Yes, that's right, the problem fixed. I should have inserted this rule : "*ip route add 192.168.23.3/32 <http://192.168.23.3/32> via TenGigabitEthernet4/0/1 out-labels 50*"
But why doesn't work if I don't have a MPLS label for 192.168.23.3/32 ? suppose that the Core of the network is pure IP, no MPLS. I know that in L3VPN we need a MPLS enabled core but for the sake of IP resolution in another FIB, why does it need a second label i.e. MPLS label?? On Tue, Jul 31, 2018 at 5:54 PM, Neale Ranns (nranns) <nra...@cisco.com> wrote: > Hi, > > > > Please show me: > > sh ip fib index 1 5.5.5.5/32 > > and > > sh ip fib index 0 192.168.23.3/32 > > > > I suspect you are missing an out-label on the latter. > > > > /neale > > > > *From: *<vpp-dev@lists.fd.io> on behalf of Gulakh <holoogul...@gmail.com> > *Date: *Tuesday, 31 July 2018 at 14:53 > *To: *"vpp-dev@lists.fd.io" <vpp-dev@lists.fd.io> > *Subject: *[SUSPICIOUS] [vpp-dev] L3VPN in VPP > > > > It seems that the Next hop IP resolution does not work correctly: > > Here is my Configuration: > > > > # *set interface state GigabitEthernet4/0/0 up* > > # *set interface state GigabitEthernet4/0/1 up* > > > > #* ip table add 1 *(create Customer VRF) > > > > # *set interface ip table GigabitEthernet 4/0/0 1* (Customer VRF) > > > > # *set interface ip address GigabitEthernet4/0/0 192.168.12.2/24 > <http://secure-web.cisco.com/1NGkJ8d9Xk8OKKghhdRpaN8lGN-75ZxRF1V7k7mtDnx1r3LpGmLHUdWKb9yppBbQeSwTupbV9HjWYrAzuZbNQ0LzjB2b2NixRZPlR-o2UB6u_KzSPfkqFvP-MA6PgJRF4hC5-50M2IE1MnmoFVltbgWPxwDabtmiPrEWMuOu7uW_MmnpuCU9GY3UHyWaeUM66FbfL-NCqkO3PHHyzJTZv8D4bOUVn9pRU8EBaPipH0BKKjlb2jDZS10k7wKRaSoLFb4GWuwuihvdfaZUCMMAp3dURk14uSPMKq2GgAYFSjQBOQpD8zFGzvzbVGV4WqzoU/http%3A%2F%2F192.168.12.2%2F24>* > (Toward Customer) > > # *set interface ip address GigabitEthernet4/0/1 192.168.23.2/24 > <http://secure-web.cisco.com/1c9gWpQLuBWxg_mjltoJB1OuIXMBIYNAUmT3ypthWFTFrN0WVkRLVQIGszDfppFffHnwnJYaabxo7oVx74p2Q5Mtnhkv_tEzEFsCK7cdJa9zcYfqn-wQLoVjvEd7GAhwKMISUy4tUY4f2EjfV6llLDoc04h10x48MymdokJMupjtLklcqPm2uKCEhdVLD2BWEd3fkbulksRbNYnm4VRfnjZhi_8mWRpSSVA-8oKMuUEAF71AQ_naB1cZkdHRlAq7DvH7xTTLmB8Y7x2JeryXyd9zn7g5rghLjC3anDS9qiSz3qSHlQJgf9f0YoYX0fuSJ/http%3A%2F%2F192.168.23.2%2F24>* > (Toward Core) > > > > *** Now I want to add one of Customer's route into its VRF: > > # *ip route add 5.5.5.5/32 > <http://secure-web.cisco.com/1q3AHC9RQ8OoZnfGkloIfJ7szfWyz-oY0Yi89FFEComrheEohuXnnjdNnLL5i50chvn5ZtVrayd7LWig7iEVKQtYNCHxeq435H95988Q_ZEeZjK5r9UOdJqlnnzGBvdWBZxPl7dl1YUwzGIkwuR1TdDZOKpTsDadCis-111m6P0lUqAfkmu98nRp1oVtE_74JaZHI5RggBiFwS_jj7nD1HlJvvebRgtfwtwIvGgAYUMQ-eJnwmQHKgSuOnEXkkKnjJrKrz3aC_fG29Q7TFEmlcIn_BJB7JJYi3pEdshEdW7aM8JS7IaQy7FDOwLsUO2uL/http%3A%2F%2F5.5.5.5%2F32> > table 1 via 192.168.23.3 next-hop-table 0 out-labels 40* > > > > in which :* 5.5.5.5/32 > <http://secure-web.cisco.com/1q3AHC9RQ8OoZnfGkloIfJ7szfWyz-oY0Yi89FFEComrheEohuXnnjdNnLL5i50chvn5ZtVrayd7LWig7iEVKQtYNCHxeq435H95988Q_ZEeZjK5r9UOdJqlnnzGBvdWBZxPl7dl1YUwzGIkwuR1TdDZOKpTsDadCis-111m6P0lUqAfkmu98nRp1oVtE_74JaZHI5RggBiFwS_jj7nD1HlJvvebRgtfwtwIvGgAYUMQ-eJnwmQHKgSuOnEXkkKnjJrKrz3aC_fG29Q7TFEmlcIn_BJB7JJYi3pEdshEdW7aM8JS7IaQy7FDOwLsUO2uL/http%3A%2F%2F5.5.5.5%2F32>* > is the Customer's another site in somewhere