RARE user and assistance email list

[mc36 <>]

hi,
i've reworked your configs with my favorite: isis.... after a small fix about 
how deny entries on labeled pbrs are exported:
https://github.com/mc36/freeRouter/commit/7406ca3c31d0aa3eb13d04a4dd2c5b955f841546
it works as expected.... to apply it to your lab, you'll have to replace my 
sdn1..4 to your interface numbering....
(alternatively, just the portid fields in the server p4lang stanza, then you 
can keep sdn1..4 numbering...))
the things to look for:
-vlan10,20,30 are now do routing, all in the same vrf, vlan30 have the best 
metric set as a fallback...
-so only 2 vrfs are needed because of the above...
-the proxy-local stanzas are only set on the server facing interfaces...
-to handle the overlapping addressing, an arp/nd-->route creator, a cisco's 
so called router mobile is set up...
-all this redistributed to isis, including the connected... (the good way do 
die in prod networks...:))
-integrated (v4+v6) isis, mpls and rsvp4/6 enabled on the vlan10,20,30
-you got tunnel201 and tunnel201, which are explicit paths over vlan10,20
-pbr is only used to steer traffic into these tunnels...
things to look around:
sho ipv4 isis 11/22 int/nei          ! should see 3 on the vlan10,20,30...
sho ipv6 rou vrf_left/right          ! should include the local&remote server 
/128 after you pinged freertr from the server...
sho ipv6 rsvp vrf_left/right summ    ! should be identical on both sides...
sho ipv6 rsvp vrf_left/right det ... ! to see a given path on a given vrf, 
just copy-paste the first some columns of the above output...
sho mpls for                         ! to have an overall picture....
sho mpls for <label>                 ! to see one label in details....
i only configured the right-->left direction with pbr...
if you would iperf from the reverse path, then things to be done:
-reverse tunnels need to be created...
-pbr must be enabled on the left vrf also...
-per vrf acls must match at local host/128 because after mpls dacapping, pbr 
will catch the packet and route back to the te tunnel...
regards,
cs


