[mirror_frr.git] / doc / ldpd-basic-test-setup.md

## Topology

The goal of this test is to verify that the all the basic functionality
of ldpd is working as expected, be it running on Linux or OpenBSD. In
addition to that, more advanced features are also tested, like LDP
sessions over IPv6, MD5 authentication and pseudowire signaling.

In the topology below there are 3 PE routers, 3 CE routers and one P
router (not attached to any consumer site).

All routers have IPv4 addresses and OSPF is used as the IGP. The
three routers from the bottom of the picture, P, PE2 and PE3, are also
configured for IPv6 (dual-stack) and static IPv6 routes are used to
provide connectivity among them.

The three CEs share the same VPLS membership. LDP is used to set up the
LSPs among the PEs and to signal the pseudowires. MD5 authentication is
used to protect all LDP sessions.

```
                          CE1 172.16.1.1/24
                           +
                           |
                       +---+---+
                       |  PE1  |
                       | IOS XE|
                       |       |
                       +---+---+
                           |
                           | 10.0.1.0/24
                           |
                       +---+---+
                       |   P   |
                +------+ IOS XR+------+
                |      |       |      |
                |      +-------+      |
    10.0.2.0/24 |                     | 10.0.3.0/24
2001:db8:2::/64 |                     | 2001:db8:3::/64
                |                     |
            +---+---+             +---+---+
            |  PE2  |             |  PE3  |
            |OpenBSD+-------------+ Linux |
            |       |             |       |
            +---+---+ 10.0.4.0/24 +---+---+
                |   2001:db8:4::/64   |
                +                     +
 172.16.1.2/24 CE2                   CE3 172.16.1.3/24
```

## Configuration

#### Linux
1 - Enable IPv4/v6 forwarding:
```
# sysctl -w net.ipv4.ip_forward=1
# sysctl -w net.ipv6.conf.all.forwarding=1
```

2 - Enable MPLS forwarding:
```
# modprobe mpls-router
# modprobe mpls-iptunnel
# echo 100000 > /proc/sys/net/mpls/platform_labels
# echo 1 > /proc/sys/net/mpls/conf/eth1/input
# echo 1 > /proc/sys/net/mpls/conf/eth2/input
```

3 - Set up the interfaces:
```
# ip link add name lo1 type dummy
# ip link set dev lo1 up
# ip addr add 4.4.4.4/32 dev lo1
# ip -6 addr add 4:4:4::4/128 dev lo1
# ip link set dev eth1 up
# ip addr add 10.0.4.4/24 dev eth1
# ip -6 addr add 2001:db8:4::4/64 dev eth1
# ip link set dev eth2 up
# ip addr add 10.0.3.4/24 dev eth2
# ip -6 addr add 2001:db8:3::4/64 dev eth2
```

4 - Set up the bridge and pseudowire interfaces:
```
# ip link add type bridge
# ip link set dev bridge0 up
# ip link set dev eth0 up
# ip link set dev eth0 master bridge0
# ip link add name mpw0 type dummy
# ip link set dev mpw0 up
# ip link set dev mpw0 master bridge0
# ip link add name mpw1 type dummy
# ip link set dev mpw1 up
# ip link set dev mpw1 master bridge0
```

> NOTE: MPLS support in the Linux kernel is very recent and it still
doesn't support pseudowire interfaces. We are using here dummy interfaces
just to show how the VPLS configuration should look like in the future.

5 - Add static IPv6 routes for the remote loopbacks:
```
# ip -6 route add 2:2:2::2/128 via 2001:db8:3::2
# ip -6 route add 3:3:3::3/128 via 2001:db8:4::3
```

6 - Edit /etc/frr/ospfd.conf:
```
router ospf
 network 4.4.4.4/32 area 0.0.0.0
 network 10.0.3.4/24 area 0.0.0.0
 network 10.0.4.4/24 area 0.0.0.0
!
```

7 - Edit /etc/frr/ldpd.conf:
```
debug mpls ldp messages recv
debug mpls ldp messages sent
debug mpls ldp zebra
!
mpls ldp
 router-id 4.4.4.4
 dual-stack cisco-interop
 neighbor 1.1.1.1 password opensourcerouting
 neighbor 2.2.2.2 password opensourcerouting
 neighbor 3.3.3.3 password opensourcerouting
 !
 address-family ipv4
  discovery transport-address 4.4.4.4
  label local advertise explicit-null
  !
  interface eth2
  !
  interface eth1
  !
 !
 address-family ipv6
  discovery transport-address 4:4:4::4
  ttl-security disable
  !
  interface eth2
  !
  interface eth1
  !
 !
!
l2vpn ENG type vpls
 bridge br0
 member interface eth0
 !
 member pseudowire mpw0
  neighbor lsr-id 1.1.1.1
  pw-id 100
 !
 member pseudowire mpw1
  neighbor lsr-id 3.3.3.3
  neighbor address 3:3:3::3
  pw-id 100
 !
!
```

> NOTE: We have to disable ttl-security under the ipv6 address-family
in order to interoperate with the IOS-XR router. GTSM is mandatory for
LDPv6 but the IOS-XR implementation is not RFC compliant in this regard.

8 - Run zebra, ospfd and ldpd.

