Hi,
I am trying to set up a Layer 3 MPLS VPN (RFC 4364) with GRE tunnels
between PEs (RFC 4797) instead of an MPLS backbone. I have followed the
instructions in the "Demystifying MPLS" paper (
http://2011.eurobsdcon.org/papers/jeker/MPLS.pdf), and on the following
mailing list posts:
http://old.nabble.com/BGP-MPLS-VPN-tt31327789.html#a31397215
http://marc.info/?l=openbsd-misc&m=127470697232025&w=2
http://marc.info/?l=openbsd-misc&m=129112614017103&w=2
Here is my setup:
------------------------
| Juniper router 1 | lo0 192.168.20.2
| | VRF 8 with loopback 192.168.55.1
------------------------
| 192.168.10.4
|
| 192.168.10.5
------------------------
| Juniper router 2 | lo0 192.168.20.3
| | VRF 8 with loopback 192.168.56.1
------------------------
| 10.0.4.1
|
| vlan4092 10.0.4.3
------------------------
| OpenBSD box | lo0 192.168.20.5
| | rdomain 8 192.168.55.2
------------------------
I want all three routers to act as PEs but without any MPLS connectivity
between them. RFC 4797 allows this by allowing the following encapsulation
scheme for say a ping from Juniper 1 to OpenBSD box:
[This is what I should ideally get]:
* Ping request:
IP header: src 192.168.20.2 dst 192.168.20.5
GRE header: <just the GRE shim>
MPLS label identifying the rdomain: 666
IP header: src 192.168.55.1 dst 192.168.55.2
ICMP ping request
* Ping reply:
IP header: src 192.168.20.5 dst 192.168.20.2
GRE header: <just the GRE shim>
MPLS label identifying the VRF: 300720
IP header: src 192.168.55.2 dst 192.168.55.1
ICMP ping reply
However, the following is what I actually get:
* Ping request:
IP header: src 192.168.20.2 dst 192.168.20.5
GRE header: <just the GRE shim>
MPLS label identifying the rdomain: 666
IP header: src 192.168.55.1 dst 192.168.55.2
ICMP ping request
* Ping reply:
MPLS label identifying the VRF: 300720
IP header: src 192.168.55.2 dst 192.168.55.1
ICMP ping reply
The reply back from the OpenBSD box does not GRE-encapsulate the MPLS
packet and since I don't have a MPLS LSP set up between OpenBSD box and
Juniper 1, the ping reply never reaches Juniper 1.
Here is the tcpdump where I see the above:
# tcpdump -i vlan4092 -s 1500 -Xvvv not tcp and not udp
13:52:39.188348 gre 192.168.20.2 > 192.168.20.5: [] gre-proto-0x8847 (DF)
(ttl 63, id 0, len 112)
0000: 4500 0070 0000 4000 3f2f 9207 c0a8 1402 E..p..@.?/..o?=o?=..
0010: c0a8 1405 0000 8847 0029 a1ff 4500 0054 o?=o?=.....G.)o?=o?=E..T
0020: efee 0000 4001 9b66 c0a8 3701 c0a8 3702 [email protected]?=o?=7.o?=o?=7.
0030: 0800 6bf0 521e 0151 f8d4 ba4f 8c78 0e00 ..ko?=R..Qo?=T:O.x..
0040: 0809 0a0b 0c0d 0e0f 1011 1213 1415 1617 ................
0050: 1819 1a1b 1c1d 1e1f 2021 2223 2425 2627 ........ !"#$%&'
0060: 2829 2a2b 2c2d 2e2f 3031 3233 3435 3637 ()*+,-./01234567
13:52:39.188374 MPLS(label 300720, exp 0, ttl 255) 192.168.55.2 >
192.168.55.1: icmp: echo reply (id:521e seq:337) (ttl 255, id 64891, len 84)
0000: 496b 01ff 4500 0054 fd7b 0000 ff01 ced8 Ik.o?=E..To?={..o?=.o?=
0010: c0a8 3702 c0a8 3701 0000 73f0 521e 0151 o?=o?=7.o?=o?=7...so?=R..Q
0020: f8d4 ba4f 8c78 0e00 0809 0a0b 0c0d 0e0f o?=T:O.x..........
0030: 1011 1213 1415 1617 1819 1a1b 1c1d 1e1f ................
