Re: Route Target Import / Export in bgpd
Hi Claudio, I've been running your patch for a while now with no issues at all, thanks! I'm still having the problem below, have you seen that somewhere else? Rimi Le 8 avr. 2012 ` 16:26, Rimi Philippe a icrit : PE2 marks the route as announced, but doesn't announce it. It's really clear in the syslog System Reboot: Apr 8 16:10:43 g-fw1 bgpd[26997]: Rib Loc-RIB: neighbor 1.1.0.21 (v-gw1) AS65100: update rd 2.2.2.2:40 10.0.0.0/24 via 1.1.0.21 Apr 8 16:10:43 g-fw1 bgpd[26997]: Rib Loc-RIB: neighbor 1.1.0.21 (v-gw1) AS65100: update rd 2.2.2.2:20 172.16.39.0/24 via 1.1.0.21 Apr 8 16:10:43 g-fw1 bgpd[26997]: Rib Loc-RIB: neighbor 1.1.0.21 (v-gw1) AS65100: update rd 2.2.2.2:99 A.A.A.A/28 via 1.1.0.21 Apr 8 16:10:43 g-fw1 bgpd[12809]: nexthop 1.1.0.21 now valid: via 1.1.0.12 Config edit and bgpctl reload on PE2 Apr 8 16:14:11 g-fw1 bgpd[26997]: Rib Loc-RIB: neighbor 1.1.0.21 (v-gw1) AS65100: update rd 2.2.2.2:99 C.C.C.C/28 via 1.1.0.21 Here are the outputs Error State: PE1 # bgpctl show fib table 99 flags: * = valid, B = BGP, C = Connected, S = Static N = BGP Nexthop reachable via this route r = reject route, b = blackhole route flags prio destination gateway *S 8 0.0.0.0/01.2.0.1 *C 0 127.0.0.0/8 link#0 *4 1.2.0.1/321.2.0.1 *B 48 A.A.A.A/28 1.1.0.12 *C 0 ::1/128 link#0 # bgpctl show rib VPNv4 flags: * = Valid, = Selected, I = via IBGP, A = Announced origin: i = IGP, e = EGP, ? = Incomplete flags destination gateway lpref med aspath origin AI* rd 1.1.1.1:99 0.0.0.0/0 rd 0:0 0.0.0.0 100 0 i I* rd 2.2.2.2:40 10.0.0.0/24 1.1.0.12 100 0 i AI* rd 1.1.1.1:40 10.1.0.0/24 rd 0:0 0.0.0.0 100 0 i AI* rd 1.1.1.1:30 172.16.33.0/24 rd 0:0 0.0.0.0 100 0 i AI* rd 1.1.1.1:20 172.16.35.0/24 rd 0:0 0.0.0.0 100 0 i AI* rd 1.1.1.1:50 172.16.36.0/24 rd 0:0 0.0.0.0 100 0 i I* rd 2.2.2.2:20 172.16.39.0/24 1.1.0.12 100 0 i AI* rd 1.1.1.1:99 1.2.0.1/32 rd 0:0 0.0.0.0 100 0 i I* rd 2.2.2.2:99 A.A.A.A/28 1.1.0.12 100 0 i PE2 Config rdomain 99 { descr Public rd 2.2.2.2:99 import-target rt 2.2.2.2:99 import-target rt 1.1.1.1:99 export-target rt 2.2.2.2:99 depend on mpe99 network A.A.A.A/28 network C.C.C.C/28 set nexthop 1.1.0.12 } # bgpctl show fib table 99 flags: * = valid, B = BGP, C = Connected, S = Static N = BGP Nexthop reachable via this route r = reject route, b = blackhole route flags prio destination gateway *B 48 0.0.0.0/01.1.0.21 *C 0 127.0.0.0/8 link#0 *B 48 1.2.0.1/321.1.0.21 *C 4 A.A.A.A/28 link#2 *S 8 B.B.B.B/28 1.3.0.1 *S 8 C.C.C.C/28 1.3.0.1 *C 0 ::1/128 link#0 # bgpctl show rib VPNv4 flags: * = Valid, = Selected, I = via IBGP, A = Announced origin: i = IGP, e = EGP, ? = Incomplete flags destination gateway lpref med aspath origin I* rd 1.1.1.1:99 0.0.0.0/0 1.1.0.21 100 0 i AI* rd 2.2.2.2:40 10.0.0.0/24 rd 0:0 0.0.0.0 100 0 i I* rd 1.1.1.1:40 10.1.0.0/24 1.1.0.21 100 0 i I* rd 1.1.1.1:30 172.16.33.0/24 1.1.0.21 100 0 i I* rd 1.1.1.1:20 172.16.35.0/24 1.1.0.21 100 0 i I* rd 1.1.1.1:50 172.16.36.0/24 1.1.0.21 100 0 i AI* rd 2.2.2.2:20 172.16.39.0/24 rd 0:0 0.0.0.0 100 0 i I* rd 1.1.1.1:99 1.2.0.1/32 1.1.0.21 100 0 i AI* rd 2.2.2.2:99 A.A.A.A/28 rd 0:0 0.0.0.0 100 0 i AI* rd 2.2.2.2:99 C.C.C.C/28 rd 0:0 0.0.0.0 100 0 i Working