[FROG] FRRouting and MPLS (Yakov Sh.)
Tomás Morales
tomas.morales at gmail.com
Mon Apr 5 08:05:25 UTC 2021
Hi all
Sorry for insisting in this subject but I haven't had any luck so far
finding out where the traffic is lost/dropped in the PE. I prefer to insist
a bit and learn a couple of things on the way.
Thanks
tomas
On Sat, Feb 27, 2021 at 7:47 PM Tomás Morales <tomas.morales at gmail.com>
wrote:
> Hi all
>
> I am trying Yakov blog below to test L3VPN using FRR7.5 and the last PE is
> not capable to de-encapsulate the labelled traffic and send it to the CE.
>
> This is the diagram in my lab:
>
>
> https://github.com/thomarite/linux-mpls-testing/blob/master/lab4-l3vpn/diagram/linux-mpls-lab4-v0.png
>
> For example CE1 (vrf_cust1 - 192.168.11.102/24) tries to ping CE3
> (vrf_cust1 - 192.168.23.102/24)
>
> P1 is receiving the traffic with double labels as expected from PE1:
>
> 19:28:46.075164 MPLS (label 17, exp 0, ttl 63) (label 80, exp 0, [S], ttl
> 63) IP 192.168.11.102 > 192.168.23.102: ICMP echo request, id 2296, seq
> 10, length 64
> 19:28:47.099199 MPLS (label 17, exp 0, ttl 63) (label 80, exp 0, [S], ttl
> 63) IP 192.168.11.102 > 192.168.23.102: ICMP echo request, id 2296, seq
> 11, length 64
>
> PE2 is receiving the traffic on ens8 with just one label after P1 doing
> PHP:
>
> 19:28:46.074437 MPLS (label 80, exp 0, [S], ttl 63) IP 192.168.11.102 >
> 192.168.23.102: ICMP echo request, id 2296, seq 10, length 64
> 19:28:47.098555 MPLS (label 80, exp 0, [S], ttl 63) IP 192.168.11.102 >
> 192.168.23.102: ICMP echo request, id 2296, seq 11, length 64
>
> But then PE2 is not sending anything to CE3. I can't see anything in
> either end. I have checked iptables in my host just in case but I think PE2
> is not sending anything.
>
> From PE2, all routing seems correct:
>
> PE2# show mpls table
> Inbound Label Type Nexthop Outbound Label
> -----------------------------------------------------
> 16 LDP 192.168.77.102 16
> 17 LDP 192.168.77.102 implicit-null
> 18 LDP 192.168.77.102 implicit-null
> 80 BGP vrf_cust1 -
> 81 BGP vrf_cust2 -
>
> PE2#
> PE2# show bgp summary
>
> IPv4 Unicast Summary:
> BGP router identifier 172.20.5.2, local AS number 65010 vrf-id 0
> BGP table version 0
> RIB entries 0, using 0 bytes of memory
> Peers 1, using 21 KiB of memory
>
> Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ
> Up/Down State/PfxRcd PfxSnt
> 172.20.5.1 4 65010 101 108 0 0 0
> 01:35:41 0 0
>
> Total number of neighbors 1
>
> IPv4 VPN Summary:
> BGP router identifier 172.20.5.2, local AS number 65010 vrf-id 0
> BGP table version 0
> RIB entries 7, using 1344 bytes of memory
> Peers 1, using 21 KiB of memory
>
> Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ
> Up/Down State/PfxRcd PfxSnt
> 172.20.5.1 4 65010 101 108 0 0 0
> 01:35:41 2 2
>
> Total number of neighbors 1
> PE2#
> PE2# show ip route vrf vrf_cust1
> Codes: K - kernel route, C - connected, S - static, R - RIP,
> O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
> T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
> F - PBR, f - OpenFabric,
> > - selected route, * - FIB route, q - queued, r - rejected, b -
> backup
>
> VRF vrf_cust1:
> B> 192.168.11.0/24 [200/0] via 172.20.5.1 (vrf default) (recursive),
> label 80, weight 1, 01:35:40
> * via 192.168.77.102, ens8 (vrf default),
> label 16/80, weight 1, 01:35:40
> C>* 192.168.23.0/24 is directly connected, ens6, 01:38:19
> PE2#
> PE2#
> PE2# show isis neighbor
> Area ISIS:
> System Id Interface L State Holdtime SNPA
> P1 ens8 2 Up 28 2020.2020.2020
> PE2#
>
> vagrant at PE2:~$ ip route
> default via 192.168.121.1 dev ens5 proto dhcp src 192.168.121.31 metric