#### OpenBSD
1 - Enable IPv4/v6 forwarding:
```
# sysctl net.inet.ip.forwarding=1
# sysctl net.inet6.ip6.forwarding=1
```

2 - Enable MPLS forwarding:
```
# ifconfig em2 10.0.2.3/24 mpls
# ifconfig em3 10.0.4.3/24 mpls
```

3 - Set up the interfaces:
```
# ifconfig lo1 alias 3.3.3.3 netmask 255.255.255.255
# ifconfig lo1 inet6 3:3:3::3/128
# ifconfig em2 inet6 2001:db8:2::3/64
# ifconfig em3 inet6 2001:db8:4::3/64
```

4 - Set up the bridge and pseudowire interfaces:
```
# ifconfig bridge0 create
# ifconfig bridge0 up
# ifconfig em1 up
# ifconfig bridge0 add em1
# ifconfig mpw0 create
# ifconfig mpw0 up
# ifconfig bridge0 add mpw0
# ifconfig mpw1 create
# ifconfig mpw1 up
# ifconfig bridge0 add mpw1
```

5 - Add static IPv6 routes for the remote loopbacks:
```
# route -n add 4:4:4::4/128 2001:db8:4::4
# route -n add 2:2:2::2/128 2001:db8:2::2
```

6 - Edit /etc/frr/ospfd.conf:
```
router ospf
 network 10.0.2.3/24 area 0
 network 10.0.4.3/24 area 0
 network 3.3.3.3/32 area 0
!
```

7 - Edit /etc/frr/ldpd.conf:
```
debug mpls ldp messages recv
debug mpls ldp messages sent
debug mpls ldp zebra
!
mpls ldp
 router-id 3.3.3.3
 dual-stack cisco-interop
 neighbor 1.1.1.1 password opensourcerouting
 neighbor 2.2.2.2 password opensourcerouting
 neighbor 4.4.4.4 password opensourcerouting
 !
 address-family ipv4
  discovery transport-address 3.3.3.3
  label local advertise explicit-null
  !
  interface em3
  !
  interface em2
  !
 !
 address-family ipv6
  discovery transport-address 3:3:3::3
  ttl-security disable
  !
  interface em3
  !
  interface em2
  !
 !
!
l2vpn ENG type vpls
 bridge br0
 member interface em1
 !
 member pseudowire mpw0
  neighbor lsr-id 1.1.1.1
  pw-id 100
 !
 member pseudowire mpw1
  neighbor lsr-id 4.4.4.4
  neighbor address 4:4:4::4
  pw-id 100
 !
!
```

8 - Run zebra, ospfd and ldpd.

#### Cisco routers
CE1 (IOS):
```
interface FastEthernet0/0
 ip address 172.16.1.1 255.255.255.0
 !
!
```

CE2 (IOS):
```
interface FastEthernet0/0
 ip address 172.16.1.2 255.255.255.0
 !
!
```

CE3 (IOS):
```
interface FastEthernet0/0
 ip address 172.16.1.3 255.255.255.0
 !
!
```

PE1 - IOS-XE (1):
```
mpls ldp neighbor 2.2.2.2 password opensourcerouting
mpls ldp neighbor 3.3.3.3 password opensourcerouting
mpls ldp neighbor 4.4.4.4 password opensourcerouting
!
l2vpn vfi context VFI
 vpn id 1
 member pseudowire2
 member pseudowire1
!
bridge-domain 1
 member GigabitEthernet1 service-instance 1
 member vfi VFI
!
interface Loopback1
 ip address 1.1.1.1 255.255.255.255
!
interface pseudowire1
 encapsulation mpls
 neighbor 3.3.3.3 100
!
interface pseudowire2
 encapsulation mpls
 neighbor 4.4.4.4 100
!
interface GigabitEthernet3
 ip address 10.0.1.1 255.255.255.0
 mpls ip
!
router ospf 1
 network 0.0.0.0 255.255.255.255 area 0
!
```

P - IOS-XR (2):
```
interface Loopback1
 ipv4 address 2.2.2.2 255.255.255.255
 ipv6 address 2:2:2::2/128
!
interface GigabitEthernet0/0/0/0
 ipv4 address 10.0.1.2 255.255.255.0
!
interface GigabitEthernet0/0/0/1
 ipv4 address 10.0.2.2 255.255.255.0
 ipv6 address 2001:db8:2::2/64
 ipv6 enable
!
interface GigabitEthernet0/0/0/2
 ipv4 address 10.0.3.2 255.255.255.0
 ipv6 address 2001:db8:3::2/64
 ipv6 enable
!
router static
 address-family ipv6 unicast
  3:3:3::3/128 2001:db8:2::3
  4:4:4::4/128 2001:db8:3::4
 !
!
router ospf 1
 router-id 2.2.2.2
 address-family ipv4 unicast
 area 0
  interface Loopback1
  !
  interface GigabitEthernet0/0/0/0
  !
  interface GigabitEthernet0/0/0/1
  !
  interface GigabitEthernet0/0/0/2
  !
 !
!
mpls ldp
 router-id 2.2.2.2
 neighbor
  1.1.1.1:0 password clear opensourcerouting
  3.3.3.3:0 password clear opensourcerouting
  4.4.4.4:0 password clear opensourcerouting
 !
 address-family ipv4
 !
 address-family ipv6
  discovery transport-address 2:2:2::2
 !
 interface GigabitEthernet0/0/0/0
  address-family ipv4
  !
 !
 interface GigabitEthernet0/0/0/1
  address-family ipv4
  !
  address-family ipv6
  !
 !
 interface GigabitEthernet0/0/0/2
  address-family ipv4
  !
  address-family ipv6
  !
 !
!
```

## Verification - Control Plane

Using the CLI on the Linux box, the goal is to ensure that everything
is working as expected.

