Skip to Content.

rare-users - Re: [RARE-users] [freertr] mpls vpn over rsvp-te --- ex: Fwd: http://temp.nop.hu/VID_20230309_185727.mp4

Subject: RARE user and assistance email list

List archive


Re: [RARE-users] [freertr] mpls vpn over rsvp-te --- ex: Fwd: http://temp.nop.hu/VID_20230309_185727.mp4


Chronological Thread 
    < Chronological >      < Thread >
  • From: "Maria Del Carmen Misa Moreira" <>
  • To: mc36 <>
  • Cc: "" <>, "" <>
  • Subject: Re: [RARE-users] [freertr] mpls vpn over rsvp-te --- ex: Fwd: http://temp.nop.hu/VID_20230309_185727.mp4
  • Date: Fri, 17 Mar 2023 10:25:00 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cern.ch; dmarc=pass action=none header.from=cern.ch; dkim=pass header.d=cern.ch; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=DoCcdMqf2TbVFgNS+iOmr2+jOEeNs/oKNYhnVxm3vug=; b=ezuS8m35hZSt3sVtcYvk7ioSl8RjxpA5s36WypFq+CMWn5pOhIYw9QmP9pimu2EzS8ISitjjnriWSjlAXim5FHhhsqWnsP59hRNiKhzLsH75oDj4fCjUaRzKbNPbNjteP8rhkJeo/YOjpbrc+WdIPOUwfF1L2BTIeNDOmFdk98+EXen6xdUtOizO0byrf+mmOS9x98WzUbBKAGA2Sk4mDPkA1ypYlP78cpp5HTrmdOTn+VwPgiqiZ4MgSv1OFs/MrYJgX+hrOnYRaxZnxyK9NXbTt1AB5p5D2hRNuS0wnLDJm6xSXvfUGLXnoJoct4RCgoqVI24PmtTgc1G84RN9Fw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=R28aANk/TqCSpwBlJiaf05rG0JADlm48n3E3M0Tisqz05VyemMGVnYkWFpAXzzrS+qbKveuGrWx4ZfqZWW45M3KXhlvIw/nLBn+rdurG3n2pQCFamnP7FF4uPwghdnWO407opJiHyjG5r5KJO3Tu5fJ7HM3d5asg/l03vO4C6KfGOMVXWfY7iXWET1OC+TJneq8XrHzn0BeAZg/rKtlDVkQR1AaLa4NBeBs0UJUz+G+mBIEp/lq+5rouqGAkPR9AjxelnhN6J44rvevgTNLegrn65hINdFZURwr3FsPijPxhBcS0W79F+a+TCTvVjlXBKdPjRQvSfPLHzzP9NBRQMQ==
  • List-id: <freertr.groups.io>
  • Mailing-list: list ; contact
Hi Csaba,

So BGP is up:

R11#show ipv4 bgp 100 summary
       neighbor as ready learn sent uptime
10.30.11.1 293 true 0 0 00:08:04

R11#show ipv4 bgp 100 vpnuni dat
prefix hop metric aspath
10.1.10.1/32 1:2 10.30.11.1 20/100/0/0 293
10.2.10.2/32 1:2 10.30.11.1 20/100/0/0 293
10.3.10.3/32 1:2  10.30.11.1  20/100/0/0  293 20965
10.4.10.4/32 1:2 10.30.11.1 20/100/0/0 293 20965
10.1.20.1/32 1:3 10.30.11.1 20/100/0/0 293
10.2.20.2/32 1:3 10.30.11.1 20/100/0/0 293
10.3.20.3/32 1:3 10.30.11.1 20/100/0/0 293 20965
10.4.20.4/32 1:3 10.30.11.1 20/100/0/0 293 20965

I have the routes in both VRFs (CORE and VRF_CMS):

R11#show ipv4 route VRF_CMS
typ prefix metric iface hop time
B 10.1.20.1/32 20/0 null@CORE:4 10.30.11.1 00:03:24
B 10.2.20.2/32 20/0 null@CORE:4 10.30.11.1 00:03:18
B 10.3.20.3/32 20/0 null@CORE:4 10.30.11.1 00:03:22
B 10.4.20.4/32 20/0 null@CORE:4 10.30.11.1 00:03:22

But I cannot ping 
R11#ping 10.2.20.2 vrf VRF_CMS
pinging 10.2.20.2, src="null," vrf=VRF_CMS, cnt=5, len=64, df=false, tim=1000, gap=0, ttl=255, tos=0, sgt=0, flow=0, fill=0, alrt=-1
result=0.0%, recv/sent/lost/err=0/5/5/0, took 0, min/avg/max/de

