Hi Claudio,
Thanks, I'll report back to you after I'm done with my first test.
On Mon, 24 May 2010 20:11:46 +0700, Claudio Jeker
<cje...@diehard.n-r-g.com> wrote:
On Mon, May 24, 2010 at 05:23:00PM +0700, Insan Praja SW wrote:
Hi Misc@,
Before I begin to test OpenBGPD mpls VPN support on current, is
there any hints on route-leaking, and an example/hints to make a
complete setup MPLS cloud and MPLS/VPN on a network.
In my later experiences using OpenBSD, I use pf with rtable to make
a VPN-like network without isolation on the network. Now I need to
know if there are ways to have a semi-isolated network when using
rdomain or anything like it.
Passing traffic between VPNs is either done in pf(4) by setting the
rtable
on a rule or by importing routes in BGP (import/export-target).
The first method is much more flexible but more static.
First of all you need the attached diff to play with the kernel MPLS
part.
With that in you can start playing with the various parts.
1. You need to MPLS enable the interfaces that do MPLS
In my test I use a vlan for this:
# more /etc/hostname.vlan2003
vlan 2003 vlandev sis0
inet 10.83.128.26 255.255.255.248 NONE
mpls
2. Then it is best to have a loopback interface:
# more /etc/hostname.lo1
inet 10.83.66.23 255.255.255.255 NONE
3. LDP config:
router-id 10.83.66.23
distribution independent
retention liberal
advertisement unsolicited
interface lo1 {
}
interface vlan2003 {
}
4. I use ospfd as IGP, there is nothing special needed here.
5. create a rdomain 1:
# more /etc/hostname.vlan2017
rdomain 1
vlan 2017 vlandev sis0
inet 192.168.220.1 255.255.255.0
6. create a mpe(4) in rdomain 1:
# more /etc/hostname.mpe0
rdomain 1 mplslabel 543
inet 10.83.66.129 255.255.255.255
Note: it is necessary to have an IP on mpe(4) but it does not matter
which
one you pick. I normaly use the loopback IP but maybe using the vlan2017
IP would be smarter.
7. BGP config:
AS 65003
router-id 10.83.66.23
listen on 10.83.66.23
rdomain 1 {
descr "CUSTOMER1"
rd 65003:1
import-target rt 65003:1
export-target rt 65003:1
depend on mpe0
network 192.168.220/24
}
group ibgp {
announce IPv4 unicast
announce IPv4 vpn
remote-as 65003
local-address 10.83.66.23
neighbor 10.83.66.2 {
descr c2
}
}
Start ospfd, bgpd, and ldpd and hope for the best (check that all
sessions
come up). Setup something similar on a second system.
Use e.g. ping -V1 -I 192.168.220.1 192.168.221.1 to test the VPN.
It is possible to use gif/gre instead of LDP -- just use a gre interface
in point 1 and skip everyting that needs LDP.
Thanks,
--
insandotpraja(at)gmaildotcom