First, verify that all the required adjacencies and neighborships sessions
were established:

```
linux# show mpls ldp discovery
Local LDP Identifier: 4.4.4.4:0
Discovery Sources:
  Interfaces:
    eth1: xmit/recv
      LDP Id: 3.3.3.3:0, Transport address: 3.3.3.3
          Hold time: 15 sec
      LDP Id: 3.3.3.3:0, Transport address: 3:3:3::3
          Hold time: 15 sec
    eth2: xmit/recv
      LDP Id: 2.2.2.2:0, Transport address: 2.2.2.2
          Hold time: 15 sec
      LDP Id: 2.2.2.2:0, Transport address: 2:2:2::2
          Hold time: 15 sec
  Targeted Hellos:
    4.4.4.4 -> 1.1.1.1: xmit/recv
      LDP Id: 1.1.1.1:0, Transport address: 1.1.1.1
          Hold time: 45 sec
    4:4:4::4 -> 3:3:3::3: xmit/recv
      LDP Id: 3.3.3.3:0, Transport address: 3:3:3::3
          Hold time: 45 sec

linux# show mpls ldp neighbor
Peer LDP Identifier: 1.1.1.1:0
  TCP connection: 4.4.4.4:40921 - 1.1.1.1:646
  Session Holdtime: 180 sec
  State: OPERATIONAL; Downstream-Unsolicited
  Up time: 00:06:02
  LDP Discovery Sources:
    IPv4:
      Targeted Hello: 1.1.1.1

Peer LDP Identifier: 2.2.2.2:0
  TCP connection: 4:4:4::4:52286 - 2:2:2::2:646
  Session Holdtime: 180 sec
  State: OPERATIONAL; Downstream-Unsolicited
  Up time: 00:06:02
  LDP Discovery Sources:
    IPv4:
      Interface: eth2
    IPv6:
      Interface: eth2

Peer LDP Identifier: 3.3.3.3:0
  TCP connection: 4:4:4::4:60575 - 3:3:3::3:646
  Session Holdtime: 180 sec
  State: OPERATIONAL; Downstream-Unsolicited
  Up time: 00:05:57
  LDP Discovery Sources:
    IPv4:
      Interface: eth1
    IPv6:
      Targeted Hello: 3:3:3::3
      Interface: eth1
```

Note that the neighborships with the P and PE2 routers were established
over IPv6, since this is the default behavior for dual-stack LSRs, as
specified in RFC 7552. If desired, the **dual-stack transport-connection
prefer ipv4** command can be used to establish these sessions over IPv4
(the command should be applied an all routers).

Now, verify that there's a remote label for each PE address:
```
linux# show mpls ldp binding
1.1.1.1/32
        Local binding: label: 20
        Remote bindings:
            Peer                Label
            -----------------   ---------
            1.1.1.1             imp-null
            2.2.2.2             24000
            3.3.3.3             20
2.2.2.2/32
        Local binding: label: 21
        Remote bindings:
            Peer                Label
            -----------------   ---------
            1.1.1.1             18
            2.2.2.2             imp-null
            3.3.3.3             21
3.3.3.3/32
        Local binding: label: 22
        Remote bindings:
            Peer                Label
            -----------------   ---------
            1.1.1.1             21
            2.2.2.2             24003
            3.3.3.3             imp-null
4.4.4.4/32
        Local binding: label: imp-null
        Remote bindings:
            Peer                Label
            -----------------   ---------
            1.1.1.1             22
            2.2.2.2             24001
            3.3.3.3             22
10.0.1.0/24
        Local binding: label: 23
        Remote bindings:
            Peer                Label
            -----------------   ---------
            1.1.1.1             imp-null
            2.2.2.2             imp-null
            3.3.3.3             23
10.0.2.0/24
        Local binding: label: 24
        Remote bindings:
            Peer                Label
            -----------------   ---------
            1.1.1.1             20
            2.2.2.2             imp-null
            3.3.3.3             imp-null
10.0.3.0/24
        Local binding: label: imp-null
        Remote bindings:
            Peer                Label
            -----------------   ---------
            1.1.1.1             19
            2.2.2.2             imp-null
            3.3.3.3             24
10.0.4.0/24
        Local binding: label: imp-null
        Remote bindings:
            Peer                Label
            -----------------   ---------
            1.1.1.1             23
            2.2.2.2             24002
            3.3.3.3             imp-null
2:2:2::2/128
        Local binding: label: 18
        Remote bindings:
            Peer                Label
            -----------------   ---------
            2.2.2.2             imp-null
            3.3.3.3             18
3:3:3::3/128
        Local binding: label: 19
        Remote bindings:
            Peer                Label
            -----------------   ---------
            2.2.2.2             24007
4:4:4::4/128
        Local binding: label: imp-null
        Remote bindings:
            Peer                Label
            -----------------   ---------
            2.2.2.2             24006
            3.3.3.3             19
2001:db8:2::/64
        Local binding: label: -
        Remote bindings:
            Peer                Label
            -----------------   ---------
            2.2.2.2             imp-null
            3.3.3.3             imp-null
2001:db8:3::/64
        Local binding: label: imp-null
        Remote bindings:
            Peer                Label
            -----------------   ---------
            2.2.2.2             imp-null
2001:db8:4::/64
        Local binding: label: imp-null
        Remote bindings:
            Peer                Label
            -----------------   ---------
            3.3.3.3             imp-null
```

Check if the pseudowires are up:
```
linux# show l2vpn atom vc
Interface Peer ID         VC ID      Name             Status
--------- --------------- ---------- ---------------- ----------
mpw1      3.3.3.3         100        ENG              UP
mpw0      1.1.1.1         100        ENG              UP
```

Check the label bindings of the pseudowires:
```
linux# show l2vpn atom binding
  Destination Address: 1.1.1.1, VC ID: 100
    Local Label:  25
        Cbit: 1,    VC Type: Ethernet,    GroupID: 0
        MTU: 1500
    Remote Label:  16
        Cbit: 1,    VC Type: Ethernet,    GroupID: 0
        MTU: 1500
  Destination Address: 3.3.3.3, VC ID: 100
    Local Label:  26
        Cbit: 1,    VC Type: Ethernet,    GroupID: 0
        MTU: 1500
    Remote Label:  26
        Cbit: 1,    VC Type: Ethernet,    GroupID: 0
        MTU: 1500
```

## Verification - Data Plane

Verify that all the exchanged label mappings were installed in zebra:
```
linux# show mpls table
 Inbound                            Outbound
   Label     Type          Nexthop     Label
--------  -------  ---------------  --------
      17      LDP    2001:db8:3::2         3
      19      LDP    2001:db8:3::2     24005
      20      LDP         10.0.3.2     24000
      21      LDP         10.0.3.2         3
      22      LDP         10.0.3.2     24001
      23      LDP         10.0.3.2         3
      24      LDP         10.0.3.2         3
      25      LDP         10.0.3.2         3

linux# show ip route ldp
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, P - PIM, A - Babel, L - LDP,
       > - selected route, * - FIB route

L>* 1.1.1.1/32 [0/0] via 10.0.3.2, eth2 label 24000
L>* 3.3.3.3/32 [0/0] via 10.0.3.2, eth2 label 24001
```

