[j-nsp] L3 MPLS VPN on Olive
Junaid
junaid.x86 at gmail.com
Sun Nov 4 05:52:55 EST 2007
Hi,
I am testing MPLS L3VPNs on Olive. I have two directly connected PE
routers (olive1 and olive2) and one CE router (olive3) connected to
olive2. The PE routers share a /30 subnet on their connecting link
(fxp0s on both routers connected via tap interfaces). The loopbacks of
both the PE routers are statically routed on the other PE router (no
IGP used for simplicity). I have created a VRF named "VPN" on both
routers and put a one loopback interface each (other than the one use
for the PE routers) in the VRF. Also, the interface connecting CE
(olive3) to olive2 is also put in this VRF. Now, as indicated by
routing tables, my control plane as well as my data plane information
is as it should be, VPN routes are reaching from one PE to the other
and forwarding table has the next-hop defined correctly. I am able to
ping loopbacks in the VRFs from one PE to the other but I am unable to
ping (from olive1) the interface IPs of the PE-CE link and the
loopback of the CE router - the loopback of the CE router is
statically routed (inside the VRF) on olive2. Can any one help me on
this!
A word about my olive environment; I have three olive instances on a
Windows machine booted via "jqemu". All the instantiated interfaces
are connected to "tap" interfaces on the host machine. All the tap
interfaces are bridged together - so we can assume that all interfaces
are connected on an L2 switch. I have also tested this situation by
connecting instances using sockets but I got the same result. However,
the all outputs below are based on the bridged version of the setup.
Pertinent configs and outputs are as follows, I will really appreciate
any help on this :)
-----------------------------------------
root at olive1> show configuration
version 7.0R1.5;
system {
host-name olive1;
syslog {
file logs {
any any;
}
}
}
interfaces {
fxp0 {
unit 0 {
family inet {
address 10.0.0.1/24;
}
family mpls;
}
}
lo0 {
unit 0 {
family inet {
address 10.10.0.1/32;
}
}
unit 1 {
family inet {
address 192.168.1.254/32;
}
}
}
}
routing-options {
static {
route 10.10.0.2/32 next-hop 10.0.0.2;
}
router-id 10.10.0.1;
autonomous-system 64512;
}
protocols {
rsvp {
traceoptions {
file rsvp-logs world-readable;
flag all;
}
interface fxp0.0;
interface all;
}
mpls {
label-switched-path testp {
from 10.0.0.1;
to 10.0.0.2;
no-cspf;
}
interface fxp0.0;
}
bgp {
group o1to2 {
type internal;
neighbor 10.0.0.2 {
family inet-vpn {
unicast;
}
}
}
}
}
routing-instances {
VPN {
instance-type vrf;
interface lo0.1;
route-distinguisher 64512:1;
vrf-target target:64512:100;
}
}
root at olive1>
-----------------------------------------
root at olive2> show configuration
version 7.0R1.5;
system {
host-name olive2;
}
interfaces {
fxp0 {
unit 0 {
family inet {
address 10.0.0.2/24;
}
family mpls;
}
}
fxp1 {
unit 0 {
family inet {
address 10.1.0.1/24;
}
}
}
lo0 {
unit 0 {
family inet {
address 10.10.0.2/32;
}
}
unit 2 {
family inet {
address 192.168.2.254/32;
}
}
}
}
routing-options {
static {
route 10.10.0.1/32 next-hop 10.0.0.1;
}
router-id 10.10.0.2;
autonomous-system 64512;
}
protocols {
rsvp {
interface fxp0.0;
interface all;
}
mpls {
label-switched-path testp {
from 10.0.0.2;
to 10.0.0.1;
no-cspf;
}
interface fxp0.0;
}
bgp {
group o1to2 {
type internal;
neighbor 10.0.0.1 {
family inet-vpn {
unicast;
}
}
}
}
}
routing-instances {
VPN {
instance-type vrf;
interface lo0.2;
