Hi, Can anyone shed some light on this?
Thanks. Bert On Tue, May 22, 2012 at 10:37 AM, Bert Smith <bertrand.c.sm...@gmail.com>wrote: > Hi, > > I am trying to set up a Layer 3 MPLS VPN (RFC 4364) with GRE tunnels > between PEs (RFC 4797) instead of an MPLS backbone. I have followed the > instructions in the "Demystifying MPLS" paper ( > http://2011.eurobsdcon.org/papers/jeker/MPLS.pdf), and on the following > mailing list posts: > http://old.nabble.com/BGP-MPLS-VPN-tt31327789.html#a31397215 > http://marc.info/?l=openbsd-misc&m=127470697232025&w=2 > http://marc.info/?l=openbsd-misc&m=129112614017103&w=2 > > Here is my setup: > > ------------------------ > | Juniper router 1 | lo0 192.168.20.2 > | | VRF 8 with loopback 192.168.55.1 > ------------------------ > | 192.168.10.4 > | > | 192.168.10.5 > ------------------------ > | Juniper router 2 | lo0 192.168.20.3 > | | VRF 8 with loopback 192.168.56.1 > ------------------------ > | 10.0.4.1 > | > | vlan4092 10.0.4.3 > ------------------------ > | OpenBSD box | lo0 192.168.20.5 > | | rdomain 8 192.168.55.2 > ------------------------ > > I want all three routers to act as PEs but without any MPLS connectivity > between them. RFC 4797 allows this by allowing the following encapsulation > scheme for say a ping from Juniper 1 to OpenBSD box: > > [This is what I should ideally get]: > * Ping request: > IP header: src 192.168.20.2 dst 192.168.20.5 > GRE header: <just the GRE shim> > MPLS label identifying the rdomain: 666 > IP header: src 192.168.55.1 dst 192.168.55.2 > ICMP ping request > > * Ping reply: > IP header: src 192.168.20.5 dst 192.168.20.2 > GRE header: <just the GRE shim> > MPLS label identifying the VRF: 300720 > IP header: src 192.168.55.2 dst 192.168.55.1 > ICMP ping reply > > However, the following is what I actually get: > * Ping request: > IP header: src 192.168.20.2 dst 192.168.20.5 > GRE header: <just the GRE shim> > MPLS label identifying the rdomain: 666 > IP header: src 192.168.55.1 dst 192.168.55.2 > ICMP ping request > > * Ping reply: > MPLS label identifying the VRF: 300720 > IP header: src 192.168.55.2 dst 192.168.55.1 > ICMP ping reply > > The reply back from the OpenBSD box does not GRE-encapsulate the MPLS > packet and since I don't have a MPLS LSP set up between OpenBSD box and > Juniper 1, the ping reply never reaches Juniper 1. > > Here is the tcpdump where I see the above: > # tcpdump -i vlan4092 -s 1500 -Xvvv not tcp and not udp > > 13:52:39.188348 gre 192.168.20.2 > 192.168.20.5: [] gre-proto-0x8847 (DF) > (ttl 63, id 0, len 112) > 0000: 4500 0070 0000 4000 3f2f 9207 c0a8 1402 E..p..@.?/..��.. > 0010: c0a8 1405 0000 8847 0029 a1ff 4500 0054 ��.....G.)��E..T > 0020: efee 0000 4001 9b66 c0a8 3701 c0a8 3702 ��..@..f��7.��7. > 0030: 0800 6bf0 521e 0151 f8d4 ba4f 8c78 0e00 ..k�R..Q�ԺO.x.. > 0040: 0809 0a0b 0c0d 0e0f 1011 1213 1415 1617 ................ > 0050: 1819 1a1b 1c1d 1e1f 2021 2223 2425 2627 ........ !"#$%&' > 0060: 2829 2a2b 2c2d 2e2f 3031 3233 3435 3637 ()*+,-./01234567 > > 13:52:39.188374 MPLS(label 300720, exp 0, ttl 255) 192.168.55.2 > > 192.168.55.1: icmp: echo reply (id:521e seq:337) (ttl 255, id 64891, len > 84) > 0000: 496b 01ff 4500 0054 fd7b 0000 ff01 ced8 Ik.�E..T�{..�.� > 0010: c0a8 3702 c0a8 3701 0000 73f0 521e 0151 ��7.��7...s�R..Q > 0020: f8d4 ba4f 8c78 0e00 0809 0a0b 0c0d 0e0f �ԺO.x.......... > 0030: 1011 1213 1415 1617 1819 1a1b 1c1d 1e1f ................ > 0040: 2021 2223 2425 2627 2829 2a2b 2c2d 2e2f !"