]> git.proxmox.com Git - mirror_frr.git/blob - doc/developer/ldpd-basic-test-setup.md
projects / mirror_frr.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
doc: remove non-existent configure option
[mirror_frr.git] / doc / developer / ldpd-basic-test-setup.md
1 ## Topology
2
3 The goal of this test is to verify that the all the basic functionality
4 of ldpd is working as expected, be it running on Linux or OpenBSD. In
5 addition to that, more advanced features are also tested, like LDP
6 sessions over IPv6, MD5 authentication and pseudowire signaling.
7
8 In the topology below there are 3 PE routers, 3 CE routers and one P
9 router (not attached to any consumer site).
10
11 All routers have IPv4 addresses and OSPF is used as the IGP. The
12 three routers from the bottom of the picture, P, PE2 and PE3, are also
13 configured for IPv6 (dual-stack) and static IPv6 routes are used to
14 provide connectivity among them.
15
16 The three CEs share the same VPLS membership. LDP is used to set up the
17 LSPs among the PEs and to signal the pseudowires. MD5 authentication is
18 used to protect all LDP sessions.
19
20 ```
21 CE1 172.16.1.1/24
22 +
23 |
24 +---+---+
25 | PE1 |
26 | IOS XE|
27 | |
28 +---+---+
29 |
30 | 10.0.1.0/24
31 |
32 +---+---+
33 | P |
34 +------+ IOS XR+------+
35 | | | |
36 | +-------+ |
37 10.0.2.0/24 | | 10.0.3.0/24
38 2001:db8:2::/64 | | 2001:db8:3::/64
39 | |
40 +---+---+ +---+---+
41 | PE2 | | PE3 |
42 |OpenBSD+-------------+ Linux |
43 | | | |
44 +---+---+ 10.0.4.0/24 +---+---+
45 | 2001:db8:4::/64 |
46 + +
47 172.16.1.2/24 CE2 CE3 172.16.1.3/24
48 ```
49
50 ## Configuration
51
52 #### Linux
53 1 - Enable IPv4/v6 forwarding:
54 ```
55 # sysctl -w net.ipv4.ip_forward=1
56 # sysctl -w net.ipv6.conf.all.forwarding=1
57 ```
58
59 2 - Enable MPLS forwarding:
60 ```
61 # modprobe mpls-router
62 # modprobe mpls-iptunnel
63 # echo 100000 > /proc/sys/net/mpls/platform_labels
64 # echo 1 > /proc/sys/net/mpls/conf/eth1/input
65 # echo 1 > /proc/sys/net/mpls/conf/eth2/input
66 ```
67
68 3 - Set up the interfaces:
69 ```
70 # ip link add name lo1 type dummy
71 # ip link set dev lo1 up
72 # ip addr add 4.4.4.4/32 dev lo1
73 # ip -6 addr add 4:4:4::4/128 dev lo1
74 # ip link set dev eth1 up
75 # ip addr add 10.0.4.4/24 dev eth1
76 # ip -6 addr add 2001:db8:4::4/64 dev eth1
77 # ip link set dev eth2 up
78 # ip addr add 10.0.3.4/24 dev eth2
79 # ip -6 addr add 2001:db8:3::4/64 dev eth2
80 ```
81
82 4 - Set up the bridge and pseudowire interfaces:
83 ```
84 # ip link add type bridge
85 # ip link set dev bridge0 up
86 # ip link set dev eth0 up
87 # ip link set dev eth0 master bridge0
88 # ip link add name mpw0 type dummy
89 # ip link set dev mpw0 up
90 # ip link set dev mpw0 master bridge0
91 # ip link add name mpw1 type dummy
92 # ip link set dev mpw1 up
93 # ip link set dev mpw1 master bridge0
94 ```
95
96 > NOTE: MPLS support in the Linux kernel is very recent and it still
97 doesn't support pseudowire interfaces. We are using here dummy interfaces
98 just to show how the VPLS configuration should look like in the future.
99
100 5 - Add static IPv6 routes for the remote loopbacks:
101 ```
102 # ip -6 route add 2:2:2::2/128 via 2001:db8:3::2
103 # ip -6 route add 3:3:3::3/128 via 2001:db8:4::3
104 ```
105
106 6 - Edit /etc/frr/ospfd.conf:
107 ```
108 router ospf
109 network 4.4.4.4/32 area 0.0.0.0
110 network 10.0.3.4/24 area 0.0.0.0
111 network 10.0.4.4/24 area 0.0.0.0
112 !
