Hi, Please show me: sh ip fib index 1 5.5.5.5/32 and sh ip fib index 0 192.168.23.3/32
I suspect you are missing an out-label on the latter. /neale From: <vpp-dev@lists.fd.io> on behalf of Gulakh <holoogul...@gmail.com> Date: Tuesday, 31 July 2018 at 14:53 To: "vpp-dev@lists.fd.io" <vpp-dev@lists.fd.io> Subject: [SUSPICIOUS] [vpp-dev] L3VPN in VPP It seems that the Next hop IP resolution does not work correctly: Here is my Configuration: # set interface state GigabitEthernet4/0/0 up # set interface state GigabitEthernet4/0/1 up # ip table add 1 (create Customer VRF) # set interface ip table GigabitEthernet 4/0/0 1 (Customer VRF) # set interface ip address GigabitEthernet4/0/0 192.168.12.2/24<http://secure-web.cisco.com/1NGkJ8d9Xk8OKKghhdRpaN8lGN-75ZxRF1V7k7mtDnx1r3LpGmLHUdWKb9yppBbQeSwTupbV9HjWYrAzuZbNQ0LzjB2b2NixRZPlR-o2UB6u_KzSPfkqFvP-MA6PgJRF4hC5-50M2IE1MnmoFVltbgWPxwDabtmiPrEWMuOu7uW_MmnpuCU9GY3UHyWaeUM66FbfL-NCqkO3PHHyzJTZv8D4bOUVn9pRU8EBaPipH0BKKjlb2jDZS10k7wKRaSoLFb4GWuwuihvdfaZUCMMAp3dURk14uSPMKq2GgAYFSjQBOQpD8zFGzvzbVGV4WqzoU/http%3A%2F%2F192.168.12.2%2F24> (Toward Customer) # set interface ip address GigabitEthernet4/0/1 192.168.23.2/24<http://secure-web.cisco.com/1c9gWpQLuBWxg_mjltoJB1OuIXMBIYNAUmT3ypthWFTFrN0WVkRLVQIGszDfppFffHnwnJYaabxo7oVx74p2Q5Mtnhkv_tEzEFsCK7cdJa9zcYfqn-wQLoVjvEd7GAhwKMISUy4tUY4f2EjfV6llLDoc04h10x48MymdokJMupjtLklcqPm2uKCEhdVLD2BWEd3fkbulksRbNYnm4VRfnjZhi_8mWRpSSVA-8oKMuUEAF71AQ_naB1cZkdHRlAq7DvH7xTTLmB8Y7x2JeryXyd9zn7g5rghLjC3anDS9qiSz3qSHlQJgf9f0YoYX0fuSJ/http%3A%2F%2F192.168.23.2%2F24> (Toward Core) *** Now I want to add one of Customer's route into its VRF: # ip route add 5.5.5.5/32<http://secure-web.cisco.com/1q3AHC9RQ8OoZnfGkloIfJ7szfWyz-oY0Yi89FFEComrheEohuXnnjdNnLL5i50chvn5ZtVrayd7LWig7iEVKQtYNCHxeq435H95988Q_ZEeZjK5r9UOdJqlnnzGBvdWBZxPl7dl1YUwzGIkwuR1TdDZOKpTsDadCis-111m6P0lUqAfkmu98nRp1oVtE_74JaZHI5RggBiFwS_jj7nD1HlJvvebRgtfwtwIvGgAYUMQ-eJnwmQHKgSuOnEXkkKnjJrKrz3aC_fG29Q7TFEmlcIn_BJB7JJYi3pEdshEdW7aM8JS7IaQy7FDOwLsUO2uL/http%3A%2F%2F5.5.5.5%2F32> table 1 via 192.168.23.3 next-hop-table 0 out-labels 40 in which : 5.5.5.5/32<http://secure-web.cisco.com/1q3AHC9RQ8OoZnfGkloIfJ7szfWyz-oY0Yi89FFEComrheEohuXnnjdNnLL5i50chvn5ZtVrayd7LWig7iEVKQtYNCHxeq435H95988Q_ZEeZjK5r9UOdJqlnnzGBvdWBZxPl7dl1YUwzGIkwuR1TdDZOKpTsDadCis-111m6P0lUqAfkmu98nRp1oVtE_74JaZHI5RggBiFwS_jj7nD1HlJvvebRgtfwtwIvGgAYUMQ-eJnwmQHKgSuOnEXkkKnjJrKrz3aC_fG29Q7TFEmlcIn_BJB7JJYi3pEdshEdW7aM8JS7IaQy7FDOwLsUO2uL/http%3A%2F%2F5.5.5.5%2F32> is the Customer's another site in somewhere else table 1 is the customer's VRF 192.168.23.3 is the next hop which is in the core -> be resolved by Global VRF next-hop-table 0 is the Global VRF to resolve 192.168.23.3 out-labels 40 is the VPN Label Now When I see the VRF 1 ("show ip fib table 1"), here is the output for 5.5.5.5/32<http://secure-web.cisco.com/1q3AHC9RQ8OoZnfGkloIfJ7szfWyz-oY0Yi89FFEComrheEohuXnnjdNnLL5i50chvn5ZtVrayd7LWig7iEVKQtYNCHxeq435H95988Q_ZEeZjK5r9UOdJqlnnzGBvdWBZxPl7dl1YUwzGIkwuR1TdDZOKpTsDadCis-111m6P0lUqAfkmu98nRp1oVtE_74JaZHI5RggBiFwS_jj7nD1HlJvvebRgtfwtwIvGgAYUMQ-eJnwmQHKgSuOnEXkkKnjJrKrz3aC_fG29Q7TFEmlcIn_BJB7JJYi3pEdshEdW7aM8JS7IaQy7FDOwLsUO2uL/http%3A%2F%2F5.5.5.5%2F32> ipv4-VRF:1, fib_index:1, flow hash:[src dst sport dport proto ] locks:[src:CLI:2, ] .............. ............... ............ 