I am very interested in using the OpenBSD platform for an ISP and as I read
it does MPLS. Download the platform and install it on a serverU with a 10G
card. I'm running MPLS testing between OpenBSD and Junos. I currently have
OSPF, LDP and BGP up. Perform the rdomain configuration to test MPLS-MP VRF.
I see that the routes are propagated to the VRF in Junos but I do not see
OpenBSD mounting the routes received from Junos to rtables. I have read that
OpenBSD only does the verification of the nexthop in the rtable 0. I wanted
to check with you if it is possible to do this configuration against Junos
and to verify that I am doing wrong.
Here I include the configuration of Junos and OpenBSD.
Junos:
set interfaces ge-0/0/0 mtu 1614
set interfaces ge-0/0/0 unit 0 description To-OpenBSD
set interfaces ge-0/0/0 unit 0 family inet address 10.205.1.2/30
set interfaces ge-0/0/0 unit 0 family mpls
set interfaces lo0 unit 0 family inet address 10.247.255.51/32
set interfaces lo0 unit 104 family inet address 192.168.100.1/24
set routing-options router-id 10.247.255.51
set routing-options autonomous-system 65535
set protocols mpls interface all
set protocols bgp group mpls type internal
set protocols bgp group mpls local-address 10.247.255.51
set protocols bgp group mpls hold-time 180
set protocols bgp group mpls import rv
set protocols bgp group mpls family inet-vpn unicast
set protocols bgp group mpls export Rrt-Export
set protocols bgp group mpls neighbor 10.247.255.50
set protocols bgp group mpls neighbor 10.247.255.58
set protocols ospf traffic-engineering
set protocols ospf area 0.0.0.0 interface lo0.0 passive
set protocols ospf area 0.0.0.0 interface ge-0/0/0.0
set protocols ldp interface all
set policy-options policy-statement Rrt-Export from protocol direct
set policy-options policy-statement Rrt-Export from protocol static
set policy-options policy-statement Rrt-Export from protocol ospf
set policy-options policy-statement Rrt-Export then accept
set policy-options policy-statement rv term a from protocol bgp
set policy-options policy-statement rv term a from validation-database valid
set policy-options policy-statement rv term a then local-preference 110
set policy-options policy-statement rv term a then validation-state valid
set policy-options policy-statement rv term a then accept
set policy-options policy-statement rv term b from protocol bgp
set policy-options policy-statement rv term b from validation-database
invalid
set policy-options policy-statement rv term b then local-preference 9
set policy-options policy-statement rv term b then validation-state invalid
set policy-options policy-statement rv term b then accept
set policy-options policy-statement rv term c from protocol bgp
set policy-options policy-statement rv term c from validation-database
unknown
set policy-options policy-statement rv term c then validation-state unknown
set policy-options policy-statement rv term c then accept
set routing-instances VRF-TEST instance-type vrf
set routing-instances VRF-TEST interface lo0.104
set routing-instances VRF-TEST route-distinguisher 10.247.255.51:104
set routing-instances VRF-TEST vrf-target target:65535:104
set routing-instances VRF-TEST routing-options options syslog level
emergency
set routing-instances VRF-TEST routing-options options syslog level alert
set routing-instances VRF-TEST routing-options options syslog level critical
set routing-instances VRF-TEST routing-options options syslog level error
set routing-instances VRF-TEST routing-options options syslog level warning
set routing-instances VRF-TEST routing-options options syslog level notice
set routing-instances VRF-TEST routing-options options syslog level info
set routing-instances VRF-TEST routing-options options syslog level debug
