Hi Claudio,
Thanks, I'll report back to you after I'm done with my first test.

On Mon, 24 May 2010 20:11:46 +0700, Claudio Jeker  
<cjeker@diehard.n-r-g.com> wrote:

quoted text
> On Mon, May 24, 2010 at 05:23:00PM +0700, Insan Praja SW wrote:
>> Hi Misc@,
>> Before I begin to test OpenBGPD mpls VPN support on current, is
>> there any hints on route-leaking, and an example/hints to make a
>> complete setup MPLS cloud and MPLS/VPN on a network.
>>
>> In my later experiences using OpenBSD, I use pf with rtable to make
>> a VPN-like network without isolation on the network. Now I need to
>> know if there are ways to have a semi-isolated network when using
>> rdomain or anything like it.
>
> Passing traffic between VPNs is either done in pf(4) by setting the  
> rtable
> on a rule or by importing routes in BGP (import/export-target).
> The first method is much more flexible but more static.
>
> First of all you need the attached diff to play with the kernel MPLS  
> part.
> With that in you can start playing with the various parts.
> 1. You need to MPLS enable the interfaces that do MPLS
>    In my test I use a vlan for this:
> 	# more /etc/hostname.vlan2003
> 	vlan 2003 vlandev sis0
> 	inet 10.83.128.26 255.255.255.248 NONE
> 	mpls
>
> 2. Then it is best to have a loopback interface:
> 	# more /etc/hostname.lo1
> 	inet 10.83.66.23 255.255.255.255 NONE
>
> 3. LDP config:
> 	router-id 10.83.66.23
> 	distribution independent
> 	retention liberal
> 	advertisement unsolicited
> 	interface lo1 {
> 	}
> 	interface vlan2003 {
> 	}
>
> 4. I use ospfd as IGP, there is nothing special needed here.
>
> 5. create a rdomain 1:
> 	# more /etc/hostname.vlan2017
> 	rdomain 1
> 	vlan 2017 vlandev sis0
> 	inet 192.168.220.1 255.255.255.0
>
> 6. create a mpe(4) in rdomain 1:
> 	# more /etc/hostname.mpe0
> 	rdomain 1 mplslabel 543
> 	inet 10.83.66.129 255.255.255.255
>
> Note: it is necessary to have an IP on mpe(4) but it does not matter  
> which
> one you pick. I normaly use the loopback IP but maybe using the vlan2017
> IP would be smarter.
>
> 7. BGP config:
> 	AS 65003
> 	router-id 10.83.66.23
> 	listen on 10.83.66.23
> 	rdomain 1 {
> 		descr "CUSTOMER1"
> 		rd 65003:1
> 		import-target rt 65003:1
> 		export-target rt 65003:1
> 		depend on mpe0
> 		network 192.168.220/24
> 	}
> 	group ibgp {
> 		announce IPv4 unicast
> 		announce IPv4 vpn
> 		remote-as 65003
> 		local-address 10.83.66.23
> 		neighbor 10.83.66.2 {
> 			descr c2
> 		}
> 	}
>
> Start ospfd, bgpd, and ldpd and hope for the best (check that all  
> sessions
> come up). Setup something similar on a second system.
> Use e.g. ping -V1 -I 192.168.220.1 192.168.221.1 to test the VPN.
>
> It is possible to use gif/gre instead of LDP -- just use a gre interface
> in point 1 and skip everyting that needs LDP.
>
Thanks,


-- 
insandotpraja(at)gmaildotcom