[FROG] FRRouting and MPLS (Yakov Sh.)
Tomás Morales
tomas.morales at gmail.com
Sat Feb 27 19:47:15 UTC 2021
Hi all
I am trying Yakov blog below to test L3VPN using FRR7.5 and the last PE is
not capable to de-encapsulate the labelled traffic and send it to the CE.
This is the diagram in my lab:
https://github.com/thomarite/linux-mpls-testing/blob/master/lab4-l3vpn/diagram/linux-mpls-lab4-v0.png
For example CE1 (vrf_cust1 - 192.168.11.102/24) tries to ping CE3
(vrf_cust1 - 192.168.23.102/24)
P1 is receiving the traffic with double labels as expected from PE1:
19:28:46.075164 MPLS (label 17, exp 0, ttl 63) (label 80, exp 0, [S], ttl
63) IP 192.168.11.102 > 192.168.23.102: ICMP echo request, id 2296, seq 10,
length 64
19:28:47.099199 MPLS (label 17, exp 0, ttl 63) (label 80, exp 0, [S], ttl
63) IP 192.168.11.102 > 192.168.23.102: ICMP echo request, id 2296, seq 11,
length 64
PE2 is receiving the traffic on ens8 with just one label after P1 doing PHP:
19:28:46.074437 MPLS (label 80, exp 0, [S], ttl 63) IP 192.168.11.102 >
192.168.23.102: ICMP echo request, id 2296, seq 10, length 64
19:28:47.098555 MPLS (label 80, exp 0, [S], ttl 63) IP 192.168.11.102 >
192.168.23.102: ICMP echo request, id 2296, seq 11, length 64
But then PE2 is not sending anything to CE3. I can't see anything in either
end. I have checked iptables in my host just in case but I think PE2 is not
sending anything.
>From PE2, all routing seems correct:
PE2# show mpls table
Inbound Label Type Nexthop Outbound Label
-----------------------------------------------------
16 LDP 192.168.77.102 16
17 LDP 192.168.77.102 implicit-null
18 LDP 192.168.77.102 implicit-null
80 BGP vrf_cust1 -
81 BGP vrf_cust2 -
PE2#
PE2# show bgp summary
IPv4 Unicast Summary:
BGP router identifier 172.20.5.2, local AS number 65010 vrf-id 0
BGP table version 0
RIB entries 0, using 0 bytes of memory
Peers 1, using 21 KiB of memory
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ
Up/Down State/PfxRcd PfxSnt
172.20.5.1 4 65010 101 108 0 0 0
01:35:41 0 0
Total number of neighbors 1
IPv4 VPN Summary:
BGP router identifier 172.20.5.2, local AS number 65010 vrf-id 0
BGP table version 0
RIB entries 7, using 1344 bytes of memory
Peers 1, using 21 KiB of memory
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ
Up/Down State/PfxRcd PfxSnt
172.20.5.1 4 65010 101 108 0 0 0
01:35:41 2 2
Total number of neighbors 1
PE2#
PE2# show ip route vrf vrf_cust1
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
F - PBR, f - OpenFabric,
> - selected route, * - FIB route, q - queued, r - rejected, b -
backup
VRF vrf_cust1:
B> 192.168.11.0/24 [200/0] via 172.20.5.1 (vrf default) (recursive), label
80, weight 1, 01:35:40
* via 192.168.77.102, ens8 (vrf default), label
16/80, weight 1, 01:35:40
C>* 192.168.23.0/24 is directly connected, ens6, 01:38:19
PE2#
PE2#
PE2# show isis neighbor
Area ISIS:
System Id Interface L State Holdtime SNPA
P1 ens8 2 Up 28 2020.2020.2020
PE2#
vagrant at PE2:~$ ip route
default via 192.168.121.1 dev ens5 proto dhcp src 192.168.121.31 metric
1024
172.20.5.1 encap mpls 16 via 192.168.77.102 dev ens8 proto isis metric 20
172.20.5.5 via 192.168.77.102 dev ens8 proto isis metric 20
