Hi all
I am trying Yakov blog below to test L3VPN using FRR7.5 and the last PE is not capable to de-encapsulate the labelled traffic and send it to the CE.
This is the diagram in my lab:
19:28:46.075164 MPLS (label 17, exp 0, ttl 63) (label 80, exp 0, [S], ttl 63) IP 192.168.11.102 >
192.168.23.102: ICMP echo request, id 2296, seq 10, length 64
19:28:47.099199 MPLS (label 17, exp 0, ttl 63) (label 80, exp 0, [S], ttl 63) IP 192.168.11.102 >
192.168.23.102: ICMP echo request, id 2296, seq 11, length 64
PE2 is receiving the traffic on ens8 with just one label after P1 doing PHP:
19:28:46.074437 MPLS (label 80, exp 0, [S], ttl 63) IP 192.168.11.102 >
192.168.23.102: ICMP echo request, id 2296, seq 10, length 64
19:28:47.098555 MPLS (label 80, exp 0, [S], ttl 63) IP 192.168.11.102 >
192.168.23.102: ICMP echo request, id 2296, seq 11, length 64
But then PE2 is not sending anything to CE3. I can't see anything in either end. I have checked iptables in my host just in case but I think PE2 is not sending anything.
From PE2, all routing seems correct:
PE2# show mpls table
Inbound Label Type Nexthop Outbound Label
-----------------------------------------------------
16 LDP 192.168.77.102 16
17 LDP 192.168.77.102 implicit-null
18 LDP 192.168.77.102 implicit-null
80 BGP vrf_cust1 -
81 BGP vrf_cust2 -
PE2#
PE2# show bgp summary
IPv4 Unicast Summary:
BGP router identifier 172.20.5.2, local AS number 65010 vrf-id 0
BGP table version 0
RIB entries 0, using 0 bytes of memory
Peers 1, using 21 KiB of memory
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd PfxSnt
172.20.5.1 4 65010 101 108 0 0 0 01:35:41 0 0
Total number of neighbors 1
IPv4 VPN Summary:
BGP router identifier 172.20.5.2, local AS number 65010 vrf-id 0
BGP table version 0
RIB entries 7, using 1344 bytes of memory
Peers 1, using 21 KiB of memory
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd PfxSnt
172.20.5.1 4 65010 101 108 0 0 0 01:35:41 2 2
Total number of neighbors 1
PE2#
PE2# show ip route vrf vrf_cust1
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
F - PBR, f - OpenFabric,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
VRF vrf_cust1:
B>
192.168.11.0/24 [200/0] via 172.20.5.1 (vrf default) (recursive), label 80, weight 1, 01:35:40
* via 192.168.77.102, ens8 (vrf default), label 16/80, weight 1, 01:35:40
C>*
192.168.23.0/24 is directly connected, ens6, 01:38:19
PE2#
PE2#
PE2# show isis neighbor
Area ISIS:
System Id Interface L State Holdtime SNPA
P1 ens8 2 Up 28 2020.2020.2020
PE2#
vagrant@PE2:~$ ip route
default via 192.168.121.1 dev ens5 proto dhcp src 192.168.121.31 metric 1024
172.20.5.1 encap mpls 16 via 192.168.77.102 dev ens8 proto isis metric 20
172.20.5.5 via 192.168.77.102 dev ens8 proto isis metric 20
192.168.66.0/24 via 192.168.77.102 dev ens8 proto isis metric 20
192.168.77.0/24 dev ens8 proto kernel scope link src 192.168.77.101