Any idea?
Carmen Misa



On 15 Mar 2023, at 04:42, mc36 <> wrote:

you dont need ipv6 at all in your core to provide ipv6 services over mpls

vpnv6 is about that for customers, labelled unicast is about to provide raw ip

moreover, if isis would capable to bring up bgp then you can even run ipv4 services without ipv4 in your core

br,
cs



On 3/14/23 15:59, Maria Del Carmen Misa Moreira wrote:
Hi Csaba,
Yes, I   m currently taking a look to the topology that you mentioned and the BGP CTP.
However, I tried to build the simulation with VPNV4 and VPNV6 but BGP is only up for IPv4 and IPv6 if it   s directly connected.
R1#show ipv6 bgp 10 summary
neighbor                   as       ready   learn   sent   uptime
fd00:51e5::a:1:12:2   20965   false   0         0       never
fd01:30::2                293      true    2         2       00:42:22
fd01:30::3                20965   false   0         0       never
The first problem is that I cannot ping to fd00:51e5::a:1:12:2 from R1 and it is directly connected but OSPF shows an init state and not a full state.
R1#show ipv6 ospf 10 neighbor
interface   area   address                     routerid    state   uptime
ethernet1   0       fd00:51e5::a:1:12:2   10.4.30.4   init    00:53:05
ethernet2   0       fd00:51e5::a:1:14:2   10.2.30.2   full    00:53:05
For BGP I have two processes configured with vpnuni for IPv4 and ovpnuni for IPv6
router bgp4 10
  description [IPv4 iBGP/eBGP FOR R1 VLAN 10]
  vrf VRF_DEFAULT
  local-as 293
  router-id 10.1.30.1
  no safe-ebgp
  address-family vpnuni
  neighbor 10.2.30.2 remote-as 293
  neighbor 10.2.30.2 description [VLAN ID = 30] [R1@ETH2] -> [R2@ETH3]
  neighbor 10.2.30.2 local-as 293
  neighbor 10.2.30.2 address-family vpnuni
  neighbor 10.2.30.2 distance 200
  neighbor 10.2.30.2 additional-path-rx vpnuni
  neighbor 10.2.30.2 additional-path-tx vpnuni
  neighbor 10.2.30.2 update-source loopback30
  neighbor 10.2.30.2 send-community both
  neighbor 10.3.30.3 remote-as 20965
  neighbor 10.3.30.3 description [VLAN ID = 30] [R1] -> [R2/R4] -> [R3]
  neighbor 10.3.30.3 local-as 293
  neighbor 10.3.30.3 address-family vpnuni
  neighbor 10.3.30.3 distance 20
  neighbor 10.3.30.3 additional-path-rx vpnuni
  neighbor 10.3.30.3 additional-path-tx vpnuni
  neighbor 10.3.30.3 update-source loopback30
  neighbor 10.3.30.3 send-community both
  neighbor 10.1.12.2 remote-as 20965
  neighbor 10.1.12.2 description [VLAN ID = 30] [R1@ETH1] -> [R4@ETH1]
  neighbor 10.1.12.2 local-as 293
  neighbor 10.1.12.2 address-family vpnuni
  neighbor 10.1.12.2 distance 20
  neighbor 10.1.12.2 additional-path-rx vpnuni
  neighbor 10.1.12.2 additional-path-tx vpnuni
  neighbor 10.1.12.2 update-source ethernet1
  neighbor 10.1.12.2 send-community both
  readvertise 10.1.30.1/32
  ecmp
  afi-vrf VRF_CMS enable
  afi-vrf VRF_CMS redistribute connected
  afi-vrf VRF_ATLAS enable
  afi-vrf VRF_ATLAS redistribute connected
  exit
!
router bgp6 10
  description [IPv6 iBGP FOR R1 VLAN 10]
  vrf VRF_DEFAULT
  local-as 293
  router-id 10.1.30.1
  no safe-ebgp
  address-family ovpnuni
  neighbor fd01:30::2 remote-as 293
  neighbor fd01:30::2 description [VLAN ID = 30] [R1@ETH2] -> [R2@ETH3]
  neighbor fd01:30::2 local-as 293
  neighbor fd01:30::2 address-family ovpnuni
  neighbor fd01:30::2 distance 200
  neighbor fd01:30::2 additional-path-rx ovpnuni
  neighbor fd01:30::2 additional-path-tx ovpnuni
  neighbor fd01:30::2 update-source loopback30
  neighbor fd01:30::2 send-community both
  neighbor fd01:30::3 remote-as 20965
  neighbor fd01:30::3 description [VLAN ID = 30] [R1] -> [R2/R4] -> [R3]
  neighbor fd01:30::3 local-as 293
  neighbor fd01:30::3 address-family ovpnuni
  neighbor fd01:30::3 distance 20
  neighbor fd01:30::3 additional-path-rx ovpnuni
  neighbor fd01:30::3 additional-path-tx ovpnuni
  neighbor fd01:30::3 update-source loopback30
  neighbor fd01:30::3 send-community both
  neighbor fd00:51e5::a:1:12:2 remote-as 20965
  neighbor fd00:51e5::a:1:12:2 description [VLAN ID = 30] [R1@ETH1] -> [R4@ETH1]
  neighbor fd00:51e5::a:1:12:2 local-as 293
  neighbor fd00:51e5::a:1:12:2 address-family ovpnuni
  neighbor fd00:51e5::a:1:12:2 distance 20
  neighbor fd00:51e5::a:1:12:2 additional-path-rx ovpnuni
  neighbor fd00:51e5::a:1:12:2 additional-path-tx ovpnuni
  neighbor fd00:51e5::a:1:12:2 update-source ethernet1
  neighbor fd00:51e5::a:1:12:2 send-community both
  readvertise fd01:30::1/128
  ecmp
  afi-ovrf VRF_CMS enable
  afi-ovrf VRF_CMS redistribute connected
  afi-ovrf VRF_ATLAS enable
  afi-ovrf VRF_ATLAS redistribute connected
  exit
Any idea or suggestion?
Best regards,
Carmen Misa
On 11 Mar 2023, at 09:57, mc36 via groups.io <http://groups.io> < <>> wrote:

also you really should take a look on the topologies i've sent for the juniper guys about the colorful labeled unicast.... :)

"
-------- Forwarded Message --------
Subject: Re: [rare-dev] BGP CT interop - Colorful Resolution
Date: Sat, 11 Mar 2023 08:02:39 +0100
From: mc36 < <>>
To: <>, Kaliraj Vairavakkalai <<>>, Natrajan Venkataraman < <>>, Krzysztof Szarkowicz < <>>, Anton Elita < <>>
CC: Reshma Das < <>>
"

is the tread, just "star it" in your mailer then try the new topologies that'll arrive soon.... :)

also dig into your mailing and try the previous topologies (3 were there already) also, one of them was a "red-blue vpns over rsvp-te"

br,
cs




On 3/11/23 08:15, mc36 wrote:
hihi
could someone please take a look on carmen's topology?
thx,
cs
-------- Forwarded Message --------
Subject:     Re:http://temp.nop.hu/VID_20230309_185727.mp4 <http://temp.nop.hu/VID_20230309_185727.mp4>
Date:     Fri, 10 Mar 2023 20:06:55 +0000
From:     Maria Del Carmen Misa Moreira < <>>
To:     mc36 < <>>
Thanks Csaba! I have a simulation that is more or less working... I have the routes for R1, R3 and R4 but not for R2 I don't know why because I have the same. Anyway, it was enough for today Enjoy your weekend
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
*From:* mc36 < <>>
*Sent:* 10 March 2023 18:44
*To:* Maria Del Carmen Misa Moreira < <>>
*Subject:* Re: http://temp.nop.hu/VID_20230309_185727.mp4 <http://temp.nop.hu/VID_20230309_185727.mp4>
well the less the more sometimes....
3 ospf processes for 1 bgp per topology seeems a bit overkill...
you need 1 ospf and 1 bgp per router and it'll be dual stack all         the way per tology
have you seeen frederic's validated design? almost the same but with rsvp-te to have
"traffic engineering" capabilities offloaded to hardware....
On 3/10/23 14:34, Maria Del Carmen Misa Moreira wrote:
I'm building a simulation. I need 3 OSPF and 3 BGP processes for each VRF, right?
I remove them and I got this warning:

info cfgInit.executeSWcommands:cfgInit.java:768 line 105: "neighbor fd01:10::1 update-source loopback10" : % in other vrf

Because fd01:10::1         if the loopback of the neighbor that belongs to VRF_ATLAS.
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
*From:* mc36 < <>>
*Sent:* 10 March 2023 09:56
*To:* Maria Del Carmen Misa Moreira < <>>
*Subject:* Re:http://temp.nop.hu/VID_20230309_185727.mp4 <http://temp.nop.hu/VID_20230309_185727.mp4><http://temp.nop.hu/VID_20230309_185727.mp4 <http://temp.nop.hu/VID_20230309_185727.mp4>>
vc time