192.168.12.0/24<http://secure-web.cisco.com/1kOpJ87zBACw-JxP47PEbLVa87SOKFiH3hbciO_Q9HwQG8cu5OOLdcyV7epyGLFQg58-zSwnr46vONGBlMZnIROQq67peBwn6pBqFmjHb9tZEB_fUy9ZqlNwrja_U0Yi-HaL4hA8t9bGnbk4UJpdfcMBNqNa8RXk-74poA0wp9sRsn8YfkhhcmahDUquvC7RTM5xgYoYtYAIx3pPtI6HDpKArWevaNbqKXu23hhrOt7kN5rL4q8LBoXGq2DQu7-v45GEMQ4fvcFlVaw-sAtFV0Xv-k1RSvM670VXdTR9GM79VGTgsSZRoSGORY9QTSsjK/http%3A%2F%2F192.168.12.0%2F24> unicast-ip4-chain [@0]: dpo-load-balance: [proto:ip4 index:14 buckets:1 uRPF:13 to:[0:0]] [0] [@4]: ipv4-glean: GigabitEthernet4/0/0: mtu:9000 ffffffffffffa0369f23aa780806 5.5.5.5/32<http://secure-web.cisco.com/1q3AHC9RQ8OoZnfGkloIfJ7szfWyz-oY0Yi89FFEComrheEohuXnnjdNnLL5i50chvn5ZtVrayd7LWig7iEVKQtYNCHxeq435H95988Q_ZEeZjK5r9UOdJqlnnzGBvdWBZxPl7dl1YUwzGIkwuR1TdDZOKpTsDadCis-111m6P0lUqAfkmu98nRp1oVtE_74JaZHI5RggBiFwS_jj7nD1HlJvvebRgtfwtwIvGgAYUMQ-eJnwmQHKgSuOnEXkkKnjJrKrz3aC_fG29Q7TFEmlcIn_BJB7JJYi3pEdshEdW7aM8JS7IaQy7FDOwLsUO2uL/http%3A%2F%2F5.5.5.5%2F32> unicast-ip4-chain [@0]: dpo-load-balance: [proto:ip4 index:24 buckets:1 uRPF:25 to:[0:0]] [0] [@0]: dpo-drop ip4 Here is the VRF 0: ipv4-VRF:0, fib_index:0, flow hash:[src dst sport dport proto ] locks:[src:plugin-hi:2, src:default-route:1, ] .............. ............... ............ 192.168.23.0/24<http://secure-web.cisco.com/1DbkGdPq9i8F89pX02bDm1hNnY8c5sT9HLBeJjtp36kNFdRCHd4u4vywZG1kZEBFrTmWqOVXm8KhrV4nknJRPFTFfiIfa0iBskQxXQLq0WcVD_Y3kiKJ4B8Id2-TFlBihB-GDIQn_34orzbrpDlIaapl-NsHQIxlzi37jb_jkoteziEkstBgX2JQPKgUqMmPJ7lgmYRaWcpYsXhNGzGX4UyqC6e-CBJ1Gjr6A6dgex53IZfH-Xn4SfxuKatsq5EaMxM5mcckzRdF2kqc-RmgpEiwwoSvlast0ioloKXRaNnFmrsTZQ05MNSNaZzNHvZbi/http%3A%2F%2F192.168.23.0%2F24> unicast-ip4-chain [@0]: dpo-load-balance: [proto:ip4 index:18 buckets:1 uRPF:19 to:[0:0]] [0] [@4]: ipv4-glean: GigabitEthernet4/0/1: mtu:9000 ffffffffffffa0369f23aa7a0806 Question: why does it say Drop?? I expect to see something that shows next-hop is resolved in VRF 0. On Tue, Jul 31, 2018 at 4:18 PM, Neale Ranns (nranns) <nra...@cisco.com<mailto:nra...@cisco.com>> wrote: Hi, You are correct on all points. regards /neale From: Holoo Gulakh <holoogul...@gmail.com<mailto:holoogul...@gmail.com>> Date: Tuesday, 31 July 2018 at 12:19 To: "Neale Ranns (nranns)" <nra...@cisco.com<mailto:nra...@cisco.com>>, "vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io>" <vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io>> Subject: Re: [vpp-dev] L3VPN in VPP Hi, In order to have both VPLS and L3VPN works concurrently in a PE router, I guess that I should do the following things: 1- Regardless of the type of service that whether it's VPLS ,L3VPN or none(e.g. a simple connectivity) , the core of the network works the same, that is I should Insert everything about the core of the network in the Global VRF i.e. IP FIB 0 and MPLS FIB 0 in VPP. The above step is done before even providing any services. 