State (after changing PE2 config and running bgpctl reload) PE1 # bgpctl show fib table 99 flags: * = valid, B = BGP, C = Connected, S = Static N = BGP Nexthop reachable via this route r = reject route, b = blackhole route flags prio destination gateway *S 8 0.0.0.0/01.2.0.1 *C 0 127.0.0.0/8 link#0 *4 1.2.0.1/321.2.0.1 *B 48 A.A.A.A/28 1.1.0.12 *B 48 C.C.C.C/28 1.1.0.12 *C 0 ::1/128 link#0 # bgpctl show rib VPNv4 flags: * = Valid, = Selected, I = via IBGP, A = Announced origin: i = IGP, e = EGP, ? = Incomplete flags destination gateway lpref med aspath origin AI* rd 1.1.1.1:99 0.0.0.0/0 rd 0:0 0.0.0.0 100 0 i I* rd 2.2.2.2:40 10.0.0.0/24 1.1.0.12 100 0 i AI* rd 1.1.1.1:40 10.1.0.0/24 rd 0:0 0.0.0.0 100 0 i AI* rd 1.1.1.1:30 172.16.33.0/24 rd 0:0 0.0.0.0 100 0 i AI* rd 1.1.1.1:20 172.16.35.0/24 rd 0:0 0.0.0.0 100 0 i AI* rd 1.1.1.1:50 172.16.36.0/24 rd 0:0 0.0.0.0 100 0 i I* rd 2.2.2.2:20 172.16.39.0/24 1.1.0.12 100 0 i AI* rd 1.1.1.1:99 1.2.0.1/32 rd 0:0
Re: Route Target Import / Export in bgpd
On Sun, Apr 08, 2012 at 12:56:52AM +0200, Rimi Philippe wrote: Hi Claudio, just finished building it all and it seems it works great, very impressive. Thank you! I'll be running a few tests tomorrow to see if it's stable on the lab, I'll keep you posted. BTW when testing some network statements I think I might have hit a bug. A.A.A.A is a connected route B.B.B.B is a static route (route -T 99 add B.B.B.B/28 3.3.3.3) Config: rdomain 99 { rd 1.1.1.1:99 import-target rt 1.1.1.1:99 import-target rt 2.2.2.2:99 export-target rt 1.1.1.1:99 depend on mpe99 network A.A.A.A/28 network B.B.B.B/28 } With this config, on PE2 I never get any BGP updates for B.B.B.B (even though it's marked as announced on PE1). Now I edit the config : network B.B.B.B/28 set nexthop self +bgpctl reload Route is now announced and I get the update on PE2, everything ok. Any ideas? Please look with bgpctl show fib table 99 and bgpctl show rib VPNv4 if the prefix is showing up. Because it does work for me (with my very limited testing). -- :wq Claudio
Re: Route Target Import / Export in bgpd
PE2 marks the route as announced, but doesn't announce it. It's really clear in the syslog System Reboot: Apr 8 16:10:43 g-fw1 bgpd[26997]: Rib Loc-RIB: neighbor 1.1.0.21 (v-gw1) AS65100: update rd 2.2.2.2:40 10.0.0.0/24 via 1.1.0.21 Apr 8 16:10:43 g-fw1 bgpd[26997]: Rib Loc-RIB: neighbor 1.1.0.21 (v-gw1) AS65100: update rd 2.2.2.2:20 172.16.39.0/24 via 1.1.0.21 Apr 8 16:10:43 g-fw1 bgpd[26997]: Rib Loc-RIB: neighbor 1.1.0.21 (v-gw1) AS65100: update rd 2.2.2.2:99 A.A.A.A/28 via 1.1.0.21 Apr 8 16:10:43 g-fw1 bgpd[12809]: nexthop 1.1.0.21 now valid: via 1.1.0.12 Config edit and bgpctl reload on PE2 Apr 8 16:14:11 g-fw1 bgpd[26997]: Rib Loc-RIB: neighbor 1.1.0.21 (v-gw1) AS65100: update rd 2.2.2.2:99 C.C.C.C/28 via 1.1.0.21 Here are the outputs Error State: PE1 # bgpctl show fib table 99 flags: * = valid, B = BGP, C = Connected, S = Static N = BGP Nexthop reachable via this route r = reject route, b = blackhole route flags prio destination gateway *S 8 0.0.0.0/01.2.0.1 *C 0 127.0.0.0/8 link#0 *4 1.2.0.1/321.2.0.1 *B 48 A.A.A.A/28 1.1.0.12 *C 0 ::1/128 link#0 # bgpctl show rib VPNv4 flags: * = Valid, = Selected, I = via IBGP, A = Announced origin: i = IGP, e = EGP, ? = Incomplete flags destination gateway lpref med aspath origin AI* rd 1.1.1.1:99 0.0.0.0/0 rd 0:0 0.0.0.0 100 0 i I* rd 2.2.2.2:40 10.0.0.0/24 1.1.0.12 100 0 i AI* rd 1.1.1.1:40 10.1.0.0/24 rd 0:0 0.0.0.0 100 0 i AI* rd 1.1.1.1:30 172.16.33.0/24 rd 0:0 0.0.0.0 100 0 i AI* rd 1.1.1.1:20 172.16.35.0/24 rd 0:0 0.0.0.0 100 0 i AI* rd 1.1.1.1:50 172.16.36.0/24 rd 0:0 0.0.0.0 100 0 i I* rd 2.2.2.2:20 172.16.39.0/24 1.1.0.12 100 0 i AI* rd 1.1.1.1:99 1.2.0.1/32 rd 0:0 0.0.0.0 100 0 i I* rd 2.2.2.2:99 A.A.A.A/28 1.1.0.12 100 0 i PE2 Config rdomain 99 { descr Public rd 2.2.2.2:99 import-target rt 2.2.2.2:99 import-target rt 1.1.1.1:99 export-target rt 2.2.2.2:99 depend on mpe99 network A.A.A.A/28 network C.C.C.C/28 set nexthop 1.1.0.12 } # bgpctl show fib table 99 flags: * = valid, B = BGP, C = Connected, S = Static N = BGP Nexthop reachable via this route r = reject route, b = blackhole route flags prio destination gateway *B 48 0.0.0.0/01.1.0.21 *C 0 127.0.0.0/8 link#0 *B 48 1.2.0.1/321.1.0.21 *C 4 A.A.A.A/28 link#2 *S 8 B.B.B.B/28 1.3.0.1 *S 8 C.C.C.C/28 1.3.0.1 *C 0 ::1/128 link#0 # bgpctl show rib VPNv4 flags: * = Valid, = Selected, I = via IBGP, A = Announced origin: i = IGP, e = EGP, ? = Incomplete flags destination gateway lpref med aspath origin I* rd 1.1.1.1:99 0.0.0.0/0 1.1.0.21 100 0 i AI* rd 2.2.2.2:40 10.0.0.0/24 rd 0:0 0.0.0.0 100 0 i I* rd 1.1.1.1:40 10.1.0.0/24 1.1.0.21 100 0 i I* rd 1.1.1.1:30 172.16.33.0/24 1.1.0.21 100 0 i I* rd 1.1.1.1:20 172.16.35.0/24 1.1.0.21 100 0 i I* rd 1.1.1.1:50 172.16.36.0/24 1.1.0.21 100 0 i AI* rd 2.2.2.2:20 172.16.39.0/24 rd 0:0 0.0.0.0 100 0 i I* rd 1.1.1.1:99 1.2.0.1/32 1.1.0.21 100 0 i AI* rd 2.2.2.2:99 A.A.A.A/28 rd 0:0 0.0.0.0 100 0 i AI* rd 2.2.2.2:99 C.C.C.C/28 rd 0:0 0.0.0.0 100 0 i Working State (after changing PE2 config and running bgpctl reload) PE1 # bgpctl show fib table 99 flags: * = valid, B = BGP, C = Connected, S = Static N = BGP Nexthop reachable via this route r = reject route, b = blackhole route flags prio destination gateway *S 8 0.0.0.0/01.2.0.1 *C 0 127.0.0.0/8 link#0 *4 1.2.0.1/321.2.0.1 *B 48 A.A.A.A/28 1.1.0.12 *B 48 C.C.C.C/28 1.1.0.12 *C 0 ::1/128 link#0 # bgpctl show rib VPNv4 flags: * = Valid, = Selected, I = via IBGP, A = Announced origin: i = IGP, e = EGP, ? = Incomplete flags destination gateway lpref med aspath origin AI* rd 1.1.1.1:99 0.0.0.0/0 rd 0:0 0.0.0.0 100 0 i I* rd 2.2.2.2:40 10.0.0.0/24 1.1.0.12 100 0 i AI* rd 1.1.1.1:40 10.1.0.0/24 rd 0:0 0.0.0.0 100 0 i AI* rd 1.1.1.1:30 172.16.33.0/24 rd 0:0 0.0.0.0 100 0 i AI* rd 1.1.1.1:20 172.16.35.0/24 rd 0:0 0.0.0.0 100 0 i AI* rd 1.1.1.1:50 172.16.36.0/24 rd 0:0 0.0.0.0 100 0 i I* rd 2.2.2.2:20 172.16.39.0/24 1.1.0.12 100 0 i AI* rd 1.1.1.1:99 1.2.0.1/32 rd 0:0 0.0.0.0 100 0 i I* rd 2.2.2.2:99 A.A.A.A/28 1.1.0.12 100 0 i I* rd 2.2.2.2:99 C.C.C.C/28 1.1.0.12 100 0 i PE2 Config rdomain 99 { descr Public rd 2.2.2.2:99 import-target rt 2.2.2.2:99 import-target rt
Re: Route Target Import / Export in bgpd