0040: 2021 2223 2425 2627 2829 2a2b 2c2d 2e2f !"#$%&'()*+,-./
0050: 3031 3233 3435 3637 01234567
Here are the various pieces of my configuration:
# ifconfig
lo0: flags=8049<UP,LOOPBACK,
RUNNING,MULTICAST> mtu 33152
priority: 0
groups: lo
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
inet 127.0.0.1 netmask 0xff000000
re0: flags=88843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,MPLS> mtu 1500
lladdr c8:9c:dc:dd:1a:f6
priority: 0
media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause)
status: active
inet6 fe80::ca9c:dcff:fedd:1af6%re0 prefixlen 64 scopeid 0x1
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33152
priority: 0
groups: pflog
vlan4092: flags=88843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,MPLS> mtu 1500
lladdr c8:9c:dc:dd:1a:f6
priority: 0
vlan: 4092 priority: 0 parent interface: re0
groups: vlan egress
status: active
inet 10.0.4.3 netmask 0xffffff00 broadcast 10.0.4.255
inet6 fe80::ca9c:dcff:fedd:1af6%vlan4092 prefixlen 64 scopeid 0x5
lo1: flags=8149<UP,LOOPBACK,RUNNING,PROMISC,MULTICAST> mtu 33152
priority: 0
groups: lo
inet6 fe80::1%lo1 prefixlen 64 scopeid 0x6
inet 192.168.20.5 netmask 0xffffffff
gre0: flags=a9011<UP,POINTOPOINT,LINK0,MULTICAST,NOINET6,MPLS> mtu 1476
priority: 0
groups: gre
physical address inet 192.168.20.5 --> 192.168.20.2
inet 192.168.55.2 --> 192.168.55.1 netmask 0xffffffff
mpe8: flags=20011<UP,POINTOPOINT,NOINET6> rdomain 8 mtu 1500
priority: 0
mpls label: 666
groups: mpe
inet 192.168.55.2 --> 0.0.0.0 netmask 0xffffff00
lo2: flags=28049<UP,LOOPBACK,RUNNING,MULTICAST,NOINET6> rdomain 8 mtu 33152
priority: 0
groups: lo
inet 192.168.55.2 netmask 0xffffff00
# route -n -T 8 show
Routing tables
Internet:
Destination Gateway Flags Refs Use Mtu Prio
Iface
10.0.0/24 192.168.20.3 UGT 0 0 - 48 mpe8
10.0.4/24 192.168.20.3 UGT 0 0 - 48 mpe8
169.254.200.12/30 192.168.20.3 UGT 0 0 - 48 mpe8
192.168.55.1/32 192.168.20.2 UGT 0 729 - 48 mpe8
192.168.55.2 192.168.55.2 UH 0 0 33152 4 lo2
192.168.56.1/32 192.168.20.3 UGT 0 0 - 48 mpe8
# route -n show -inet
Routing tables
Internet:
Destination Gateway Flags Refs Use Mtu Prio
Iface
10.0.0.2/31 10.0.4.1 UG 0 0 - 48
vlan4092
10.0.4/24 link#5 UC 3 0 - 4
vlan4092
10.0.4/24 10.0.4.3 UG 0 0 - 32
vlan4092
10.0.4/24 10.0.4.1 UG 0 0 - 48
vlan4092
10.0.4.1 00:24:dc:77:d3:8a UHLc 21 32 - 4
vlan4092
10.0.4.3 c8:9c:dc:dd:1a:f6 UHLc 2 26 - 4 lo0
127/8 127.0.0.1 UGRS 0 0 33152 8 lo0
127.0.0.1 127.0.0.1 UH 1 78717 33152 4 lo0
192.168.10.4/31 10.0.4.1 UG 0 0 - 32
vlan4092
192.168.10.4/31 10.0.4.1 UG 0 0 - 48
vlan4092
192.168.20.2/32 10.0.4.1 UG 2 680 - 32
vlan4092
192.168.20.2/32 10.0.4.1 UG 0 0 - 48
vlan4092
192.168.20.3/32 10.0.4.1 UG 1 491 - 32
vlan4092
192.168.20.3/32 10.0.4.1 UG 0 0 - 48
vlan4092
192.168.20.5 192.168.20.5 UH 0 187368 33152 4 lo1
192.168.20.5/32 10.0.4.3 UG 0 0 - 48
vlan4092
192.168.55.1 192.168.55.2 UH 0 0 - 4 gre0
200.0/16 10.0.4.1 UG 0 0 - 48
vlan4092
224/4 127.0.0.1 URS 0 0 33152 8 lo0
# route -n show -mpls
Routing tables
MPLS:
In label Out label Op Gateway Flags Refs Use Mtu
Prio Interface
666 - POP mpe8 UT 0 1068 -
4 mpe8
# cat
/etc/bgpd.conf
# $OpenBSD: bgpd.conf,v 1.12 2011/01/19 07:36:40 claudio Exp $
# sample bgpd configuration file
# see bgpd.conf(5)
socket "/var/www/logs/bgpd.rsock" restricted
AS 1234
router-id 192.168.20.5
rdomain 8 {
rd 1234:8
import-target rt 1234:8
export-target rt 1234:8
depend on mpe8
network 192.168.55.2/32
}
group mp-ibgp {
announce IPv4 vpn
remote-as 1234
local-address 192.168.20.5
neighbor 192.168.20.2 {
descr router1
}
neighbor 192.168.20.3 {
descr router2
}
}
allow from any
# cat
/etc/ospfd.conf
# $OpenBSD: ospfd.conf,v 1.4 2007/06/19 16:49:56 reyk Exp $
router-id 192.168.20.5
area 0.0.0.0 {
interface vlan4092
interface lo1
}
# cat
/etc/ldpd.conf
# $OpenBSD: ldpd.conf,v 1.3 2010/06/25 22:49:05 claudio Exp $
router-id 192.168.20.5
#
Can someone please help me figure out what the solution is? What I really
want is a way to say that for MPLS label 300720 the next hop should be the
gre0 interface, but I can't figure out a way to do that.
Regards,
Bert