Verify that all the exchanged label mappings were installed in the kernel:
```
$ ip -M ro
17 via inet6 2001:db8:3::2 dev eth2  proto zebra
19 as to 24005 via inet6 2001:db8:3::2 dev eth2  proto zebra
20 as to 24000 via inet 10.0.3.2 dev eth2  proto zebra
21 via inet 10.0.3.2 dev eth2  proto zebra
22 as to 24001 via inet 10.0.3.2 dev eth2  proto zebra
23 via inet 10.0.3.2 dev eth2  proto zebra
24 via inet 10.0.3.2 dev eth2  proto zebra
25 via inet 10.0.3.2 dev eth2  proto zebra
$
$ ip route | grep mpls
1.1.1.1  encap mpls  24000 via 10.0.3.2 dev eth2  proto zebra  metric 20
3.3.3.3  encap mpls  24001 via 10.0.3.2 dev eth2  proto zebra  metric 20
```

Now ping PE1's loopback using lo1's address as a source address:
```
$ ping -c 5 -I 4.4.4.4 1.1.1.1
PING 1.1.1.1 (1.1.1.1) from 4.4.4.4 : 56(84) bytes of data.
64 bytes from 1.1.1.1: icmp_seq=1 ttl=253 time=3.02 ms
64 bytes from 1.1.1.1: icmp_seq=2 ttl=253 time=3.13 ms
64 bytes from 1.1.1.1: icmp_seq=3 ttl=253 time=3.19 ms
64 bytes from 1.1.1.1: icmp_seq=4 ttl=253 time=3.07 ms
64 bytes from 1.1.1.1: icmp_seq=5 ttl=253 time=3.27 ms

--- 1.1.1.1 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4005ms
rtt min/avg/max/mdev = 3.022/3.140/3.278/0.096 ms
```

