VRF separated BGP neighborships over a logical interface
Hi Team, I would like to bring up 2 VRF separated BGP neighborship between two routers as below R1 [eth1.55]-------------------------[eth1.55] R2 B_VRF_BLUE<---------------------> B_VRF_BLUE B_VRF_RED <---------------------> B_VRF_RED I created two VRFs red and blue in the kernel. ip link add red type vrf table 100 ip link set dev red up ip link add blue type vrf table 200 ip link set dev blue up Then i enslaved the logical interface to both VRFs red and blue. ip link set dev eth1.55 master red ip link set dev eth1.55 master blue ---> enslaving to red is overridden by blue after this /tmp # ip link show eth1.55 14: eth1.55@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue *master blue * At R1, I could see B_VRF_BLUE is established and at R2 B_VRF_RED is established. R1 == bird> show protocols Name Proto Table State Since Info B_VRF_RED BGP --- start 23:54:26.660 Idle Received: Cease B_VRF_BLUE BGP --- up 23:54:42.207 Established R2 ==== bird> show protocols Name Proto Table State Since Info B_VRF_RED BGP --- up 23:58:44.611 Established B_VRF_BLUE BGP --- start 23:58:39.842 Active Socket: Connection closed Either one of the BGP sessions is established on both ends. The other session is not getting established. Please let me know if I am missing anything here. Also I noticed that L3VPN support was added into BIRD recently. Is there any support added to handle multiple VRF separated BGP neighborships during this commit ? Please clarify. Below are the configurations used. R1 ==== ipv4 table T_VRF_RED; ipv4 table T_VRF_BLUE; protocol kernel K_VRF_RED { vrf "red"; kernel table 100; scan time 20; ipv4 { table T_VRF_RED; import all; export all; }; } protocol kernel K_VRF_BLUE { vrf "blue"; kernel table 200; scan time 20; ipv4 { table T_VRF_BLUE; import all; export all; }; } protocol direct C_VRF_RED { vrf "red"; ipv4 { table T_VRF_RED; }; } protocol direct C_VRF_BLUE { vrf "blue"; ipv4 { table T_VRF_BLUE; }; } protocol static S_VRF_RED { vrf "red"; ipv4 { table T_VRF_RED; }; route 10.10.1.0/24 blackhole; } protocol static S_VRF_BLUE { vrf "blue"; ipv4 { table T_VRF_BLUE; }; route 10.10.1.0/24 blackhole; } protocol bgp B_VRF_RED { vrf "red"; router id 10.16.44.216; local 55.0.0.1 as 100; neighbor 55.0.0.2 as 100; enable as4 on; hold time 90; keepalive time 30; direct; # regular IPv4 unicast (1/1) ipv4 { table T_VRF_RED; import all; export all; }; } protocol bgp B_VRF_BLUE { vrf "blue"; router id 10.16.44.216; local 55.0.0.1 as 100; neighbor 55.0.0.2 as 100; enable as4 on; hold time 90; keepalive time 30; direct; # regular IPv4 unicast (1/1) ipv4 { table T_VRF_BLUE; import all; export all; }; } R2 ==== ipv4 table T_VRF_RED; ipv4 table T_VRF_BLUE; protocol kernel K_VRF_RED { vrf "red"; kernel table 100; scan time 20; ipv4 { table T_VRF_RED; import all; export all; }; } protocol kernel K_VRF_BLUE { vrf "blue"; kernel table 200; scan time 20; ipv4 { table T_VRF_BLUE; import all; export all; }; } protocol direct C_VRF_RED { vrf "red"; ipv4 { table T_VRF_RED; }; } protocol direct C_VRF_BLUE { vrf "blue"; ipv4 { table T_VRF_BLUE; }; } protocol static S_VRF_RED { vrf "red"; ipv4 { table T_VRF_RED; }; route 10.10.1.0/24 blackhole; } protocol static S_VRF_BLUE { vrf "blue"; ipv4 { table T_VRF_BLUE; }; route 10.10.1.0/24 blackhole; } protocol bgp B_VRF_RED { vrf "red"; router id 10.16.44.217; local 55.0.0.2 as 100; neighbor 55.0.0.1 as 100; enable as4 on; hold time 90; keepalive time 30; direct; # regular IPv4 unicast (1/1) ipv4 { table T_VRF_RED; import all; export all; }; } protocol bgp B_VRF_BLUE { vrf "blue"; router id 10.16.44.217; local 55.0.0.2 as 100; neighbor 55.0.0.1 as 100; enable as4 on; hold time 90; keepalive time 30; direct; # regular IPv4 unicast (1/1) ipv4 { table T_VRF_BLUE; import all; export all; }; } Thanks, Ramanathan
On 29/03/2023 09.28, Ramanathan Selvamani wrote:
Hi Team,
I would like to bring up 2 VRF separated BGP neighborship between two routers as below
R1 [eth1.55]-------------------------[eth1.55] R2
B_VRF_BLUE<---------------------> B_VRF_BLUE B_VRF_RED <---------------------> B_VRF_RED
You cannot enslave the same sub-interface eth1.55 to both VRF's at the same time. :-1: Without L3VPN support. You *must* setup one interface per vrf. R1 [eth1.55]-------------------------[eth1.55] R2 R1 [eth1.56]-------------------------[eth1.56] R2
I created two VRFs red and blue in the kernel.