#$%&'()*+,-./ > 0050: 3031 3233 3435 3637 01234567 > > Here are the various pieces of my configuration: > > # ifconfig > lo0: flags=8049<UP,LOOPBACK, > RUNNING,MULTICAST> mtu 33152 > priority: 0 > groups: lo > inet6 ::1 prefixlen 128 > inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 > inet 127.0.0.1 netmask 0xff000000 > re0: flags=88843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,MPLS> mtu 1500 > lladdr c8:9c:dc:dd:1a:f6 > priority: 0 > media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause) > status: active > inet6 fe80::ca9c:dcff:fedd:1af6%re0 prefixlen 64 scopeid 0x1 > pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33152 > priority: 0 > groups: pflog > vlan4092: flags=88843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,MPLS> mtu 1500 > lladdr c8:9c:dc:dd:1a:f6 > priority: 0 > vlan: 4092 priority: 0 parent interface: re0 > groups: vlan egress > status: active > inet 10.0.4.3 netmask 0xffffff00 broadcast 10.0.4.255 > inet6 fe80::ca9c:dcff:fedd:1af6%vlan4092 prefixlen 64 scopeid 0x5 > lo1: flags=8149<UP,LOOPBACK,RUNNING,PROMISC,MULTICAST> mtu 33152 > priority: 0 > groups: lo > inet6 fe80::1%lo1 prefixlen 64 scopeid 0x6 > inet 192.168.20.5 netmask 0xffffffff > gre0: flags=a9011<UP,POINTOPOINT,LINK0,MULTICAST,NOINET6,MPLS> mtu 1476 > priority: 0 > groups: gre > physical address inet 192.168.20.5 --> 192.168.20.2 > inet 192.168.55.2 --> 192.168.55.1 netmask 0xffffffff > mpe8: flags=20011<UP,POINTOPOINT,NOINET6> rdomain 8 mtu 1500 > priority: 0 > mpls label: 666 > groups: mpe > inet 192.168.55.2 --> 0.0.0.0 netmask 0xffffff00 > lo2: flags=28049<UP,LOOPBACK,RUNNING,MULTICAST,NOINET6> rdomain 8 mtu 33152 > priority: 0 > groups: lo > inet 192.168.55.2 netmask 0xffffff00 > # route -n -T 8 show > Routing tables > > Internet: > Destination Gateway Flags Refs Use Mtu Prio > Iface > 10.0.0/24 192.168.20.3 UGT 0 0 - 48 > mpe8 > 10.0.4/24 192.168.20.3 UGT 0 0 - 48 > mpe8 > 169.254.200.12/30 192.168.20.3 UGT 0 0 - 48 > mpe8 > 192.168.55.1/32 192.168.20.2 UGT 0 729 - 48 > mpe8 > 192.168.55.2 192.168.55.2 UH 0 0 33152 4 > lo2 > 192.168.56.1/32 192.168.20.3 UGT 0 0 - 48 > mpe8 > > # route -n show -inet > Routing tables > > Internet: > Destination Gateway Flags Refs Use Mtu Prio > Iface > 10.0.0.2/31 10.0.4.1 UG 0 0 - 48 > vlan4092 > 10.0.4/24 link#5 UC 3 0 - 4 > vlan4092 > 10.0.4/24 10.0.4.3 UG 0 0 - 32 > vlan4092 > 10.0.4/24 10.0.4.1 UG 0 0 - 48 > vlan4092 > 10.0.4.1 00:24:dc:77:d3:8a UHLc 21 32 - 4 > vlan4092 > 10.0.4.3 c8:9c:dc:dd:1a:f6 UHLc 2 26 - 4 > lo0 > 127/8 127.0.0.1 UGRS 0 0 33152 8 > lo0 > 127.0.0.1 127.0.0.1 UH 1 78717 33152 4 > lo0 > 192.168.10.4/31 10.0.4.1 UG 0 0 - 32 > vlan4092 > 192.168.10.4/31 10.0.4.1 UG 0 0 - 48 > vlan4092 > 192.168.20.2/32 10.0.4.1 UG 2 680 - 32 > vlan4092 > 192.168.20.2/32 10.0.4.1 UG 0 0 - 48 > vlan4092 > 192.168.20.3/32 10.0.4.1 UG 1 491 - 32 > vlan4092 > 192.168.20.3/32 10.0.4.1 UG 0 0 - 48 > vlan4092 > 192.168.20.5 192.168.20.5 UH 0 187368 33152 4 > lo1 > 192.168.20.5/32 10.0.4.3 UG 0 0 - 48 > vlan4092 > 192.168.55.1 192.168.55.2 UH 0 0 - 4 > gre0 > 200.0/16 10.0.4.1 UG 0 0 - 48 > vlan4092 > 224/4 127.0.0.1 URS 0 0 33152 8 > lo0 > > # route -n show -mpls > Routing tables > > MPLS: > In label Out label Op Gateway Flags Refs Use Mtu > Prio Interface > 666 - POP mpe8 UT 0 1068 - > 4 mpe8 > # cat > /etc/bgpd.conf > > # $OpenBSD: bgpd.conf,v 1.12 2011/01/19 07:36:40 claudio Exp $ > # sample bgpd configuration file > # see bgpd.conf(5) > > socket "/var/www/logs/bgpd.rsock" restricted > > AS 1234 > router-id 192.168.20.5 > > rdomain 8 { > rd 1234:8 > import-target rt 1234:8 > export-target rt 1234:8 > depend on mpe8 > network 192.168.55.2/32 > } > > group mp-ibgp { > announce IPv4 vpn > remote-as 1234 > local-address 192.168.20.5 > neighbor 192.168.20.2 { > descr router1 > } > neighbor 192.168.20.3 { > descr router2 > } > } > > allow from any > # cat > /etc/ospfd.conf > > # $OpenBSD: ospfd.conf,v 1.4 2007/06/19 16:49:56 reyk Exp $ > > router-id 192.168.20.5 > > area 0.0.0.0 { > interface vlan4092 > interface lo1 > } > # cat > /etc/ldpd.conf > > # $OpenBSD: ldpd.conf,v 1.3 2010/06/25 22:49:05 claudio Exp $ > > router-id 192.168.20.5 > > # > > > Can someone please help me figure out what the solution is? What I really > want is a way to say that for MPLS label 300720 the next hop should be the > gre0 interface, but I can't figure out a way to do that. > > Regards, > Bert
