On Fri, Dec 03, 2010 at 01:10:30AM +0200, Imre Oolberg wrote:
quoted text
> Hi!
> 
> Claudio Jeker wrote:
> 
> > It looks like the connection from PE1 to PE2 is not using MPLS. It looks
> > like the ldp session between PE1 and the P router is not established.
> 
> Thank you very much for your suggestion to look over the network below,
> i didnt expect it to be a source of my problems and excuse me to waste
> time for such a stupid reason. Now packets with double labels come and
> go, so i search bgp mpls vpn further using several PE routers and
> create  relationships between networks behind them etc.
> 
> Is my understanding correct that mpls-labeled packets going thru network
> themselves dont need ip networking configured on P routers (and not even
> net.inet.ip.forwarding switched on) but since ldpd needs to run on them
> and it uses udp multicast and tcp-based connections ip configuration is
> still needed? And usually ldpd processes communicate only with other
> ldpd processes which run on their adjacent neighbors?
> 

You need an IP backbone that connects all P and PE routers because that's
the way the topology and pathes are calculated. LDP currently only runs on
top of IP and that will not change any time soon.
So you need an IP backbone to build the label pathes on which the various
mpls VPN will be switched over.

Currently you must enable IP forwarding (because of penultimate hop
popping) on all routers. Every ethernet interface needs an IP address so
that LDP can be run over those links. Additionally you need the IP address
as nexthop on the MPLS pathes. In theory it is possible to use static
setups using MAC addresses as nexthops but such static networks are
unfeasible in reality.

-- 
:wq Claudio


quoted text
> 
> Just for the record, my second attempt was made using OpenBSD
> 4.8-current (GENERIC) #501: Mon Nov 29 11:58:38 MST 2010 and i386.
> 
> Claudio Jeker wrote:
> 
> > On Fri, Nov 26, 2010 at 11:02:06PM +0200, Imre Oolberg wrote:
> >   
> >> eHi!
> >>
> >> I am using 'OpenBSD 4.8-current (GENERIC) #313: Mon Nov  1 11:04:25 MDT
> >> 2010' i set up some good number of testing machines and started to try
> >> out the bgp mpls vpn stuff (based on man bgpd.conf, man ldpd.conf man
> >> man route + http://marc.info/?l=openbsd-misc&m=127470697232025&w=1 and i
> >> also did some general reading on mpls & mpls-vpn)
> >>     
> >
> > This is a fairly old current. But IIRC nothing super important happend in
> > between.
> >  
> >   
> >> What i got so far is working bgp mpls vpn between two computers if they
> >> are directly connected like this. (The objective was to create behind
> >> PE1 two private vlans 172.116.93/24 and 172.117.93/24 into different
> >> rdomains which can communicate which their respective counterpart vlans
> >> behind PE2, 172.116.94/24 and 172.117.94/24))
> >>
> >>     
> >
> > ... big snip ...
> >
> >  
> >   
> >> at P in the middle it says
> >>
> >> mpls-4:~# ldpctl show lib                                                                                                                  
> >> Destination          Nexthop           Local Label    Remote Label   In Use    
> >> 0.0.0.0/0            192.168.10.254    16             Untagged       yes
> >> 10.0.11.0/24         10.0.171.1        17             Pop tag        yes
> >> 10.0.12.0/24         10.0.172.1        18             Untagged       yes
> >> 10.0.171.0/24        10.0.171.254      3              Untagged       yes
> >> 10.0.171.0/24        0.0.0.0           3              Untagged       yes
> >> 10.0.172.0/24        10.0.172.254      3              Untagged       yes
> >> 10.0.172.0/24        0.0.0.0           3              Untagged       yes
> >> 10.10.11.1/32        10.0.171.1        19             19             yes
> >> 10.10.12.1/32        10.0.172.1        20             Untagged       yes
> >> 192.168.10.0/24      10.0.172.1        3              Untagged       yes
> >> 192.168.10.0/24      10.0.171.1        3              Pop tag        yes
> >> 192.168.10.0/24      0.0.0.0           3              Untagged       yes
> >>
> >> mpls-4:~# route -n show -mpls 
> >> Routing tables
> >>
> >> MPLS:
> >> In label  Out label Op     Gateway            Flags   Refs      Use   Mtu  Prio Interface
> >> 16        -         LOCAL  192.168.10.254     UGT        0        0     -     8 em0  
> >> 17        -         POP    10.0.171.1         UGT        0        0     -    32 em1  
> >> 18        -         LOCAL  10.0.172.1         UGT        0        0     -    32 em2  
> >> 19        19        SWAP   10.0.171.1         UGT        0       10     -    32 em1  
> >> 20        -         LOCAL  10.0.172.1         UGT        0        0     -    32 em2  
> >>
> >>
> >>     
> >
> > Looking at the routing table you show here it seems that there is an issue
> > with ldpd. There are to many Untagged FEC in the ldpctl show lib output.
> > It looks like the session between the P/PE systems did not get up.
> > Did you look at the ldpctl show nei output?
> > Btw. look at the "route -n show -inet" output and check which routes have
> > MPLS pathes attached to them (T in the flags section). You can also use
> > route -n get <IP> or route -n get -mpls -in <LABEL> to get more info.
> >
> >   
> >> I suspect i miss one of these
> >>
> >> 1. i misuse ldpd
> >>     
> >
> > The ldpd config looks about right. I use a very simple one on my test
> > setups:
> > router-id 10.42.21.1
> > interface re1
> > interface re2
> > interface re3
> > This is for a P router but the PE ones have exactly the same config :)
> >
> >   
> >> 2. i havent configured correctly on P routers mpls forwarding (read on
> >> man route something about -in, -out, -push, -swap but have no idea how
> >> to use them)
> >>     
> >
> > You do not need to use route(8) to manipulate the routing table. ldpd and
> > ospfd should do all the work.
> >
> >   
> >> 3. i read that doing mpls-vpn there are actually two mpls labels used,
> >> one to choose correct rdomain in PE and the other to get packet thru
> >> MPLS network, i cant get on my packets the top label
> >>     
> >
> > When sending out packets the mpls-vpn packet should have two labels.
> > The first one is the LSP to the BGP nexthop of the VRF route and the last
> > label is the label of the terminating mpe(4) device.
> >
> >   
> >> I would be very glad if you could point me to the right direction!
> >>
> >>     
> >
> > When building up MPLS networks I use normaly these steps:
> >
> > 1) configure interface etc. make sure you mpls-enabled the interfaces
> > doing MPLS. I normaly assign loopback IPs on all routers (at least do it
> > on the PE)
> > 2) setup and start ospf
> > 3) make sure you get all routes and you're able to ping all loopbacks.
> > 4) setup and start ldpd
> > 5) check the routing tables and make sure that you get labels.
> > 6) ping and traceroute -v various IPs and see if they actually use MPLS.
> > 7) setup and start bgpd on the two PE routers (best is to use the loopback
> > IPs here for the MPLS VPN connection).
> >
> > In your case I think the problem is in step 4-6.
> > According to your output from PE1:
> > 10.10.11.1/32        10.10.11.1        19             Untagged       yes
> > 10.10.12.1/32        10.0.11.1         20             Untagged       yes
> >
> > and
> >
> > 19        -         LOCAL  10.10.11.1         UGT        0        6 33160 4 lo1
> > 20        -         LOCAL  10.0.11.1          UGT        0        0     - 32 em2
> >
> > It looks like the connection from PE1 to PE2 is not using MPLS. It looks
> > like the ldp session between PE1 and the P router is not established.