Re: [FROG] FRRouting and MPLS (Yakov Sh.)

27 Feb 2021

      Hi all

I am trying Yakov blog below to test L3VPN using FRR7.5 and the last PE is
not capable to de-encapsulate the labelled traffic and send it to the CE.

This is the diagram in my lab:

https://github.com/thomarite/linux-mpls-testing/blob/master/lab4-l3vpn/diagr...

For example CE1 (vrf_cust1 - 192.168.11.102/24) tries to ping CE3
(vrf_cust1 - 192.168.23.102/24)

P1 is receiving the traffic with double labels as expected from PE1:

19:28:46.075164 MPLS (label 17, exp 0, ttl 63) (label 80, exp 0, [S], ttl
63) IP 192.168.11.102 > 192.168.23.102: ICMP echo request, id 2296, seq 10,
length 64
19:28:47.099199 MPLS (label 17, exp 0, ttl 63) (label 80, exp 0, [S], ttl
63) IP 192.168.11.102 > 192.168.23.102: ICMP echo request, id 2296, seq 11,
length 64

PE2 is receiving the traffic on ens8 with just one label after P1 doing PHP:

19:28:46.074437 MPLS (label 80, exp 0, [S], ttl 63) IP 192.168.11.102 >
192.168.23.102: ICMP echo request, id 2296, seq 10, length 64
19:28:47.098555 MPLS (label 80, exp 0, [S], ttl 63) IP 192.168.11.102 >
192.168.23.102: ICMP echo request, id 2296, seq 11, length 64

But then PE2 is not sending anything to CE3. I can't see anything in either
end. I have checked iptables in my host just in case but I think PE2 is not
sending anything.
...
From PE2, all routing seems correct:
PE2# show mpls table
 Inbound Label  Type  Nexthop         Outbound Label
 -----------------------------------------------------
 16             LDP   192.168.77.102  16
 17             LDP   192.168.77.102  implicit-null
 18             LDP   192.168.77.102  implicit-null
 80             BGP   vrf_cust1       -
 81             BGP   vrf_cust2       -

PE2#
PE2# show bgp summary

IPv4 Unicast Summary:
BGP router identifier 172.20.5.2, local AS number 65010 vrf-id 0
BGP table version 0
RIB entries 0, using 0 bytes of memory
Peers 1, using 21 KiB of memory

Neighbor        V         AS   MsgRcvd   MsgSent   TblVer  InQ OutQ
 Up/Down State/PfxRcd   PfxSnt
172.20.5.1      4      65010       101       108        0    0    0
01:35:41            0        0

Total number of neighbors 1

IPv4 VPN Summary:
BGP router identifier 172.20.5.2, local AS number 65010 vrf-id 0
BGP table version 0
RIB entries 7, using 1344 bytes of memory
Peers 1, using 21 KiB of memory

Neighbor        V         AS   MsgRcvd   MsgSent   TblVer  InQ OutQ
 Up/Down State/PfxRcd   PfxSnt
172.20.5.1      4      65010       101       108        0    0    0
01:35:41            2        2

Total number of neighbors 1
PE2#
PE2# show ip route vrf vrf_cust1
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
       F - PBR, f - OpenFabric,
       > - selected route, * - FIB route, q - queued, r - rejected, b -
backup

VRF vrf_cust1:
B>  192.168.11.0/24 [200/0] via 172.20.5.1 (vrf default) (recursive), label
80, weight 1, 01:35:40
  *                           via 192.168.77.102, ens8 (vrf default), label
16/80, weight 1, 01:35:40
C>* 192.168.23.0/24 is directly connected, ens6, 01:38:19
PE2#
PE2#
PE2# show isis neighbor
Area ISIS:
  System Id           Interface   L  State        Holdtime SNPA
  P1                  ens8        2  Up            28       2020.2020.2020
PE2#