On Wed, Apr 04, 2012 at 10:08:48PM +0200, Rimi Philippe wrote: Hi Claudio, It works at 90% thanks. The last 10% are still not working. On PE1 I have 2 Rdomains (20,30) and PE2 1 rdomain (20). On PE1 I want the rdomain 20 routes to be imported in rdomain 30 (locally), but that doesn't seem to work locally, here are the details. The last 10% are the hardest ones. The following kernel and bgpd diffs should do the trick. The kernel diff is needed to forward traffic directly between mpe(4) interfaces. The bgpd diff makes sure that the MPLS routes are inserted into the other VPNs on the same router. This works for me but is not heavily tested please test. -- :wq Claudio Index: net/if_mpe.c === RCS file: /cvs/src/sys/net/if_mpe.c,v retrieving revision 1.26 diff -u -p -r1.26 if_mpe.c --- net/if_mpe.c20 Aug 2011 06:21:32 - 1.26 +++ net/if_mpe.c7 Apr 2012 13:44:42 - @@ -145,6 +145,7 @@ mpestart(struct ifnet *ifp) struct mbuf *m; struct sockaddr *sa = (struct sockaddr *)mpedst; int s; + int loop = 0; sa_family_t af; struct rtentry *rt; @@ -166,19 +167,22 @@ mpestart(struct ifnet *ifp) bcopy(mtod(m, caddr_t), satosin(sa)-sin_addr, sizeof(in_addr_t)); m_adj(m, sizeof(in_addr_t)); + if (satosin(sa)-sin_addr.s_addr == INADDR_LOOPBACK) + loop = 1; break; default: m_freem(m); continue; } - rt = rtalloc1(sa, RT_REPORT, 0); - if (rt == NULL) { - /* no route give up */ - m_freem(m); - continue; + if (!loop) { + rt = rtalloc1(sa, RT_REPORT, 0); + if (rt == NULL) { + /* no route give up */ + m_freem(m); + continue; + } } - #if NBPFILTER 0 if (ifp-if_bpf) { /* remove MPLS label before passing packet to bpf */ @@ -191,11 +195,16 @@ mpestart(struct ifnet *ifp) m-m_pkthdr.len += sizeof(struct shim_hdr); } #endif - /* XXX lie, but mpls_output will only look at sa_family */ - sa-sa_family = AF_MPLS; - - mpls_output(rt-rt_ifp, m, sa, rt); - RTFREE(rt); + if (!loop) { + /* XXX lie, but mpls_output looks only at sa_family */ + sa-sa_family = AF_MPLS; + mpls_output(rt-rt_ifp, m, sa, rt); + RTFREE(rt); + } else { + /* local packet directly inject into input path */ + schednetisr(NETISR_MPLS); + IF_INPUT_ENQUEUE(mplsintrq, m); + } } } @@ -207,6 +216,7 @@ mpeoutput(struct ifnet *ifp, struct mbuf int s; int error; int off; + in_addr_t addr = INADDR_LOOPBACK; u_int8_top = 0; #ifdef DIAGNOSTIC @@ -248,8 +258,10 @@ mpeoutput(struct ifnet *ifp, struct mbuf goto out; } *mtod(m, sa_family_t *) = AF_INET; + if (!rt || rt-rt_flags RTF_GATEWAY) + addr = satosin(dst)-sin_addr.s_addr; m_copyback(m, sizeof(sa_family_t), sizeof(in_addr_t), - (caddr_t)((satosin(dst)-sin_addr)), M_NOWAIT); + addr, M_NOWAIT); break; #endif default: Index: netmpls/mpls_input.c === RCS file: /cvs/src/sys/netmpls/mpls_input.c,v retrieving revision 1.32 diff -u -p -r1.32 mpls_input.c --- netmpls/mpls_input.c6 Jul 2011 02:42:28 - 1.32 +++ netmpls/mpls_input.c7 Apr 2012 13:45:16 - @@ -101,7 +101,7 @@ mpls_input(struct mbuf *m) u_int8_t ttl; int i, s, hasbos; - if (!ISSET(ifp-if_xflags, IFXF_MPLS)) { + if (!ISSET(ifp-if_xflags, IFXF_MPLS) ifp-if_type != IFT_MPLS) { m_freem(m); return; } Index: kroute.c === RCS file: /cvs/src/usr.sbin/bgpd/kroute.c,v retrieving revision 1.188 diff -u -p -r1.188 kroute.c --- kroute.c1 May 2011 12:56:04 - 1.188 +++ kroute.c7 Apr 2012 12:40:46 - @@ -2555,7 +2555,7 @@ send_rtmsg(int fd, int action, struct kt struct { struct sockaddr_dl dl;
