Try to set vrf-table-label in the VRFs. -- Matías
Leonard Giuliano escribió: > This is expected. Forwarding unicast packets across L3VPNs doesn't work > on olives, though as you can see, you should be able to get the control > plane up. Interestingly, mcast forwarding will work if you want to try > out MVPNs. > > Olives don't have a PFE, so some PFE stuff doesn't work. This is one > example of something that doesn't work. > > > -Lenny > > On Sun, 4 Nov 2007, Junaid wrote: > > -) Hi, > -) > -) I am testing MPLS L3VPNs on Olive. I have two directly connected PE > -) routers (olive1 and olive2) and one CE router (olive3) connected to > -) olive2. The PE routers share a /30 subnet on their connecting link > -) (fxp0s on both routers connected via tap interfaces). The loopbacks of > -) both the PE routers are statically routed on the other PE router (no > -) IGP used for simplicity). I have created a VRF named "VPN" on both > -) routers and put a one loopback interface each (other than the one use > -) for the PE routers) in the VRF. Also, the interface connecting CE > -) (olive3) to olive2 is also put in this VRF. Now, as indicated by > -) routing tables, my control plane as well as my data plane information > -) is as it should be, VPN routes are reaching from one PE to the other > -) and forwarding table has the next-hop defined correctly. I am able to > -) ping loopbacks in the VRFs from one PE to the other but I am unable to > -) ping (from olive1) the interface IPs of the PE-CE link and the > -) loopback of the CE router - the loopback of the CE router is > -) statically routed (inside the VRF) on olive2. Can any one help me on > -) this! > -) > -) A word about my olive environment; I have three olive instances on a > -) Windows machine booted via "jqemu". All the instantiated interfaces > -) are connected to "tap" interfaces on the host machine. All the tap > -) interfaces are bridged together - so we can assume that all interfaces > -) are connected on an L2 switch. I have also tested this situation by > -) connecting instances using sockets but I got the same result. However, > -) the all outputs below are based on the bridged version of the setup. > -) > -) Pertinent configs and outputs are as follows, I will really appreciate > -) any help on this :) > -) > -) ----------------------------------------- > -) [EMAIL PROTECTED]> show configuration > -) version 7.0R1.5; > -) system { > -) host-name olive1; > -) syslog { > -) file logs { > -) any any; > -) } > -) } > -) } > -) interfaces { > -) fxp0 { > -) unit 0 { > -) family inet { > -) address 10.0.0.1/24; > -) } > -) family mpls; > -) } > -) } > -) lo0 { > -) unit 0 { > -) family inet { > -) address 10.10.0.1/32; > -) } > -) } > -) unit 1 { > -) family inet { > -) address 192.168.1.254/32; > -) } > -) } > -) } > -) } > -) routing-options { > -) static { > -) route 10.10.0.2/32 next-hop 10.0.0.2; > -) } > -) router-id 10.10.0.1; > -) autonomous-system 64512; > -) } > -) protocols { > -) rsvp { > -) traceoptions { > -) file rsvp-logs world-readable; > -) flag