168.33.2:strict,192.168.33.5:strict,192.168.33.6:strict

/interface traffic-eng
add bandwidth=5Mbps name=TE-to-R3 to-address=10.255.0.3 primary-path=tun-first-link \
secondary-paths=dyn record-route=yes from-address=10.255.0.1

dynamic path (CSPF)

CSPF- Constrained Shortest Path First.
Dynamic paths are created using Constrained Shortest Path First (CSPF) to determine the best
path to a destination. CSPF uses path constraints, such as bandwidth, affinities, priorities, and
so on, as part of the computation.
and dynamic (CSPF) as secondary path if primary fails.
1. manually - which is not what we need
2. automatically - at specific interval
To set up path re-optimization we need to specify interval.
/interface trafic-eng set TE-to-R3 reoptimize-interval=5s
Bandwidth allocation and bandwidth limitation differences
and settings
When we are talk about bandwidth everybody be think about only 2 thing
(download and upload) but for real uses.

Why implement bandwidth control?

You have finite bandwidth that you pay for based on capacity

Benefits of Bandwidth Control

Create different service levels to meet customer requirements
• Residential Services
• Business Services

Where do you implement Bandwidth Control?

Data Center, ISP

Bandwidth Control Implementation Options

• Simple Queues
• PCQ