eHi!
I am using 'OpenBSD 4.8-current (GENERIC) #313: Mon Nov 1 11:04:25 MDT 2010' i
set up some good number of testing machines and started to try out the bgp mpls
vpn stuff (based on man bgpd.conf, man ldpd.conf man man route +
http://marc.info/?l=openbsd-misc&m=127470697232025&w=1 and i also did some
general reading on mpls & mpls-vpn)
What i got so far is working bgp mpls vpn between two computers if they are
directly connected like this. (The objective was to create behind PE1 two
private vlans 172.116.93/24 and 172.117.93/24 into different rdomains which can
communicate which their respective counterpart vlans behind PE2, 172.116.94/24
and 172.117.94/24))
em0 - management interface
em1 - interface running mpls
em2 - rdomains interface running vlans
PE1
em0 _____ em2 (up)
| |
|_____| lo1 (inet 10.10.11.1 255.255.255.0 NONE)
| vlan116 (rdomain 116
| vlan 116 vlandev em2
| inet 172.116.93.1 255.255.255.0 NONE)
| vlan117 (rdomain 117
| vlan 117 vlandev em2
| inet 172.117.93.1 255.255.255.0 NONE)
| mpe116 (rdomain 116 mplslabel 11693
| inet 10.168.116.93 255.255.255.255)
| mpe117 (rdomain 117 mplslabel 11793
| inet 10.168.117.93 255.255.255.255)
| em1 (inet 10.0.11.1 255.255.255.0 NONE mpls)
|
|
|
|
|
| lo1 (inet 10.10.12.1 255.255.255.0 NONE)
| vlan116 (rdomain 116
| vlan 116 vlandev em2
| inet 172.116.94.1 255.255.255.0 NONE)
| vlan117 (rdomain 117
| vlan 117 vlandev em2
| inet 172.117.94.1 255.255.255.0 NONE) |
| mpe116 (rdomain 116 mplslabel 11694
| inet 10.168.116.94 255.255.255.255)
| mpe117 (rdomain 117 mplslabel 11794
| inet 10.168.117.94 255.255.255.255)
| em1 (inet 10.0.11.254 255.255.255.0 NONE mpls)
__|__
| |
|_____|
em0 em2 (up)
PE2
where relevant configuration files are like this
configs on PE1
# cat /etc/bgpd.conf
AS 65001
router-id 10.10.11.1
listen on 10.10.11.1
rdomain 116 {
descr "cust 116 site a"
rd 65001:1
import-target rt 65001:116
export-target rt 65001:116
depend on mpe116
network 172.116.93.0/24
}
rdomain 117 {
descr "cust 117 site a"
rd 65001:1
import-target rt 65001:117
export-target rt 65001:117
depend on mpe117
network 172.117.93.0/24
}
neighbor 10.10.12.1 {
remote-as 65001
descr AS65001
announce IPv4 vpn
announce IPv4 unicast
local-address 10.10.11.1
}
allow from any
# cat /etc/ospfd.conf
redistribute connected
redistribute 10.10.11.1/32
area 0.0.0.5 {
interface em1 {
}
}
configs on PE2
# cat /etc/bgpd.conf
AS 65001
router-id 10.10.12.1
listen on 10.10.12.1
rdomain 116 {
descr "cust 116 site b"
rd 65001:1
import-target rt 65001:116
export-target rt 65001:116
depend on mpe116
network 172.116.94.0/24
}
rdomain 117 {
descr "cust 117 site b"
rd 65001:1
import-target rt 65001:117
export-target rt 65001:117
depend on mpe117
network 172.117.94.0/24
}
neighbor 10.10.11.1 {
remote-as 65001
descr AS65001
announce IPv4 vpn
announce IPv4 unicast
local-address 10.10.12.1
}
allow from any
# cat /etc/ospfd.conf
redistribute connected
redistribute 10.10.12.1/32
area 0.0.0.5 {
interface em1 {
}
}
As a result i can issue successfully on PE1
PE1# ping -V 116 -I 172.116.93.1 172.116.94.1
and i can see witch tcpdump MPLS traffic between em1 devices. Please comment on
this setup, maybe something is still wrong here althougt it seems to work.
But now to the problem part. When i try to set up between two PE routers three
P routers then i loose connections between vpn's.