Verify that the ICMP echo request packets are leaving with the MPLS
label advertised by the P router. Also, verify that the ICMP echo reply
packets are arriving with an explicit-null MPLS label:
```
# tcpdump -n -i eth2 mpls and icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth2, link-type EN10MB (Ethernet), capture size 262144 bytes
10:01:40.758771 MPLS (label 24000, exp 0, [S], ttl 64) IP 4.4.4.4 > 1.1.1.1: ICMP echo request, id 13370, seq 1, length 64
10:01:40.761777 MPLS (label 0, exp 0, [S], ttl 254) IP 1.1.1.1 > 4.4.4.4: ICMP echo reply, id 13370, seq 1, length 64
10:01:41.760343 MPLS (label 24000, exp 0, [S], ttl 64) IP 4.4.4.4 > 1.1.1.1: ICMP echo request, id 13370, seq 2, length 64
10:01:41.763448 MPLS (label 0, exp 0, [S], ttl 254) IP 1.1.1.1 > 4.4.4.4: ICMP echo reply, id 13370, seq 2, length 64
10:01:42.761758 MPLS (label 24000, exp 0, [S], ttl 64) IP 4.4.4.4 > 1.1.1.1: ICMP echo request, id 13370, seq 3, length 64
10:01:42.764924 MPLS (label 0, exp 0, [S], ttl 254) IP 1.1.1.1 > 4.4.4.4: ICMP echo reply, id 13370, seq 3, length 64
10:01:43.763193 MPLS (label 24000, exp 0, [S], ttl 64) IP 4.4.4.4 > 1.1.1.1: ICMP echo request, id 13370, seq 4, length 64
10:01:43.766237 MPLS (label 0, exp 0, [S], ttl 254) IP 1.1.1.1 > 4.4.4.4: ICMP echo reply, id 13370, seq 4, length 64
10:01:44.764552 MPLS (label 24000, exp 0, [S], ttl 64) IP 4.4.4.4 > 1.1.1.1: ICMP echo request, id 13370, seq 5, length 64
10:01:44.767803 MPLS (label 0, exp 0, [S], ttl 254) IP 1.1.1.1 > 4.4.4.4: ICMP echo reply, id 13370, seq 5, length 64
```
Commit	Line	Data
eac6e3f0 RW	1	## Topology
	2
	3	The goal of this test is to verify that the all the basic functionality
	4	of ldpd is working as expected, be it running on Linux or OpenBSD. In
	5	addition to that, more advanced features are also tested, like LDP
	6	sessions over IPv6, MD5 authentication and pseudowire signaling.
	7
	8	In the topology below there are 3 PE routers, 3 CE routers and one P
	9	router (not attached to any consumer site).
	10
	11	All routers have IPv4 addresses and OSPF is used as the IGP. The
	12	three routers from the bottom of the picture, P, PE2 and PE3, are also
	13	configured for IPv6 (dual-stack) and static IPv6 routes are used to
	14	provide connectivity among them.
	15
	16	The three CEs share the same VPLS membership. LDP is used to set up the
	17	LSPs among the PEs and to signal the pseudowires. MD5 authentication is
	18	used to protect all LDP sessions.
	19
	20	```
	21	CE1 172.16.1.1/24
	22	+
	23	\|
	24	+---+---+
	25	\| PE1 \|
	26	\| IOS XE\|
	27	\| \|
	28	+---+---+
	29	\|
	30	\| 10.0.1.0/24
	31	\|
	32	+---+---+
	33	\| P \|
	34	+------+ IOS XR+------+
	35	\| \| \| \|
	36	\| +-------+ \|
	37	10.0.2.0/24 \| \| 10.0.3.0/24
	38	2001:db8:2::/64 \| \| 2001:db8:3::/64
	39	\| \|
	40	+---+---+ +---+---+
	41	\| PE2 \| \| PE3 \|
	42	\|OpenBSD+-------------+ Linux \|
	43	\| \| \| \|
	44	+---+---+ 10.0.4.0/24 +---+---+
	45	\| 2001:db8:4::/64 \|
	46	+ +
	47	172.16.1.2/24 CE2 CE3 172.16.1.3/24
	48	```
	49
	50	## Configuration
	51
	52	#### Linux
	53	1 - Enable IPv4/v6 forwarding:
	54	```
	55	# sysctl -w net.ipv4.ip_forward=1
	56	# sysctl -w net.ipv6.conf.all.forwarding=1
	57	```
	58
	59	2 - Enable MPLS forwarding:
	60	```
	61	# modprobe mpls-router
	62	# modprobe mpls-iptunnel
	63	# echo 100000 > /proc/sys/net/mpls/platform_labels
	64	# echo 1 > /proc/sys/net/mpls/conf/eth1/input
65	# echo 1 > /proc/sys/net/mpls/conf/eth2/input
66	```
67
68	3 - Set up the interfaces:
69	```
70	# ip link add name lo1 type dummy
71	# ip link set dev lo1 up
72	# ip addr add 4.4.4.4/32 dev lo1
73	# ip -6 addr add 4:4:4::4/128 dev lo1
74	# ip link set dev eth1 up
75	# ip addr add 10.0.4.4/24 dev eth1
76	# ip -6 addr add 2001:db8:4::4/64 dev eth1
77	# ip link set dev eth2 up
78	# ip addr add 10.0.3.4/24 dev eth2
79	# ip -6 addr add 2001:db8:3::4/64 dev eth2
80	```
81
82	4 - Set up the bridge and pseudowire interfaces:
83	```
84	# ip link add type bridge
85	# ip link set dev bridge0 up
86	# ip link set dev eth0 up
87	# ip link set dev eth0 master bridge0
88	# ip link add name mpw0 type dummy
89	# ip link set dev mpw0 up
90	# ip link set dev mpw0 master bridge0
91	# ip link add name mpw1 type dummy
92	# ip link set dev mpw1 up
93	# ip link set dev mpw1 master bridge0
94	```
95
96	> NOTE: MPLS support in the Linux kernel is very recent and it still
97	doesn't support pseudowire interfaces. We are using here dummy interfaces
98	just to show how the VPLS configuration should look like in the future.
99
100	5 - Add static IPv6 routes for the remote loopbacks:
101	```
102	# ip -6 route add 2:2:2::2/128 via 2001:db8:3::2
103	# ip -6 route add 3:3:3::3/128 via 2001:db8:4::3
104	```
105
438f5286	106	6 - Edit /etc/frr/ospfd.conf:
eac6e3f0 RW	107	```
	108	router ospf
	109	network 4.4.4.4/32 area 0.0.0.0
	110	network 10.0.3.4/24 area 0.0.0.0
	111	network 10.0.4.4/24 area 0.0.0.0
	112	!
	113	```
	114
438f5286	115	7 - Edit /etc/frr/ldpd.conf:
eac6e3f0 RW	116	```
	117	debug mpls ldp messages recv
	118	debug mpls ldp messages sent
