Hi Claudio, Thank you so much for the info. To run multiple bgdp instances, do I need to use different listening port numbers?
Regards, -yang -----Original Message----- From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of Claudio Jeker Sent: Saturday, August 08, 2015 4:12 PM To: misc@openbsd.org Subject: Re: rdomain with BGP dynamic route On Thu, Jul 30, 2015 at 11:26:56AM -0400, XU, YANG (YANG) wrote: > Adam, > > Your comments and links are very helpful, they made some concepts > clear for me. Many thanks! > > What I need essentially is VRF function which converts IPv4 prefix to > VPNv4 prefix dynamically. I hope experts can help on this. After > spending so much time on searching for the answer, sending beer is an > easier thing to do. Just give me a working example, and beer will be > on the way :) Hmm. To do this you need to run multiple bgpds one doing the VPNv4 handling and then a bgpd instance per client (running that specific rdomain). For those client bgpd you need to add some extra config to make it all work: # change fib priority so that bgpd does not filter those routes fib-priority 36 # change location of bgpctl socket socket "/var/run/bgpd.customer1.sock" Then I think it is the easiest to start those client bgpd with route -T 3 exec /usr/sbin/bgpd This will run bgpd in rdomain 3. You still need an mpe(4) interface in rdomain 3 so that the primary bgpd exports the routes (plus you will need some ldpd and MPLS config as described in the presentation you mentioned). It may be possible to use: rde rib "customer-1" rtable 3 and some filter magic to run all in a single bgpd but I think that is a lot more trouble than having different processes running. Originally the idea was that the PE <-> CE route exachange would be done via OSPF. This is why you need multiple processes for this setup. -- :wq Claudio > > -----Original Message----- > From: Adam Thompson [mailto:athom...@athompso.net] > Sent: Tuesday, July 28, 2015 8:59 PM > To: XU, YANG (YANG) <y...@research.att.com> > Cc: misc@openbsd.org > Subject: Re: rdomain with BGP dynamic route > > I see what you mean. > > This, I think, is close to what you're looking for, but I'm not 100% certain > of how to accomplish exactly what you want: > > nexthop qualify via bgp > listen on A.B.C.D ## vrf member address of, say, em1 > rtable 2 ## put vrf interface into rdomain 2 via ifconfig? > rdomain 2 { > rd 123:456 > depend on em1 > } > neighbor VPNCLIENT1 { > depend on em1 > } > > ...I don't know how to avoid running a separate instance of bgpd(8) per VRF, > however. > > Given that OpenBSD has, apparently, a working MPLS + LDP > implementation, this is obviously yet another case where the manual > pages contain enough information > > Based on jeker's MPLS paper back at EuroBSDCon 2011, it may be the case that > BGP + VRF really only works work mpe(4). > > Ah! I found someone else's documentation that explains it... you do still > need to use rdomain0, but you MUST tag the routes. rdomain0 contains > everything, including the [possibly overlapping] routes, but with prefixes to > keep them separate. > > See http://firstyear.id.au/entry/21. Also see jeker's explanation (perhaps > dated) here: > http://openbsd-archive.7691.n7.nabble.com/Using-RDomain-setup-with-pf-4-and-bgpd-8-td42066.html. > > (Also check out http://lmgtfy.com/?q=openbsd+bgp+vrf. Admittedly, the > fourth or fifth result _is_ this thread :-/.) > > Failing that, as I can't tell for certain if it does what you want, wait for > Claudio, Henning, or whoever else is working on it now to figure out how to > make it work better! I hear sending them beer sometimes helps... > > -Adam > > > > > On 07/24/2015 08:07 PM, XU, YANG (YANG) wrote: > > Adam, > > > > I really appreciate your reply. I read bgpd.conf and see rdomain can only > > define network as explicit, static or connected. In my case, I need to > > import dynamic prefix from BGP session. Right now all prefix learned from > > BGP goes to rdomain 0. I want to put prefix learned from BGP into the > > rdomain I specify. > > > > Thanks, > > -Yang > > ________________________________________ > > From: Adam Thompson [athom...@athompso.net] > > Sent: 24 July 2015 20:33 > > To: XU, YANG (YANG) > > Subject: Re: rdomain with BGP dynamic route > > > > On 2015-07-24 06:47 AM, XU, YANG (YANG) wrote: > >> Let me describe it in another way. Can I create a new rdomain as a VRF and > >> use the rdomain to import/export customer's prefix through BGP? > >> > >> I will greatly appreciate it if you can provide any information. I have > >> seen some information online, but prefix is either from static > >> configuration or connected network. In my case, I need to support dynamic > >> routes from BGP in VRF. > > Short answer: yes. > > > > See man bgpd.conf(5): > > > > ROUTING DOMAIN CONFIGURATION > > bgpd(8) supports the setup and distribution of Virtual Private Networks. > > It is possible to import and export prefixes between routing domains. > > Each routing domain is specified by an rdomain section, which allows > > properties to be set specifically for that rdomain: > > rdomain 1 { > > descr "a rdomain" > > rd 65002:1 > > import-target rt 65002:42 > > export-target rt 65002:42 > > network 192.168.1/24 > > depend on mpe0 > > } > > > > -- > > -Adam Thompson > > athom...@athompso.net