192.168.121.0/24 dev ens5 proto kernel scope link src 192.168.121.31
192.168.121.1 dev ens5 proto dhcp scope link src 192.168.121.31 metric 1024
vagrant@PE2:~$
vagrant@PE2:~$ ip -4 a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
inet
127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet
172.20.5.2/32 scope global lo
valid_lft forever preferred_lft forever
2: ens5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
inet
192.168.121.31/24 brd 192.168.121.255 scope global dynamic ens5
valid_lft 2524sec preferred_lft 2524sec
3: ens6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vrf_cust1 state UP group default qlen 1000
inet
192.168.23.101/24 brd 192.168.23.255 scope global ens6
valid_lft forever preferred_lft forever
4: ens7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vrf_cust2 state UP group default qlen 1000
inet
192.168.24.101/24 brd 192.168.24.255 scope global ens7
valid_lft forever preferred_lft forever
5: ens8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
inet
192.168.77.101/24 brd 192.168.77.255 scope global ens8
valid_lft forever preferred_lft forever
vagrant@PE2:~$
vagrant@PE2:~$ ip -M route
16 as to 16 via inet 192.168.77.102 dev ens8 proto ldp
17 via inet 192.168.77.102 dev ens8 proto ldp
18 via inet 192.168.77.102 dev ens8 proto ldp
vagrant@PE2:~$
vagrant@PE2:~$ ip route show table 10
blackhole default
192.168.11.0/24 encap mpls 16/80 via 192.168.77.102 dev ens8 proto bgp metric 20
broadcast 192.168.23.0 dev ens6 proto kernel scope link src 192.168.23.101
192.168.23.0/24 dev ens6 proto kernel scope link src 192.168.23.101
local 192.168.23.101 dev ens6 proto kernel scope host src 192.168.23.101
broadcast 192.168.23.255 dev ens6 proto kernel scope link src 192.168.23.101
vagrant@PE2:~$
vagrant@PE2:~$ ip vrf
Name Table
-----------------------
vrf_cust1 10
vrf_cust2 20
vagrant@PE2:~$
This is PE2 FRR config:
PE2# show running-config
Building configuration...
Current configuration:
!
frr version 7.5
frr defaults traditional
hostname PE2
service integrated-vtysh-config
!
interface ens8
ip router isis ISIS
isis circuit-type level-2-only
isis network point-to-point
!
interface lo
ip router isis ISIS
isis passive
!
router bgp 65010
neighbor 172.20.5.1 remote-as 65010
neighbor 172.20.5.1 update-source 172.20.5.2
!
address-family ipv4 vpn
neighbor 172.20.5.1 activate
exit-address-family
!
router bgp 65010 vrf vrf_cust1
!
address-family ipv4 unicast
redistribute connected
label vpn export auto
rd vpn export 65010:10
rt vpn both 1:1
export vpn
import vpn
exit-address-family
!
router bgp 65010 vrf vrf_cust2
!
address-family ipv4 unicast
redistribute connected
label vpn export auto
rd vpn export 65010:20
rt vpn both 2:2
export vpn
import vpn
exit-address-family
!
mpls ldp
router-id 172.20.5.2
!
address-family ipv4
discovery transport-address 172.20.5.2
!
interface ens8
!
exit-address-family
!
!
router isis ISIS
net 49.0001.1720.2000.5002.00
!
line vty
!