all; > -) } > -) interface fxp0.0; > -) interface all; > -) } > -) mpls { > -) label-switched-path testp { > -) from 10.0.0.1; > -) to 10.0.0.2; > -) no-cspf; > -) } > -) interface fxp0.0; > -) } > -) bgp { > -) group o1to2 { > -) type internal; > -) neighbor 10.0.0.2 { > -) family inet-vpn { > -) unicast; > -) } > -) } > -) } > -) } > -) } > -) routing-instances { > -) VPN { > -) instance-type vrf; > -) interface lo0.1; > -) route-distinguisher 64512:1; > -) vrf-target target:64512:100; > -) } > -) } > -) > -) [EMAIL PROTECTED]> > -) > -) ----------------------------------------- > -) > -) [EMAIL PROTECTED]> show configuration > -) version 7.0R1.5; > -) system { > -) host-name olive2; > -) } > -) interfaces { > -) fxp0 { > -) unit 0 { > -) family inet { > -) address 10.0.0.2/24; > -) } > -) family mpls; > -) } > -) } > -) fxp1 { > -) unit 0 { > -) family inet { > -) address 10.1.0.1/24; > -) } > -) } > -) } > -) lo0 { > -) unit 0 { > -) family inet { > -) address 10.10.0.2/32; > -) } > -) } > -) unit 2 { > -) family inet { > -) address 192.168.2.254/32; > -) } > -) } > -) } > -) } > -) routing-options { > -) static { > -) route 10.10.0.1/32 next-hop 10.0.0.1; > -) } > -) router-id 10.10.0.2; > -) autonomous-system 64512; > -) } > -) protocols { > -) rsvp { > -) interface fxp0.0; > -) interface all; > -) } > -) mpls { > -) label-switched-path testp { > -) from 10.0.0.2; > -) to 10.0.0.1; > -) no-cspf; > -) } > -) interface fxp0.0; > -) } > -) bgp { > -) group o1to2 { > -) type internal; > -) neighbor 10.0.0.1 { > -) family inet-vpn { > -) unicast; > -) } > -) } > -) } > -) } > -) } > -) routing-instances { > -) VPN { > -) instance-type vrf; > -) interface lo0.2; > -) interface fxp1.0; > -) route-distinguisher 64512:2; > -) vrf-target target:64512:100; > -) routing-options { > -) static { > -) route 172.16.10.254/32 next-hop 10.1.0.2; > -) } > -) } > -) } > -) } > -) > -) [EMAIL PROTECTED]> > -) > -) > -) ----------------------------------------- > -) > -) [EMAIL PROTECTED]> show configuration > -) version 7.0R1.5; > -) system { > -) host-name olive3; > -) } > -) interfaces { > -) fxp0 { > -) unit 0 { > -) family inet { > -) address 10.1.0.2/24; > -) } > -) family mpls; > -) } > -) } > -) lo0 { > -) unit 0 { > -) family inet { > -) address 172.16.10.254/32; > -) } > -) } > -) } > -) } > -) routing-options { > -) static { > -) route 0.0.0.0/0 next-hop 10.1.0.1; > -) } > -) } > -) > -) > -) ----------------------------------------- > -) [EMAIL PROTECTED]> show route > -) > -) inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden) > -) + = Active Route, - = Last Active, * = Both > -) > -) 10.0.0.0/24 *[Direct/0] 00:12:57 > -) > via fxp0.0 > -) 10.0.0.1/32 *[Local/0] 00:12:57 > -) Local via fxp0.0 > -) 10.10.0.1/32 *[Direct/0] 00:12:57 > -) > via lo0.0 > -) 10.10.0.2/32 *[Static/5] 00:12:55 > -) > to 10.0.0.2 via fxp0.0 > -) > -) inet.3: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden) > -) + = Active Route, - = Last Active, * = Both > -) > -) 10.0.0.2/32 *[RSVP/7] 00:12:44, metric 