113 ```
114
115 7 - Edit /etc/frr/ldpd.conf:
116 ```
117 debug mpls ldp messages recv
118 debug mpls ldp messages sent
119 debug mpls ldp zebra
120 !
121 mpls ldp
122 router-id 4.4.4.4
123 dual-stack cisco-interop
124 neighbor 1.1.1.1 password opensourcerouting
125 neighbor 2.2.2.2 password opensourcerouting
126 neighbor 3.3.3.3 password opensourcerouting
127 !
128 address-family ipv4
129 discovery transport-address 4.4.4.4
130 label local advertise explicit-null
131 !
132 interface eth2
133 !
134 interface eth1
135 !
136 !
137 address-family ipv6
138 discovery transport-address 4:4:4::4
139 ttl-security disable
140 !
141 interface eth2
142 !
143 interface eth1
144 !
145 !
146 !
147 l2vpn ENG type vpls
148 bridge br0
149 member interface eth0
150 !
151 member pseudowire mpw0
152 neighbor lsr-id 1.1.1.1
153 pw-id 100
154 !
155 member pseudowire mpw1
156 neighbor lsr-id 3.3.3.3
157 neighbor address 3:3:3::3
158 pw-id 100
159 !
160 !
161 ```
162
163 > NOTE: We have to disable ttl-security under the ipv6 address-family
164 in order to interoperate with the IOS-XR router. GTSM is mandatory for
165 LDPv6 but the IOS-XR implementation is not RFC compliant in this regard.
166
167 8 - Run zebra, ospfd and ldpd.
168
169 #### OpenBSD
170 1 - Enable IPv4/v6 forwarding:
171 ```
172 # sysctl net.inet.ip.forwarding=1
173 # sysctl net.inet6.ip6.forwarding=1
174 ```
175
176 2 - Enable MPLS forwarding:
177 ```
178 # ifconfig em2 10.0.2.3/24 mpls
179 # ifconfig em3 10.0.4.3/24 mpls
180 ```
181
182 3 - Set up the interfaces:
183 ```
184 # ifconfig lo1 alias 3.3.3.3 netmask 255.255.255.255
185 # ifconfig lo1 inet6 3:3:3::3/128
186 # ifconfig em2 inet6 2001:db8:2::3/64
187 # ifconfig em3 inet6 2001:db8:4::3/64
188 ```
189
190 4 - Set up the bridge and pseudowire interfaces:
191 ```
192 # ifconfig bridge0 create
193 # ifconfig bridge0 up
194 # ifconfig em1 up
195 # ifconfig bridge0 add em1
196 # ifconfig mpw0 create
197 # ifconfig mpw0 up
198 # ifconfig bridge0 add mpw0
199 # ifconfig mpw1 create
200 # ifconfig mpw1 up
201 # ifconfig bridge0 add mpw1
202 ```
203
204 5 - Add static IPv6 routes for the remote loopbacks:
205 ```
206 # route -n add 4:4:4::4/128 2001:db8:4::4
207 # route -n add 2:2:2::2/128 2001:db8:2::2
208 ```
209
210 6 - Edit /etc/frr/ospfd.conf:
211 ```
212 router ospf
213 network 10.0.2.3/24 area 0
214 network 10.0.4.3/24 area 0
215 network 3.3.3.3/32 area 0
216 !
217 ```
218
219 7 - Edit /etc/frr/ldpd.conf:
220 ```
221 debug mpls ldp messages recv
222 debug mpls ldp messages sent
223 debug mpls ldp zebra
224 !
225 mpls ldp
226 router-id 3.3.3.3
227 dual-stack cisco-interop
228 neighbor 1.1.1.1 password opensourcerouting
229 neighbor 2.2.2.2 password opensourcerouting
230 neighbor 4.4.4.4 password opensourcerouting
231 !
232 address-family ipv4
233 discovery transport-address 3.3.3.3
234 label local advertise explicit-null
235 !
236 interface em3
237 !
238 interface em2
239 !