192.168.66.0/24 via 192.168.77.102 dev ens8 proto isis metric 20
192.168.77.0/24 dev ens8 proto kernel scope link src 192.168.77.101
192.168.121.0/24 dev ens5 proto kernel scope link src 192.168.121.31
192.168.121.1 dev ens5 proto dhcp scope link src 192.168.121.31 metric 1024
vagrant at PE2:~$
vagrant at PE2:~$ ip -4 a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
default qlen 1000
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 172.20.5.2/32 scope global lo
valid_lft forever preferred_lft forever
2: ens5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
UP group default qlen 1000
inet 192.168.121.31/24 brd 192.168.121.255 scope global dynamic ens5
valid_lft 2524sec preferred_lft 2524sec
3: ens6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master
vrf_cust1 state UP group default qlen 1000
inet 192.168.23.101/24 brd 192.168.23.255 scope global ens6
valid_lft forever preferred_lft forever
4: ens7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master
vrf_cust2 state UP group default qlen 1000
inet 192.168.24.101/24 brd 192.168.24.255 scope global ens7
valid_lft forever preferred_lft forever
5: ens8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
UP group default qlen 1000
inet 192.168.77.101/24 brd 192.168.77.255 scope global ens8
valid_lft forever preferred_lft forever
vagrant at PE2:~$
vagrant at PE2:~$ ip -M route
16 as to 16 via inet 192.168.77.102 dev ens8 proto ldp
17 via inet 192.168.77.102 dev ens8 proto ldp
18 via inet 192.168.77.102 dev ens8 proto ldp
vagrant at PE2:~$
vagrant at PE2:~$ ip route show table 10
blackhole default
192.168.11.0/24 encap mpls 16/80 via 192.168.77.102 dev ens8 proto bgp
metric 20
broadcast 192.168.23.0 dev ens6 proto kernel scope link src 192.168.23.101
192.168.23.0/24 dev ens6 proto kernel scope link src 192.168.23.101
local 192.168.23.101 dev ens6 proto kernel scope host src 192.168.23.101
broadcast 192.168.23.255 dev ens6 proto kernel scope link src
192.168.23.101
vagrant at PE2:~$
vagrant at PE2:~$ ip vrf
Name Table
-----------------------
vrf_cust1 10
vrf_cust2 20
vagrant at PE2:~$
This is PE2 FRR config:
PE2# show running-config
Building configuration...
Current configuration:
!
frr version 7.5
frr defaults traditional
hostname PE2
service integrated-vtysh-config
!
interface ens8
ip router isis ISIS
isis circuit-type level-2-only
isis network point-to-point
!
interface lo
ip router isis ISIS
isis passive
!
router bgp 65010
neighbor 172.20.5.1 remote-as 65010
neighbor 172.20.5.1 update-source 172.20.5.2
!
address-family ipv4 vpn
neighbor 172.20.5.1 activate
exit-address-family
!
router bgp 65010 vrf vrf_cust1
!
address-family ipv4 unicast
redistribute connected
label vpn export auto
rd vpn export 65010:10
rt vpn both 1:1
export vpn
import vpn
exit-address-family
!
router bgp 65010 vrf vrf_cust2
!
address-family ipv4 unicast
redistribute connected
label vpn export auto
rd vpn export 65010:20
rt vpn both 2:2
export vpn
import vpn
exit-address-family
!
mpls ldp
router-id 172.20.5.2
!
address-family ipv4
discovery transport-address 172.20.5.2
!
interface ens8
!
exit-address-family
!
!
router isis ISIS
net 49.0001.1720.2000.5002.00
!
line vty
!
