On Tue, Apr 05, 2011 at 01:07:49PM -0700, Matt S wrote:
> Hello misc@
>
> I have read over the various postings for BGP/MPLS VPN,
> particularly http://marc.info/?l=openbsd-misc&m=127470697232025&w=2 and
> http://marc.info/?l=openbsd-misc&m=129112614017103&w=2.
> For learning purposes, I would like to build my own L3 BGP/MPLS VPN
> network.
> For now, I am going to try to do this between two locations connected by
> broadband to the internet. My guess is I will need to use a GRE tunnel to
> provide the point to point connection between the locations. How would you
> go
> about doing this? Here is what I am thinking:
>
> 1. Setup the gre(4) tunnel between locations and test connectivity
> 2. Create the mpe(4) and define mpls labels
> 3. Configure ospf and bgp
>
> I learned from a previous post that ldp is not necessary when using gre
> tunnels
> but I do not understand why. Finally, correct me if I am wrong, but I most
> likely should protect the traffic using IPSEC. Is this necessary?
>
1. setup the network the way you like it
2. either use full static routing or use ospfd to handle the route
distribution inside your test network.
3. make sure you can reach everything. Ping, traceroute and tcpdump is
your friend.
4. enable MPLS on the gre interfaces and all other interfaces that may
have tagged traffic (hint mpe(4) is not one of them)
ifconfig gre0 mpls
5. run ldpd (the interface list should be the same as in step 4)
6. test again, see if you see MPLS tagged packets inside the gre tunnel
7. setup bgpd and the mpe interface
To be honest on directly attached systems you could probably skip step 5
since PNP will kick in but as soon as you run something one hop further
down the tunnel ldpd is needed.
Don't forget to set net.inet.gre.allow to 1 :)
--
:wq Claudio