ip link add red type vrf table 100 ip link set dev red up
ip link add blue type vrf table 200 ip link set dev blue up
Then i enslaved the logical interface to both VRFs red and blue.
ip link set dev eth1.55 master red ip link set dev eth1.55 master blue ---> enslaving to red is overridden by blue after this
Example, ip link set dev eth1.55 master red ip link set dev eth1.56 master blue
/tmp # ip link show eth1.55 14: eth1.55@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue *master blue *
At R1, I could see B_VRF_BLUE is established and at R2 B_VRF_RED is established.
R1 == bird> show protocols Name Proto Table State Since Info B_VRF_RED BGP --- start 23:54:26.660 Idle Received: Cease B_VRF_BLUE BGP --- up 23:54:42.207 Established
R2 ==== bird> show protocols Name Proto Table State Since Info B_VRF_RED BGP --- up 23:58:44.611 Established B_VRF_BLUE BGP --- start 23:58:39.842 Active Socket: Connection closed
Either one of the BGP sessions is established on both ends. The other session is not getting established. Please let me know if I am missing anything here.
Also I noticed that L3VPN support was added into BIRD recently. Is there any support added to handle multiple VRF separated BGP neighborships during this commit ? Please clarify.
Below are the configurations used. R1 ==== ipv4 table T_VRF_RED; ipv4 table T_VRF_BLUE;
protocol kernel K_VRF_RED { vrf "red"; kernel table 100; scan time 20;
ipv4 { table T_VRF_RED; import all; export all; }; } protocol kernel K_VRF_BLUE { vrf "blue"; kernel table 200; scan time 20;
ipv4 { table T_VRF_BLUE; import all; export all; }; } protocol direct C_VRF_RED { vrf "red"; ipv4 { table T_VRF_RED; };
} protocol direct C_VRF_BLUE { vrf "blue"; ipv4 { table T_VRF_BLUE; };
}
protocol static S_VRF_RED { vrf "red"; ipv4 { table T_VRF_RED; };
route 10.10.1.0/24 blackhole; } protocol static S_VRF_BLUE { vrf "blue"; ipv4 { table T_VRF_BLUE; };
route 10.10.1.0/24 blackhole; } protocol bgp B_VRF_RED { vrf "red"; router id 10.16.44.216; local 55.0.0.1 as 100; neighbor 55.0.0.2 as 100; enable as4 on; hold time 90; keepalive time 30; direct; # regular IPv4 unicast (1/1) ipv4 { table T_VRF_RED; import all; export all; }; } protocol bgp B_VRF_BLUE { vrf "blue"; router id 10.16.44.216; local 55.0.0.1 as 100; neighbor 55.0.0.2 as 100; enable as4 on; hold time 90; keepalive time 30; direct; # regular IPv4 unicast (1/1) ipv4 { table T_VRF_BLUE; import all; export all; }; }
R2 ==== ipv4 table T_VRF_RED; ipv4 table T_VRF_BLUE;
protocol kernel K_VRF_RED { vrf "red"; kernel table 100; scan time 20;
ipv4 { table T_VRF_RED; import all; export all; }; } protocol kernel K_VRF_BLUE { vrf "blue"; kernel table 200; scan time 20;
ipv4 { table T_VRF_BLUE; import all; export all; }; } protocol direct C_VRF_RED { vrf "red"; ipv4 { table T_VRF_RED; };
} protocol direct C_VRF_BLUE { vrf "blue"; ipv4 { table T_VRF_BLUE; };
} protocol static S_VRF_RED { vrf "red"; ipv4 { table T_VRF_RED; };
route 10.10.1.0/24 blackhole; } protocol static S_VRF_BLUE { vrf "blue"; ipv4 { table T_VRF_BLUE; };
route 10.10.1.0/24 blackhole; } protocol bgp B_VRF_RED { vrf "red"; router id 10.16.44.217; local 55.0.0.2 as 100; neighbor 55.0.0.1 as 100; enable as4 on; hold time 90; keepalive time 30; direct; # regular IPv4 unicast (1/1) ipv4 { table T_VRF_RED; import all; export all; }; } protocol bgp B_VRF_BLUE { vrf "blue"; router id 10.16.44.217; local 55.0.0.2 as 100; neighbor 55.0.0.1 as 100; enable as4 on; hold time 90; keepalive time 30; direct; # regular IPv4 unicast (1/1) ipv4 { table T_VRF_BLUE; import all; export all; }; }
Thanks, Ramanathan
Thanks for your response. I assume that with L3VPN support it is possible to set up one interface for many VRFs. May I know how to do it? Could you please share any sample BGP configuration for L3VPN ? Thanks, Ramanathan On Wed, 29 Mar 2023 at 13:41, ch <ch@ntrv.dk> wrote:
On 29/03/2023 09.28, Ramanathan Selvamani wrote:
Hi Team,
I would like to bring up 2 VRF separated BGP neighborship between two routers as below
R1 [eth1.55]-------------------------[eth1.55] R2
B_VRF_BLUE<---------------------> B_VRF_BLUE B_VRF_RED <---------------------> B_VRF_RED
You cannot enslave the same sub-interface eth1.55 to both VRF's at the same time. :-1:
Without L3VPN support. You *must* setup one interface per vrf.