root> show route table VRF-TEST.inet.0
VRF-TEST.inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
192.168.25.252/32 *[BGP/170] 00:00:02, localpref 100, from 10.247.255.58
AS path: I, validation-state: unknown
> to 10.205.1.1 via ge-0/0/0.0, Push 58
192.168.100.0/24 *[Direct/0] 12w3d 16:26:11
> via lo0.104
192.168.100.1/32 *[Local/0] 12w3d 16:26:11
Local via lo0.104
root> ping routing-instance VRF-TEST 192.168.25.252
PING 192.168.25.252 (192.168.25.252): 56 data bytes
^C
--- 192.168.25.252 ping statistics ---
4 packets transmitted, 0 packets received, 100% packet loss
root>
OpenBSD
# ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 32768
index 8 priority 0 llprio 3
groups: lo
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x8
inet 127.0.0.1 netmask 0xff000000
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 84:44:64:33:94:f2
index 1 priority 0 llprio 3
media: Ethernet autoselect (none)
status: no carrier
em1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
lladdr 84:44:64:c1:38:c0
index 2 priority 0 llprio 3
media: Ethernet autoselect (none)
status: no carrier
em2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 84:44:64:93:e8:65
index 3 priority 0 llprio 3
groups: egress
media: Ethernet autoselect (1000baseT full-duplex)
status: active
inet 10.247.162.53 netmask 0xffffff00 broadcast 10.247.162.255
em3: flags=88843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,MPLS> mtu 1600
lladdr 84:44:64:21:2f:d5
description: MPLS
index 4 priority 0 llprio 3
media: Ethernet autoselect (1000baseT full-duplex)
status: active
inet 10.205.1.1 netmask 0xfffffffc broadcast 10.205.1.3
em4: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
lladdr 84:44:64:f7:49:9e
index 5 priority 0 llprio 3
media: Ethernet autoselect (none)
status: no carrier
em5: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
lladdr 84:44:64:df:9f:2c
index 6 priority 0 llprio 3
media: Ethernet autoselect (none)
status: no carrier
enc0: flags=0<>
index 7 priority 0 llprio 3
groups: enc
status: active
lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 32768
index 9 priority 0 llprio 3
groups: lo
inet 10.247.255.58 netmask 0xffffffff
lo104: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> rdomain 104 mtu 32768
index 10 priority 0 llprio 3
groups: lo
inet6 ::1 prefixlen 128
inet6 fe80::1%lo104 prefixlen 64 scopeid 0xa
inet 192.168.25.252 netmask 0xffffffff
mpe1: flags=51<UP,POINTOPOINT,RUNNING> rdomain 104 mtu 1500
index 11 priority 0 llprio 3
mpls label: 58
groups: mpe
inet 10.247.255.58 --> 0.0.0.0 netmask 0xff000000
mpe104: flags=51<UP,POINTOPOINT,RUNNING> rdomain 104 mtu 1500
index 12 priority 0 llprio 3
mpls label: 777
groups: mpe
inet 192.168.25.252 --> 0.0.0.0 netmask 0xffffffff
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33144
index 13 priority 0 llprio 3
groups: pflog
# cat /etc/ospfd.conf
router-id 10.247.255.58
fib-update yes
redistribute connected
redistribute static
area 0.0.0.0 {
interface em3:10.205.1.1{
}
interface lo1{
}
}
# cat /etc/ldpd.conf
router-id 10.247.255.58
address-family ipv4{
interface em3{
}
}
# cat /etc/bgpd.conf
AS 65535
router-id 10.247.255.58
listen on 10.247.255.58
listen on 10.205.1.1
fib-update yes
holdtime 180
nexthop qualify via bgp
dump all in "/tmp/all-in-%H%M" 300
dump all out "/tmp/all-in-%H%M" 300
log updates
rtable 104
#rde rib VRF-TEST rtable 0
rdomain 104 {
descr "VRF-TEST"
rd 10.247.255.58:104
import-target rt 65535:104
export-target rt 65535:104
depend on mpe1
network inet connected
network inet static
network 192.168.25.252/32
}
group mpls {
announce IPv4 vpn
remote-as 65535
local-address 10.247.255.58
neighbor 10.247.255.51{
descr "SRX-300"
}
}
#match from group mpls prefix { 192.168.100.1/32, 192.168.100.0/24 } set
pftable "VRF-TEST"