interface fxp1.0;
route-distinguisher 64512:2;
vrf-target target:64512:100;
routing-options {
static {
route 172.16.10.254/32 next-hop 10.1.0.2;
}
}
}
}
root at olive2>
-----------------------------------------
root at olive3> show configuration
version 7.0R1.5;
system {
host-name olive3;
}
interfaces {
fxp0 {
unit 0 {
family inet {
address 10.1.0.2/24;
}
family mpls;
}
}
lo0 {
unit 0 {
family inet {
address 172.16.10.254/32;
}
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop 10.1.0.1;
}
}
-----------------------------------------
root at olive1> show route
inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.0.0.0/24 *[Direct/0] 00:12:57
> via fxp0.0
10.0.0.1/32 *[Local/0] 00:12:57
Local via fxp0.0
10.10.0.1/32 *[Direct/0] 00:12:57
> via lo0.0
10.10.0.2/32 *[Static/5] 00:12:55
> to 10.0.0.2 via fxp0.0
inet.3: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.0.0.2/32 *[RSVP/7] 00:12:44, metric 65535
> to 10.0.0.2 via fxp0.0, label-switched-path testp
VPN.inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.1.0.0/24 *[BGP/170] 00:12:37, localpref 100
AS path: I
> to 10.0.0.2 via fxp0.0, label-switched-path testp
172.16.10.254/32 *[BGP/170] 00:12:37, localpref 100
AS path: I
> to 10.0.0.2 via fxp0.0, label-switched-path testp
192.168.1.254/32 *[Direct/0] 00:12:55
> via lo0.1
192.168.2.254/32 *[BGP/170] 00:12:37, localpref 100
AS path: I
> to 10.0.0.2 via fxp0.0, label-switched-path testp
mpls.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0 *[MPLS/0] 00:13:03, metric 1
Receive
1 *[MPLS/0] 00:13:03, metric 1
Receive
2 *[MPLS/0] 00:13:03, metric 1
Receive
100000 *[VPN/170] 00:12:37
receive table VPN.inet.0, Pop
bgp.l3vpn.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
64512:2:10.1.0.0/24
*[BGP/170] 00:12:37, localpref 100
AS path: I
> to 10.0.0.2 via fxp0.0, label-switched-path testp
64512:2:172.16.10.254/32
*[BGP/170] 00:12:37, localpref 100
AS path: I
> to 10.0.0.2 via fxp0.0, label-switched-path testp
64512:2:192.168.2.254/32
*[BGP/170] 00:12:37, localpref 100
AS path: I
> to 10.0.0.2 via fxp0.0, label-switched-path testp
__juniper_private1__.inet6.0: 1 destinations, 1 routes (1 active, 0 holddown, 0
hidden)
+ = Active Route, - = Last Active, * = Both
fe80::2aa:ff:fe00:101/128
*[Direct/0] 00:12:55
> via lo0.16385
root at olive1>
-----------------------------------------
root at olive2> show route
inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.0.0.0/24 *[Direct/0] 00:13:52
> via fxp0.0
10.0.0.2/32 *[Local/0] 00:13:52
Local via fxp0.0
10.10.0.1/32 *[Static/5] 00:13:51
> to 10.0.0.1 via fxp0.0
10.10.0.2/32 *[Direct/0] 00:13:52
> via lo0.0
inet.3: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.0.0.1/32 *[RSVP/7] 00:13:48, metric 65535
> to 10.0.0.1 via fxp0.0, label-switched-path testp
VPN.inet.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.1.0.0/24 *[Direct/0] 00:13:53
> via fxp1.0
10.1.0.1/32 *[Local/0] 00:13:53
Local via fxp1.0
172.16.10.254/32 *[Static/5] 00:13:52
> to 10.1.0.2 via fxp1.0
192.168.1.254/32 *[BGP/170] 00:13:42, localpref 100
AS path: I
> to 10.0.0.1 via fxp0.0, label-switched-path testp
192.168.2.254/32 *[Direct/0] 00:13:53
> via lo0.2
mpls.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0 *[MPLS/0] 00:13:56, metric 1
Receive
1 *[MPLS/0] 00:13:56, metric 1
Receive
2 *[MPLS/0] 00:13:56, metric 1
Receive
100000 *[VPN/170] 00:13:43
> to 10.1.0.2 via fxp1.0, Pop
100016 *[VPN/170] 00:13:43
receive table VPN.inet.0, Pop