end
PE2#
This is PE2 sysctl mpls config:
root@PE2:/home/vagrant# sysctl -a | grep mpls
net.mpls.conf.ens5.input = 0
net.mpls.conf.ens6.input = 0
net.mpls.conf.ens7.input = 0
net.mpls.conf.ens8.input = 1
net.mpls.conf.lo.input = 0
net.mpls.conf.vrf_cust1.input = 0
net.mpls.conf.vrf_cust2.input = 0
net.mpls.default_ttl = 255
net.mpls.ip_ttl_propagate = 1
net.mpls.platform_labels = 100000
root@PE2:/home/vagrant#
This is PE1:
PE1#
PE1# show bgp summary
IPv4 Unicast Summary:
BGP router identifier 172.20.5.1, local AS number 65010 vrf-id 0
BGP table version 0
RIB entries 0, using 0 bytes of memory
Peers 1, using 21 KiB of memory
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd PfxSnt
172.20.5.2 4 65010 111 105 0 0 0 01:39:14 0 0
Total number of neighbors 1
IPv4 VPN Summary:
BGP router identifier 172.20.5.1, local AS number 65010 vrf-id 0
BGP table version 0
RIB entries 11, using 2112 bytes of memory
Peers 1, using 21 KiB of memory
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd PfxSnt
172.20.5.2 4 65010 111 105 0 0 0 01:39:14 2 2
Total number of neighbors 1
PE1#
PE1#
PE1# show mpls table
Inbound Label Type Nexthop Outbound Label
-----------------------------------------------------
16 LDP 192.168.66.102 implicit-null
17 LDP 192.168.66.102 implicit-null
18 LDP 192.168.66.102 17
80 BGP vrf_cust1 -
81 BGP vrf_cust2 -
PE1#
PE1# show ip route vrf
all default vrf_cust1 vrf_cust2
PE1# show ip route vrf vrf_cust1
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
F - PBR, f - OpenFabric,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
VRF vrf_cust1:
C>*
192.168.11.0/24 is directly connected, ens6, 01:44:51
B>
192.168.23.0/24 [200/0] via 172.20.5.2 (vrf default) (recursive), label 80, weight 1, 01:39:18
* via 192.168.66.102, ens8 (vrf default), label 17/80, weight 1, 01:39:18
PE1#
PE1# show isis neighbor
Area ISIS:
System Id Interface L State Holdtime SNPA
P1 ens8 2 Up 30 2020.2020.2020
PE1#
PE1#
If I try to ping CE3 to CE1, I see exactly the same behaviour in PE1.
Any idea what I am missing?
Thanks
tomas
On Mon, Nov 23, 2020 at 12:00 PM <
frog-request@lists.frrouting.org> wrote:
>
>
> Date: Mon, 23 Nov 2020 10:27:44 +0000
> From: "Yakov Sh." <
yman@protonmail.ch>
> To: Olivier CALVANO <
o.calvano@gmail.com>
> Cc: "
frog@lists.frrouting.org" <
frog@lists.frrouting.org>
> Subject: Re: [FROG] FRRouting and MPLS
> Message-ID:
> <TaX1p13MyS4pDJfNgZ_qra4Lqq-QppV4Gc_JkTUmi9s41lOR7krEd9PBvr1kfX52s03BEhaxOxsaeb_KiIeKoe0QVUUnx-zRhDI72rDSwrM=@
protonmail.ch>
>
> Content-Type: text/plain; charset="utf-8"
>
> Hi!
> I had not much experience with FRR in production, but I gave it a try some time ago in a lab and was able to build L3VPN service on VMs with kernel VRF support. You can see details in my blog post -
http://dvjourney.yman.site/2018/10/26/l3vpn-on-linux/> For L2VPN, as stated in docs, only OpenBSD supports VPWS/VPLS at the moment.
http://docs.frrouting.org/en/latest/overview.html#feature-matrix>
> Yakov Sh.
> telegram: @darkyman
>
> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> On Monday, November 23, 2020 12:15 PM, Olivier CALVANO <
o.calvano@gmail.com> wrote:
>
> > Hello,
> >
> > I have just installed FRR for the first time on a Linux CentOS 8 distribution. I am therefore just starting out.
> >
> > I am gradually reading the forums but there is a lot of information. FRR manages without worries the BGP and the ISIS which I use regularly on my cisco routers.
> >
> > I am now trying to find out if FRR can integrate more deeply into my network, particularly at the MPLS level. as I understood it is in the Kernel that this is done and not in FRR, but is there a way to integrate VRF IP VPN? and the creation of a VLAN type subinterface directly in FRR?
> >
> > Then last question: Is there an implementation of the Cisco EoMPLS equivalent in FRR? (xconnect encapsultation mpls)
> >
> > thank you
> > Olivier
>