#match from any
allow from any
# cat /etc/pf.
pf.conf pf.os
# cat /etc/pf.conf
# $OpenBSD: pf.conf,v 1.54 2014/08/23 05:49:42 deraadt Exp $
#
# See pf.conf(5) and /etc/examples/pf.conf
#table <VRF-TEST> persist counters
#pass quick from <VRF-TEST>
set skip on lo
set skip on lo1
set skip on lo104
set skip on em3
#set reassemble no
#block return # block stateless traffic
pass in
pass out
pass # establish keep-state
pass on rdomain 104
# By default, do not permit remote connections to X11
block return in on ! lo0 proto tcp to port 6000:6010
# bgpctl sh nei
BGP neighbor is 10.247.255.51, remote AS 65535
Description: SRX-300
BGP version 4, remote router-id 10.247.255.51
BGP state = Established, up for 00:00:01
Last read 00:00:01, holdtime 180s, keepalive interval 60s
Neighbor capabilities:
Multiprotocol extensions: IPv4 vpn
Route Refresh
Graceful Restart
4-byte AS numbers
Message statistics:
Sent Received
Opens 1 1
Notifications 0 0
Updates 2 2
Keepalives 1 2
Route Refresh 0 0
Total 4 5
Update statistics:
Sent Received
Updates 4 2
Withdraws 0 0
End-of-Rib 1 1
Local host: 10.247.255.58, Local port: 17659
Remote host: 10.247.255.51, Remote port: 179
# bgpctl sh rib
flags: * = Valid, > = Selected, I = via IBGP, A = Announced, S = Stale
origin: i = IGP, e = EGP, ? = Incomplete
flags destination gateway lpref med aspath origin
AI*> rd 10.247.255.58:104 192.168.25.252/32 rd 0:0 0.0.0.0 100 0 i
I*> rd 10.247.255.51:104 192.168.100.0/24 10.247.255.51 100 0 i
I*> rd 10.247.255.51:104 192.168.100.1/32 10.247.255.51 100 0 i
# bgpctl sh table
Table Description State
0 rdomain_0 decoupled
104 VRF-TEST coupled
#
# route -T104 show
Routing tables
Internet:
Destination Gateway Flags Refs Use Mtu Prio
Iface
10.247.255.58 10.247.255.58 UHl 0 0 - 1 mpe1
192.168.25.252 192.168.25.252 UHl 0 1 32768 1
lo104
Internet6:
Destination Gateway Flags Refs Use Mtu Prio
Iface
localhost localhost UHl 0 0 32768 1
lo104
fe80::1%lo104 fe80::1%lo104 UHl 0 0 32768 1
lo104
ff01::%lo104/32 localhost Um 0 1 32768 4
lo104
ff02::%lo104/32 localhost Um 0 1 32768 4
lo104
MPLS:
In label Out label Op Gateway Flags Refs Use Mtu
Prio Interface
58 - POP mpe1 UT 0 0 -
8 mpe1
777 - POP mpe104 UT 0 0 -
8 mpe104
# ping -V104 192.168.100.1
PING 192.168.100.1 (192.168.100.1): 56 data bytes
ping: sendmsg: No route to host
ping: wrote 192.168.100.1 64 chars, ret=-1
ping: sendmsg: No route to host
ping: wrote 192.168.100.1 64 chars, ret=-1
ping: sendmsg: No route to host
ping: wrote 192.168.100.1 64 chars, ret=-1
^C
--- 192.168.100.1 ping statistics ---
3 packets transmitted, 0 packets received, 100.0% packet loss
--
View this message in context:
http://openbsd-archive.7691.n7.nabble.com/MPLS-BGP-VRF-tp325241.html
Sent from the openbsd user - misc mailing list archive at Nabble.com.