bgp.l3vpn.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
64512:1:192.168.1.254/32
*[BGP/170] 00:13:42, localpref 100
AS path: I
> to 10.0.0.1 via fxp0.0, label-switched-path testp
__juniper_private1__.inet6.0: 1 destinations, 1 routes (1 active, 0 holddown, 0
hidden)
+ = Active Route, - = Last Active, * = Both
fe80::2aa:ff:fe00:103/128
*[Direct/0] 00:13:52
> via lo0.16385
root at olive2>
-----------------------------------------
root at olive3> show route
inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0 *[Static/5] 00:06:47
> to 10.1.0.1 via fxp0.0
10.1.0.0/24 *[Direct/0] 00:06:49
> via fxp0.0
10.1.0.2/32 *[Local/0] 00:06:49
Local via fxp0.0
172.16.10.254/32 *[Direct/0] 00:06:48
> via lo0.0
__juniper_private1__.inet6.0: 1 destinations, 1 routes (1 active, 0 holddown, 0
hidden)
+ = Active Route, - = Last Active, * = Both
fe80::2aa:ff:fe00:105/128
*[Direct/0] 00:06:48
> via lo0.16385
root at olive3>
-----------------------------------------
>From olive1 I am able to ping 192.168.2.254 which is the loopback on
olive2 in the VRF:
root at olive1> ping 192.168.2.254
PING 192.168.2.254 (192.168.2.254): 56 data bytes
ping: sendto: No route to host
^C
--- 192.168.2.254 ping statistics ---
1 packets transmitted, 0 packets received, 100% packet loss
root at olive1> ping 192.168.2.254 routing-instance VPN
PING 192.168.2.254 (192.168.2.254): 56 data bytes
64 bytes from 192.168.2.254: icmp_seq=0 ttl=255 time=142.953 ms
64 bytes from 192.168.2.254: icmp_seq=1 ttl=255 time=1.657 ms
64 bytes from 192.168.2.254: icmp_seq=2 ttl=255 time=4.885 ms
^C
--- 192.168.2.254 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.657/49.832/142.953/65.860 ms
Similarly I can ping the loopback in VRF on olive1 from olive2 (output
not shown).
-----------------------------------------
Also, I am unable to ping the interface IPs on the link shared by
olive2 and CE router from olive1.
root at olive1> ping 10.1.0.1 routing-instance VPN
PING 10.1.0.1 (10.1.0.1): 56 data bytes
^C
--- 10.1.0.1 ping statistics ---
5 packets transmitted, 0 packets received, 100% packet loss
root at olive1>
root at olive1> ping 10.1.0.2 routing-instance VPN
PING 10.1.0.2 (10.1.0.2): 56 data bytes
^C
--- 10.1.0.2 ping statistics ---
5 packets transmitted, 0 packets received, 100% packet loss
root at olive1>
-----------------------------------------
However, I am unable to ping the loopback on CE from olive1 while I
can ping it from Olive2:
root at olive1> ping 172.16.10.254 routing-instance VPN
PING 172.16.10.254 (172.16.10.254): 56 data bytes
^C
--- 172.16.10.254 ping statistics ---
7 packets transmitted, 0 packets received, 100% packet loss
root at olive2> ping 172.16.10.254 routing-instance VPN
PING 172.16.10.254 (172.16.10.254): 56 data bytes
64 bytes from 172.16.10.254: icmp_seq=0 ttl=255 time=47.467 ms
64 bytes from 172.16.10.254: icmp_seq=1 ttl=255 time=3.266 ms
64 bytes from 172.16.10.254: icmp_seq=2 ttl=255 time=4.939 ms
64 bytes from 172.16.10.254: icmp_seq=3 ttl=255 time=3.078 ms
^C
--- 172.16.10.254 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max/stddev = 3.078/14.688/47.467/18.939 ms
-----------------------------------------
Sniffing on the CORE interface on olive2 while pinging the loopback on
CE from olive1 shows that ICMP (MPLS) packets are received from olive1
with the correct VPN label but strangely olive2 routers seems to DROP
THEM SILENTLY. I have sniffed on CE but no packet is received on its
interface!