65535 > -) > to 10.0.0.2 via fxp0.0, label-switched-path testp > -) > -) VPN.inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden) > -) + = Active Route, - = Last Active, * = Both > -) > -) 10.1.0.0/24 *[BGP/170] 00:12:37, localpref 100 > -) AS path: I > -) > to 10.0.0.2 via fxp0.0, label-switched-path testp > -) 172.16.10.254/32 *[BGP/170] 00:12:37, localpref 100 > -) AS path: I > -) > to 10.0.0.2 via fxp0.0, label-switched-path testp > -) 192.168.1.254/32 *[Direct/0] 00:12:55 > -) > via lo0.1 > -) 192.168.2.254/32 *[BGP/170] 00:12:37, localpref 100 > -) AS path: I > -) > to 10.0.0.2 via fxp0.0, label-switched-path testp > -) > -) mpls.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden) > -) + = Active Route, - = Last Active, * = Both > -) > -) 0 *[MPLS/0] 00:13:03, metric 1 > -) Receive > -) 1 *[MPLS/0] 00:13:03, metric 1 > -) Receive > -) 2 *[MPLS/0] 00:13:03, metric 1 > -) Receive > -) 100000 *[VPN/170] 00:12:37 > -) receive table VPN.inet.0, Pop > -) > -) bgp.l3vpn.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden) > -) + = Active Route, - = Last Active, * = Both > -) > -) 64512:2:10.1.0.0/24 > -) *[BGP/170] 00:12:37, localpref 100 > -) AS path: I > -) > to 10.0.0.2 via fxp0.0, label-switched-path testp > -) 64512:2:172.16.10.254/32 > -) *[BGP/170] 00:12:37, localpref 100 > -) AS path: I > -) > to 10.0.0.2 via fxp0.0, label-switched-path testp > -) 64512:2:192.168.2.254/32 > -) *[BGP/170] 00:12:37, localpref 100 > -) AS path: I > -) > to 10.0.0.2 via fxp0.0, label-switched-path testp > -) > -) __juniper_private1__.inet6.0: 1 destinations, 1 routes (1 active, 0 > holddown, 0 > -) hidden) > -) + = Active Route, - = Last Active, * = Both > -) > -) fe80::2aa:ff:fe00:101/128 > -) *[Direct/0] 00:12:55 > -) > via lo0.16385 > -) > -) [EMAIL PROTECTED]> > -) > -) > -) > -) ----------------------------------------- > -) [EMAIL PROTECTED]> show route > -) > -) inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden) > -) + = Active Route, - = Last Active, * = Both > -) > -) 10.0.0.0/24 *[Direct/0] 00:13:52 > -) > via fxp0.0 > -) 10.0.0.2/32 *[Local/0] 00:13:52 > -) Local via fxp0.0 > -) 10.10.0.1/32 *[Static/5] 00:13:51 > -) > to 10.0.0.1 via fxp0.0 > -) 10.10.0.2/32 *[Direct/0] 00:13:52 > -) > via lo0.0 > -) > -) inet.3: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden) > -) + = Active Route, - = Last Active, * = Both > -) > -) 10.0.0.1/32 *[RSVP/7] 00:13:48, metric 65535 > -) > to 10.0.0.1 via fxp0.0, label-switched-path testp > -) > -) VPN.inet.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden) > -) + = Active Route, - = Last Active, * = Both > -) > -) 10.1.0.0/24 *[Direct/0] 00:13:53 > -) > via fxp1.0 > -) 10.1.0.1/32 *[Local/0] 00:13:53 > -) Local via fxp1.0 > -) 172.16.10.254/32 *[Static/5] 00:13:52 > -) > to 10.1.0.2 via fxp1.0 > -) 192.168.1.254/32 *[BGP/170] 00:13:42, localpref 100 > -) AS path: I > -) > to 10.0.0.1 via fxp0.0, label-switched-path testp > -) 192.168.2.254/32 *[Direct/0] 00:13:53 > -) > via lo0.2 > -) > -) mpls.