On Fri, Nov 26, 2010 at 11:02:06PM +0200, Imre Oolberg wrote: > eHi! > > I am using 'OpenBSD 4.8-current (GENERIC) #313: Mon Nov 1 11:04:25 MDT > 2010' i set up some good number of testing machines and started to try > out the bgp mpls vpn stuff (based on man bgpd.conf, man ldpd.conf man > man route + http://marc.info/?l=openbsd-misc&m=127470697232025&w=1 and i > also did some general reading on mpls & mpls-vpn)
This is a fairly old current. But IIRC nothing super important happend in between. > What i got so far is working bgp mpls vpn between two computers if they > are directly connected like this. (The objective was to create behind > PE1 two private vlans 172.116.93/24 and 172.117.93/24 into different > rdomains which can communicate which their respective counterpart vlans > behind PE2, 172.116.94/24 and 172.117.94/24)) > ... big snip ... > at P in the middle it says > > mpls-4:~# ldpctl show lib > > Destination Nexthop Local Label Remote Label In Use > > 0.0.0.0/0 192.168.10.254 16 Untagged yes > 10.0.11.0/24 10.0.171.1 17 Pop tag yes > 10.0.12.0/24 10.0.172.1 18 Untagged yes > 10.0.171.0/24 10.0.171.254 3 Untagged yes > 10.0.171.0/24 0.0.0.0 3 Untagged yes > 10.0.172.0/24 10.0.172.254 3 Untagged yes > 10.0.172.0/24 0.0.0.0 3 Untagged yes > 10.10.11.1/32 10.0.171.1 19 19 yes > 10.10.12.1/32 10.0.172.1 20 Untagged yes > 192.168.10.0/24 10.0.172.1 3 Untagged yes > 192.168.10.0/24 10.0.171.1 3 Pop tag yes > 192.168.10.0/24 0.0.0.0 3 Untagged yes > > mpls-4:~# route -n show -mpls > Routing tables > > MPLS: > In label Out label Op Gateway Flags Refs Use Mtu > Prio Interface > 16 - LOCAL 192.168.10.254 UGT 0 0 - > 8 em0 > 17 - POP 10.0.171.1 UGT 0 0 - > 32 em1 > 18 - LOCAL 10.0.172.1 UGT 0 0 - > 32 em2 > 19 19 SWAP 10.0.171.1 UGT 0 10 - > 32 em1 > 20 - LOCAL 10.0.172.1 UGT 0 0 - > 32 em2 > > Looking at the routing table you show here it seems that there is an issue with ldpd. There are to many Untagged FEC in the ldpctl show lib output. It looks like the session between the P/PE systems did not get up. Did you look at the ldpctl show nei output? Btw. look at the "route -n show -inet" output and check which routes have MPLS pathes attached to them (T in the flags section). You can also use route -n get <IP> or route -n get -mpls -in <LABEL> to get more info. > I suspect i miss one of these > > 1. i misuse ldpd The ldpd config looks about right. I use a very simple one on my test setups: router-id 10.42.21.1 interface re1 interface re2 interface re3 This is for a P router but the PE ones have exactly the same config :) > 2. i havent configured correctly on P routers mpls forwarding (read on > man route something about -in, -out, -push, -swap but have no idea how > to use them) You do not need to use route(8) to manipulate the routing table. ldpd and ospfd should do all the work. > 3. i read that doing mpls-vpn there are actually two mpls labels used, > one to choose correct rdomain in PE and the other to get packet thru > MPLS network, i cant get on my packets the top label When sending out packets the mpls-vpn packet should have two labels. The first one is the LSP to the BGP nexthop of the VRF route and the last label is the label of the terminating mpe(4) device. > > I would be very glad if you could point me to the right direction! > When building up MPLS networks I use normaly these steps: 1) configure interface etc. make sure you mpls-enabled the interfaces doing MPLS. I normaly assign loopback IPs on all routers (at least do it on the PE) 2) setup and start ospf 3) make sure you get all routes and you're able to ping all loopbacks. 4) setup and start ldpd 5) check the routing tables and make sure that you get labels. 6) ping and traceroute -v various IPs and see if they actually use MPLS. 7) setup and start bgpd on the two PE routers (best is to use the loopback IPs here for the MPLS VPN connection). In your case I think the problem is in step 4-6. According to your output from PE1: 10.10.11.1/32 10.10.11.1 19 Untagged yes 10.10.12.1/32 10.0.11.1 20 Untagged yes and 19 - LOCAL 10.10.11.1 UGT 0 6 33160 4 lo1 20 - LOCAL 10.0.11.1 UGT 0 0 - 32 em2 It looks like the connection from PE1 to PE2 is not using MPLS. It looks like the ldp session between PE1 and the P router is not established. -- :wq Claudio
