On Fri, Dec 03, 2010 at 01:10:30AM +0200, Imre Oolberg wrote: > Hi! > > Claudio Jeker wrote: > > > It looks like the connection from PE1 to PE2 is not using MPLS. It looks > > like the ldp session between PE1 and the P router is not established. > > Thank you very much for your suggestion to look over the network below, > i didnt expect it to be a source of my problems and excuse me to waste > time for such a stupid reason. Now packets with double labels come and > go, so i search bgp mpls vpn further using several PE routers and > create relationships between networks behind them etc. > > Is my understanding correct that mpls-labeled packets going thru network > themselves dont need ip networking configured on P routers (and not even > net.inet.ip.forwarding switched on) but since ldpd needs to run on them > and it uses udp multicast and tcp-based connections ip configuration is > still needed? And usually ldpd processes communicate only with other > ldpd processes which run on their adjacent neighbors? >
You need an IP backbone that connects all P and PE routers because that's the way the topology and pathes are calculated. LDP currently only runs on top of IP and that will not change any time soon. So you need an IP backbone to build the label pathes on which the various mpls VPN will be switched over. Currently you must enable IP forwarding (because of penultimate hop popping) on all routers. Every ethernet interface needs an IP address so that LDP can be run over those links. Additionally you need the IP address as nexthop on the MPLS pathes. In theory it is possible to use static setups using MAC addresses as nexthops but such static networks are unfeasible in reality. -- :wq Claudio > > Just for the record, my second attempt was made using OpenBSD > 4.8-current (GENERIC) #501: Mon Nov 29 11:58:38 MST 2010 and i386. > > Claudio Jeker wrote: > > > On Fri, Nov 26, 2010 at 11:02:06PM +0200, Imre Oolberg wrote: > > > >> eHi! > >> > >> I am using 'OpenBSD 4.8-current (GENERIC) #313: Mon Nov 1 11:04:25 MDT > >> 2010' i set up some good number of testing machines and started to try > >> out the bgp mpls vpn stuff (based on man bgpd.conf, man ldpd.conf man > >> man route + http://marc.info/?l=openbsd-misc&m=127470697232025&w=1 and i > >> also did some general reading on mpls & mpls-vpn) > >> > > > > This is a fairly old current. But IIRC nothing super important happend in > > between. > > > > > >> What i got so far is working bgp mpls vpn between two computers if they > >> are directly connected like this. (The objective was to create behind > >> PE1 two private vlans 172.116.93/24 and 172.117.93/24 into different > >> rdomains which can communicate which their respective counterpart vlans > >> behind PE2, 172.116.94/24 and 172.117.94/24)) > >> > >> > > > > ... big snip ... > > > > > > > >> at P in the middle it says > >> > >> mpls-4:~# ldpctl show lib > >> > >> Destination Nexthop Local Label Remote Label In > >> Use > >> 0.0.0.0/0 192.168.10.254 16 Untagged yes > >> 10.0.11.0/24 10.0.171.1 17 Pop tag yes > >> 10.0.12.0/24 10.0.172.1 18 Untagged yes > >> 10.0.171.0/24 10.0.171.254 3 Untagged yes > >> 10.0.171.0/24 0.0.0.0 3 Untagged yes > >> 10.0.172.0/24 10.0.172.254 3 Untagged yes > >> 10.0.172.0/24 0.0.0.0 3 Untagged yes > >> 10.10.11.1/32 10.0.171.1 19 19 yes > >> 10.10.12.1/32 10.0.172.1 20 Untagged yes > >> 192.168.10.0/24 10.0.172.1 3 Untagged yes > >> 192.168.10.0/24 10.0.171.1 3 Pop tag yes > >> 192.168.10.0/24 0.0.0.0 3 Untagged yes > >> > >> mpls-4:~# route -n show -mpls > >> Routing tables > >> > >> MPLS: > >> In label Out label Op Gateway Flags Refs Use Mtu > >> Prio Interface > >> 16 - LOCAL 192.168.10.254 UGT 0 0 - > >> 8 em0 > >> 17 - POP 10.0.171.1 UGT 0 0 - > >> 32 em1 > >> 18 - LOCAL 10.0.172.1 UGT 0 0 - > >> 32 em2 > >> 19 19 SWAP 10.0.171.1 UGT 0 10 - > >> 32 em1 > >> 20 - LOCAL 10.0.172.1 UGT 0 0 - > >> 32 em2 > >> > >> > >> > > > > Looking at the routing table you show here it seems that there is an issue > > with ldpd. There are to many Untagged FEC in the ldpctl show lib output. > > It looks like the session between the P/PE systems did not get up. > > Did you look at the ldpctl show nei output? > > Btw. look at the "route -n show -inet" output and check which routes have > > MPLS pathes attached to them (T in the flags section). You can also use > > route -n get <IP> or route -n get -mpls -in <LABEL> to get more info. > > > > > >> I suspect i miss one of these > >> > >> 1. i misuse ldpd > >> > > > > The ldpd config looks about right. I use a very simple one on my test > > setups: > > router-id 10.42.21.1 > > interface re1 > > interface re2 > > interface re3 > > This is for a P router but the PE ones have exactly the same config :) > > > > > >> 2. i havent configured correctly on P routers mpls forwarding (read on > >> man route something about -in, -out, -push, -swap but have no idea how > >> to use them) > >> > > > > You do not need to use route(8) to manipulate the routing table. ldpd and > > ospfd should do all the work. > > > > > >> 3. i read that doing mpls-vpn there are actually two mpls labels used, > >> one to choose correct rdomain in PE and the other to get packet thru > >> MPLS network, i cant get on my packets the top label > >> > > > > When sending out packets the mpls-vpn packet should have two labels. > > The first one is the LSP to the BGP nexthop of the VRF route and the last > > label is the label of the terminating mpe(4) device. > > > > > >> I would be very glad if you could point me to the right direction! > >> > >> > > > > When building up MPLS networks I use normaly these steps: > > > > 1) configure interface etc. make sure you mpls-enabled the interfaces > > doing MPLS. I normaly assign loopback IPs on all routers (at least do it > > on the PE) > > 2) setup and start ospf > > 3) make sure you get all routes and you're able to ping all loopbacks. > > 4) setup and start ldpd > > 5) check the routing tables and make sure that you get labels. > > 6) ping and traceroute -v various IPs and see if they actually use MPLS. > > 7) setup and start bgpd on the two PE routers (best is to use the loopback > > IPs here for the MPLS VPN connection). > > > > In your case I think the problem is in step 4-6. > > According to your output from PE1: > > 10.10.11.1/32 10.10.11.1 19 Untagged yes > > 10.10.12.1/32 10.0.11.1 20 Untagged yes > > > > and > > > > 19 - LOCAL 10.10.11.1 UGT 0 6 33160 4 > > lo1 > > 20 - LOCAL 10.0.11.1 UGT 0 0 - > > 32 em2 > > > > It looks like the connection from PE1 to PE2 is not using MPLS. It looks > > like the ldp session between PE1 and the P router is not established.