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden) > -) + = Active Route, - = Last Active, * = Both > -) > -) 0 *[MPLS/0] 00:13:56, metric 1 > -) Receive > -) 1 *[MPLS/0] 00:13:56, metric 1 > -) Receive > -) 2 *[MPLS/0] 00:13:56, metric 1 > -) Receive > -) 100000 *[VPN/170] 00:13:43 > -) > to 10.1.0.2 via fxp1.0, Pop > -) 100016 *[VPN/170] 00:13:43 > -) receive table VPN.inet.0, Pop > -) > -) bgp.l3vpn.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden) > -) + = Active Route, - = Last Active, * = Both > -) > -) 64512:1:192.168.1.254/32 > -) *[BGP/170] 00:13:42, localpref 100 > -) AS path: I > -) > to 10.0.0.1 via fxp0.0, label-switched-path testp > -) > -) __juniper_private1__.inet6.0: 1 destinations, 1 routes (1 active, 0 > holddown, 0 > -) hidden) > -) + = Active Route, - = Last Active, * = Both > -) > -) fe80::2aa:ff:fe00:103/128 > -) *[Direct/0] 00:13:52 > -) > via lo0.16385 > -) > -) [EMAIL PROTECTED]> > -) > -) > -) ----------------------------------------- > -) > -) [EMAIL PROTECTED]> show route > -) > -) inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden) > -) + = Active Route, - = Last Active, * = Both > -) > -) 0.0.0.0/0 *[Static/5] 00:06:47 > -) > to 10.1.0.1 via fxp0.0 > -) 10.1.0.0/24 *[Direct/0] 00:06:49 > -) > via fxp0.0 > -) 10.1.0.2/32 *[Local/0] 00:06:49 > -) Local via fxp0.0 > -) 172.16.10.254/32 *[Direct/0] 00:06:48 > -) > via lo0.0 > -) > -) __juniper_private1__.inet6.0: 1 destinations, 1 routes (1 active, 0 > holddown, 0 > -) hidden) > -) + = Active Route, - = Last Active, * = Both > -) > -) fe80::2aa:ff:fe00:105/128 > -) *[Direct/0] 00:06:48 > -) > via lo0.16385 > -) > -) [EMAIL PROTECTED]> > -) > -) > -) ----------------------------------------- > -) > -) >From olive1 I am able to ping 192.168.2.254 which is the loopback on > -) olive2 in the VRF: > -) > -) [EMAIL PROTECTED]> ping 192.168.2.254 > -) PING 192.168.2.254 (192.168.2.254): 56 data bytes > -) ping: sendto: No route to host > -) > -) ^C > -) --- 192.168.2.254 ping statistics --- > -) 1 packets transmitted, 0 packets received, 100% packet loss > -) > -) [EMAIL PROTECTED]> ping 192.168.2.254 routing-instance VPN > -) PING 192.168.2.254 (192.168.2.254): 56 data bytes > -) 64 bytes from 192.168.2.254: icmp_seq=0 ttl=255 time=142.953 ms > -) 64 bytes from 192.168.2.254: icmp_seq=1 ttl=255 time=1.657 ms > -) 64 bytes from 192.168.2.254: icmp_seq=2 ttl=255 time=4.885 ms > -) > -) ^C > -) --- 192.168.2.254 ping statistics --- > -) 3 packets transmitted, 3 packets received, 0% packet loss > -) round-trip min/avg/max/stddev = 1.657/49.832/142.953/65.860 ms > -) > -) Similarly I can ping the loopback in VRF on olive1 from olive2 (output > -) not shown). > -) > -) ----------------------------------------- > -) > -) Also, I am unable to ping the interface IPs on the link shared by > -) olive2 and CE router from olive1. > -) > -) [EMAIL PROTECTED]> ping 10.1.0.1 routing-instance VPN > -) PING 10.1.0.1 (10.1.0.1): 56 data bytes > -) ^C > -) --- 10.1.0.1 ping statistics --- > -) 5 packets transmitted, 0 packets received, 100% packet loss > -) > -) [EMAIL