2- For the PW-Label of VPLS, the task is delivered to the mpls tunnel to put the PW-Label on the Packet (i.e. mpls tunnel add l2-only <PE-TARGET> out-labels<PW-LABEL>) then to resolve the PE-TARGET IP address the resolution is done by checking the Global VRF which contains information about the core and at that stage the MPLS label is added to packet. For the VPN-Label of the L3VPN the task of putting it on the packet is delivered to the VRF associated with the incoming Interface (i.e. # ip route add <PE-TARGET> table <CUSTOMER-VRF> via <NEXT-HOP> out-labels <VPN-LABEL>) and then to resolve the NEXT-HOP IP address, Global VRF must be checked since the routing information about the core is stored in the Global VRF (i.e. IP FIB 0 and MPLS FIB 0 in VPP) but the problem is that the route store in the customer's VRF must use Global VRF in order to resolve its NEXT-HOP. Searching VPP Doc, I confronted with a parameter that I can use to select which VRF to use to resolve the next hop. so the # command must be modified by (ip route add <PE-TARGET> table <CUSTOMER-VRF> via <NEXT-HOP> next-hop-table <GLOBAL-VRF> out-labels <VPN-LABEL>) and then during the resolution of the PE-TARGET IP address the MPLS Labels is added to the packet. Question: Am I right?? Excuse me for my questions ... most of the materials found in Internet are about Cisco commands to run the service and they give my little insights on what to do with lower level configurations. Thanks in advance On Mon, Jul 30, 2018 at 1:31 PM, Neale Ranns (nranns) <nra...@cisco.com<mailto:nra...@cisco.com>> wrote: Hi, Answers inline marked [nr] /neale From: <vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io>> on behalf of Gulakh <holoogul...@gmail.com<mailto:holoogul...@gmail.com>> Date: Saturday, 28 July 2018 at 13:45 To: "vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io>" <vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io>> Subject: [vpp-dev] L3VPN in VPP Hi, I have setup a VPLS scenario successfully and now I want to setup a L3VPN scenario in VPP (L3VPN topology is in attachment). My configuration for VPLS is some how like this link<https://secure-web.cisco.com/1WcczMrdXjHEidv0-EujT5VZSxYEx6HlbbliDkxjmImOf2VUkuc4VAxA1sfwt77SeQNLnwTQbE-OtP1YbsLSZ4hZYGYj4KreyTiNZ6I6v5XvKjxpiy6EB46KZ5k0Oknw6ohrIkhG8u5wRKxmAT6Fp-oSABOH-y1lFrmoE1zaw43Xpcu80q32TWb-WL5SQd1ILMl08l2YHDSxPNt__-fGgHoFAf-XCtTD4pIPi6a4UWiB8Lhu7rNLreM02fIzz_ni_G1ZJ_KMUs6c_4KcjunhpWQaFsPeGCBz7khQK8V3vkevRqEX_VAcGNdTzxRKAqlSSOkDS3SV5xa-bPvi2XiCjkQ/https%3A%2F%2Flists.fd.io%2Fg%2Fvpp-dev%2Ftopic%2Fvpls_dev_in_vpp_1%2F18091281%3Fp%3D%2C%2C%2C20%2C0%2C0%2C0%3A%3Arecentpostdate%252Fsticky%2C%2C%2C20%2C2%2C0%2C18091281>. As