Re: Route Target Import / Export in bgpd
Hi Claudio, just finished building it all and it seems it works great, very impressive. Thank you! I'll be running a few tests tomorrow to see if it's stable on the lab, I'll keep you posted. BTW when testing some network statements I think I might have hit a bug. A.A.A.A is a connected route B.B.B.B is a static route (route -T 99 add B.B.B.B/28 3.3.3.3) Config: rdomain 99 { rd 1.1.1.1:99 import-target rt 1.1.1.1:99 import-target rt 2.2.2.2:99 export-target rt 1.1.1.1:99 depend on mpe99 network A.A.A.A/28 network B.B.B.B/28 } With this config, on PE2 I never get any BGP updates for B.B.B.B (even though it's marked as announced on PE1). Now I edit the config : network B.B.B.B/28 set nexthop self +bgpctl reload Route is now announced and I get the update on PE2, everything ok. I reboot the machine with the exact same config, route is gone on PE2. I edit the config (INTFADDR being the same address than with self) network B.B.B.B/28 set nexthop INTFADDR +bgpctl reload Route gets to PE2. Reboot ... Same problem. I switch back to self and the routes comes in again. The problem is easily reproducible and occurs every time (reboot or process kill). Any ideas? Thanks, Rimi Le 7 avr. 2012 ` 22:02, Claudio Jeker a icrit : On Wed, Apr 04, 2012 at 10:08:48PM +0200, Rimi Philippe wrote: Hi Claudio, It works at 90% thanks. The last 10% are still not working. On PE1 I have 2 Rdomains (20,30) and PE2 1 rdomain (20). On PE1 I want the rdomain 20 routes to be imported in rdomain 30 (locally), but that doesn't seem to work locally, here are the details. The last 10% are the hardest ones. The following kernel and bgpd diffs should do the trick. The kernel diff is needed to forward traffic directly between mpe(4) interfaces. The bgpd diff makes sure that the MPLS routes are inserted into the other VPNs on the same router. This works for me but is not heavily tested please test. -- :wq Claudio
Re: Route Target Import / Export in bgpd
Hello, Any hints on how to troubleshoot this issue? I'm looking for some kind of debug to see what is going from rib to fib in order to understand why the prefixes are not imported. Thanks, Rimi Le 1 avril 2012 16:24, Rimi Philippe m...@remiphilippe.fr a icrit : Hello, I'm testing OpenBSD with L3VPN, everything is working fine except from the RT import / export side. I usually configure my VPN with PE Loopback:identifier, so my config looks like this: PE1: rdomain 20 { rd 1.1.1.1:20 import-target rt 2.2.2.2:20 export-target rt 1.1.1.1:20 depend on mpe20 network inet connected } PE2: rdomain 20 { rd 2.2.2.2:20 import-target rt 1.1.1.1:20 export-target rt 2.2.2.2:20 depend on mpe20 network inet connected } This kind of configuration works on Cisco devices for example, but here PE1: # bgpctl show fib table 20 flags: * = valid, B = BGP, C = Connected, S = Static N = BGP Nexthop reachable via this route r = reject route, b = blackhole route flags prio destination gateway *C 0 127.0.0.0/8 link#0 *C 4 172.16.35.0/24 link#2 *C 0 ::1/128 link#0 PE2: # bgpctl sho fib table 20 flags: * = valid, B = BGP, C = Connected, S = Static N = BGP Nexthop reachable via this route r = reject route, b = blackhole route flags prio destination gateway *C 0 127.0.0.0/8 link#0 *C 4 172.16.39.0/24 link#3 *C 0 ::1/128 link#0 It works fine when I set the same RD on both PE, but that's not really what I'm looking for. I can't find much debug information, any hints on how to tshoot this? Thanks for your help, Remi