> 1024
> 172.20.5.1 encap mpls 16 via 192.168.77.102 dev ens8 proto isis metric
> 20
> 172.20.5.5 via 192.168.77.102 dev ens8 proto isis metric 20
> 192.168.66.0/24 via 192.168.77.102 dev ens8 proto isis metric 20
> 192.168.77.0/24 dev ens8 proto kernel scope link src 192.168.77.101
> 192.168.121.0/24 dev ens5 proto kernel scope link src 192.168.121.31
> 192.168.121.1 dev ens5 proto dhcp scope link src 192.168.121.31 metric
> 1024
> vagrant at PE2:~$
> vagrant at PE2:~$ ip -4 a
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
> default qlen 1000
> inet 127.0.0.1/8 scope host lo
> valid_lft forever preferred_lft forever
> inet 172.20.5.2/32 scope global lo
> valid_lft forever preferred_lft forever
> 2: ens5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
> UP group default qlen 1000
> inet 192.168.121.31/24 brd 192.168.121.255 scope global dynamic ens5
> valid_lft 2524sec preferred_lft 2524sec
> 3: ens6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
> master vrf_cust1 state UP group default qlen 1000
> inet 192.168.23.101/24 brd 192.168.23.255 scope global ens6
> valid_lft forever preferred_lft forever
> 4: ens7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
> master vrf_cust2 state UP group default qlen 1000
> inet 192.168.24.101/24 brd 192.168.24.255 scope global ens7
> valid_lft forever preferred_lft forever
> 5: ens8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
> UP group default qlen 1000
> inet 192.168.77.101/24 brd 192.168.77.255 scope global ens8
> valid_lft forever preferred_lft forever
> vagrant at PE2:~$
> vagrant at PE2:~$ ip -M route
> 16 as to 16 via inet 192.168.77.102 dev ens8 proto ldp
> 17 via inet 192.168.77.102 dev ens8 proto ldp
> 18 via inet 192.168.77.102 dev ens8 proto ldp
> vagrant at PE2:~$
> vagrant at PE2:~$ ip route show table 10
> blackhole default
> 192.168.11.0/24 encap mpls 16/80 via 192.168.77.102 dev ens8 proto bgp
> metric 20
> broadcast 192.168.23.0 dev ens6 proto kernel scope link src 192.168.23.101
> 192.168.23.0/24 dev ens6 proto kernel scope link src 192.168.23.101
> local 192.168.23.101 dev ens6 proto kernel scope host src 192.168.23.101
> broadcast 192.168.23.255 dev ens6 proto kernel scope link src
> 192.168.23.101
> vagrant at PE2:~$
> vagrant at PE2:~$ ip vrf
> Name Table
> -----------------------
> vrf_cust1 10
> vrf_cust2 20
> vagrant at PE2:~$
>
>
> This is PE2 FRR config:
>
> PE2# show running-config
> Building configuration...
>
> Current configuration:
> !
> frr version 7.5
> frr defaults traditional
> hostname PE2
> service integrated-vtysh-config
> !
> interface ens8
> ip router isis ISIS
> isis circuit-type level-2-only
> isis network point-to-point
> !
> interface lo
> ip router isis ISIS
> isis passive
> !
> router bgp 65010
> neighbor 172.20.5.1 remote-as 65010
> neighbor 172.20.5.1 update-source 172.20.5.2
> !
> address-family ipv4 vpn
> neighbor 172.20.5.1 activate
> exit-address-family
> !
> router bgp 65010 vrf vrf_cust1
> !
> address-family ipv4 unicast
> redistribute connected
> label vpn export auto
> rd vpn export 65010:10
> rt vpn both 1:1
> export vpn
> import vpn
> exit-address-family
> !
> router bgp 65010 vrf vrf_cust2
> !
> address-family ipv4 unicast
> redistribute connected
> label vpn export auto
> rd vpn export 65010:20
> rt vpn both 2:2
> export vpn
> import vpn
> exit-address-family
> !
> mpls ldp
> router-id 172.20.5.2
> !
> address-family ipv4
> discovery transport-address 172.20.5.2
> !
> interface ens8
> !
> exit-address-family
> !
> !
> router isis ISIS
> net 49.0001.1720.2000.5002.00
> !
> line vty
> !