240 !
241 address-family ipv6
242 discovery transport-address 3:3:3::3
243 ttl-security disable
244 !
245 interface em3
246 !
247 interface em2
248 !
249 !
250 !
251 l2vpn ENG type vpls
252 bridge br0
253 member interface em1
254 !
255 member pseudowire mpw0
256 neighbor lsr-id 1.1.1.1
257 pw-id 100
258 !
259 member pseudowire mpw1
260 neighbor lsr-id 4.4.4.4
261 neighbor address 4:4:4::4
262 pw-id 100
263 !
264 !
265 ```
266
267 8 - Run zebra, ospfd and ldpd.
268
269 #### Cisco routers
270 CE1 (IOS):
271 ```
272 interface FastEthernet0/0
273 ip address 172.16.1.1 255.255.255.0
274 !
275 !
276 ```
277
278 CE2 (IOS):
279 ```
280 interface FastEthernet0/0
281 ip address 172.16.1.2 255.255.255.0
282 !
283 !
284 ```
285
286 CE3 (IOS):
287 ```
288 interface FastEthernet0/0
289 ip address 172.16.1.3 255.255.255.0
290 !
291 !
292 ```
293
294 PE1 - IOS-XE (1):
295 ```
296 mpls ldp neighbor 2.2.2.2 password opensourcerouting
297 mpls ldp neighbor 3.3.3.3 password opensourcerouting
298 mpls ldp neighbor 4.4.4.4 password opensourcerouting
299 !
300 l2vpn vfi context VFI
301 vpn id 1
302 member pseudowire2
303 member pseudowire1
304 !
305 bridge-domain 1
306 member GigabitEthernet1 service-instance 1
307 member vfi VFI
308 !
309 interface Loopback1
310 ip address 1.1.1.1 255.255.255.255
311 !
312 interface pseudowire1
313 encapsulation mpls
314 neighbor 3.3.3.3 100
315 !
316 interface pseudowire2
317 encapsulation mpls
318 neighbor 4.4.4.4 100
319 !
320 interface GigabitEthernet3
321 ip address 10.0.1.1 255.255.255.0
322 mpls ip
323 !
324 router ospf 1
325 network 0.0.0.0 255.255.255.255 area 0
326 !
327 ```
328
329 P - IOS-XR (2):
330 ```
331 interface Loopback1
332 ipv4 address 2.2.2.2 255.255.255.255
333 ipv6 address 2:2:2::2/128
334 !
335 interface GigabitEthernet0/0/0/0
336 ipv4 address 10.0.1.2 255.255.255.0
337 !
338 interface GigabitEthernet0/0/0/1
339 ipv4 address 10.0.2.2 255.255.255.0
340 ipv6 address 2001:db8:2::2/64
341 ipv6 enable
342 !
343 interface GigabitEthernet0/0/0/2
344 ipv4 address 10.0.3.2 255.255.255.0
345 ipv6 address 2001:db8:3::2/64
346 ipv6 enable
347 !
348 router static
349 address-family ipv6 unicast
350 3:3:3::3/128 2001:db8:2::3
351 4:4:4::4/128 2001:db8:3::4
352 !
353 !
354 router ospf 1
355 router-id 2.2.2.2
356 address-family ipv4 unicast
357 area 0
358 interface Loopback1
359 !
360 interface GigabitEthernet0/0/0/0
361 !
362 interface GigabitEthernet0/0/0/1
363 !
364 interface GigabitEthernet0/0/0/2
365 !
366 !
367 !
368 mpls ldp
369 router-id 2.2.2.2
370 neighbor
371 1.1.1.1:0 password clear opensourcerouting
372 3.3.3.3:0 password clear opensourcerouting
373 4.4.4.4:0 password clear opensourcerouting
374 !
375 address-family ipv4
376 !
377 address-family ipv6
378 discovery transport-address 2:2:2::2
379 !
380 interface GigabitEthernet0/0/0/0
381 address-family ipv4
382 !
383 !
384 interface GigabitEthernet0/0/0/1
385 address-family ipv4
386 !
387 address-family ipv6
388 !
389 !
390 interface GigabitEthernet0/0/0/2
391 address-family ipv4
392 !
393 address-family ipv6
394 !