Re: Route Target Import / Export in bgpd
On Wed, Apr 04, 2012 at 10:37:20AM +0200, Rimi Philippe wrote: Hello, Any hints on how to troubleshoot this issue? I'm looking for some kind of debug to see what is going from rib to fib in order to understand why the prefixes are not imported. Hmm. Looks like I go t confused by the old BGP MPLS VPN RFC where the RD was somewhat strangly declared. In other words bgpd filters on the RD as well. This is a bug and I will fix it ASAP. -- :wq Claudio Thanks, Rimi Le 1 avril 2012 16:24, Rimi Philippe m...@remiphilippe.fr a icrit : Hello, I'm testing OpenBSD with L3VPN, everything is working fine except from the RT import / export side. I usually configure my VPN with PE Loopback:identifier, so my config looks like this: PE1: rdomain 20 { rd 1.1.1.1:20 import-target rt 2.2.2.2:20 export-target rt 1.1.1.1:20 depend on mpe20 network inet connected } PE2: rdomain 20 { rd 2.2.2.2:20 import-target rt 1.1.1.1:20 export-target rt 2.2.2.2:20 depend on mpe20 network inet connected } This kind of configuration works on Cisco devices for example, but here PE1: # bgpctl show fib table 20 flags: * = valid, B = BGP, C = Connected, S = Static N = BGP Nexthop reachable via this route r = reject route, b = blackhole route flags prio destination gateway *C 0 127.0.0.0/8 link#0 *C 4 172.16.35.0/24 link#2 *C 0 ::1/128 link#0 PE2: # bgpctl sho fib table 20 flags: * = valid, B = BGP, C = Connected, S = Static N = BGP Nexthop reachable via this route r = reject route, b = blackhole route flags prio destination gateway *C 0 127.0.0.0/8 link#0 *C 4 172.16.39.0/24 link#3 *C 0 ::1/128 link#0 It works fine when I set the same RD on both PE, but that's not really what I'm looking for. I can't find much debug information, any hints on how to tshoot this? Thanks for your help, Remi
Re: Route Target Import / Export in bgpd
Thanks Claudio. The way I see it is that RD are only local, they identify the VRF (or rdomain) locally on the router, then the RT import / export handles the way the routes are distributed. This permits the hub spoke approach for example. If you need help on the testing side feel free to send me the code, I'll give it a try. Rimi Le 4 avril 2012 13:28, Claudio Jeker cje...@diehard.n-r-g.com a icrit : On Wed, Apr 04, 2012 at 10:37:20AM +0200, Rimi Philippe wrote: Hello, Any hints on how to troubleshoot this issue? I'm looking for some kind of debug to see what is going from rib to fib in order to understand why the prefixes are not imported. Hmm. Looks like I go t confused by the old BGP MPLS VPN RFC where the RD was somewhat strangly declared. In other words bgpd filters on the RD as well. This is a bug and I will fix it ASAP. -- :wq Claudio Thanks, Rimi Le 1 avril 2012 16:24, Rimi Philippe m...