vagrant@PE2:~$ ip route
default via 192.168.121.1 dev ens5 proto dhcp src 192.168.121.31 metric
1024
172.20.5.1  encap mpls  16 via 192.168.77.102 dev ens8 proto isis metric 20
172.20.5.5 via 192.168.77.102 dev ens8 proto isis metric 20
192.168.66.0/24 via 192.168.77.102 dev ens8 proto isis metric 20
192.168.77.0/24 dev ens8 proto kernel scope link src 192.168.77.101
192.168.121.0/24 dev ens5 proto kernel scope link src 192.168.121.31
192.168.121.1 dev ens5 proto dhcp scope link src 192.168.121.31 metric 1024
vagrant@PE2:~$
vagrant@PE2:~$ ip -4 a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
default qlen 1000
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet 172.20.5.2/32 scope global lo
       valid_lft forever preferred_lft forever
2: ens5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
UP group default qlen 1000
    inet 192.168.121.31/24 brd 192.168.121.255 scope global dynamic ens5
       valid_lft 2524sec preferred_lft 2524sec
3: ens6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master
vrf_cust1 state UP group default qlen 1000
    inet 192.168.23.101/24 brd 192.168.23.255 scope global ens6
       valid_lft forever preferred_lft forever
4: ens7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master
vrf_cust2 state UP group default qlen 1000
    inet 192.168.24.101/24 brd 192.168.24.255 scope global ens7
       valid_lft forever preferred_lft forever
5: ens8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
UP group default qlen 1000
    inet 192.168.77.101/24 brd 192.168.77.255 scope global ens8
       valid_lft forever preferred_lft forever
vagrant@PE2:~$
vagrant@PE2:~$ ip -M route
16 as to 16 via inet 192.168.77.102 dev ens8 proto ldp
17 via inet 192.168.77.102 dev ens8 proto ldp
18 via inet 192.168.77.102 dev ens8 proto ldp
vagrant@PE2:~$
vagrant@PE2:~$ ip route show table 10
blackhole default
192.168.11.0/24  encap mpls  16/80 via 192.168.77.102 dev ens8 proto bgp
metric 20
broadcast 192.168.23.0 dev ens6 proto kernel scope link src 192.168.23.101
192.168.23.0/24 dev ens6 proto kernel scope link src 192.168.23.101
local 192.168.23.101 dev ens6 proto kernel scope host src 192.168.23.101
broadcast 192.168.23.255 dev ens6 proto kernel scope link src
192.168.23.101
vagrant@PE2:~$
 vagrant@PE2:~$ ip vrf
Name              Table
-----------------------
vrf_cust1           10
vrf_cust2           20
vagrant@PE2:~$

This is PE2 FRR config:

PE2# show running-config
Building configuration...

Current configuration:
!
frr version 7.5
frr defaults traditional
hostname PE2
service integrated-vtysh-config
!
interface ens8
 ip router isis ISIS
 isis circuit-type level-2-only
 isis network point-to-point
!
interface lo
 ip router isis ISIS
 isis passive
!
router bgp 65010
 neighbor 172.20.5.1 remote-as 65010
 neighbor 172.20.5.1 update-source 172.20.5.2
 !
 address-family ipv4 vpn
  neighbor 172.20.5.1 activate
 exit-address-family
!
router bgp 65010 vrf vrf_cust1
 !
 address-family ipv4 unicast
  redistribute connected
  label vpn export auto
  rd vpn export 65010:10
  rt vpn both 1:1
  export vpn
  import vpn
 exit-address-family
!
router bgp 65010 vrf vrf_cust2
 !
 address-family ipv4 unicast
  redistribute connected
  label vpn export auto
  rd vpn export 65010:20
  rt vpn both 2:2
  export vpn
  import vpn
 exit-address-family
!
mpls ldp
 router-id 172.20.5.2
 !
 address-family ipv4
  discovery transport-address 172.20.5.2
  !
  interface ens8
  !
 exit-address-family
 !
!
router isis ISIS
 net 49.0001.1720.2000.5002.00
!
line vty
!
end
PE2#

This is PE2 sysctl mpls config:

root@PE2:/home/vagrant# sysctl -a | grep mpls
net.mpls.conf.ens5.input = 0
net.mpls.conf.ens6.input = 0
net.mpls.conf.ens7.input = 0
net.mpls.conf.ens8.input = 1
net.mpls.conf.lo.input = 0
net.mpls.conf.vrf_cust1.input = 0
net.mpls.conf.vrf_cust2.input = 0
net.mpls.default_ttl = 255
net.mpls.ip_ttl_propagate = 1
net.mpls.platform_labels = 100000
root@PE2:/home/vagrant#

This is PE1:

PE1#
PE1# show bgp summary

IPv4 Unicast Summary:
BGP router identifier 172.20.5.1, local AS number 65010 vrf-id 0
BGP table version 0
RIB entries 0, using 0 bytes of memory
Peers 1, using 21 KiB of memory