else > > * table 1* is the customer's VRF > > *192.168.23.3* is the next hop which is in the core -> be > resolved by Global VRF > > *next-hop-table 0* is the Global VRF to resolve > 192.168.23.3 > > *out-labels 40 *is the VPN Label > > > > > > Now When I see the VRF 1 ("*show ip fib table 1*"), here is the output > for 5.5.5.5/32 > <http://secure-web.cisco.com/1q3AHC9RQ8OoZnfGkloIfJ7szfWyz-oY0Yi89FFEComrheEohuXnnjdNnLL5i50chvn5ZtVrayd7LWig7iEVKQtYNCHxeq435H95988Q_ZEeZjK5r9UOdJqlnnzGBvdWBZxPl7dl1YUwzGIkwuR1TdDZOKpTsDadCis-111m6P0lUqAfkmu98nRp1oVtE_74JaZHI5RggBiFwS_jj7nD1HlJvvebRgtfwtwIvGgAYUMQ-eJnwmQHKgSuOnEXkkKnjJrKrz3aC_fG29Q7TFEmlcIn_BJB7JJYi3pEdshEdW7aM8JS7IaQy7FDOwLsUO2uL/http%3A%2F%2F5.5.5.5%2F32> > > > > ipv4-VRF:1, fib_index:1, flow hash:[src dst sport dport proto ] > locks:[src:CLI:2, ] > > .............. > > ............... > > ............ > > 192.168.12.0/24 > <http://secure-web.cisco.com/1kOpJ87zBACw-JxP47PEbLVa87SOKFiH3hbciO_Q9HwQG8cu5OOLdcyV7epyGLFQg58-zSwnr46vONGBlMZnIROQq67peBwn6pBqFmjHb9tZEB_fUy9ZqlNwrja_U0Yi-HaL4hA8t9bGnbk4UJpdfcMBNqNa8RXk-74poA0wp9sRsn8YfkhhcmahDUquvC7RTM5xgYoYtYAIx3pPtI6HDpKArWevaNbqKXu23hhrOt7kN5rL4q8LBoXGq2DQu7-v45GEMQ4fvcFlVaw-sAtFV0Xv-k1RSvM670VXdTR9GM79VGTgsSZRoSGORY9QTSsjK/http%3A%2F%2F192.168.12.0%2F24> > unicast-ip4-chain > [@0]: dpo-load-balance: [proto:ip4 index:14 buckets:1 uRPF:13 to:[0:0]] > [0] [@4]: ipv4-glean: GigabitEthernet4/0/0: mtu:9000 > ffffffffffffa0369f23aa780806 > > > > > *5.5.5.5/32 > <http://secure-web.cisco.com/1q3AHC9RQ8OoZnfGkloIfJ7szfWyz-oY0Yi89FFEComrheEohuXnnjdNnLL5i50chvn5ZtVrayd7LWig7iEVKQtYNCHxeq435H95988Q_ZEeZjK5r9UOdJqlnnzGBvdWBZxPl7dl1YUwzGIkwuR1TdDZOKpTsDadCis-111m6P0lUqAfkmu98nRp1oVtE_74JaZHI5RggBiFwS_jj7nD1HlJvvebRgtfwtwIvGgAYUMQ-eJnwmQHKgSuOnEXkkKnjJrKrz3aC_fG29Q7TFEmlcIn_BJB7JJYi3pEdshEdW7aM8JS7IaQy7FDOwLsUO2uL/http%3A%2F%2F5.5.5.5%2F32> > unicast-ip4-chain [@0]: dpo-load-balance: [proto:ip4 index:24 buckets:1 > uRPF:25 to:[0:0]] [0] [@0]: dpo-drop ip4* > > > > > > Here is the VRF 0: > > > > ipv4-VRF:0, fib_index:0, flow hash:[src dst sport dport proto ] > locks:[src:plugin-hi:2, src:default-route:1, ] > > .............. > > ............... > > ............ > > 192.168.23.0/24 > <http://secure-web.cisco.com/1DbkGdPq9i8F89pX02bDm1hNnY8c5sT9HLBeJjtp36kNFdRCHd4u4vywZG1kZEBFrTmWqOVXm8KhrV4nknJRPFTFfiIfa0iBskQxXQLq0WcVD_Y3kiKJ4B8Id2-TFlBihB-GDIQn_34orzbrpDlIaapl-NsHQIxlzi37jb_jkoteziEkstBgX2JQPKgUqMmPJ7lgmYRaWcpYsXhNGzGX4UyqC6e-CBJ1Gjr6A6dgex53IZfH-Xn4SfxuKatsq5EaMxM5mcckzRdF2kqc-RmgpEiwwoSvlast0ioloKXRaNnFmrsTZQ05MNSNaZzNHvZbi/http%3A%2F%2F192.168.23.0%2F24> > unicast-ip4-chain > [@0]: dpo-load-balance: [proto:ip4 index:18 buckets:1 uRPF:19 to:[0:0]] > [0] [@4]: ipv4-glean: GigabitEthernet4/0/1: mtu:9000 > ffffffffffffa0369f23aa7a0806 > > > > Question: why does it say Drop?? I expect to see something that shows > next-hop is resolved in VRF 0. > > > > On Tue, Jul 31, 2018 at 4:18 PM, Neale Ranns (nranns) <nra...@cisco.com> > wrote: > > > > Hi, > > > > You are correct on all points. > > > > regards > > /neale > > > > *From: *Holoo Gulakh <holoogul...@gmail.com> > *Date: *Tuesday, 31 July 2018 at 12:19 > *To: *"Neale Ranns (nranns)" <nra...