	119	debug mpls ldp zebra
	120	!
	121	mpls ldp
	122	router-id 4.4.4.4
	123	dual-stack cisco-interop
	124	neighbor 1.1.1.1 password opensourcerouting
	125	neighbor 2.2.2.2 password opensourcerouting
	126	neighbor 3.3.3.3 password opensourcerouting
	127	!
	128	address-family ipv4
	129	discovery transport-address 4.4.4.4
	130	label local advertise explicit-null
	131	!
	132	interface eth2
	133	!
	134	interface eth1
	135	!
	136	!
	137	address-family ipv6
	138	discovery transport-address 4:4:4::4
	139	ttl-security disable
	140	!
	141	interface eth2
	142	!
	143	interface eth1
	144	!
	145	!
	146	!
	147	l2vpn ENG type vpls
	148	bridge br0
	149	member interface eth0
	150	!
	151	member pseudowire mpw0
	152	neighbor lsr-id 1.1.1.1
	153	pw-id 100
	154	!
	155	member pseudowire mpw1
	156	neighbor lsr-id 3.3.3.3
	157	neighbor address 3:3:3::3
	158	pw-id 100
	159	!
	160	!
	161	```
	162
	163	> NOTE: We have to disable ttl-security under the ipv6 address-family
	164	in order to interoperate with the IOS-XR router. GTSM is mandatory for
	165	LDPv6 but the IOS-XR implementation is not RFC compliant in this regard.
	166
	167	8 - Run zebra, ospfd and ldpd.
	168
	169	#### OpenBSD
	170	1 - Enable IPv4/v6 forwarding:
	171	```
	172	# sysctl net.inet.ip.forwarding=1
	173	# sysctl net.inet6.ip6.forwarding=1
	174	```
	175
	176	2 - Enable MPLS forwarding:
	177	```
	178	# ifconfig em2 10.0.2.3/24 mpls
	179	# ifconfig em3 10.0.4.3/24 mpls
180	```
181
182	3 - Set up the interfaces:
183	```
184	# ifconfig lo1 alias 3.3.3.3 netmask 255.255.255.255
185	# ifconfig lo1 inet6 3:3:3::3/128
186	# ifconfig em2 inet6 2001:db8:2::3/64
187	# ifconfig em3 inet6 2001:db8:4::3/64
188	```
189
190	4 - Set up the bridge and pseudowire interfaces:
191	```
192	# ifconfig bridge0 create
193	# ifconfig bridge0 up
194	# ifconfig em1 up
195	# ifconfig bridge0 add em1
196	# ifconfig mpw0 create
197	# ifconfig mpw0 up
198	# ifconfig bridge0 add mpw0
199	# ifconfig mpw1 create
200	# ifconfig mpw1 up
201	# ifconfig bridge0 add mpw1
202	```
203
204	5 - Add static IPv6 routes for the remote loopbacks:
205	```
206	# route -n add 4:4:4::4/128 2001:db8:4::4
207	# route -n add 2:2:2::2/128 2001:db8:2::2
208	```
209
438f5286	210	6 - Edit /etc/frr/ospfd.conf:
eac6e3f0 RW	211	```
	212	router ospf
	213	network 10.0.2.3/24 area 0
	214	network 10.0.4.3/24 area 0
	215	network 3.3.3.3/32 area 0
	216	!
	217	```
	218
438f5286	219	7 - Edit /etc/frr/ldpd.conf:
eac6e3f0 RW	220	```
	221	debug mpls ldp messages recv
	222	debug mpls ldp messages sent
	223	debug mpls ldp zebra
	224	!
	225	mpls ldp
	226	router-id 3.3.3.3
	227	dual-stack cisco-interop
	228	neighbor 1.1.1.1 password opensourcerouting
	229	neighbor 2.2.2.2 password opensourcerouting
	230	neighbor 4.4.4.4 password opensourcerouting
	231	!
	232	address-family ipv4
	233	discovery transport-address 3.3.3.3
	234	label local advertise explicit-null
	235	!
	236	interface em3
	237	!
	238	interface em2
	239	!
	240	!
	241	address-family ipv6
	242	discovery transport-address 3:3:3::3
	243	ttl-security disable
	244	!
	245	interface em3
	246	!
	247	interface em2
	248	!
	249	!
	250	!
	251	l2vpn ENG type vpls
	252	bridge br0
	253	member interface em1
	254	!
	255	member pseudowire mpw0
	256	neighbor lsr-id 1.1.1.1
	257	pw-id 100
	258	!
	259	member pseudowire mpw1
	260	neighbor lsr-id 4.4.4.4
	261	neighbor address 4:4:4::4
	262	pw-id 100
	263	!
	264	!
	265	```
	266
	267	8 - Run zebra, ospfd and ldpd.
	268
	269	#### Cisco routers
	270	CE1 (IOS):
	271	```
	272	interface FastEthernet0/0
	273	ip address 172.16.1.1 255.255.255.0
	274	!
	275	!
	276	```
	277
	278	CE2 (IOS):
	279	```
	280	interface FastEthernet0/0
	281	ip address 172.16.1.2 255.255.255.0
	282	!
	283	!
284	```
285
286	CE3 (IOS):
287	```
288	interface FastEthernet0/0
289	ip address 172.16.1.3 255.255.255.0
290	!
291	!
292	```
293
294	PE1 - IOS-XE (1):
295	```
296	mpls ldp neighbor 2.2.2.2 password opensourcerouting
297	mpls ldp neighbor 3.3.3.3 password opensourcerouting
298	mpls ldp neighbor 4.4.4.4 password opensourcerouting
299	!
300	l2vpn vfi context VFI
301	vpn id 1
302	member pseudowire2
303	member pseudowire1
304	!
305	bridge-domain 1
306	member GigabitEthernet1 service-instance 1
307	member vfi VFI
308	!
309	interface Loopback1
310	ip address 1.1.1.1 255.255.255.255
311	!
312	interface pseudowire1
313	encapsulation mpls
314	neighbor 3.3.3.3 100
315	!
316	interface pseudowire2
317	encapsulation mpls
318	neighbor 4.4.4.4 100
319	!
320	interface GigabitEthernet3
321	ip address 10.0.1.1 255.255.255.0
322	mpls ip
323	!
324	router ospf 1
325	network 0.0.0.0 255.255.255.255 area 0
326	!
327	```
328
329	P - IOS-XR (2):
330	```
331	interface Loopback1
332	ipv4 address 2.2.2.2 255.255.255.255
333	ipv6 address 2:2:2::2/128
334	!
335	interface GigabitEthernet0/0/0/0
336	ipv4 address 10.0.1.2 255.255.255.0
337	!
338	interface GigabitEthernet0/0/0/1
339	ipv4 address 10.0.2.2 255.255.255.0
340	ipv6 address 2001:db8:2::2/64
341	ipv6 enable
342	!
343	interface GigabitEthernet0/0/0/2
344	ipv4 address 10.0.3.2 255.255.255.0