root at olive2> monitor traffic interface fxp0 extensive
Listening on fxp0, capture size 96 bytes
14:52:12.818208 In 0:aa:0:0:1:1 0:aa:0:0:1:3 8847 102: MPLS (label
100000, exp 0, [S], ttl 255)
(tos 0x0, ttl 255, id 29970, offset 0, flags [none], proto:
ICMP (1), length: 84) 192.168.1.254 > 172.16.10.254: ICMP echo request
seq 14080, length 64
14:52:13.253471 In 0:aa:0:0:1:1 0:aa:0:0:1:3 8847 102: MPLS (label
100000, exp 0, [S], ttl 255)
(tos 0x0, ttl 255, id 29971, offset 0, flags [none], proto:
ICMP (1), length: 84) 192.168.1.254 > 172.16.10.254: ICMP echo request
seq 14336, length 64
14:52:13.680046 In 0:aa:0:0:1:1 0:aa:0:0:1:3 8847 102: MPLS (label
100000, exp 0, [S], ttl 255)
(tos 0x0, ttl 255, id 29972, offset 0, flags [none], proto:
ICMP (1), length: 84) 192.168.1.254 > 172.16.10.254: ICMP echo request
seq 14592, length 64
14:52:14.115719 In 0:aa:0:0:1:1 0:aa:0:0:1:3 8847 102: MPLS (label
100000, exp 0, [S], ttl 255)
(tos 0x0, ttl 255, id 29973, offset 0, flags [none], proto:
ICMP (1), length: 84) 192.168.1.254 > 172.16.10.254: ICMP echo request
seq 14848, length 64
14:52:14.549708 In 0:aa:0:0:1:1 0:aa:0:0:1:3 8847 102: MPLS (label
100000, exp 0, [S], ttl 255)
(tos 0x0, ttl 255, id 29974, offset 0, flags [none], proto:
ICMP (1), length: 84) 192.168.1.254 > 172.16.10.254: ICMP echo request
seq 15104, length 64
14:52:14.984292 In 0:aa:0:0:1:1 0:aa:0:0:1:3 8847 102: MPLS (label
100000, exp 0, [S], ttl 255)
(tos 0x0, ttl 255, id 29975, offset 0, flags [none], proto:
ICMP (1), length: 84) 192.168.1.254 > 172.16.10.254: ICMP echo request
seq 15360, length 64
14:52:15.419728 In 0:aa:0:0:1:1 0:aa:0:0:1:3 8847 102: MPLS (label
100000, exp 0, [S], ttl 255)
(tos 0x0, ttl 255, id 29976, offset 0, flags [none], proto:
ICMP (1), length: 84) 192.168.1.254 > 172.16.10.254: ICMP echo request
seq 15616, length 64
14:52:15.849263 In 0:aa:0:0:1:1 0:aa:0:0:1:3 8847 102: MPLS (label
100000, exp 0, [S], ttl 255)
(tos 0x0, ttl 255, id 29977, offset 0, flags [none], proto:
ICMP (1), length: 84) 192.168.1.254 > 172.16.10.254: ICMP echo request
seq 15872, length 64
14:52:16.288540 In 0:aa:0:0:1:1 0:aa:0:0:1:3 8847 102: MPLS (label
100000, exp 0, [S], ttl 255)
(tos 0x0, ttl 255, id 29978, offset 0, flags [none], proto:
ICMP (1), length: 84) 192.168.1.254 > 172.16.10.254: ICMP echo request
seq 16128, length 64
14:52:16.718826 In 0:aa:0:0:1:1 0:aa:0:0:1:3 8847 102: MPLS (label
100000, exp 0, [S], ttl 255)
(tos 0x0, ttl 255, id 29979, offset 0, flags [none], proto:
ICMP (1), length: 84) 192.168.1.254 > 172.16.10.254: ICMP echo request
seq 16384, length 64
14:52:17.434696 In 0:aa:0:0:1:1 0:aa:0:0:1:3 8847 102: MPLS (label
100000, exp 0, [S], ttl 255)
(tos 0x0, ttl 255, id 29980, offset 0, flags [none], proto:
ICMP (1), length: 84) 192.168.1.254 > 172.16.10.254: ICMP echo request
seq 16640, length 64
14:52:17.616305 Out 0:aa:0:0:1:3 0:aa:0:0:1:1 ip 85: (tos 0xc0, ttl
64, id 18716, offset 0, flags [none], proto: TCP (6), length: 71)
10.0.0.2.4944 > 10.0.0.1.bgp: P 92357182:92357201(19) ack 3673416124
win 16486 <nop,nop
,timestamp 249499 252521>: BGP, length: 19
Keepalive Message (4), length: 19
14:52:17.659058 In 0:aa:0:0:1:1 0:aa:0:0:1:3 ip 66: (tos 0xc0, ttl
64, id 29981, offset 0, flags [none], proto: TCP (6), length: 52)
10.0.0.1.bgp > 10.0.0.2.4944: . 1:1(0) ack 19 win 16384
<nop,nop,timestamp 256336 24949
9>
14:52:17.864884 In 0:aa:0:0:1:1 0:aa:0:0:1:3 8847 102: MPLS (label
100000, exp 0, [S], ttl 255)
(tos 0x0, ttl 255, id 29982, offset 0, flags [none], proto:
ICMP (1), length: 84) 192.168.1.254 > 172.16.10.254: ICMP echo request
seq 16896, length 64
^C
20 packets received by filter
0 packets dropped by kernel
root at olive2>
-----------------------------------------
Regards,
JunaidM
More information about the juniper-nsp
mailing list