Neighbor        V         AS   MsgRcvd   MsgSent   TblVer  InQ OutQ
 Up/Down State/PfxRcd   PfxSnt
172.20.5.2      4      65010       111       105        0    0    0
01:39:14            0        0

Total number of neighbors 1

IPv4 VPN Summary:
BGP router identifier 172.20.5.1, local AS number 65010 vrf-id 0
BGP table version 0
RIB entries 11, using 2112 bytes of memory
Peers 1, using 21 KiB of memory

Neighbor        V         AS   MsgRcvd   MsgSent   TblVer  InQ OutQ
 Up/Down State/PfxRcd   PfxSnt
172.20.5.2      4      65010       111       105        0    0    0
01:39:14            2        2

Total number of neighbors 1
PE1#
PE1#
PE1# show mpls table
 Inbound Label  Type  Nexthop         Outbound Label
 -----------------------------------------------------
 16             LDP   192.168.66.102  implicit-null
 17             LDP   192.168.66.102  implicit-null
 18             LDP   192.168.66.102  17
 80             BGP   vrf_cust1       -
 81             BGP   vrf_cust2       -

PE1#
PE1# show ip route vrf
all        default    vrf_cust1  vrf_cust2
PE1# show ip route vrf vrf_cust1
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
       F - PBR, f - OpenFabric,
       > - selected route, * - FIB route, q - queued, r - rejected, b -
backup

VRF vrf_cust1:
C>* 192.168.11.0/24 is directly connected, ens6, 01:44:51
B>  192.168.23.0/24 [200/0] via 172.20.5.2 (vrf default) (recursive), label
80, weight 1, 01:39:18
  *                           via 192.168.66.102, ens8 (vrf default), label
17/80, weight 1, 01:39:18
PE1#
 PE1# show isis neighbor
Area ISIS:
  System Id           Interface   L  State        Holdtime SNPA
  P1                  ens8        2  Up            30       2020.2020.2020
PE1#
PE1#

If I try to ping CE3 to CE1, I see exactly the same behaviour in PE1.

Any idea what I am missing?

Thanks
tomas

On Mon, Nov 23, 2020 at 12:00 PM <frog-request@lists.frrouting.org> wrote:
...
Date: Mon, 23 Nov 2020 10:27:44 +0000
From: "Yakov Sh." <yman@protonmail.ch>
To: Olivier CALVANO <o.calvano@gmail.com>
Cc: "frog@lists.frrouting.org" <frog@lists.frrouting.org>
Subject: Re: [FROG] FRRouting and MPLS
Message-ID:
<TaX1p13MyS4pDJfNgZ_qra4Lqq-QppV4Gc_JkTUmi9s41lOR7krEd9PBvr1kfX52s03BEhaxOxsaeb_KiIeKoe0QVUUnx-zRhDI72rDSwrM=@
protonmail.ch>
...
Content-Type: text/plain; charset="utf-8"
Hi!
I had not much experience with FRR in production, but I gave it a try
some time ago in a lab and was able to build L3VPN service on VMs with
kernel VRF support. You can see details in my blog post -
http://dvjourney.yman.site/2018/10/26/l3vpn-on-linux/
...
For L2VPN, as stated in docs, only OpenBSD supports VPWS/VPLS at the
moment. http://docs.frrouting.org/en/latest/overview.html#feature-matrix
Yakov Sh.
telegram: @darkyman
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Monday, November 23, 2020 12:15 PM, Olivier CALVANO <
o.calvano@gmail.com> wrote:
...
Hello,
I have just installed FRR for the first time on a Linux CentOS 8
distribution. I am therefore just starting out.
I am gradually reading the forums but there is a lot of information.
FRR manages without worries the BGP and the ISIS which I use regularly on
my cisco routers.
I am now trying to find out if FRR can integrate more deeply into my
network, particularly at the MPLS level. as I understood it is in the
Kernel that this is done and not in FRR, but is there a way to integrate
VRF IP VPN? and the creation of a VLAN type subinterface directly in FRR?
Then last question: Is there an implementation of the Cisco EoMPLS
equivalent in FRR? (xconnect encapsultation mpls)
thank you
Olivier

Re: [FROG] FRRouting and MPLS (Yakov Sh.)

Tomás Morales