On 2/6/22 12:17, mc36 wrote:
> if you're more familiar with ospf then that could also work...
>
>
> On 2/6/22 11:46, Maria Del Carmen Misa Moreira wrote:
> > Hi Csaba,
> >
> > It's the first time that I heard about 'ISIS' so I have just google it. You 
> > are the expert here so if you think that it is a good idea we should try it!
> >
> >
> >
> > > On 06/02/2022 08:44 mc36 <> wrote:
> > >
> > > hi,
> > >
> > > On 2/6/22 01:20, mc36 wrote:
> > > > if you would make it more fool-proof, you could specify the pbr acl to match the 
> > > > initiating servers'addr&mask...
> > >
> > > even better, we already support pbr to label in the dataplanes sooo....
> > >
> > > what if we spin up isis on the vlan10,20,30, and set up a traffic engineering 
> > > path over them...
> > > and then you only need to pbr in the server facing vrfs?
> > >
> > > regards,
> > > cs
!
access-list ipv6_flowlabel_atlas
 sequence 4 deny all any all ff00:: ff00:: all
 sequence 5 deny all fe80:: ffff:ffff:ffff:ffff:: all any all
 sequence 10 permit all any all any all flow 131072&261632
 exit
!
access-list ipv6_flowlabel_cms
 sequence 4 deny all any all ff00:: ff00:: all
 sequence 5 deny all fe80:: ffff:ffff:ffff:ffff:: all any all
 sequence 10 permit all any all any all flow 65540&261884
 exit
!
!
vrf definition VRF_LEFT
 exit
!
vrf definition VRF_RIGHT
 exit
!
interface loopback11
 vrf forwarding VRF_LEFT
 ipv4 address 10.111.0.1 255.255.255.255
 ipv6 address fd01:111::1 ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
 mpls enable
 mpls rsvp4
 mpls rsvp6
 exit
!
interface loopback11
 vrf forwarding VRF_LEFT
 ipv4 address 10.111.0.1 255.255.255.255
 ipv6 address fd01:111::1 ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
 mpls enable
 mpls rsvp4
 mpls rsvp6
 exit
!
interface loopback22
 vrf forwarding VRF_RIGHT
 ipv4 address 10.111.0.2 255.255.255.255
 ipv6 address fd01:111::2 ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
 exit
!
router mobile4 11
 vrf VRF_LEFT
 advertise 10.0.0.0/24
 exit
!
router mobile4 22
 vrf VRF_RIGHT
 advertise 10.0.0.0/24
 exit
!
router mobile6 11
 vrf VRF_LEFT
 advertise fd01::/64
 exit
!
router mobile6 22
 vrf VRF_RIGHT
 advertise fd01::/64
 exit
!
router isis4 11
 vrf VRF_LEFT
 net-id 48.0000.0000.0011.00
 traffeng-id ::
 is-type level2
 afi-other enable
 afi-other redistribute connected
 afi-other redistribute mobile6 11
 redistribute connected
 redistribute mobile4 11
 exit
!
router isis4 22
 vrf VRF_RIGHT
 net-id 48.0000.0000.0022.00
 traffeng-id ::
 is-type level2
 afi-other enable
 afi-other redistribute connected
 afi-other redistribute mobile6 22
 redistribute connected
 redistribute mobile4 22
 exit
!
interface sdn1
 description [E513-E-YECWH-1 FRONTPANEL PORT 13]
 mtu 1500
 macaddr 0016.7649.1868
 lldp enable
 no shutdown
 no log-link-change
 exit
!
interface sdn1.10
 description [VLAN ID=10] [E513-E-YECWH-1@PORT13-100GbE]
 lldp enable
 vrf forwarding VRF_LEFT
 ipv4 address 10.111.1.13 255.255.255.0
 ipv6 address fd01:111:1::10 ffff:ffff:ffff:ffff::
 ipv6 enable
 mpls enable
 mpls rsvp4
 router isis4 11 enable
 router isis4 11 other-enable
 router isis4 11 circuit level2
 no shutdown
 no log-link-change
 exit
!
interface sdn1.20
 description [VLAN ID=20] [E513-E-YECWH-1@PORT13-100GbE]
 lldp enable
 vrf forwarding VRF_LEFT
 ipv4 address 10.111.2.13 255.255.255.0
 ipv6 address fd01:111:2::20 ffff:ffff:ffff:ffff::
 ipv6 enable
 mpls enable
 mpls rsvp4
 mpls rsvp6
 router isis4 11 enable
 router isis4 11 other-enable
 router isis4 11 circuit level2
 no shutdown
 no log-link-change
 exit
!
interface sdn1.30
 description [VLAN ID=30] [E513-E-YECWH-1@PORT13-100GbE]
 lldp enable
 vrf forwarding VRF_LEFT
 ipv4 address 10.111.3.13 255.255.255.0
 ipv6 address fd01:111:3::30 ffff:ffff:ffff:ffff::
 ipv6 enable
 mpls enable
 mpls rsvp4
 mpls rsvp6
 router isis4 11 enable
 router isis4 11 other-enable
 router isis4 11 circuit level2
 router isis4 11 metric 5
 no shutdown
 no log-link-change
 exit
!
interface sdn2
 description [E513-E-YECWH-1 FRONTPANEL PORT 14]
 mtu 1500
 macaddr 0038.6012.4e76
 lldp enable
 no shutdown
 no log-link-change
 exit
!
interface sdn2.10
 description [VLAN ID=10] [E513-E-YECWH-1@PORT14-100GbE]
 lldp enable
 vrf forwarding VRF_RIGHT
 ipv4 address 10.111.1.14 255.255.255.0
 ipv6 address fd01:111:1::11 ffff:ffff:ffff:ffff::
 ipv6 enable
 mpls enable
 mpls rsvp4
 mpls rsvp6
 router isis4 22 enable
 router isis4 22 other-enable
 router isis4 22 circuit level2
 no shutdown
 no log-link-change
 exit
!
interface sdn2.20
 description [VLAN ID=20] [E513-E-YECWH-1@PORT14-100GbE]
 lldp enable
 vrf forwarding VRF_RIGHT
 ipv4 address 10.111.2.14 255.255.255.0
 ipv6 address fd01:111:2::21 ffff:ffff:ffff:ffff::
 ipv6 enable
 mpls enable
 mpls rsvp4
 mpls rsvp6
 router isis4 22 enable
 router isis4 22 other-enable
 router isis4 22 circuit level2
 no shutdown
 no log-link-change
 exit
!
interface sdn2.30
 description [VLAN ID=30] [E513-E-YECWH-1@PORT14-100GbE]
 lldp enable
 vrf forwarding VRF_RIGHT
 ipv4 address 10.111.3.14 255.255.255.0
 ipv6 address fd01:111:3::31 ffff:ffff:ffff:ffff::
 ipv6 enable
 mpls enable
 mpls rsvp4
 mpls rsvp6
 router isis4 22 enable
 router isis4 22 other-enable
 router isis4 22 circuit level2
 router isis4 22 metric 5
 no shutdown
 no log-link-change
 exit
!
interface sdn3
 description [E513-E-YECWH-1 FRONTPANEL PORT 5-1st CHANNEL]
 mtu 1500
 macaddr 0022.173c.5236
 lldp enable
 no shutdown
 no log-link-change
 exit
!
interface sdn3.44
 description [VLAN ID=44] [E513-E-YECWH-1@PORT5-10GbE-1st CHANNEL] -> 
[ITCS-P4SRV-03@ENS2]
 lldp enable
 vrf forwarding VRF_LEFT
 ipv4 address 10.0.0.3 255.255.255.0
 ipv4 proxy-local
 no shutdown
 no log-link-change
 exit
!
interface sdn3.66
 description [VLAN ID=66] [E513-E-YECWH-1@PORT5-10GbE-1st CHANNEL] -> 
[ITCS-P4SRV-03@ENS2]
 lldp enable
 vrf forwarding VRF_LEFT
 ipv6 address fd01::3 ffff:ffff:ffff:ffff::
 ipv6 enable
 ipv6 proxy-local
 no shutdown
 no log-link-change
 exit
!
interface sdn4
 description [E513-E-YECWH-1 FRONTPANEL PORT 5-2nd CHANNEL]
 mtu 1500
 macaddr 0006.4c09.3d7c
 lldp enable
 no shutdown
 no log-link-change
 exit
!
interface sdn4.44
 description [VLAN ID=44] [E513-E-YECWH-1@PORT5-10GbE-2nd CHANNEL] -> 
[ITCS-P4SRV-02@ENPS0F1]
 lldp enable
 vrf forwarding VRF_RIGHT
 ipv4 address 10.0.0.4 255.255.255.0
 ipv4 proxy-local
 no shutdown
 no log-link-change
 exit
!
interface sdn4.66
 description [VLAN ID=66] [E513-E-YECWH-1@PORT5-10GbE-2nd CHANNEL] -> 
[ITCS-P4SRV-02@ENPS0F1]
 lldp enable
 vrf forwarding VRF_RIGHT
 ipv6 address fd01::4 ffff:ffff:ffff:ffff::
 ipv6 enable
 ipv6 proxy-local
 no shutdown
 no log-link-change
 exit
!
!
interface tunnel201
 no description
 tunnel vrf VRF_RIGHT
 tunnel source loopback22
 tunnel destination fd01:111::1
 tunnel domain-name fd01:111:1::10
 tunnel mode p2pte
 vrf forwarding VRF_RIGHT
 ipv6 address fd01:222:1::2 ffff:ffff:ffff:ffff::
 no shutdown
 no log-link-change
 exit
!
interface tunnel202
 no description
 tunnel vrf VRF_RIGHT
 tunnel source loopback22
 tunnel destination fd01:111::1
 tunnel domain-name fd01:111:2::20
 tunnel mode p2pte
 vrf forwarding VRF_RIGHT
 ipv6 address fd01:222:2::2 ffff:ffff:ffff:ffff::
 no shutdown
 no log-link-change
 exit
!
!
!
ipv6 pbr VRF_RIGHT sequence 10 ipv6_flowlabel_atlas VRF_RIGHT nexthop 
fd01:222:1::1
ipv6 pbr VRF_RIGHT sequence 20 ipv6_flowlabel_cms VRF_RIGHT nexthop 
fd01:222:2::1
!
!
!
!
server p4lang p4
 export-vrf VRF_LEFT 111
 export-vrf VRF_RIGHT 222
 export-port sdn1 1 100 0 1 0
 export-port sdn2 2 100 0 1 0
 export-port sdn3 3 10 0 1 0
 export-port sdn4 4 10 0 1 0
 export-port sdn1.10 710 100 0 1 0
 export-port sdn2.10 711 100 0 1 0
 export-port sdn1.20 720 100 0 1 0
 export-port sdn2.20 721 100 0 1 0
 export-port sdn1.30 730 100 0 1 0
 export-port sdn2.30 731 100 0 1 0
 export-port sdn3.44 744 10 0 1 0
 export-port sdn4.44 745 10 0 1 0
 export-port sdn3.66 766 10 0 1 0
 export-port sdn4.66 767 10 0 1 0
 export-port tunnel201 2001 0 0 0 0
 export-port tunnel202 2002 0 0 0 0
 exit
!