@cisco.com>, "vpp-dev@lists.fd.io" < > vpp-dev@lists.fd.io> > *Subject: *Re: [vpp-dev] L3VPN in VPP > > > > Hi, > > In order to have both VPLS and L3VPN works *concurrently *in a PE router, > I guess that I should do the following things: > > > > 1- Regardless of the type of service that whether it's *VPLS *,*L3VPN *or > *none*(e.g. a simple connectivity) , the core of the network works the > same, that is I should Insert everything about the core of the network in > the Global VRF i.e. *IP FIB 0* and *MPLS FIB 0 in VPP*. > > > > The above step is done before even providing any services. > > > > 2- *For the PW-Label of VPLS*, the task is delivered to the mpls tunnel > to put the PW-Label on the Packet (i.e. *mpls tunnel add l2-only > <PE-TARGET> out-labels<PW-LABEL>*) then to resolve the PE-TARGET IP > address the resolution is done by checking the Global VRF which contains > information about the core and at that stage the MPLS label is added to > packet. > > > > *For the VPN-Label of the L3VPN* the task of putting it on the packet > is delivered to the VRF associated with the incoming Interface (i.e. *#* *ip > route add <PE-TARGET> table <CUSTOMER-VRF> via <NEXT-HOP> out-labels > <VPN-LABEL>*) and then to resolve the NEXT-HOP IP address, Global VRF > must be checked since the routing information about the core is stored in > the Global VRF (i.e. IP FIB 0 and MPLS FIB 0 in VPP) > > but the problem is that the route store in the customer's VRF must use > Global VRF in order to resolve its NEXT-HOP. > > Searching VPP Doc, I confronted with a parameter that I can use to select > which VRF to use to resolve the next hop. > > so the *#* command must be modified by (*ip route add <PE-TARGET> table > <CUSTOMER-VRF> via <NEXT-HOP> next-hop-table <GLOBAL-VRF> out-labels > <VPN-LABEL>*) and then during the resolution of the PE-TARGET IP address > the MPLS Labels is added to the packet. > > > > *Question*: Am I right?? > > > > Excuse me for my questions ... most of the materials found in Internet are > about Cisco commands to run the service and they give my little insights on > what to do with lower level configurations. > > Thanks in advance > > > > On Mon, Jul 30, 2018 at 1:31 PM, Neale Ranns (nranns) <nra...@cisco.com> > wrote: > > Hi, > > > > Answers inline marked [nr] > > > > /neale > > > > *From: *<vpp-dev@lists.fd.io> on behalf of Gulakh <holoogul...@gmail.com> > *Date: *Saturday, 28 July 2018 at 13:45 > *To: *"vpp-dev@lists.fd.io" <vpp-dev@lists.fd.io> > *Subject: *[vpp-dev] L3VPN in VPP > > > > Hi, > > I have setup a *VPLS *scenario successfully and now I want to setup a *L3VPN > *scenario in VPP (L3VPN topology is in attachment). > > > > My configuration for VPLS is some how like this link > <https://secure-web.cisco.com/1WcczMrdXjHEidv0-EujT5VZSxYEx6HlbbliDkxjmImOf2VUkuc4VAxA1sfwt77SeQNLnwTQbE-OtP1YbsLSZ4hZYGYj4KreyTiNZ6I6v5XvKjxpiy6EB46KZ5k0Oknw6ohrIkhG8u5wRKxmAT6Fp-oSABOH-y1lFrmoE1zaw43Xpcu80q32TWb-WL5SQd1ILMl08l2YHDSxPNt__-fGgHoFAf-XCtTD4pIPi6a4UWiB8Lhu7rNLreM02fIzz_ni_G1ZJ_KMUs6c_4KcjunhpWQaFsPeGCBz7khQK8V3vkevRqEX_VAcGNdTzxRKAqlSSOkDS3SV5xa-bPvi2XiCjkQ/https%3A%2F%2Flists.fd.io%2Fg%2Fvpp-dev%2Ftopic%2Fvpls_dev_in_vpp_1%2F18091281%3Fp%3D%2C%2C%2C20%2C0%2C0%2C0%3A%3Arecentpostdate%252Fsticky%2C%2C%2C20%2C2%2C0%2C18091281> > . > > > > As