345	ipv6 address 2001:db8:3::2/64
346	ipv6 enable
347	!
348	router static
349	address-family ipv6 unicast
350	3:3:3::3/128 2001:db8:2::3
351	4:4:4::4/128 2001:db8:3::4
352	!
353	!
354	router ospf 1
355	router-id 2.2.2.2
356	address-family ipv4 unicast
357	area 0
358	interface Loopback1
359	!
360	interface GigabitEthernet0/0/0/0
361	!
362	interface GigabitEthernet0/0/0/1
363	!
364	interface GigabitEthernet0/0/0/2
365	!
366	!
367	!
368	mpls ldp
369	router-id 2.2.2.2
370	neighbor
371	1.1.1.1:0 password clear opensourcerouting
372	3.3.3.3:0 password clear opensourcerouting
373	4.4.4.4:0 password clear opensourcerouting
374	!
375	address-family ipv4
376	!
377	address-family ipv6
378	discovery transport-address 2:2:2::2
379	!
380	interface GigabitEthernet0/0/0/0
381	address-family ipv4
382	!
383	!
384	interface GigabitEthernet0/0/0/1
385	address-family ipv4
386	!
387	address-family ipv6
388	!
389	!
390	interface GigabitEthernet0/0/0/2
391	address-family ipv4
392	!
393	address-family ipv6
394	!
395	!
396	!
397	```
398
399	## Verification - Control Plane
400
401	Using the CLI on the Linux box, the goal is to ensure that everything
402	is working as expected.
403
404	First, verify that all the required adjacencies and neighborships sessions
405	were established:
406
407	```
408	linux# show mpls ldp discovery
409	Local LDP Identifier: 4.4.4.4:0
410	Discovery Sources:
411	Interfaces:
412	eth1: xmit/recv
413	LDP Id: 3.3.3.3:0, Transport address: 3.3.3.3
414	Hold time: 15 sec
415	LDP Id: 3.3.3.3:0, Transport address: 3:3:3::3
416	Hold time: 15 sec
417	eth2: xmit/recv
418	LDP Id: 2.2.2.2:0, Transport address: 2.2.2.2
419	Hold time: 15 sec
420	LDP Id: 2.2.2.2:0, Transport address: 2:2:2::2
421	Hold time: 15 sec
422	Targeted Hellos:
423	4.4.4.4 -> 1.1.1.1: xmit/recv
424	LDP Id: 1.1.1.1:0, Transport address: 1.1.1.1
425	Hold time: 45 sec
426	4:4:4::4 -> 3:3:3::3: xmit/recv
427	LDP Id: 3.3.3.3:0, Transport address: 3:3:3::3
428	Hold time: 45 sec
429
430	linux# show mpls ldp neighbor
431	Peer LDP Identifier: 1.1.1.1:0
432	TCP connection: 4.4.4.4:40921 - 1.1.1.1:646
433	Session Holdtime: 180 sec
434	State: OPERATIONAL; Downstream-Unsolicited
435	Up time: 00:06:02
436	LDP Discovery Sources:
437	IPv4:
438	Targeted Hello: 1.1.1.1
439
440	Peer LDP Identifier: 2.2.2.2:0
441	TCP connection: 4:4:4::4:52286 - 2:2:2::2:646
442	Session Holdtime: 180 sec
443	State: OPERATIONAL; Downstream-Unsolicited
444	Up time: 00:06:02
445	LDP Discovery Sources:
446	IPv4:
447	Interface: eth2
448	IPv6:
449	Interface: eth2
450
451	Peer LDP Identifier: 3.3.3.3:0
452	TCP connection: 4:4:4::4:60575 - 3:3:3::3:646
453	Session Holdtime: 180 sec
454	State: OPERATIONAL; Downstream-Unsolicited
455	Up time: 00:05:57
456	LDP Discovery Sources:
457	IPv4:
458	Interface: eth1
459	IPv6:
460	Targeted Hello: 3:3:3::3
461	Interface: eth1
462	```
463
464	Note that the neighborships with the P and PE2 routers were established
465	over IPv6, since this is the default behavior for dual-stack LSRs, as
466	specified in RFC 7552. If desired, the **dual-stack transport-connection
467	prefer ipv4** command can be used to establish these sessions over IPv4
468	(the command should be applied an all routers).
469
470	Now, verify that there's a remote label for each PE address:
471	```
472	linux# show mpls ldp binding
473	1.1.1.1/32
474	Local binding: label: 20
475	Remote bindings:
476	Peer Label
477	----------------- ---------
478	1.1.1.1 imp-null
479	2.2.2.2 24000
480	3.3.3.3 20
481	2.2.2.2/32
482	Local binding: label: 21
483	Remote bindings:
484	Peer Label
485	----------------- ---------
486	1.1.1.1 18
487	2.2.2.2 imp-null
488	3.3.3.3 21
489	3.3.3.3/32
490	Local binding: label: 22
491	Remote bindings:
492	Peer Label
493	----------------- ---------
494	1.1.1.1 21
495	2.2.2.2 24003
496	3.3.3.3 imp-null
497	4.4.4.4/32
498	Local binding: label: imp-null
499	Remote bindings:
500	Peer Label
501	----------------- ---------
502	1.1.1.1 22
503	2.2.2.2 24001
504	3.3.3.3 22
505	10.0.1.0/24
506	Local binding: label: 23
507	Remote bindings:
508	Peer Label
509	----------------- ---------
510	1.1.1.1 imp-null
511	2.2.2.2 imp-null
512	3.3.3.3 23
513	10.0.2.0/24
514	Local binding: label: 24
515	Remote bindings:
516	Peer Label
517	----------------- ---------
518	1.1.1.1 20
519	2.2.2.2 imp-null
520	3.3.3.3 imp-null
521	10.0.3.0/24
522	Local binding: label: imp-null
523	Remote bindings:
524	Peer Label
525	----------------- ---------
526	1.1.1.1 19
527	2.2.2.2 imp-null
528	3.3.3.3 24
529	10.0.4.0/24
530	Local binding: label: imp-null
531	Remote bindings:
532	Peer Label
533	----------------- ---------
534	1.1.1.1 23
535	2.2.2.2 24002
536	3.3.3.3 imp-null
537	2:2:2::2/128
538	Local binding: label: 18
539	Remote bindings:
540	Peer Label
541	----------------- ---------
542	2.2.2.2 imp-null
543	3.3.3.3 18
544	3:3:3::3/128
545	Local binding: label: 19
546	Remote bindings:
547	Peer Label
548	----------------- ---------
549	2.2.2.2 24007
550	4:4:4::4/128
551	Local binding: label: imp-null
552	Remote bindings:
553	Peer Label