395 !
396 !
397 ```
398
399 ## Verification - Control Plane
400
401 Using the CLI on the Linux box, the goal is to ensure that everything
402 is working as expected.
403
404 First, verify that all the required adjacencies and neighborships sessions
405 were established:
406
407 ```
408 linux# show mpls ldp discovery
409 Local LDP Identifier: 4.4.4.4:0
410 Discovery Sources:
411 Interfaces:
412 eth1: xmit/recv
413 LDP Id: 3.3.3.3:0, Transport address: 3.3.3.3
414 Hold time: 15 sec
415 LDP Id: 3.3.3.3:0, Transport address: 3:3:3::3
416 Hold time: 15 sec
417 eth2: xmit/recv
418 LDP Id: 2.2.2.2:0, Transport address: 2.2.2.2
419 Hold time: 15 sec
420 LDP Id: 2.2.2.2:0, Transport address: 2:2:2::2
421 Hold time: 15 sec
422 Targeted Hellos:
423 4.4.4.4 -> 1.1.1.1: xmit/recv
424 LDP Id: 1.1.1.1:0, Transport address: 1.1.1.1
425 Hold time: 45 sec
426 4:4:4::4 -> 3:3:3::3: xmit/recv
427 LDP Id: 3.3.3.3:0, Transport address: 3:3:3::3
428 Hold time: 45 sec
429
430 linux# show mpls ldp neighbor
431 Peer LDP Identifier: 1.1.1.1:0
432 TCP connection: 4.4.4.4:40921 - 1.1.1.1:646
433 Session Holdtime: 180 sec
434 State: OPERATIONAL; Downstream-Unsolicited
435 Up time: 00:06:02
436 LDP Discovery Sources:
437 IPv4:
438 Targeted Hello: 1.1.1.1
439
440 Peer LDP Identifier: 2.2.2.2:0
441 TCP connection: 4:4:4::4:52286 - 2:2:2::2:646
442 Session Holdtime: 180 sec
443 State: OPERATIONAL; Downstream-Unsolicited
444 Up time: 00:06:02
445 LDP Discovery Sources:
446 IPv4:
447 Interface: eth2
448 IPv6:
449 Interface: eth2
450
451 Peer LDP Identifier: 3.3.3.3:0
452 TCP connection: 4:4:4::4:60575 - 3:3:3::3:646
453 Session Holdtime: 180 sec
454 State: OPERATIONAL; Downstream-Unsolicited
455 Up time: 00:05:57
456 LDP Discovery Sources:
457 IPv4:
458 Interface: eth1
459 IPv6:
460 Targeted Hello: 3:3:3::3
461 Interface: eth1
462 ```
463
464 Note that the neighborships with the P and PE2 routers were established
465 over IPv6, since this is the default behavior for dual-stack LSRs, as
466 specified in RFC 7552. If desired, the **dual-stack transport-connection
467 prefer ipv4** command can be used to establish these sessions over IPv4
468 (the command should be applied an all routers).