end
PE2#
This is PE2 sysctl mpls config:
root at PE2:/home/vagrant# sysctl -a | grep mpls
net.mpls.conf.ens5.input = 0
net.mpls.conf.ens6.input = 0
net.mpls.conf.ens7.input = 0
net.mpls.conf.ens8.input = 1
net.mpls.conf.lo.input = 0
net.mpls.conf.vrf_cust1.input = 0
net.mpls.conf.vrf_cust2.input = 0
net.mpls.default_ttl = 255
net.mpls.ip_ttl_propagate = 1
net.mpls.platform_labels = 100000
root at PE2:/home/vagrant#
This is PE1:
PE1#
PE1# show bgp summary
IPv4 Unicast Summary:
BGP router identifier 172.20.5.1, local AS number 65010 vrf-id 0
BGP table version 0
RIB entries 0, using 0 bytes of memory
Peers 1, using 21 KiB of memory
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ
Up/Down State/PfxRcd PfxSnt
172.20.5.2 4 65010 111 105 0 0 0
01:39:14 0 0
Total number of neighbors 1
IPv4 VPN Summary:
BGP router identifier 172.20.5.1, local AS number 65010 vrf-id 0
BGP table version 0
RIB entries 11, using 2112 bytes of memory
Peers 1, using 21 KiB of memory
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ
Up/Down State/PfxRcd PfxSnt
172.20.5.2 4 65010 111 105 0 0 0
01:39:14 2 2
Total number of neighbors 1
PE1#
PE1#
PE1# show mpls table
Inbound Label Type Nexthop Outbound Label
-----------------------------------------------------
16 LDP 192.168.66.102 implicit-null
17 LDP 192.168.66.102 implicit-null
18 LDP 192.168.66.102 17
80 BGP vrf_cust1 -
81 BGP vrf_cust2 -
PE1#
PE1# show ip route vrf
all default vrf_cust1 vrf_cust2
PE1# show ip route vrf vrf_cust1
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
F - PBR, f - OpenFabric,
> - selected route, * - FIB route, q - queued, r - rejected, b -
backup
VRF vrf_cust1:
C>* 192.168.11.0/24 is directly connected, ens6, 01:44:51
B> 192.168.23.0/24 [200/0] via 172.20.5.2 (vrf default) (recursive), label
80, weight 1, 01:39:18
* via 192.168.66.102, ens8 (vrf default), label
17/80, weight 1, 01:39:18
PE1#
PE1# show isis neighbor
Area ISIS:
System Id Interface L State Holdtime SNPA
P1 ens8 2 Up 30 2020.2020.2020
PE1#
PE1#
If I try to ping CE3 to CE1, I see exactly the same behaviour in PE1.
Any idea what I am missing?
Thanks
tomas
On Mon, Nov 23, 2020 at 12:00 PM <frog-request at lists.frrouting.org> wrote:
>
>
> Date: Mon, 23 Nov 2020 10:27:44 +0000
> From: "Yakov Sh." <yman at protonmail.ch>
> To: Olivier CALVANO <o.calvano at gmail.com>
> Cc: "frog at lists.frrouting.org" <frog at lists.frrouting.org>
> Subject: Re: [FROG] FRRouting and MPLS
> Message-ID:
>
<TaX1p13MyS4pDJfNgZ_qra4Lqq-QppV4Gc_JkTUmi9s41lOR7krEd9PBvr1kfX52s03BEhaxOxsaeb_KiIeKoe0QVUUnx-zRhDI72rDSwrM=@
protonmail.ch>
>
> Content-Type: text/plain; charset="utf-8"
>
> Hi!
> I had not much experience with FRR in production, but I gave it a try
some time ago in a lab and was able to build L3VPN service on VMs with
kernel VRF support. You can see details in my blog post -
http://dvjourney.yman.site/2018/10/26/l3vpn-on-linux/
> For L2VPN, as stated in docs, only OpenBSD supports VPWS/VPLS at the
moment. http://docs.frrouting.org/en/latest/overview.html#feature-matrix
>
> Yakov Sh.
> telegram: @darkyman
>
> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> On Monday, November 23, 2020 12:15 PM, Olivier CALVANO <
o.calvano at gmail.com> wrote:
>
> > Hello,
> >
> > I have just installed FRR for the first time on a Linux CentOS 8
distribution. I am therefore just starting out.
> >
> > I am gradually reading the forums but there is a lot of information.
FRR manages without worries the BGP and the ISIS which I use regularly on
my cisco routers.
> >
> > I am now trying to find out if FRR can integrate more deeply into my
network, particularly at the MPLS level. as I understood it is in the
Kernel that this is done and not in FRR, but is there a way to integrate
VRF IP VPN? and the creation of a VLAN type subinterface directly in FRR?
> >
> > Then last question: Is there an implementation of the Cisco EoMPLS
equivalent in FRR? (xconnect encapsultation mpls)
> >
> > thank you
> > Olivier
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.frrouting.org/pipermail/frog/attachments/20210227/f87b2c84/attachment-0001.htm>
More information about the frog
mailing list