On 3/10/23 09:55, mc36 wrote:
with some crazy cheats (implicit null between the adjacent nodes, penultimate hop popping, ...)

it's just the service label (4 bytes) which selects the egress interface & nexthop & ethertype

On 3/10/23 09:53, mc36 wrote:
and comparative in mtu:

vlans = 4 bytes

mpls = 2*4 bytes: the outer target node label, and the inner service label


On 3/10/23 09:52, mc36 wrote:
it's just that you dont have to build parallel infrastructure with 3 parallel ospfs and bgps,

but a single core

an mp-bgp in vpnv4/vpnv6 over loopbacks

and vrfs with route-target export-imports

and kaboom, you have 3 parallel topologies and you can concentrate on pbr if mpls-vpn-extranet is not better...



On 3/10/23 09:49, Maria Del Carmen Misa Moreira wrote:
I think so... you enable it in that profile, maybe you can check but it should have both features enabled.
I have never worked with this MPLS Layer3 VPN, maybe I should take a look
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
*From:* mc36 < <>>
*Sent:* 10 March 2023 09:47
*To:* Maria Del Carmen Misa Moreira < <>>
*Subject:* Re:http://temp.nop.hu/VID_20230309_185727.mp4 <http://temp.nop.hu/VID_20230309_185727.mp4><http://temp.nop.hu/VID_20230309_185727.mp4 <http://temp.nop.hu/VID_20230309_185727.mp4>> <http://temp.nop.hu/VID_20230309_185727.mp4 <http://temp.nop.hu/VID_20230309_185727.mp4><http://temp.nop.hu/VID_20230309_185727.mp4 <http://temp.nop.hu/VID_20230309_185727.mp4>>>
btw why the vlan subinterfaces and not mpls layer3 vpn?
                   >>>>
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mp_l3_vpns/configuration/xe-16/mp-l3-vpns-xe-16-book.html<https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mp_l3_vpns/configuration/xe-16/mp-l3-vpns-xe-16-book.html>
<https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mp_l3_vpns/configuration/xe-16/mp-l3-vpns-xe-16-book.html<https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mp_l3_vpns/configuration/xe-16/mp-l3-vpns-xe-16-book.html>>
<https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mp_l3_vpns/configuration/xe-16/mp-l3-vpns-xe-16-book.html<https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mp_l3_vpns/configuration/xe-16/mp-l3-vpns-xe-16-book.html>
<https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mp_l3_vpns/configuration/xe-16/mp-l3-vpns-xe-16-book.html<https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mp_l3_vpns/configuration/xe-16/mp-l3-vpns-xe-16-book.html>>>
<https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mp_l3_vpns/configuration/xe-16/mp-l3-vpns-xe-16-book.html<https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mp_l3_vpns/configuration/xe-16/mp-l3-vpns-xe-16-book.html>
<https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mp_l3_vpns/configuration/xe-16/mp-l3-vpns-xe-16-book.html<https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mp_l3_vpns/configuration/xe-16/mp-l3-vpns-xe-16-book.html>
<https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mp_l3_vpns/configuration/xe-16/mp-l3-vpns-xe-16-book.html<https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mp_l3_vpns/configuration/xe-16/mp-l3-vpns-xe-16-book.html>>>>

On 3/10/23 09:46, mc36 wrote:
normally bridge-filter (acl to count) could be run in paralell with pbr...

these are disjoint controls so i dont think they cannot coexist:

https://bitbucket.software.geant.org/projects/RARE/repos/rare/browse/p4src/include/ig_ctl_pbr.p4<https://bitbucket.software.geant.org/projects/RARE/repos/rare/browse/p4src/include/ig_ctl_pbr.p4>
<https://bitbucket.software.geant.org/projects/RARE/repos/rare/browse/p4src/include/ig_ctl_pbr.p4<https://bitbucket.software.geant.org/projects/RARE/repos/rare/browse/p4src/include/ig_ctl_pbr.p4>>
<https://bitbucket.software.geant.org/projects/RARE/repos/rare/browse/p4src/include/ig_ctl_pbr.p4<https://bitbucket.software.geant.org/projects/RARE/repos/rare/browse/p4src/include/ig_ctl_pbr.p4>
<https://bitbucket.software.geant.org/projects/RARE/repos/rare/browse/p4src/include/ig_ctl_pbr.p4<https://bitbucket.software.geant.org/projects/RARE/repos/rare/browse/p4src/include/ig_ctl_pbr.p4>>>
<https://bitbucket.software.geant.org/projects/RARE/repos/rare/browse/p4src/include/ig_ctl_pbr.p4<https://bitbucket.software.geant.org/projects/RARE/repos/rare/browse/p4src/include/ig_ctl_pbr.p4>
<https://bitbucket.software.geant.org/projects/RARE/repos/rare/browse/p4src/include/ig_ctl_pbr.p4<https://bitbucket.software.geant.org/projects/RARE/repos/rare/browse/p4src/include/ig_ctl_pbr.p4>
<https://bitbucket.software.geant.org/projects/RARE/repos/rare/browse/p4src/include/ig_ctl_pbr.p4<https://bitbucket.software.geant.org/projects/RARE/repos/rare/browse/p4src/include/ig_ctl_pbr.p4>>>>

