eHi!

I am using 'OpenBSD 4.8-current (GENERIC) #313: Mon Nov  1 11:04:25 MDT 2010' i set up some good number of testing machines and started to try out the bgp mpls vpn stuff (based on man bgpd.conf, man ldpd.conf man man route + http://marc.info/?l=openbsd-misc&m=127470697232025&w=1 and i also did some general reading on mpls & mpls-vpn)

What i got so far is working bgp mpls vpn between two computers if they are directly connected like this. (The objective was to create behind PE1 two private vlans 172.116.93/24 and 172.117.93/24 into different rdomains which can communicate which their respective counterpart vlans behind PE2, 172.116.94/24 and 172.117.94/24))

em0 - management interface
em1 - interface running mpls
em2 - rdomains interface running vlans

         PE1
  em0  _____  em2 (up)
      |     |
      |_____| lo1 (inet 10.10.11.1 255.255.255.0 NONE)
         |    vlan116 (rdomain 116
         |             vlan 116 vlandev em2
         |             inet 172.116.93.1 255.255.255.0 NONE)
         |    vlan117 (rdomain 117
         |             vlan 117 vlandev em2
         |             inet 172.117.93.1 255.255.255.0 NONE)
         |    mpe116  (rdomain 116 mplslabel 11693
         |             inet 10.168.116.93 255.255.255.255)
         |    mpe117  (rdomain 117 mplslabel 11793
         |             inet 10.168.117.93 255.255.255.255)
         |    em1 (inet 10.0.11.1 255.255.255.0 NONE mpls)
         |    
         |
         |
         |
         |
         |    lo1 (inet 10.10.12.1 255.255.255.0 NONE)
         |    vlan116 (rdomain 116
         |             vlan 116 vlandev em2
         |             inet 172.116.94.1 255.255.255.0 NONE)
         |    vlan117 (rdomain 117
         |             vlan 117 vlandev em2
         |             inet 172.117.94.1 255.255.255.0 NONE)         |
         |    mpe116  (rdomain 116 mplslabel 11694
         |             inet 10.168.116.94 255.255.255.255)
         |    mpe117  (rdomain 117 mplslabel 11794
       ...
[ message continues ]

This is a fairly old current. But IIRC nothing super important happend in


Looking at the routing table you show here it seems that there is an issue
with ldpd. There are to many Untagged FEC in the ldpctl show lib output.
It looks like the session between the P/PE systems did not get up.
Did you look at the ldpctl show nei output?
Btw. look at the "route -n show -inet" output and check which routes have
MPLS pathes attached to them (T in the flags section). You can also use

The ldpd config looks about right. I use a very simple one on my test
setups:
router-id 10.42.21.1
interface re1
interface re2
interface re3

You do not need to use route(8) to manipulate the routing table. ldpd and

When sending out packets the mpls-vpn packet should have two labels.
The first one is the LSP to the BGP nexthop of the VRF route and the last

When building up MPLS networks I use normaly these steps:

1) configure interface etc. make sure you mpls-enabled the interfaces
doing MPLS. I normaly assign loopback IPs on all routers (at least do it
on the PE)
2) setup and start ospf
3) make sure you get all routes and you're able to ping all loopbacks.
4) setup and start ldpd
5) check the routing tables and make sure that you get labels.
6) ping and traceroute -v various IPs and see if they actually use MPLS.
7) setup and start bgpd on the two PE routers (best is to use the loopback
IPs here for the MPLS VPN connection).

In your case I think the problem is in step 4-6.
According to your output from PE1:
10.10.11.1/32        10.10.11.1        19             Untagged       yes
10.10.12.1/32        10.0.11.1         20             Untagged       yes

and

19        -         LOCAL  10.10.11.1         UGT        0        6 33160 4 lo1
20        -         LOCAL  10.0.11.1          UGT        0        0     - 32 em2

It looks like the connection from PE1 to PE2 is not using MPLS. It looks
like the ldp session between PE1 and the P router is not established.


[ message continues ]

Hi!


Thank you very much for your suggestion to look over the network below,
i didnt expect it to be a source of my problems and excuse me to waste
time for such a stupid reason. Now packets with double labels come and
go, so i search bgp mpls vpn further using several PE routers and
create  relationships between networks behind them etc.

Is my understanding correct that mpls-labeled packets going thru network
themselves dont need ip networking configured on P routers (and not even
net.inet.ip.forwarding switched on) but since ldpd needs to run on them
and it uses udp multicast and tcp-based connections ip configuration is
still needed? And usually ldpd processes communicate only with other
ldpd processes which run on their adjacent neighbors?


Imre

Just for the record, my second attempt was made using OpenBSD
4.8-current (GENERIC) #501: Mon Nov 29 11:58:38 MST 2010 and i386.


[ message continues ]

You need an IP backbone that connects all P and PE routers because that's
the way the topology and pathes are calculated. LDP currently only runs on
top of IP and that will not change any time soon.
So you need an IP backbone to build the label pathes on which the various
mpls VPN will be switched over.

Currently you must enable IP forwarding (because of penultimate hop
popping) on all routers. Every ethernet interface needs an IP address so
that LDP can be run over those links. Additionally you need the IP address
as nexthop on the MPLS pathes. In theory it is possible to use static
setups using MAC addresses as nexthops but such static networks are
unfeasible in reality.


[ message continues ]