far as I searched Internet, L3VPN has a VPN Label that I think is somehow like PW Label in VPLS with difference that VPN Label is used to select VRF and PW Label is used to select mpls tunnel (hence bridge). [nr] other label allocation schemes are available ☺ =============================== Part1: I guess I should configure the source PE as follow: In VPLS: mpls tunnel add l2-only via <PE-TARGET> out-labels <PW-LABEL> ip route add <PE-TARGET> via <NEXT-HOP> out-labels <MPLS-LABEL> In L3VPN: CMD1 ??????????????? (insert in customer VRF) ip route add <PE-TARGET> via <NEXT-HOP> out-labels <MPLS-LABEL> (insert in GLOBAL VRF) I don't know what command I should use for CMD1 ... This command must add VPN-LABEL which is selected base on the customer's VRF to the packet and then lookup the GLOBAL VRF to push the MPLS Label. just like VPLS that the mpls tunnel first adds a PW Label and then in the destination IP resolution, MPLS Label is added to packet. Question1: Am I right about the configurations in the source PE? [nr] ip route table <CUSTOMER> <PREFIX> via <PE-TARGET> out-labels <CUSTOMER-VRF-LABEL> you could use PREFIX=0.0.0.0/0<http://secure-web.cisco.com/12oNYkgtELWCsmb0tZPB31GOgaFXsjlKtvq17wQ9qjHO-DNfrh3NFbBr74cxlyEaJPJkJuKa6hNnqHQlA0KGe7DnYeQhL2DHmoLYq7-r6itfCMMHWcWFePzlQWVUPbyzqkEYajhhnocFNHuWWjRQM3Uki-bX0PuxsniPqeU52v4NLFfaBTybi6Y9J5AJkUw0YzUiyYgNBQv12wp1m84MR3WitikIjMMGhMv-ilgRFYxjjlie9sVo4yZtMpuPqu9G3tlefPw8HPfF8m76MpLuApOdclRbCLIlPWtEE9qBODs1-EqjsayKrOFax3UOMbpyM/http%3A%2F%2F0.0.0.0%2F0> or many more specifics and your route to the PE-TARGET would be better as a non-recursive route (i.e. if it is learned via e.g. OSPF and this is not an inter-AS option C) otherwise you’ll need another labelled route for the next-hop non-recursive means specify the next-hop and interface. ================================ Part2: I guess I should configure the target PE as follow: In VPLS: mpls local-label add eos <PW-LABEL> via l2-input-on <MPLS-TUNNEL> In L3VPN: mpls local-label add eos <VPN-LABEL> via ip4-lookup-in-table <VRF-ID> (insert in GLOBAL VRF) Question2: Am I right about the configurations in the target PE? [nr] Yes. The mpls label is added to the MPLS global table, i.e. there’s no ‘insert in global-VRF’, since the instruction associated with the label is to lookup the exposed IP destination address in the customer’s VRF/ ================================= Part3: In order to fill customer's VRF, I should use control plane's RouteTarget (RT) to select the VRF ID and then use below command to fill the VRF: ip route add <DESTIANTION> via <NEXT-HOP> <INTERFACE> table <VRF-ID> Question3: Am I right? [nr] yes. thanks in advance
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#9986): https://lists.fd.io/g/vpp-dev/message/9986 Mute This Topic: https://lists.fd.io/mt/23903296/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