> end
> PE2#
>
>
> This is PE2 sysctl mpls config:
>
> root at PE2:/home/vagrant# sysctl -a | grep mpls
> net.mpls.conf.ens5.input = 0
> net.mpls.conf.ens6.input = 0
> net.mpls.conf.ens7.input = 0
> net.mpls.conf.ens8.input = 1
> net.mpls.conf.lo.input = 0
> net.mpls.conf.vrf_cust1.input = 0
> net.mpls.conf.vrf_cust2.input = 0
> net.mpls.default_ttl = 255
> net.mpls.ip_ttl_propagate = 1
> net.mpls.platform_labels = 100000
> root at PE2:/home/vagrant#
>
>
>
> This is PE1:
>
> PE1#
> PE1# show bgp summary
>
> IPv4 Unicast Summary:
> BGP router identifier 172.20.5.1, local AS number 65010 vrf-id 0
> BGP table version 0
> RIB entries 0, using 0 bytes of memory
> Peers 1, using 21 KiB of memory
>
> Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ
> Up/Down State/PfxRcd PfxSnt
> 172.20.5.2 4 65010 111 105 0 0 0
> 01:39:14 0 0
>
> Total number of neighbors 1
>
> IPv4 VPN Summary:
> BGP router identifier 172.20.5.1, local AS number 65010 vrf-id 0
> BGP table version 0
> RIB entries 11, using 2112 bytes of memory
> Peers 1, using 21 KiB of memory
>
> Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ
> Up/Down State/PfxRcd PfxSnt
> 172.20.5.2 4 65010 111 105 0 0 0
> 01:39:14 2 2
>
> Total number of neighbors 1
> PE1#
> PE1#
> PE1# show mpls table
> Inbound Label Type Nexthop Outbound Label
> -----------------------------------------------------
> 16 LDP 192.168.66.102 implicit-null
> 17 LDP 192.168.66.102 implicit-null
> 18 LDP 192.168.66.102 17
> 80 BGP vrf_cust1 -
> 81 BGP vrf_cust2 -
>
> PE1#
> PE1# show ip route vrf
> all default vrf_cust1 vrf_cust2
> PE1# show ip route vrf vrf_cust1
> Codes: K - kernel route, C - connected, S - static, R - RIP,
> O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
> T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
> F - PBR, f - OpenFabric,
> > - selected route, * - FIB route, q - queued, r - rejected, b -
> backup
>
> VRF vrf_cust1:
> C>* 192.168.11.0/24 is directly connected, ens6, 01:44:51
> B> 192.168.23.0/24 [200/0] via 172.20.5.2 (vrf default) (recursive),
> label 80, weight 1, 01:39:18
> * via 192.168.66.102, ens8 (vrf default),
> label 17/80, weight 1, 01:39:18
> PE1#
> PE1# show isis neighbor
> Area ISIS:
> System Id Interface L State Holdtime SNPA
> P1 ens8 2 Up 30 2020.2020.2020
> PE1#
> PE1#
>
>
> If I try to ping CE3 to CE1, I see exactly the same behaviour in PE1.
>
> Any idea what I am missing?
>
> Thanks
> tomas
>
> On Mon, Nov 23, 2020 at 12:00 PM <frog-request at lists.frrouting.org> wrote:
> >
> >
> > Date: Mon, 23 Nov 2020 10:27:44 +0000
> > From: "Yakov Sh." <yman at protonmail.ch>
> > To: Olivier CALVANO <o.calvano at gmail.com>
> > Cc: "frog at lists.frrouting.org" <frog at lists.frrouting.org>
> > Subject: Re: [FROG] FRRouting and MPLS
> > Message-ID:
> >
> <TaX1p13MyS4pDJfNgZ_qra4Lqq-QppV4Gc_JkTUmi9s41lOR7krEd9PBvr1kfX52s03BEhaxOxsaeb_KiIeKoe0QVUUnx-zRhDI72rDSwrM=@
> protonmail.ch>
> >
> > Content-Type: text/plain; charset="utf-8"
> >
> > Hi!
> > I had not much experience with FRR in production, but I gave it a try
> some time ago in a lab and was able to build L3VPN service on VMs with
> kernel VRF support. You can see details in my blog post -
> http://dvjourney.yman.site/2018/10/26/l3vpn-on-linux/
> > For L2VPN, as stated in docs, only OpenBSD supports VPWS/VPLS at the
> moment. http://docs.frrouting.org/en/latest/overview.html#feature-matrix
> >
> > Yakov Sh.
> > telegram: @darkyman
> >
> > ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> > On Monday, November 23, 2020 12:15 PM, Olivier CALVANO <
> o.calvano at gmail.com> wrote:
> >
> > > Hello,
> > >
> > > I have just installed FRR for the first time on a Linux CentOS 8
> distribution. I am therefore just starting out.
> > >
> > > I am gradually reading the forums but there is a lot of information.
> FRR manages without worries the BGP and the ISIS which I use regularly on
> my cisco routers.
> > >
> > > I am now trying to find out if FRR can integrate more deeply into my
> network, particularly at the MPLS level. as I understood it is in the
> Kernel that this is done and not in FRR, but is there a way to integrate
> VRF IP VPN? and the creation of a VLAN type subinterface directly in FRR?
> > >
> > > Then last question: Is there an implementation of the Cisco EoMPLS
> equivalent in FRR? (xconnect encapsultation mpls)
> > >
> > > thank you
> > > Olivier
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.frrouting.org/pipermail/frog/attachments/20210405/fc6d7a1f/attachment-0001.htm>
More information about the frog
mailing list