469
470 Now, verify that there's a remote label for each PE address:
471 ```
472 linux# show mpls ldp binding
473 1.1.1.1/32
474 Local binding: label: 20
475 Remote bindings:
476 Peer Label
477 ----------------- ---------
478 1.1.1.1 imp-null
479 2.2.2.2 24000
480 3.3.3.3 20
481 2.2.2.2/32
482 Local binding: label: 21
483 Remote bindings:
484 Peer Label
485 ----------------- ---------
486 1.1.1.1 18
487 2.2.2.2 imp-null
488 3.3.3.3 21
489 3.3.3.3/32
490 Local binding: label: 22
491 Remote bindings:
492 Peer Label
493 ----------------- ---------
494 1.1.1.1 21
495 2.2.2.2 24003
496 3.3.3.3 imp-null
497 4.4.4.4/32
498 Local binding: label: imp-null
499 Remote bindings:
500 Peer Label
501 ----------------- ---------
502 1.1.1.1 22
503 2.2.2.2 24001
504 3.3.3.3 22
505 10.0.1.0/24
506 Local binding: label: 23
507 Remote bindings:
508 Peer Label
509 ----------------- ---------
510 1.1.1.1 imp-null
511 2.2.2.2 imp-null
512 3.3.3.3 23
513 10.0.2.0/24
514 Local binding: label: 24
515 Remote bindings:
516 Peer Label
517 ----------------- ---------
518 1.1.1.1 20
519 2.2.2.2 imp-null
520 3.3.3.3 imp-null
521 10.0.3.0/24
522 Local binding: label: imp-null
523 Remote bindings:
524 Peer Label
525 ----------------- ---------
526 1.1.1.1 19
527 2.2.2.2 imp-null
528 3.3.3.3 24
529 10.0.4.0/24
530 Local binding: label: imp-null
531 Remote bindings:
532 Peer Label
533 ----------------- ---------
534 1.1.1.1 23
535 2.2.2.2 24002
536 3.3.3.3 imp-null
537 2:2:2::2/128
538 Local binding: label: 18
539 Remote bindings:
540 Peer Label
541 ----------------- ---------
542 2.2.2.2 imp-null
543 3.3.3.3 18
544 3:3:3::3/128
545 Local binding: label: 19
546 Remote bindings:
547 Peer Label
548 ----------------- ---------
549 2.2.2.2 24007
550 4:4:4::4/128
551 Local binding: label: imp-null
552 Remote bindings:
553 Peer Label
554 ----------------- ---------
555 2.2.2.2 24006
556 3.3.3.3 19
557 2001:db8:2::/64
558 Local binding: label: -
559 Remote bindings:
560 Peer Label
561 ----------------- ---------
562 2.2.2.2 imp-null
563 3.3.3.3 imp-null
564 2001:db8:3::/64
565 Local binding: label: imp-null
566 Remote bindings:
567 Peer Label
568 ----------------- ---------
569 2.2.2.2 imp-null
570 2001:db8:4::/64
571 Local binding: label: imp-null
572 Remote bindings:
573 Peer Label
574 ----------------- ---------
575 3.3.3.3 imp-null
576 ```
577
578 Check if the pseudowires are up:
579 ```
580 linux# show l2vpn atom vc
581 Interface Peer ID VC ID Name Status
582 --------- --------------- ---------- ---------------- ----------
583 mpw1 3.3.3.3 100 ENG UP
584 mpw0 1.1.1.1 100 ENG UP
585 ```
586
587 Check the label bindings of the pseudowires:
588 ```
589 linux# show l2vpn atom binding
590 Destination Address: 1.1.1.1, VC ID: 100
591 Local Label: 25
592 Cbit: 1, VC Type: Ethernet, GroupID: 0
593 MTU: 1500
594 Remote Label: 16
595 Cbit: 1, VC Type: Ethernet, GroupID: 0
596 MTU: 1500
597 Destination Address: 3.3.3.3, VC ID: 100
598 Local Label: 26
599 Cbit: 1, VC Type: Ethernet, GroupID: 0
600 MTU: 1500
601 Remote Label: 26
602 Cbit: 1, VC Type: Ethernet, GroupID: 0
603 MTU: 1500
604 ```
605
606 ## Verification - Data Plane
607
608 Verify that all the exchanged label mappings were installed in zebra:
609 ```
610 linux# show mpls table
611 Inbound Outbound
612 Label Type Nexthop Label
613 -------- ------- --------------- --------
614 17 LDP 2001:db8:3::2 3
615 19 LDP 2001:db8:3::2 24005
616 20 LDP 10.0.3.2 24000
617 21 LDP 10.0.3.2 3