@remiphilippe.fr a icrit : Hello, I'm testing OpenBSD with L3VPN, everything is working fine except from the RT import / export side. I usually configure my VPN with PE Loopback:identifier, so my config looks like this: PE1: rdomain 20 { rd 1.1.1.1:20 import-target rt 2.2.2.2:20 export-target rt 1.1.1.1:20 depend on mpe20 network inet connected } PE2: rdomain 20 { rd 2.2.2.2:20 import-target rt 1.1.1.1:20 export-target rt 2.2.2.2:20 depend on mpe20 network inet connected } This kind of configuration works on Cisco devices for example, but here PE1: # bgpctl show fib table 20 flags: * = valid, B = BGP, C = Connected, S = Static N = BGP Nexthop reachable via this route r = reject route, b = blackhole route flags prio destination gateway *C 0 127.0.0.0/8 link#0 *C 4 172.16.35.0/24 link#2 *C 0 ::1/128 link#0 PE2: # bgpctl sho fib table 20 flags: * = valid, B = BGP, C = Connected, S = Static N = BGP Nexthop reachable via this route r = reject route, b = blackhole route flags prio destination gateway *C 0 127.0.0.0/8 link#0 *C 4 172.16.39.0/24 link#3 *C 0 ::1/128 link#0 It works fine when I set the same RD on both PE, but that's not really what I'm looking for. I can't find much debug information, any hints on how to tshoot this? Thanks for your help, Remi
Re: Route Target Import / Export in bgpd
On Wed, Apr 04, 2012 at 02:43:04PM +0200, Rimi Philippe wrote: Thanks Claudio. The way I see it is that RD are only local, they identify the VRF (or rdomain) locally on the router, then the RT import / export handles the way the routes are distributed. This permits the hub spoke approach for example. If you need help on the testing side feel free to send me the code, I'll give it a try. Give this a try. -- :wq Claudio Index: bgpd.conf.5 === RCS file: /cvs/src/usr.sbin/bgpd/bgpd.conf.5,v retrieving revision 1.116 diff -u -p -r1.116 bgpd.conf.5 --- bgpd.conf.5 17 Sep 2011 16:29:44 - 1.116 +++ bgpd.conf.5 4 Apr 2012 18:46:54 - @@ -494,13 +494,13 @@ for further information about the argume .Pp .It Ic rd Ar as-number Ns Li : Ns Ar local .It Ic rd Ar IP Ns Li : Ns Ar local -The Route Distinguishers uniquely identifies a set of VPN prefixes. -Only prefixes matching the +The sole purpose of the Route Distinguisher .Ic rd -will be imported into the routing domain. -The purpose of the +is to ensure that possible common prefixes are destinct between VPNs. +The .Ic rd -is solely to allow one to create distinct routes to a common address prefix. +is neither used to identify the origin of the prefix nor to control into +which VPNs the prefix is distributed to. The .Ar as-number or Index: rde.c === RCS file: /cvs/src/usr.sbin/bgpd/rde.c,v retrieving revision 1.312 diff -u -p -r1.312 rde.c --- rde.c 27 Mar 2012 18:22:07 - 1.312 +++ rde.c 4 Apr 2012 15:40:41 - @@ -2414,8 +2414,6 @@ rde_send_kroute(struct prefix *new, stru break; SIMPLEQ_FOREACH(rd, rdomains_l, entry) { - if (addr.vpn4.rd != rd-rd) - continue; if (!rde_rdomain_import(p-aspath, rd)) continue; /* must send exit_nexthop so that correct MPLS tunnel
Re: Route Target Import / Export in bgpd