PROTECTED]> > -) > -) [EMAIL PROTECTED]> ping 10.1.0.2 routing-instance VPN > -) PING 10.1.0.2 (10.1.0.2): 56 data bytes > -) ^C > -) --- 10.1.0.2 ping statistics --- > -) 5 packets transmitted, 0 packets received, 100% packet loss > -) > -) [EMAIL PROTECTED]> > -) > -) ----------------------------------------- > -) > -) However, I am unable to ping the loopback on CE from olive1 while I > -) can ping it from Olive2: > -) > -) [EMAIL PROTECTED]> ping 172.16.10.254 routing-instance VPN > -) PING 172.16.10.254 (172.16.10.254): 56 data bytes > -) ^C > -) --- 172.16.10.254 ping statistics --- > -) 7 packets transmitted, 0 packets received, 100% packet loss > -) > -) > -) > -) [EMAIL PROTECTED]> ping 172.16.10.254 routing-instance VPN > -) PING 172.16.10.254 (172.16.10.254): 56 data bytes > -) 64 bytes from 172.16.10.254: icmp_seq=0 ttl=255 time=47.467 ms > -) 64 bytes from 172.16.10.254: icmp_seq=1 ttl=255 time=3.266 ms > -) 64 bytes from 172.16.10.254: icmp_seq=2 ttl=255 time=4.939 ms > -) 64 bytes from 172.16.10.254: icmp_seq=3 ttl=255 time=3.078 ms > -) > -) ^C > -) --- 172.16.10.254 ping statistics --- > -) 4 packets transmitted, 4 packets received, 0% packet loss > -) round-trip min/avg/max/stddev = 3.078/14.688/47.467/18.939 ms > -) > -) > -) > -) ----------------------------------------- > -) > -) Sniffing on the CORE interface on olive2 while pinging the loopback on > -) CE from olive1 shows that ICMP (MPLS) packets are received from olive1 > -) with the correct VPN label but strangely olive2 routers seems to DROP > -) THEM SILENTLY. I have sniffed on CE but no packet is received on its > -) interface! > -) > -) > -) [EMAIL PROTECTED]> monitor traffic interface fxp0 extensive > -) Listening on fxp0, capture size 96 bytes > -) > -) 14:52:12.818208 In 0:aa:0:0:1:1 0:aa:0:0:1:3 8847 102: MPLS (label > -) 100000, exp 0, [S], ttl 255) > -) (tos 0x0, ttl 255, id 29970, offset 0, flags [none], proto: > -) ICMP (1), length: 84) 192.168.1.254 > 172.16.10.254: ICMP echo request > -) seq 14080, length 64 > -) > -) 14:52:13.253471 In 0:aa:0:0:1:1 0:aa:0:0:1:3 8847 102: MPLS (label > -) 100000, exp 0, [S], ttl 255) > -) (tos 0x0, ttl 255, id 29971, offset 0, flags [none], proto: > -) ICMP (1), length: 84) 192.168.1.254 > 172.16.10.254: ICMP echo request > -) seq 14336, length 64 > -) > -) 14:52:13.680046 In 0:aa:0:0:1:1 0:aa:0:0:1:3 8847 102: MPLS (label > -) 100000, exp 0, [S], ttl 255) > -) (tos 0x0, ttl 255, id 29972, offset 0, flags [none], proto: > -) ICMP (1), length: 84) 192.168.1.254 > 172.16.10.254: ICMP echo request > -) seq 14592, length 64 > -) > -) 14:52:14.115719 In 0:aa:0:0:1:1 0:aa:0:0:1:3 8847 102: MPLS (label > -) 100000, exp 0, [S], ttl 255) > -) (tos 0x0, ttl 255, id 29973, offset 0, flags [none], proto: > -) ICMP (1), length: 84) 192.168.1.254 > 172.16.10.254: ICMP echo request > -) seq 14848, length 64 > -) > -) 14:52:14.549708 In 0:aa:0:0:1:1 0:aa:0:0:1:3 8847 102: MPLS (label > -) 100000, exp 0, [S], ttl 255) > -) (tos 0x0, ttl 255, id 29974, offset 0, flags [none], proto: > -) ICMP (1), length: 84) 192.168.1.254 > 172.16.10.254: ICMP echo request > -) seq 15104, length 64 > -) > -) 14:52:14.984292 In 0:aa:0:0:1:1 0:aa:0:0:1:3 8847 102: MPLS (label > -) 100000, exp 0, [S], ttl 255) > -) (tos 0x0, ttl 255, id 29975, offset 0, flags [none], proto: > -) ICMP (1), length: 84) 192.168.1.254 > 172.16.10.254: ICMP echo request > -) seq 15360, length 64 > -) > -) 14:52:15.419728 In 0:aa:0:0:1:1 0:aa:0:0:1:3 8847 102: MPLS (label > -) 100000, exp 0, [S], ttl 255) > -) (tos 0x0, ttl 255, id 29976, offset 0, flags [none], proto: > -) ICMP (1), length: 84) 192.168.1.254 > 172.16.10.254: ICMP echo request > -) seq 15616, length 64 > -) > -) 14:52:15.849263 In 0:aa:0:0:1:1 0:aa:0:0:1:3 8847 102: MPLS (label > -) 100000, exp 0, [S], ttl 255) > -) (tos 0x0, ttl 255, id 29977, offset 0, flags [none], proto: > -) ICMP (1), length: 84) 192.168.1.254 > 172.16.10.254: ICMP echo request > -) seq 15872, length 64 > -) > -) 14:52:16.288540 In 0:aa:0:0:1:1 0:aa:0:0:1:3 8847 102: MPLS (label > -) 100000, exp 0, [S], ttl 255) > -) (tos 0x0, ttl 255, id 29978, offset 0, flags [none], proto: > -) ICMP (1), length: 84) 192.168.1.254 > 172.16.10.254: ICMP echo request > -) seq 16128, length 64 > -) > -) 14:52:16.718826 In 0:aa:0:0:1:1 0:aa:0:0:1:3 8847 102: MPLS (label > -) 100000, exp 0, [S], ttl 255) > -) (tos 0x0, ttl 255, id 29979, offset 0, flags [none], proto: > -) ICMP (1), length: 84) 192.168.1.254 > 172.16.10.254: ICMP echo request > -) seq 16384, length 64 > -) > -) 14:52:17.434696 In 0:aa:0:0:1:1 0:aa:0:0:1:3 8847 102: MPLS (label > -) 100000, exp 0, [S], ttl 255) > -) (tos 0x0, ttl 255, id 29980, offset 0, flags [none], proto: > -) ICMP (1), length: 84) 192.168.1.254 > 172.16.10.254: ICMP echo request > -) seq 16640, length 64 > -) > -) 14:52:17.616305 Out 0:aa:0:0:1:3 0:aa:0:0:1:1 ip 85: (tos 0xc0, ttl > -) 64, id 18716, offset 0, flags [none], proto: TCP (6), length: 71) > -) 10.0.0.2.4944 > 10.0.0.1.bgp: P 92357182:92357201(19) ack 3673416124 > -) win 16486 <nop,nop > -) ,timestamp 249499 252521>: BGP, length: 19 > -) Keepalive Message (4), length: 19 > -) > -) 14:52:17.659058 In 0:aa:0:0:1:1 0:aa:0:0:1:3 ip 66: (tos 0xc0, ttl > -) 64, id 29981, offset 0, flags [none], proto: TCP (6), length: 52) > -) 10.0.0.1.bgp > 10.0.0.2.4944: . 1:1(0) ack 19 win 16384 > -) <nop,nop,timestamp 256336 24949 > -) 9> > -) > -) 14:52:17.864884 In 0:aa:0:0:1:1 0:aa:0:0:1:3 8847 102: MPLS (label > -) 100000, exp 0, [S], ttl 255) > -) (tos 0x0, ttl 255, id 29982, offset 0, flags [none], proto: > -) ICMP (1), length: 84) 192.168.1.254 > 172.16.10.254: ICMP echo request > -) seq 16896, length 64 > -) > -) ^C > -) 20 packets received by filter > -) 0 packets dropped by kernel > -) > -) [EMAIL PROTECTED]> > -) > -) ----------------------------------------- > -) > -) > -) Regards, > -) > -) JunaidM > -) _______________________________________________ > -) juniper-nsp mailing list juniper-nsp@puck.nether.net > -) https://puck.nether.net/mailman/listinfo/juniper-nsp > -) > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp