Re: Route Target Import / Export in bgpd
Hi Claudio,
I've been running your patch for a while now with no issues at all, thanks!
I'm still having the problem below, have you seen that somewhere else?
Rimi
Le 8 avr. 2012 ` 16:26, Rimi Philippe a icrit :
PE2 marks the route as announced, but doesn't announce it. It's really clear
in the syslog
System Reboot:
Apr 8 16:10:43 g-fw1 bgpd[26997]: Rib Loc-RIB: neighbor 1.1.0.21 (v-gw1)
AS65100: update rd 2.2.2.2:40 10.0.0.0/24 via 1.1.0.21
Apr 8 16:10:43 g-fw1 bgpd[26997]: Rib Loc-RIB: neighbor 1.1.0.21 (v-gw1)
AS65100: update rd 2.2.2.2:20 172.16.39.0/24 via 1.1.0.21
Apr 8 16:10:43 g-fw1 bgpd[26997]: Rib Loc-RIB: neighbor 1.1.0.21 (v-gw1)
AS65100: update rd 2.2.2.2:99 A.A.A.A/28 via 1.1.0.21
Apr 8 16:10:43 g-fw1 bgpd[12809]: nexthop 1.1.0.21 now valid: via 1.1.0.12
Config edit and bgpctl reload on PE2
Apr 8 16:14:11 g-fw1 bgpd[26997]: Rib Loc-RIB: neighbor 1.1.0.21 (v-gw1)
AS65100: update rd 2.2.2.2:99 C.C.C.C/28 via 1.1.0.21
Here are the outputs
Error State:
PE1
# bgpctl show fib table 99
flags: * = valid, B = BGP, C = Connected, S = Static
N = BGP Nexthop reachable via this route
r = reject route, b = blackhole route
flags prio destination gateway
*S 8 0.0.0.0/01.2.0.1
*C 0 127.0.0.0/8 link#0
*4 1.2.0.1/321.2.0.1
*B 48 A.A.A.A/28 1.1.0.12
*C 0 ::1/128 link#0
# bgpctl show rib VPNv4
flags: * = Valid, = Selected, I = via IBGP, A = Announced
origin: i = IGP, e = EGP, ? = Incomplete
flags destination gateway lpref med aspath origin
AI* rd 1.1.1.1:99 0.0.0.0/0 rd 0:0 0.0.0.0 100 0 i
I* rd 2.2.2.2:40 10.0.0.0/24 1.1.0.12 100 0 i
AI* rd 1.1.1.1:40 10.1.0.0/24 rd 0:0 0.0.0.0 100 0 i
AI* rd 1.1.1.1:30 172.16.33.0/24 rd 0:0 0.0.0.0 100 0 i
AI* rd 1.1.1.1:20 172.16.35.0/24 rd 0:0 0.0.0.0 100 0 i
AI* rd 1.1.1.1:50 172.16.36.0/24 rd 0:0 0.0.0.0 100 0 i
I* rd 2.2.2.2:20 172.16.39.0/24 1.1.0.12 100 0 i
AI* rd 1.1.1.1:99 1.2.0.1/32 rd 0:0 0.0.0.0 100 0 i
I* rd 2.2.2.2:99 A.A.A.A/28 1.1.0.12 100 0 i
PE2
Config
rdomain 99 {
descr Public
rd 2.2.2.2:99
import-target rt 2.2.2.2:99
import-target rt 1.1.1.1:99
export-target rt 2.2.2.2:99
depend on mpe99
network A.A.A.A/28
network C.C.C.C/28 set nexthop 1.1.0.12
}
# bgpctl show fib table 99
flags: * = valid, B = BGP, C = Connected, S = Static
N = BGP Nexthop reachable via this route
r = reject route, b = blackhole route
flags prio destination gateway
*B 48 0.0.0.0/01.1.0.21
*C 0 127.0.0.0/8 link#0
*B 48 1.2.0.1/321.1.0.21
*C 4 A.A.A.A/28 link#2
*S 8 B.B.B.B/28 1.3.0.1
*S 8 C.C.C.C/28 1.3.0.1
*C 0 ::1/128 link#0
# bgpctl show rib VPNv4
flags: * = Valid, = Selected, I = via IBGP, A = Announced
origin: i = IGP, e = EGP, ? = Incomplete
flags destination gateway lpref med aspath origin
I* rd 1.1.1.1:99 0.0.0.0/0 1.1.0.21 100 0 i
AI* rd 2.2.2.2:40 10.0.0.0/24 rd 0:0 0.0.0.0 100 0 i
I* rd 1.1.1.1:40 10.1.0.0/24 1.1.0.21 100 0 i
I* rd 1.1.1.1:30 172.16.33.0/24 1.1.0.21 100 0 i
I* rd 1.1.1.1:20 172.16.35.0/24 1.1.0.21 100 0 i
I* rd 1.1.1.1:50 172.16.36.0/24 1.1.0.21 100 0 i
AI* rd 2.2.2.2:20 172.16.39.0/24 rd 0:0 0.0.0.0 100 0 i
I* rd 1.1.1.1:99 1.2.0.1/32 1.1.0.21 100 0 i
AI* rd 2.2.2.2:99 A.A.A.A/28 rd 0:0 0.0.0.0 100 0 i
AI* rd 2.2.2.2:99 C.C.C.C/28 rd 0:0 0.0.0.0 100 0 i
Working State (after changing PE2 config and running bgpctl reload)
PE1
# bgpctl show fib table 99
flags: * = valid, B = BGP, C = Connected, S = Static
N = BGP Nexthop reachable via this route
r = reject route, b = blackhole route
flags prio destination gateway
*S 8 0.0.0.0/01.2.0.1
*C 0 127.0.0.0/8 link#0
*4 1.2.0.1/321.2.0.1
*B 48 A.A.A.A/28 1.1.0.12
*B 48 C.C.C.C/28 1.1.0.12
*C 0 ::1/128 link#0
# bgpctl show rib VPNv4
flags: * = Valid, = Selected, I = via IBGP, A = Announced
origin: i = IGP, e = EGP, ? = Incomplete
flags destination gateway lpref med aspath origin
AI* rd 1.1.1.1:99 0.0.0.0/0 rd 0:0 0.0.0.0 100 0 i
I* rd 2.2.2.2:40 10.0.0.0/24 1.1.0.12 100 0 i
AI* rd 1.1.1.1:40 10.1.0.0/24 rd 0:0 0.0.0.0 100 0 i
AI* rd 1.1.1.1:30 172.16.33.0/24 rd 0:0 0.0.0.0 100 0 i
AI* rd 1.1.1.1:20 172.16.35.0/24 rd 0:0 0.0.0.0 100 0 i
AI* rd 1.1.1.1:50 172.16.36.0/24 rd 0:0 0.0.0.0 100 0 i
I* rd 2.2.2.2:20 172.16.39.0/24 1.1.0.12 100 0 i
AI* rd 1.1.1.1:99 1.2.0.1/32 rd 0:0
Re: Route Target Import / Export in bgpd
On Sun, Apr 08, 2012 at 12:56:52AM +0200, Rimi Philippe wrote:
Hi Claudio,
just finished building it all and it seems it works great, very
impressive. Thank you!
I'll be running a few tests tomorrow to see if it's stable on the lab,
I'll keep you posted.
BTW when testing some network statements I think I might have hit a bug.
A.A.A.A is a connected route
B.B.B.B is a static route (route -T 99 add B.B.B.B/28 3.3.3.3)
Config:
rdomain 99 {
rd 1.1.1.1:99
import-target rt 1.1.1.1:99
import-target rt 2.2.2.2:99
export-target rt 1.1.1.1:99
depend on mpe99
network A.A.A.A/28
network B.B.B.B/28
}
With this config, on PE2 I never get any BGP updates for B.B.B.B (even
though it's marked as announced on PE1).
Now I edit the config :
network B.B.B.B/28 set nexthop self
+bgpctl reload
Route is now announced and I get the update on PE2, everything ok.
Any ideas?
Please look with bgpctl show fib table 99 and bgpctl show rib VPNv4 if the
prefix is showing up. Because it does work for me (with my very limited
testing).
--
:wq Claudio
Re: Route Target Import / Export in bgpd
PE2 marks the route as announced, but doesn't announce it. It's really clear
in the syslog
System Reboot:
Apr 8 16:10:43 g-fw1 bgpd[26997]: Rib Loc-RIB: neighbor 1.1.0.21 (v-gw1)
AS65100: update rd 2.2.2.2:40 10.0.0.0/24 via 1.1.0.21
Apr 8 16:10:43 g-fw1 bgpd[26997]: Rib Loc-RIB: neighbor 1.1.0.21 (v-gw1)
AS65100: update rd 2.2.2.2:20 172.16.39.0/24 via 1.1.0.21
Apr 8 16:10:43 g-fw1 bgpd[26997]: Rib Loc-RIB: neighbor 1.1.0.21 (v-gw1)
AS65100: update rd 2.2.2.2:99 A.A.A.A/28 via 1.1.0.21
Apr 8 16:10:43 g-fw1 bgpd[12809]: nexthop 1.1.0.21 now valid: via 1.1.0.12
Config edit and bgpctl reload on PE2
Apr 8 16:14:11 g-fw1 bgpd[26997]: Rib Loc-RIB: neighbor 1.1.0.21 (v-gw1)
AS65100: update rd 2.2.2.2:99 C.C.C.C/28 via 1.1.0.21
Here are the outputs
Error State:
PE1
# bgpctl show fib table 99
flags: * = valid, B = BGP, C = Connected, S = Static
N = BGP Nexthop reachable via this route
r = reject route, b = blackhole route
flags prio destination gateway
*S 8 0.0.0.0/01.2.0.1
*C 0 127.0.0.0/8 link#0
*4 1.2.0.1/321.2.0.1
*B 48 A.A.A.A/28 1.1.0.12
*C 0 ::1/128 link#0
# bgpctl show rib VPNv4
flags: * = Valid, = Selected, I = via IBGP, A = Announced
origin: i = IGP, e = EGP, ? = Incomplete
flags destination gateway lpref med aspath origin
AI* rd 1.1.1.1:99 0.0.0.0/0 rd 0:0 0.0.0.0 100 0 i
I* rd 2.2.2.2:40 10.0.0.0/24 1.1.0.12 100 0 i
AI* rd 1.1.1.1:40 10.1.0.0/24 rd 0:0 0.0.0.0 100 0 i
AI* rd 1.1.1.1:30 172.16.33.0/24 rd 0:0 0.0.0.0 100 0 i
AI* rd 1.1.1.1:20 172.16.35.0/24 rd 0:0 0.0.0.0 100 0 i
AI* rd 1.1.1.1:50 172.16.36.0/24 rd 0:0 0.0.0.0 100 0 i
I* rd 2.2.2.2:20 172.16.39.0/24 1.1.0.12 100 0 i
AI* rd 1.1.1.1:99 1.2.0.1/32 rd 0:0 0.0.0.0 100 0 i
I* rd 2.2.2.2:99 A.A.A.A/28 1.1.0.12 100 0 i
PE2
Config
rdomain 99 {
descr Public
rd 2.2.2.2:99
import-target rt 2.2.2.2:99
import-target rt 1.1.1.1:99
export-target rt 2.2.2.2:99
depend on mpe99
network A.A.A.A/28
network C.C.C.C/28 set nexthop 1.1.0.12
}
# bgpctl show fib table 99
flags: * = valid, B = BGP, C = Connected, S = Static
N = BGP Nexthop reachable via this route
r = reject route, b = blackhole route
flags prio destination gateway
*B 48 0.0.0.0/01.1.0.21
*C 0 127.0.0.0/8 link#0
*B 48 1.2.0.1/321.1.0.21
*C 4 A.A.A.A/28 link#2
*S 8 B.B.B.B/28 1.3.0.1
*S 8 C.C.C.C/28 1.3.0.1
*C 0 ::1/128 link#0
# bgpctl show rib VPNv4
flags: * = Valid, = Selected, I = via IBGP, A = Announced
origin: i = IGP, e = EGP, ? = Incomplete
flags destination gateway lpref med aspath origin
I* rd 1.1.1.1:99 0.0.0.0/0 1.1.0.21 100 0 i
AI* rd 2.2.2.2:40 10.0.0.0/24 rd 0:0 0.0.0.0 100 0 i
I* rd 1.1.1.1:40 10.1.0.0/24 1.1.0.21 100 0 i
I* rd 1.1.1.1:30 172.16.33.0/24 1.1.0.21 100 0 i
I* rd 1.1.1.1:20 172.16.35.0/24 1.1.0.21 100 0 i
I* rd 1.1.1.1:50 172.16.36.0/24 1.1.0.21 100 0 i
AI* rd 2.2.2.2:20 172.16.39.0/24 rd 0:0 0.0.0.0 100 0 i
I* rd 1.1.1.1:99 1.2.0.1/32 1.1.0.21 100 0 i
AI* rd 2.2.2.2:99 A.A.A.A/28 rd 0:0 0.0.0.0 100 0 i
AI* rd 2.2.2.2:99 C.C.C.C/28 rd 0:0 0.0.0.0 100 0 i
Working State (after changing PE2 config and running bgpctl reload)
PE1
# bgpctl show fib table 99
flags: * = valid, B = BGP, C = Connected, S = Static
N = BGP Nexthop reachable via this route
r = reject route, b = blackhole route
flags prio destination gateway
*S 8 0.0.0.0/01.2.0.1
*C 0 127.0.0.0/8 link#0
*4 1.2.0.1/321.2.0.1
*B 48 A.A.A.A/28 1.1.0.12
*B 48 C.C.C.C/28 1.1.0.12
*C 0 ::1/128 link#0
# bgpctl show rib VPNv4
flags: * = Valid, = Selected, I = via IBGP, A = Announced
origin: i = IGP, e = EGP, ? = Incomplete
flags destination gateway lpref med aspath origin
AI* rd 1.1.1.1:99 0.0.0.0/0 rd 0:0 0.0.0.0 100 0 i
I* rd 2.2.2.2:40 10.0.0.0/24 1.1.0.12 100 0 i
AI* rd 1.1.1.1:40 10.1.0.0/24 rd 0:0 0.0.0.0 100 0 i
AI* rd 1.1.1.1:30 172.16.33.0/24 rd 0:0 0.0.0.0 100 0 i
AI* rd 1.1.1.1:20 172.16.35.0/24 rd 0:0 0.0.0.0 100 0 i
AI* rd 1.1.1.1:50 172.16.36.0/24 rd 0:0 0.0.0.0 100 0 i
I* rd 2.2.2.2:20 172.16.39.0/24 1.1.0.12 100 0 i
AI* rd 1.1.1.1:99 1.2.0.1/32 rd 0:0 0.0.0.0 100 0 i
I* rd 2.2.2.2:99 A.A.A.A/28 1.1.0.12 100 0 i
I* rd 2.2.2.2:99 C.C.C.C/28 1.1.0.12 100 0 i
PE2
Config
rdomain 99 {
descr Public
rd 2.2.2.2:99
import-target rt 2.2.2.2:99
import-target rt
Re: Route Target Import / Export in bgpd
On Wed, Apr 04, 2012 at 10:08:48PM +0200, Rimi Philippe wrote:
Hi Claudio,
It works at 90% thanks.
The last 10% are still not working. On PE1 I have 2 Rdomains (20,30) and PE2 1
rdomain (20). On PE1 I want the rdomain 20 routes to be imported in rdomain 30
(locally), but that doesn't seem to work locally, here are the details.
The last 10% are the hardest ones. The following kernel and bgpd diffs
should do the trick. The kernel diff is needed to forward traffic
directly between mpe(4) interfaces. The bgpd diff makes sure that the MPLS
routes are inserted into the other VPNs on the same router.
This works for me but is not heavily tested please test.
--
:wq Claudio
Index: net/if_mpe.c
===
RCS file: /cvs/src/sys/net/if_mpe.c,v
retrieving revision 1.26
diff -u -p -r1.26 if_mpe.c
--- net/if_mpe.c20 Aug 2011 06:21:32 - 1.26
+++ net/if_mpe.c7 Apr 2012 13:44:42 -
@@ -145,6 +145,7 @@ mpestart(struct ifnet *ifp)
struct mbuf *m;
struct sockaddr *sa = (struct sockaddr *)mpedst;
int s;
+ int loop = 0;
sa_family_t af;
struct rtentry *rt;
@@ -166,19 +167,22 @@ mpestart(struct ifnet *ifp)
bcopy(mtod(m, caddr_t), satosin(sa)-sin_addr,
sizeof(in_addr_t));
m_adj(m, sizeof(in_addr_t));
+ if (satosin(sa)-sin_addr.s_addr == INADDR_LOOPBACK)
+ loop = 1;
break;
default:
m_freem(m);
continue;
}
- rt = rtalloc1(sa, RT_REPORT, 0);
- if (rt == NULL) {
- /* no route give up */
- m_freem(m);
- continue;
+ if (!loop) {
+ rt = rtalloc1(sa, RT_REPORT, 0);
+ if (rt == NULL) {
+ /* no route give up */
+ m_freem(m);
+ continue;
+ }
}
-
#if NBPFILTER 0
if (ifp-if_bpf) {
/* remove MPLS label before passing packet to bpf */
@@ -191,11 +195,16 @@ mpestart(struct ifnet *ifp)
m-m_pkthdr.len += sizeof(struct shim_hdr);
}
#endif
- /* XXX lie, but mpls_output will only look at sa_family */
- sa-sa_family = AF_MPLS;
-
- mpls_output(rt-rt_ifp, m, sa, rt);
- RTFREE(rt);
+ if (!loop) {
+ /* XXX lie, but mpls_output looks only at sa_family */
+ sa-sa_family = AF_MPLS;
+ mpls_output(rt-rt_ifp, m, sa, rt);
+ RTFREE(rt);
+ } else {
+ /* local packet directly inject into input path */
+ schednetisr(NETISR_MPLS);
+ IF_INPUT_ENQUEUE(mplsintrq, m);
+ }
}
}
@@ -207,6 +216,7 @@ mpeoutput(struct ifnet *ifp, struct mbuf
int s;
int error;
int off;
+ in_addr_t addr = INADDR_LOOPBACK;
u_int8_top = 0;
#ifdef DIAGNOSTIC
@@ -248,8 +258,10 @@ mpeoutput(struct ifnet *ifp, struct mbuf
goto out;
}
*mtod(m, sa_family_t *) = AF_INET;
+ if (!rt || rt-rt_flags RTF_GATEWAY)
+ addr = satosin(dst)-sin_addr.s_addr;
m_copyback(m, sizeof(sa_family_t), sizeof(in_addr_t),
- (caddr_t)((satosin(dst)-sin_addr)), M_NOWAIT);
+ addr, M_NOWAIT);
break;
#endif
default:
Index: netmpls/mpls_input.c
===
RCS file: /cvs/src/sys/netmpls/mpls_input.c,v
retrieving revision 1.32
diff -u -p -r1.32 mpls_input.c
--- netmpls/mpls_input.c6 Jul 2011 02:42:28 - 1.32
+++ netmpls/mpls_input.c7 Apr 2012 13:45:16 -
@@ -101,7 +101,7 @@ mpls_input(struct mbuf *m)
u_int8_t ttl;
int i, s, hasbos;
- if (!ISSET(ifp-if_xflags, IFXF_MPLS)) {
+ if (!ISSET(ifp-if_xflags, IFXF_MPLS) ifp-if_type != IFT_MPLS) {
m_freem(m);
return;
}
Index: kroute.c
===
RCS file: /cvs/src/usr.sbin/bgpd/kroute.c,v
retrieving revision 1.188
diff -u -p -r1.188 kroute.c
--- kroute.c1 May 2011 12:56:04 - 1.188
+++ kroute.c7 Apr 2012 12:40:46 -
@@ -2555,7 +2555,7 @@ send_rtmsg(int fd, int action, struct kt
struct {
struct sockaddr_dl dl;
Re: Route Target Import / Export in bgpd
Hi Claudio,
just finished building it all and it seems it works great, very impressive.
Thank you!
I'll be running a few tests tomorrow to see if it's stable on the lab, I'll
keep you posted.
BTW when testing some network statements I think I might have hit a bug.
A.A.A.A is a connected route
B.B.B.B is a static route (route -T 99 add B.B.B.B/28 3.3.3.3)
Config:
rdomain 99 {
rd 1.1.1.1:99
import-target rt 1.1.1.1:99
import-target rt 2.2.2.2:99
export-target rt 1.1.1.1:99
depend on mpe99
network A.A.A.A/28
network B.B.B.B/28
}
With this config, on PE2 I never get any BGP updates for B.B.B.B (even though
it's marked as announced on PE1).
Now I edit the config :
network B.B.B.B/28 set nexthop self
+bgpctl reload
Route is now announced and I get the update on PE2, everything ok.
I reboot the machine with the exact same config, route is gone on PE2. I edit
the config (INTFADDR being the same address than with self)
network B.B.B.B/28 set nexthop INTFADDR
+bgpctl reload
Route gets to PE2.
Reboot ... Same problem. I switch back to self and the routes comes in again.
The problem is easily reproducible and occurs every time (reboot or process
kill).
Any ideas?
Thanks,
Rimi
Le 7 avr. 2012 ` 22:02, Claudio Jeker a icrit :
On Wed, Apr 04, 2012 at 10:08:48PM +0200, Rimi Philippe wrote:
Hi Claudio,
It works at 90% thanks.
The last 10% are still not working. On PE1 I have 2 Rdomains (20,30) and
PE2 1
rdomain (20). On PE1 I want the rdomain 20 routes to be imported in rdomain
30
(locally), but that doesn't seem to work locally, here are the details.
The last 10% are the hardest ones. The following kernel and bgpd diffs
should do the trick. The kernel diff is needed to forward traffic
directly between mpe(4) interfaces. The bgpd diff makes sure that the MPLS
routes are inserted into the other VPNs on the same router.
This works for me but is not heavily tested please test.
--
:wq Claudio
Re: Route Target Import / Export in bgpd
Hello,
Any hints on how to troubleshoot this issue? I'm looking for some kind
of debug to see what is going from rib to fib in order to understand
why the prefixes are not imported.
Thanks,
Rimi
Le 1 avril 2012 16:24, Rimi Philippe m...@remiphilippe.fr a icrit :
Hello,
I'm testing OpenBSD with L3VPN, everything is working fine except from
the RT import / export side.
I usually configure my VPN with PE Loopback:identifier, so my config
looks like this:
PE1:
rdomain 20 {
rd 1.1.1.1:20
import-target rt 2.2.2.2:20
export-target rt 1.1.1.1:20
depend on mpe20
network inet connected
}
PE2:
rdomain 20 {
rd 2.2.2.2:20
import-target rt 1.1.1.1:20
export-target rt 2.2.2.2:20
depend on mpe20
network inet connected
}
This kind of configuration works on Cisco devices for example, but here
PE1:
# bgpctl show fib table 20
flags: * = valid, B = BGP, C = Connected, S = Static
N = BGP Nexthop reachable via this route
r = reject route, b = blackhole route
flags prio destination gateway
*C 0 127.0.0.0/8 link#0
*C 4 172.16.35.0/24 link#2
*C 0 ::1/128 link#0
PE2:
# bgpctl sho fib table 20
flags: * = valid, B = BGP, C = Connected, S = Static
N = BGP Nexthop reachable via this route
r = reject route, b = blackhole route
flags prio destination gateway
*C 0 127.0.0.0/8 link#0
*C 4 172.16.39.0/24 link#3
*C 0 ::1/128 link#0
It works fine when I set the same RD on both PE, but that's not really
what I'm looking for.
I can't find much debug information, any hints on how to tshoot this?
Thanks for your help,
Remi
Re: Route Target Import / Export in bgpd
On Wed, Apr 04, 2012 at 10:37:20AM +0200, Rimi Philippe wrote:
Hello,
Any hints on how to troubleshoot this issue? I'm looking for some kind
of debug to see what is going from rib to fib in order to understand
why the prefixes are not imported.
Hmm. Looks like I go t confused by the old BGP MPLS VPN RFC where the RD
was somewhat strangly declared. In other words bgpd filters on the RD as
well. This is a bug and I will fix it ASAP.
--
:wq Claudio
Thanks,
Rimi
Le 1 avril 2012 16:24, Rimi Philippe m...@remiphilippe.fr a icrit :
Hello,
I'm testing OpenBSD with L3VPN, everything is working fine except from
the RT import / export side.
I usually configure my VPN with PE Loopback:identifier, so my config
looks like this:
PE1:
rdomain 20 {
rd 1.1.1.1:20
import-target rt 2.2.2.2:20
export-target rt 1.1.1.1:20
depend on mpe20
network inet connected
}
PE2:
rdomain 20 {
rd 2.2.2.2:20
import-target rt 1.1.1.1:20
export-target rt 2.2.2.2:20
depend on mpe20
network inet connected
}
This kind of configuration works on Cisco devices for example, but here
PE1:
# bgpctl show fib table 20
flags: * = valid, B = BGP, C = Connected, S = Static
N = BGP Nexthop reachable via this route
r = reject route, b = blackhole route
flags prio destination gateway
*C 0 127.0.0.0/8 link#0
*C 4 172.16.35.0/24 link#2
*C 0 ::1/128 link#0
PE2:
# bgpctl sho fib table 20
flags: * = valid, B = BGP, C = Connected, S = Static
N = BGP Nexthop reachable via this route
r = reject route, b = blackhole route
flags prio destination gateway
*C 0 127.0.0.0/8 link#0
*C 4 172.16.39.0/24 link#3
*C 0 ::1/128 link#0
It works fine when I set the same RD on both PE, but that's not really
what I'm looking for.
I can't find much debug information, any hints on how to tshoot this?
Thanks for your help,
Remi
Re: Route Target Import / Export in bgpd
Thanks Claudio.
The way I see it is that RD are only local, they identify the VRF (or
rdomain) locally on the router, then the RT import / export handles
the way the routes are distributed. This permits the hub spoke
approach for example.
If you need help on the testing side feel free to send me the code,
I'll give it a try.
Rimi
Le 4 avril 2012 13:28, Claudio Jeker cje...@diehard.n-r-g.com a icrit :
On Wed, Apr 04, 2012 at 10:37:20AM +0200, Rimi Philippe wrote:
Hello,
Any hints on how to troubleshoot this issue? I'm looking for some kind
of debug to see what is going from rib to fib in order to understand
why the prefixes are not imported.
Hmm. Looks like I go t confused by the old BGP MPLS VPN RFC where the RD
was somewhat strangly declared. In other words bgpd filters on the RD as
well. This is a bug and I will fix it ASAP.
--
:wq Claudio
Thanks,
Rimi
Le 1 avril 2012 16:24, Rimi Philippe m...@remiphilippe.fr a icrit :
Hello,
I'm testing OpenBSD with L3VPN, everything is working fine except from
the RT import / export side.
I usually configure my VPN with PE Loopback:identifier, so my config
looks like this:
PE1:
rdomain 20 {
rd 1.1.1.1:20
import-target rt 2.2.2.2:20
export-target rt 1.1.1.1:20
depend on mpe20
network inet connected
}
PE2:
rdomain 20 {
rd 2.2.2.2:20
import-target rt 1.1.1.1:20
export-target rt 2.2.2.2:20
depend on mpe20
network inet connected
}
This kind of configuration works on Cisco devices for example, but here
PE1:
# bgpctl show fib table 20
flags: * = valid, B = BGP, C = Connected, S = Static
N = BGP Nexthop reachable via this route
r = reject route, b = blackhole route
flags prio destination gateway
*C 0 127.0.0.0/8 link#0
*C 4 172.16.35.0/24 link#2
*C 0 ::1/128 link#0
PE2:
# bgpctl sho fib table 20
flags: * = valid, B = BGP, C = Connected, S = Static
N = BGP Nexthop reachable via this route
r = reject route, b = blackhole route
flags prio destination gateway
*C 0 127.0.0.0/8 link#0
*C 4 172.16.39.0/24 link#3
*C 0 ::1/128 link#0
It works fine when I set the same RD on both PE, but that's not really
what I'm looking for.
I can't find much debug information, any hints on how to tshoot this?
Thanks for your help,
Remi
Re: Route Target Import / Export in bgpd
On Wed, Apr 04, 2012 at 02:43:04PM +0200, Rimi Philippe wrote:
Thanks Claudio.
The way I see it is that RD are only local, they identify the VRF (or
rdomain) locally on the router, then the RT import / export handles
the way the routes are distributed. This permits the hub spoke
approach for example.
If you need help on the testing side feel free to send me the code,
I'll give it a try.
Give this a try.
--
:wq Claudio
Index: bgpd.conf.5
===
RCS file: /cvs/src/usr.sbin/bgpd/bgpd.conf.5,v
retrieving revision 1.116
diff -u -p -r1.116 bgpd.conf.5
--- bgpd.conf.5 17 Sep 2011 16:29:44 - 1.116
+++ bgpd.conf.5 4 Apr 2012 18:46:54 -
@@ -494,13 +494,13 @@ for further information about the argume
.Pp
.It Ic rd Ar as-number Ns Li : Ns Ar local
.It Ic rd Ar IP Ns Li : Ns Ar local
-The Route Distinguishers uniquely identifies a set of VPN prefixes.
-Only prefixes matching the
+The sole purpose of the Route Distinguisher
.Ic rd
-will be imported into the routing domain.
-The purpose of the
+is to ensure that possible common prefixes are destinct between VPNs.
+The
.Ic rd
-is solely to allow one to create distinct routes to a common address prefix.
+is neither used to identify the origin of the prefix nor to control into
+which VPNs the prefix is distributed to.
The
.Ar as-number
or
Index: rde.c
===
RCS file: /cvs/src/usr.sbin/bgpd/rde.c,v
retrieving revision 1.312
diff -u -p -r1.312 rde.c
--- rde.c 27 Mar 2012 18:22:07 - 1.312
+++ rde.c 4 Apr 2012 15:40:41 -
@@ -2414,8 +2414,6 @@ rde_send_kroute(struct prefix *new, stru
break;
SIMPLEQ_FOREACH(rd, rdomains_l, entry) {
- if (addr.vpn4.rd != rd-rd)
- continue;
if (!rde_rdomain_import(p-aspath, rd))
continue;
/* must send exit_nexthop so that correct MPLS tunnel
Re: Route Target Import / Export in bgpd
Hi Claudio,
It works at 90% thanks.
The last 10% are still not working. On PE1 I have 2 Rdomains (20,30) and PE2 1
rdomain (20). On PE1 I want the rdomain 20 routes to be imported in rdomain 30
(locally), but that doesn't seem to work locally, here are the details.
Rimi
rdomain 20 PE1: 172.16.35.0/24
rdomain 30 PE1: 172.16.33.0/24
rdomain 20 PE2: 172.16.39.0/24
PE1:
rdomain 20 {
rd 1.1.1.1:20
import-target rt 2.2.2.2:20
import-target rt 1.1.1.1:30
export-target rt 1.1.1.1:20
depend on mpe20
network inet connected
}
rdomain 30 {
rd 1.1.1.1:30
import-target rt 2.2.2.2:20
import-target rt 1.1.1.1:20
export-target rt 1.1.1.1:30
depend on mpe20
network inet connected
}
PE2:
rdomain 20 {
rd 2.2.2.2:20
import-target rt 1.1.1.1:20
import-target rt 1.1.1.1:30
export-target rt 2.2.2.2:20
depend on mpe20
network inet connected
}
PE1:
# bgpctl show fib table 20
flags: * = valid, B = BGP, C = Connected, S = Static
N = BGP Nexthop reachable via this route
r = reject route, b = blackhole route
flags prio destination gateway
*C 0 127.0.0.0/8 link#0
*C 4 172.16.35.0/24 link#2
*B 48 172.16.39.0/24 2.2.2.2
*C 0 ::1/128 link#0
# bgpctl show fib table 30
flags: * = valid, B = BGP, C = Connected, S = Static
N = BGP Nexthop reachable via this route
r = reject route, b = blackhole route
flags prio destination gateway
*C 0 127.0.0.0/8 link#0
*C 4 172.16.33.0/24 link#3
*B 48 172.16.39.0/24 2.2.2.2
*C 0 ::1/128 link#0
PE2:
# bgpctl show fib table 20
flags: * = valid, B = BGP, C = Connected, S = Static
N = BGP Nexthop reachable via this route
r = reject route, b = blackhole route
flags prio destination gateway
*C 0 127.0.0.0/8 link#0
*B 48 172.16.33.0/24 1.1.1.1
*B 48 172.16.35.0/24 1.1.1.1
*C 4 172.16.39.0/24 link#3
*C 0 ::1/128 link#0
Le 4 avr. 2012 ` 21:07, Claudio Jeker a icrit :
On Wed, Apr 04, 2012 at 02:43:04PM +0200, Rimi Philippe wrote:
Thanks Claudio.
The way I see it is that RD are only local, they identify the VRF (or
rdomain) locally on the router, then the RT import / export handles
the way the routes are distributed. This permits the hub spoke
approach for example.
If you need help on the testing side feel free to send me the code,
I'll give it a try.
Give this a try.
--
:wq Claudio
Index: bgpd.conf.5
===
RCS file: /cvs/src/usr.sbin/bgpd/bgpd.conf.5,v
retrieving revision 1.116
diff -u -p -r1.116 bgpd.conf.5
--- bgpd.conf.5 17 Sep 2011 16:29:44 - 1.116
+++ bgpd.conf.5 4 Apr 2012 18:46:54 -
@@ -494,13 +494,13 @@ for further information about the argume
.Pp
.It Ic rd Ar as-number Ns Li : Ns Ar local
.It Ic rd Ar IP Ns Li : Ns Ar local
-The Route Distinguishers uniquely identifies a set of VPN prefixes.
-Only prefixes matching the
+The sole purpose of the Route Distinguisher
.Ic rd
-will be imported into the routing domain.
-The purpose of the
+is to ensure that possible common prefixes are destinct between VPNs.
+The
.Ic rd
-is solely to allow one to create distinct routes to a common address
prefix.
+is neither used to identify the origin of the prefix nor to control into
+which VPNs the prefix is distributed to.
The
.Ar as-number
or
Index: rde.c
===
RCS file: /cvs/src/usr.sbin/bgpd/rde.c,v
retrieving revision 1.312
diff -u -p -r1.312 rde.c
--- rde.c 27 Mar 2012 18:22:07 - 1.312
+++ rde.c 4 Apr 2012 15:40:41 -
@@ -2414,8 +2414,6 @@ rde_send_kroute(struct prefix *new, stru
break;
SIMPLEQ_FOREACH(rd, rdomains_l, entry) {
- if (addr.vpn4.rd != rd-rd)
- continue;
if (!rde_rdomain_import(p-aspath, rd))
continue;
/* must send exit_nexthop so that correct MPLS tunnel