Hi Claudio, It works at 90% thanks. The last 10% are still not working. On PE1 I have 2 Rdomains (20,30) and PE2 1 rdomain (20). On PE1 I want the rdomain 20 routes to be imported in rdomain 30 (locally), but that doesn't seem to work locally, here are the details. Rimi rdomain 20 PE1: 172.16.35.0/24 rdomain 30 PE1: 172.16.33.0/24 rdomain 20 PE2: 172.16.39.0/24 PE1: rdomain 20 { rd 1.1.1.1:20 import-target rt 2.2.2.2:20 import-target rt 1.1.1.1:30 export-target rt 1.1.1.1:20 depend on mpe20 network inet connected } rdomain 30 { rd 1.1.1.1:30 import-target rt 2.2.2.2:20 import-target rt 1.1.1.1:20 export-target rt 1.1.1.1:30 depend on mpe20 network inet connected } PE2: rdomain 20 { rd 2.2.2.2:20 import-target rt 1.1.1.1:20 import-target rt 1.1.1.1:30 export-target rt 2.2.2.2:20 depend on mpe20 network inet connected } PE1: # bgpctl show fib table 20 flags: * = valid, B = BGP, C = Connected, S = Static N = BGP Nexthop reachable via this route r = reject route, b = blackhole route flags prio destination gateway *C 0 127.0.0.0/8 link#0 *C 4 172.16.35.0/24 link#2 *B 48 172.16.39.0/24 2.2.2.2 *C 0 ::1/128 link#0 # bgpctl show fib table 30 flags: * = valid, B = BGP, C = Connected, S = Static N = BGP Nexthop reachable via this route r = reject route, b = blackhole route flags prio destination gateway *C 0 127.0.0.0/8 link#0 *C 4 172.16.33.0/24 link#3 *B 48 172.16.39.0/24 2.2.2.2 *C 0 ::1/128 link#0 PE2: # bgpctl show fib table 20 flags: * = valid, B = BGP, C = Connected, S = Static N = BGP Nexthop reachable via this route r = reject route, b = blackhole route flags prio destination gateway *C 0 127.0.0.0/8 link#0 *B 48 172.16.33.0/24 1.1.1.1 *B 48 172.16.35.0/24 1.1.1.1 *C 4 172.16.39.0/24 link#3 *C 0 ::1/128 link#0 Le 4 avr. 2012 ` 21:07, Claudio Jeker a icrit : On Wed, Apr 04, 2012 at 02:43:04PM +0200, Rimi Philippe wrote: Thanks Claudio. The way I see it is that RD are only local, they identify the VRF (or rdomain) locally on the router, then the RT import / export handles the way the routes are distributed. This permits the hub spoke approach for example. If you need help on the testing side feel free to send me the code, I'll give it a try. Give this a try. -- :wq Claudio Index: bgpd.conf.5 === RCS file: /cvs/src/usr.sbin/bgpd/bgpd.conf.5,v retrieving revision 1.116 diff -u -p -r1.116 bgpd.conf.5 --- bgpd.conf.5 17 Sep 2011 16:29:44 - 1.116 +++ bgpd.conf.5 4 Apr 2012 18:46:54 - @@ -494,13 +494,13 @@ for further information about the argume .Pp .It Ic rd Ar as-number Ns Li : Ns Ar local .It Ic rd Ar IP Ns Li : Ns Ar local -The Route Distinguishers uniquely identifies a set of VPN prefixes. -Only prefixes matching the +The sole purpose of the Route Distinguisher .Ic rd -will be imported into the routing domain. -The purpose of the +is to ensure that possible common prefixes are destinct between VPNs. +The .Ic rd -is solely to allow one to create distinct routes to a common address prefix. +is neither used to identify the origin of the prefix nor to control into +which VPNs the prefix is distributed to. The .Ar as-number or Index: rde.c === RCS file: /cvs/src/usr.sbin/bgpd/rde.c,v retrieving revision 1.312 diff -u -p -r1.312 rde.c --- rde.c 27 Mar 2012 18:22:07 - 1.312 +++ rde.c 4 Apr 2012 15:40:41 - @@ -2414,8 +2414,6 @@ rde_send_kroute(struct prefix *new, stru break; SIMPLEQ_FOREACH(rd, rdomains_l, entry) { - if (addr.vpn4.rd != rd-rd) - continue; if (!rde_rdomain_import(p-aspath, rd)) continue; /* must send exit_nexthop so that correct MPLS tunnel