policy-map fl12345
 sequence 10 action transit
 sequence 10 set flow set 12345
 !
 exit
!
interface pwether3.44
 no description
 vrf forwarding v3
 ipv4 address 10.0.0.2 255.255.255.0
 no shutdown
 no log-link-change
 exit
!
interface pwether3.66
 no description
 service-policy-out fl12345
 vrf forwarding v3
 ipv6 address fd01::2 ffff:ffff:ffff:ffff::
 no shutdown
 no log-link-change
 exit
!
interface pwether4.44
 no description
 vrf forwarding v4
 ipv4 address 10.0.0.1 255.255.255.0
 no shutdown
 no log-link-change
 exit
!
interface pwether4.66
 no description
 vrf forwarding v4
 ipv6 address fd01::1 ffff:ffff:ffff:ffff::
 no shutdown
 no log-link-change
 exit
!
interface pwether1.10
 exit
!
interface pwether2.10
 exit
!
connect pweth12.10
 side1 pwether1.10
 side2 pwether2.10
 exit
!
interface pwether1.20
 exit
!
interface pwether2.20
 exit
!
connect pweth12.20
 side1 pwether1.20
 side2 pwether2.20
 exit
!
interface pwether1.30
 exit
!
interface pwether2.30
 exit
!
connect pweth12.30
 side1 pwether1.30
 side2 pwether2.30
 exit



pin fd01::2 /vr v4 /si 1111 /re 1111 /tim 111
pin fd01::2 /vr v4 /si 1111 /re 1111 /tim 111 /flo 131072
pin fd01::2 /vr v4 /si 1111 /re 1111 /tim 111 /flo 65540

pin 10.0.0.2 /vrf v4 /siz 1111 /re 1111 /tim 111