554	----------------- ---------
555	2.2.2.2 24006
556	3.3.3.3 19
557	2001:db8:2::/64
558	Local binding: label: -
559	Remote bindings:
560	Peer Label
561	----------------- ---------
562	2.2.2.2 imp-null
563	3.3.3.3 imp-null
564	2001:db8:3::/64
565	Local binding: label: imp-null
566	Remote bindings:
567	Peer Label
568	----------------- ---------
569	2.2.2.2 imp-null
570	2001:db8:4::/64
571	Local binding: label: imp-null
572	Remote bindings:
573	Peer Label
574	----------------- ---------
575	3.3.3.3 imp-null
576	```
577
578	Check if the pseudowires are up:
579	```
580	linux# show l2vpn atom vc
581	Interface Peer ID VC ID Name Status
582	--------- --------------- ---------- ---------------- ----------
583	mpw1 3.3.3.3 100 ENG UP
584	mpw0 1.1.1.1 100 ENG UP
585	```
586
587	Check the label bindings of the pseudowires:
588	```
589	linux# show l2vpn atom binding
590	Destination Address: 1.1.1.1, VC ID: 100
591	Local Label: 25
592	Cbit: 1, VC Type: Ethernet, GroupID: 0
593	MTU: 1500
594	Remote Label: 16
595	Cbit: 1, VC Type: Ethernet, GroupID: 0
596	MTU: 1500
597	Destination Address: 3.3.3.3, VC ID: 100
598	Local Label: 26
599	Cbit: 1, VC Type: Ethernet, GroupID: 0
600	MTU: 1500
601	Remote Label: 26
602	Cbit: 1, VC Type: Ethernet, GroupID: 0
603	MTU: 1500
604	```
605
606	## Verification - Data Plane
607
608	Verify that all the exchanged label mappings were installed in zebra:
609	```
610	linux# show mpls table
611	Inbound Outbound
612	Label Type Nexthop Label
613	-------- ------- --------------- --------
614	17 LDP 2001:db8:3::2 3
615	19 LDP 2001:db8:3::2 24005
616	20 LDP 10.0.3.2 24000
617	21 LDP 10.0.3.2 3
618	22 LDP 10.0.3.2 24001
619	23 LDP 10.0.3.2 3
620	24 LDP 10.0.3.2 3
621	25 LDP 10.0.3.2 3
622
623	linux# show ip route ldp
624	Codes: K - kernel route, C - connected, S - static, R - RIP,
625	O - OSPF, I - IS-IS, B - BGP, P - PIM, A - Babel, L - LDP,
626	> - selected route, * - FIB route
627
628	L>* 1.1.1.1/32 [0/0] via 10.0.3.2, eth2 label 24000
629	L>* 3.3.3.3/32 [0/0] via 10.0.3.2, eth2 label 24001
630	```
631
632	Verify that all the exchanged label mappings were installed in the kernel:
633	```
634	$ ip -M ro
635	17 via inet6 2001:db8:3::2 dev eth2 proto zebra
636	19 as to 24005 via inet6 2001:db8:3::2 dev eth2 proto zebra
637	20 as to 24000 via inet 10.0.3.2 dev eth2 proto zebra
638	21 via inet 10.0.3.2 dev eth2 proto zebra
639	22 as to 24001 via inet 10.0.3.2 dev eth2 proto zebra
640	23 via inet 10.0.3.2 dev eth2 proto zebra
641	24 via inet 10.0.3.2 dev eth2 proto zebra
642	25 via inet 10.0.3.2 dev eth2 proto zebra
643	$
644	$ ip route \| grep mpls
645	1.1.1.1 encap mpls 24000 via 10.0.3.2 dev eth2 proto zebra metric 20
646	3.3.3.3 encap mpls 24001 via 10.0.3.2 dev eth2 proto zebra metric 20
647	```
648
649	Now ping PE1's loopback using lo1's address as a source address:
650	```
651	$ ping -c 5 -I 4.4.4.4 1.1.1.1
652	PING 1.1.1.1 (1.1.1.1) from 4.4.4.4 : 56(84) bytes of data.
653	64 bytes from 1.1.1.1: icmp_seq=1 ttl=253 time=3.02 ms
654	64 bytes from 1.1.1.1: icmp_seq=2 ttl=253 time=3.13 ms
655	64 bytes from 1.1.1.1: icmp_seq=3 ttl=253 time=3.19 ms
656	64 bytes from 1.1.1.1: icmp_seq=4 ttl=253 time=3.07 ms
657	64 bytes from 1.1.1.1: icmp_seq=5 ttl=253 time=3.27 ms
658
659	--- 1.1.1.1 ping statistics ---
660	5 packets transmitted, 5 received, 0% packet loss, time 4005ms
661	rtt min/avg/max/mdev = 3.022/3.140/3.278/0.096 ms
662	```
663
664	Verify that the ICMP echo request packets are leaving with the MPLS
665	label advertised by the P router. Also, verify that the ICMP echo reply
666	packets are arriving with an explicit-null MPLS label:
667	```
668	# tcpdump -n -i eth2 mpls and icmp
669	tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
670	listening on eth2, link-type EN10MB (Ethernet), capture size 262144 bytes
671	10:01:40.758771 MPLS (label 24000, exp 0, [S], ttl 64) IP 4.4.4.4 > 1.1.1.1: ICMP echo request, id 13370, seq 1, length 64
672	10:01:40.761777 MPLS (label 0, exp 0, [S], ttl 254) IP 1.1.1.1 > 4.4.4.4: ICMP echo reply, id 13370, seq 1, length 64
673	10:01:41.760343 MPLS (label 24000, exp 0, [S], ttl 64) IP 4.4.4.4 > 1.1.1.1: ICMP echo request, id 13370, seq 2, length 64
674	10:01:41.763448 MPLS (label 0, exp 0, [S], ttl 254) IP 1.1.1.1 > 4.4.4.4: ICMP echo reply, id 13370, seq 2, length 64
675	10:01:42.761758 MPLS (label 24000, exp 0, [S], ttl 64) IP 4.4.4.4 > 1.1.1.1: ICMP echo request, id 13370, seq 3, length 64
676	10:01:42.764924 MPLS (label 0, exp 0, [S], ttl 254) IP 1.1.1.1 > 4.4.4.4: ICMP echo reply, id 13370, seq 3, length 64
677	10:01:43.763193 MPLS (label 24000, exp 0, [S], ttl 64) IP 4.4.4.4 > 1.1.1.1: ICMP echo request, id 13370, seq 4, length 64
678	10:01:43.766237 MPLS (label 0, exp 0, [S], ttl 254) IP 1.1.1.1 > 4.4.4.4: ICMP echo reply, id 13370, seq 4, length 64
679	10:01:44.764552 MPLS (label 24000, exp 0, [S], ttl 64) IP 4.4.4.4 > 1.1.1.1: ICMP echo request, id 13370, seq 5, length 64
680	10:01:44.767803 MPLS (label 0, exp 0, [S], ttl 254) IP 1.1.1.1 > 4.4.4.4: ICMP echo reply, id 13370, seq 5, length 64
681	```