618 22 LDP 10.0.3.2 24001
619 23 LDP 10.0.3.2 3
620 24 LDP 10.0.3.2 3
621 25 LDP 10.0.3.2 3
622
623 linux# show ip route ldp
624 Codes: K - kernel route, C - connected, S - static, R - RIP,
625 O - OSPF, I - IS-IS, B - BGP, P - PIM, A - Babel, L - LDP,
626 > - selected route, * - FIB route
627
628 L>* 1.1.1.1/32 [0/0] via 10.0.3.2, eth2 label 24000
629 L>* 3.3.3.3/32 [0/0] via 10.0.3.2, eth2 label 24001
630 ```
631
632 Verify that all the exchanged label mappings were installed in the kernel:
633 ```
634 $ ip -M ro
635 17 via inet6 2001:db8:3::2 dev eth2 proto zebra
636 19 as to 24005 via inet6 2001:db8:3::2 dev eth2 proto zebra
637 20 as to 24000 via inet 10.0.3.2 dev eth2 proto zebra
638 21 via inet 10.0.3.2 dev eth2 proto zebra
639 22 as to 24001 via inet 10.0.3.2 dev eth2 proto zebra
640 23 via inet 10.0.3.2 dev eth2 proto zebra
641 24 via inet 10.0.3.2 dev eth2 proto zebra
642 25 via inet 10.0.3.2 dev eth2 proto zebra
643 $
644 $ ip route | grep mpls
645 1.1.1.1 encap mpls 24000 via 10.0.3.2 dev eth2 proto zebra metric 20
646 3.3.3.3 encap mpls 24001 via 10.0.3.2 dev eth2 proto zebra metric 20
647 ```
648
649 Now ping PE1's loopback using lo1's address as a source address:
650 ```
651 $ ping -c 5 -I 4.4.4.4 1.1.1.1
652 PING 1.1.1.1 (1.1.1.1) from 4.4.4.4 : 56(84) bytes of data.
653 64 bytes from 1.1.1.1: icmp_seq=1 ttl=253 time=3.02 ms
654 64 bytes from 1.1.1.1: icmp_seq=2 ttl=253 time=3.13 ms
655 64 bytes from 1.1.1.1: icmp_seq=3 ttl=253 time=3.19 ms
656 64 bytes from 1.1.1.1: icmp_seq=4 ttl=253 time=3.07 ms
657 64 bytes from 1.1.1.1: icmp_seq=5 ttl=253 time=3.27 ms
658
659 --- 1.1.1.1 ping statistics ---
660 5 packets transmitted, 5 received, 0% packet loss, time 4005ms
661 rtt min/avg/max/mdev = 3.022/3.140/3.278/0.096 ms
662 ```
663
664 Verify that the ICMP echo request packets are leaving with the MPLS
665 label advertised by the P router. Also, verify that the ICMP echo reply
666 packets are arriving with an explicit-null MPLS label:
667 ```
668 # tcpdump -n -i eth2 mpls and icmp
669 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
670 listening on eth2, link-type EN10MB (Ethernet), capture size 262144 bytes
671 10:01:40.758771 MPLS (label 24000, exp 0, [S], ttl 64) IP 4.4.4.4 > 1.1.1.1: ICMP echo request, id 13370, seq 1, length 64
672 10:01:40.761777 MPLS (label 0, exp 0, [S], ttl 254) IP 1.1.1.1 > 4.4.4.4: ICMP echo reply, id 13370, seq 1, length 64
673 10:01:41.760343 MPLS (label 24000, exp 0, [S], ttl 64) IP 4.4.4.4 > 1.1.1.1: ICMP echo request, id 13370, seq 2, length 64
674 10:01:41.763448 MPLS (label 0, exp 0, [S], ttl 254) IP 1.1.1.1 > 4.4.4.4: ICMP echo reply, id 13370, seq 2, length 64
675 10:01:42.761758 MPLS (label 24000, exp 0, [S], ttl 64) IP 4.4.4.4 > 1.1.1.1: ICMP echo request, id 13370, seq 3, length 64
676 10:01:42.764924 MPLS (label 0, exp 0, [S], ttl 254) IP 1.1.1.1 > 4.4.4.4: ICMP echo reply, id 13370, seq 3, length 64
677 10:01:43.763193 MPLS (label 24000, exp 0, [S], ttl 64) IP 4.4.4.4 > 1.1.1.1: ICMP echo request, id 13370, seq 4, length 64
678 10:01:43.766237 MPLS (label 0, exp 0, [S], ttl 254) IP 1.1.1.1 > 4.4.4.4: ICMP echo reply, id 13370, seq 4, length 64
679 10:01:44.764552 MPLS (label 24000, exp 0, [S], ttl 64) IP 4.4.4.4 > 1.1.1.1: ICMP echo request, id 13370, seq 5, length 64
680 10:01:44.767803 MPLS (label 0, exp 0, [S], ttl 254) IP 1.1.1.1 > 4.4.4.4: ICMP echo reply, id 13370, seq 5, length 64
681 ```
FRRouting mirror