https://bitbucket.software.geant.org/projects/RARE/repos/rare/browse/p4src/include/ig_ctl_acl_in.p4<https://bitbucket.software.geant.org/projects/RARE/repos/rare/browse/p4src/include/ig_ctl_acl_in.p4>
<https://bitbucket.software.geant.org/projects/RARE/repos/rare/browse/p4src/include/ig_ctl_acl_in.p4<https://bitbucket.software.geant.org/projects/RARE/repos/rare/browse/p4src/include/ig_ctl_acl_in.p4>>
<https://bitbucket.software.geant.org/projects/RARE/repos/rare/browse/p4src/include/ig_ctl_acl_in.p4<https://bitbucket.software.geant.org/projects/RARE/repos/rare/browse/p4src/include/ig_ctl_acl_in.p4>
<https://bitbucket.software.geant.org/projects/RARE/repos/rare/browse/p4src/include/ig_ctl_acl_in.p4<https://bitbucket.software.geant.org/projects/RARE/repos/rare/browse/p4src/include/ig_ctl_acl_in.p4>>>
<https://bitbucket.software.geant.org/projects/RARE/repos/rare/browse/p4src/include/ig_ctl_acl_in.p4<https://bitbucket.software.geant.org/projects/RARE/repos/rare/browse/p4src/include/ig_ctl_acl_in.p4>
<https://bitbucket.software.geant.org/projects/RARE/repos/rare/browse/p4src/include/ig_ctl_acl_in.p4<https://bitbucket.software.geant.org/projects/RARE/repos/rare/browse/p4src/include/ig_ctl_acl_in.p4>
<https://bitbucket.software.geant.org/projects/RARE/repos/rare/browse/p4src/include/ig_ctl_acl_in.p4<https://bitbucket.software.geant.org/projects/RARE/repos/rare/browse/p4src/include/ig_ctl_acl_in.p4>>>>

are you sure that profile have both enabled?

On 3/10/23 09:40, Maria Del Carmen Misa Moreira wrote:
Badddd.
I'm able to do PBR or BRIDGE-FILTER but not both at the same time even with the profile CERN_FLOW that you created the last time for us. Then, in some links we only have 1 VLAN
to use and I would like 3 VRFs (for example AMS -> CHI because they use sense-o) so my supervisor mentioned that there is one technique call QinQ to encapsulate VLANs.
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
*From:* mc36 < <>>
*Sent:* 10 March 2023 09:37
*To:* Maria Del Carmen Misa Moreira < <>>
*Subject:* Re:http://temp.nop.hu/VID_20230309_185727.mp4 <http://temp.nop.hu/VID_20230309_185727.mp4><http://temp.nop.hu/VID_20230309_185727.mp4 <http://temp.nop.hu/VID_20230309_185727.mp4>> <http://temp.nop.hu/VID_20230309_185727.mp4 <http://temp.nop.hu/VID_20230309_185727.mp4><http://temp.nop.hu/VID_20230309_185727.mp4 <http://temp.nop.hu/VID_20230309_185727.mp4>>>
<http://temp.nop.hu/VID_20230309_185727.mp4 <http://temp.nop.hu/VID_20230309_185727.mp4><http://temp.nop.hu/VID_20230309_185727.mp4 <http://temp.nop.hu/VID_20230309_185727.mp4><http://temp.nop.hu/VID_20230309_185727.mp4 <http://temp.nop.hu/VID_20230309_185727.mp4>>>>
someone mentioned p4 stuff? how is your experiment is going?

On 3/10/23 09:14, Maria Del Carmen Misa Moreira wrote:
This song always gives motivation to do P4 stuff



_._,_._,_
Groups.io Links:

You receive all messages sent to this group.

View/Reply Online (#1159) | | | Mute This Topic | New Topic
Your Subscription | | Unsubscribe []

_._,_._,_

Attachment: smime.p7s
Description: S/MIME cryptographic signature


Archive powered by MHonArc 2.6.24.

Top of Page