far as I searched Internet, L3VPN has a *VPN Label* that I think is > somehow like *PW Label* in VPLS with difference that *VPN Label is used > to select VRF* and *PW Label is used to select mpls tunnel *(hence > bridge). > > > > [nr] other label allocation schemes are available J > > > > =============================== > > *Part1:* > > I guess I should configure the *source PE* as follow: > > > > *In VPLS: mpls tunnel add l2-only via <PE-TARGET> out-labels > <PW-LABEL>* > > * ip route add <PE-TARGET> via <NEXT-HOP> out-labels > <MPLS-LABEL>* > > > > *In L3VPN: CMD1 ??????????????? (insert in customer VRF)* > > * ip route add <PE-TARGET> via <NEXT-HOP> out-labels > <MPLS-LABEL> (insert in GLOBAL VRF)* > > > > I don't know what command I should use for CMD1 ... This command must add > VPN-LABEL which is selected base on the customer's VRF to the packet and > then lookup the GLOBAL VRF to push the MPLS Label. just like VPLS that the > mpls tunnel first adds a PW Label and then in the destination IP > resolution, MPLS Label is added to packet. > > > > *Question1:* Am I right about the configurations in the source PE? > > > > > > [nr] ip route table <CUSTOMER> <PREFIX> via <PE-TARGET> out-labels > <CUSTOMER-VRF-LABEL> > > > > you could use PREFIX=0.0.0.0/0 > <http://secure-web.cisco.com/12oNYkgtELWCsmb0tZPB31GOgaFXsjlKtvq17wQ9qjHO-DNfrh3NFbBr74cxlyEaJPJkJuKa6hNnqHQlA0KGe7DnYeQhL2DHmoLYq7-r6itfCMMHWcWFePzlQWVUPbyzqkEYajhhnocFNHuWWjRQM3Uki-bX0PuxsniPqeU52v4NLFfaBTybi6Y9J5AJkUw0YzUiyYgNBQv12wp1m84MR3WitikIjMMGhMv-ilgRFYxjjlie9sVo4yZtMpuPqu9G3tlefPw8HPfF8m76MpLuApOdclRbCLIlPWtEE9qBODs1-EqjsayKrOFax3UOMbpyM/http%3A%2F%2F0.0.0.0%2F0> > or many more specifics > > > > and your route to the PE-TARGET would be better as a non-recursive route > (i.e. if it is learned via e.g. OSPF and this is not an inter-AS option C) > otherwise you’ll need another labelled route for the next-hop > > > > non-recursive means specify the next-hop and interface. > > > > > > ================================ > > *Part2:* > > I guess I should configure the *target PE* as follow: > > > > *In VPLS: mpls local-label add eos <PW-LABEL> via l2-input-on > <MPLS-TUNNEL>* > > > > * In L3VPN: mpls local-label add eos <VPN-LABEL> via > ip4-lookup-in-table <VRF-ID> (insert in GLOBAL VRF) * > > > > *Question2:* Am I right about the configurations in the target PE? > > > > [nr] Yes. The mpls label is added to the MPLS global table, i.e. there’s > no ‘insert in global-VRF’, since the instruction associated with the label > is to lookup the exposed IP destination address in the customer’s VRF/ > > > > ================================= > > *Part3:* > > In order to fill customer's VRF, I should use control plane's RouteTarget > (RT) to select the VRF ID and then use below command to fill the VRF: > > > > *ip route add <DESTIANTION> via <NEXT-HOP> <INTERFACE> table > <VRF-ID>* > > > > *Question3:* Am I right? > > > > [nr] yes. > > > > thanks in advance > > > > > > > > > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#10004): https://lists.fd.io/g/vpp-dev/message/10004 Mute This Topic: https://lists.fd.io/mt/23903296/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-