What i do in addition to above described setup is
1. configure on P routers ordinary ip interfaces + mpls, like this
inet 10.0.171.254 255.255.255.0 NONE
mpls
2. enable ip forwarding the ordinary way (net.inet.ip.forwarding=1) and use
ospfd
3. run on all P routers ldpd with (router-id is uniq on each)
fast="2"
router-id 10.10.11.9
distribution independent
retention liberal
advertisement unsolicited
interface em1 {
}
interface em2 {
}
4. run on both PE routers ldpd with (router id is the same as bgp router id)
fast="2"
router-id 10.10.12.1
distribution independent
retention liberal
advertisement unsolicited
interface lo0 {
}
interface em1 {
}
And what i observe is MPLE packet gets out from PE and i see it on first P
routers ingress interface but thats all, it seems it does not get routed
further. And when i look at the labels with ldpctl and route -n show -mpls it
seems not too logical what i see there also. For example at PE1 it says
mpls-3:/etc# ldpctl show lib
Destination Nexthop Local Label Remote Label In Use
0.0.0.0/0 10.10.11.8 21 - no
10.0.11.0/24 10.0.11.254 3 Untagged yes
10.0.11.0/24 0.0.0.0 3 Untagged yes
10.0.12.0/24 10.0.11.1 16 Untagged yes
10.0.171.0/24 10.0.11.1 17 Untagged yes
10.0.172.0/24 10.0.11.1 18 Untagged yes
10.10.11.1/32 10.10.11.1 19 Untagged yes
10.10.12.1/32 10.0.11.1 20 Untagged yes
192.168.10.0/24 10.0.11.1 3 Untagged yes
192.168.10.0/24 0.0.0.0 3 Untagged yes
mpls-3:/etc# route -n show -mpls
Routing tables
MPLS:
In label Out label Op Gateway Flags Refs Use Mtu Prio
Interface
16 - LOCAL 10.0.11.1 UGT 0 0 - 32
em2
17 - LOCAL 10.0.11.1 UGT 0 0 - 32
em2
18 - LOCAL 10.0.11.1 UGT 0 0 - 32
em2
19 - LOCAL 10.10.11.1 UGT 0 6 33160 4
lo1
20 - LOCAL 10.0.11.1 UGT 0 0 - 32
em2
11693 - POP mpe116 UT 0 57 - 4
mpe116
11793 - POP mpe117 UT 0 31 - 4
mpe117
mpls-3:/etc# bgpctl show rib
flags: * = Valid, > = Selected, I = via IBGP, A = Announced
origin: i = IGP, e = EGP, ? = Incomplete
flags destination gateway lpref med aspath origin
AI*> rd 65001:1 172.116.93.0/24 rd 0:0 0.0.0.0 100 0 i
I*> rd 65001:1 172.116.94.0/24 10.10.12.1 100 0 i
AI*> rd 65001:1 172.117.93.0/24 rd 0:0 0.0.0.0 100 0 i
I*> rd 65001:1 172.117.94.0/24 10.10.12.1 100 0 i
at P in the middle it says
mpls-4:~# ldpctl show lib
Destination Nexthop Local Label Remote Label In Use
0.0.0.0/0 192.168.10.254 16 Untagged yes
10.0.11.0/24 10.0.171.1 17 Pop tag yes
10.0.12.0/24 10.0.172.1 18 Untagged yes
10.0.171.0/24 10.0.171.254 3 Untagged yes
10.0.171.0/24 0.0.0.0 3 Untagged yes
10.0.172.0/24 10.0.172.254 3 Untagged yes
10.0.172.0/24 0.0.0.0 3 Untagged yes
10.10.11.1/32 10.0.171.1 19 19 yes
10.10.12.1/32 10.0.172.1 20 Untagged yes
192.168.10.0/24 10.0.172.1 3 Untagged yes
192.168.10.0/24 10.0.171.1 3 Pop tag yes
192.168.10.0/24 0.0.0.0 3 Untagged yes
mpls-4:~# route -n show -mpls
Routing tables
MPLS:
In label Out label Op Gateway Flags Refs Use Mtu Prio
Interface
16 - LOCAL 192.168.10.254 UGT 0 0 - 8
em0
17 - POP 10.0.171.1 UGT 0 0 - 32
em1
18 - LOCAL 10.0.172.1 UGT 0 0 - 32
em2
19 19 SWAP 10.0.171.1 UGT 0 10 - 32
em1
20 - LOCAL 10.0.172.1 UGT 0 0 - 32
em2
and at PE2 it says
mpls-5:/etc# ldpctl show lib
Destination Nexthop Local Label Remote Label In Use
10.0.11.0/24 10.0.12.1 16 17 yes
10.0.12.0/24 10.0.12.254 3 Untagged yes
10.0.12.0/24 0.0.0.0 3 Untagged yes
10.0.171.0/24 10.0.12.1 17 18 yes
10.0.172.0/24 10.0.12.1 18 Pop tag yes
10.10.11.1/32 10.0.12.1 19 19 yes
10.10.12.1/32 10.10.12.1 20 Untagged yes
192.168.10.0/24 10.0.12.1 3 Pop tag yes
192.168.10.0/24 0.0.0.0 3 Untagged yes
mpls-5:/etc# route -n show -mpls
Routing tables
MPLS:
In label Out label Op Gateway Flags Refs Use Mtu Prio
Interface
16 17 SWAP 10.0.12.1 UGT 0 0 - 32
em1
17 18 SWAP 10.0.12.1 UGT 0 0 - 32
em1
18 - POP 10.0.12.1 UGT 0 0 - 32
em1
19 19 SWAP 10.0.12.1 UGT 0 0 - 32
em1
20 - LOCAL 10.10.12.1 UGT 0 16 33160 4
lo1
11694 - POP mpe116 UT 0 0 - 4
mpe116
11794 - POP mpe117 UT 0 0 - 4
mpe117
mpls-5:/etc# bgpctl show rib
flags: * = Valid, > = Selected, I = via IBGP, A = Announced
origin: i = IGP, e = EGP, ? = Incomplete
flags destination gateway lpref med aspath origin
I*> rd 65001:1 172.116.93.0/24 10.10.11.1 100 0 i
AI*> rd 65001:1 172.116.94.0/24 rd 0:0 0.0.0.0 100 0 i
I*> rd 65001:1 172.117.93.0/24 10.10.11.1 100 0 i
AI*> rd 65001:1 172.117.94.0/24 rd 0:0 0.0.0.0 100 0 i
(just for the record, between mpls-3 and mpls-4 is P-router mpls-8, and between
mpls-4 ja mpls-5 is P-router mpls-9, their output isnt shown)
I suspect i miss one of these
1. i misuse ldpd
2. i havent configured correctly on P routers mpls forwarding (read on man
route something about -in, -out, -push, -swap but have no idea how to use them)
3. i read that doing mpls-vpn there are actually two mpls labels used, one to
choose correct rdomain in PE and the other to get packet thru MPLS network, i
cant get on my packets the top label
I would be very glad if you could point me to the right direction!
Best regards,
Imre