R1 [eth1.55]-------------------------[eth1.55] R2 R1 [eth1.56]-------------------------[eth1.56] R2
I created two VRFs red and blue in the kernel.
ip link add red type vrf table 100 ip link set dev red up
ip link add blue type vrf table 200 ip link set dev blue up
Then i enslaved the logical interface to both VRFs red and blue.
ip link set dev eth1.55 master red ip link set dev eth1.55 master blue ---> enslaving to red is overridden by blue after this
Example,
ip link set dev eth1.55 master red ip link set dev eth1.56 master blue
/tmp # ip link show eth1.55 14: eth1.55@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue *master blue *
At R1, I could see B_VRF_BLUE is established and at R2 B_VRF_RED is established.
R1 == bird> show protocols Name Proto Table State Since Info B_VRF_RED BGP --- start 23:54:26.660 Idle Received: Cease B_VRF_BLUE BGP --- up 23:54:42.207 Established
R2 ==== bird> show protocols Name Proto Table State Since Info B_VRF_RED BGP --- up 23:58:44.611 Established B_VRF_BLUE BGP --- start 23:58:39.842 Active Socket: Connection closed
Either one of the BGP sessions is established on both ends. The other session is not getting established. Please let me know if I am missing anything here.
Also I noticed that L3VPN support was added into BIRD recently. Is there any support added to handle multiple VRF separated BGP neighborships during this commit ? Please clarify.
Below are the configurations used. R1 ==== ipv4 table T_VRF_RED; ipv4 table T_VRF_BLUE;
protocol kernel K_VRF_RED { vrf "red"; kernel table 100; scan time 20;
ipv4 { table T_VRF_RED; import all; export all; }; } protocol kernel K_VRF_BLUE { vrf "blue"; kernel table 200; scan time 20;
ipv4 { table T_VRF_BLUE; import all; export all; }; } protocol direct C_VRF_RED { vrf "red"; ipv4 { table T_VRF_RED; };
} protocol direct C_VRF_BLUE { vrf "blue"; ipv4 { table T_VRF_BLUE; };
}
protocol static S_VRF_RED { vrf "red"; ipv4 { table T_VRF_RED; };
route 10.10.1.0/24 blackhole; } protocol static S_VRF_BLUE { vrf "blue"; ipv4 { table T_VRF_BLUE; };
route 10.10.1.0/24 blackhole; } protocol bgp B_VRF_RED { vrf "red"; router id 10.16.44.216; local 55.0.0.1 as 100; neighbor 55.0.0.2 as 100; enable as4 on; hold time 90; keepalive time 30; direct; # regular IPv4 unicast (1/1) ipv4 { table T_VRF_RED; import all; export all; }; } protocol bgp B_VRF_BLUE { vrf "blue"; router id 10.16.44.216; local 55.0.0.1 as 100; neighbor 55.0.0.2 as 100; enable as4 on; hold time 90; keepalive time 30; direct; # regular IPv4 unicast (1/1) ipv4 { table T_VRF_BLUE; import all; export all; }; }
R2 ==== ipv4 table T_VRF_RED; ipv4 table T_VRF_BLUE;
protocol kernel K_VRF_RED { vrf "red"; kernel table 100; scan time 20;
ipv4 { table T_VRF_RED; import all; export all; }; } protocol kernel K_VRF_BLUE { vrf "blue"; kernel table 200; scan time 20;
ipv4 { table T_VRF_BLUE; import all; export all; }; } protocol direct C_VRF_RED { vrf "red"; ipv4 { table T_VRF_RED; };
} protocol direct C_VRF_BLUE { vrf "blue"; ipv4 { table T_VRF_BLUE; };
} protocol static S_VRF_RED { vrf "red"; ipv4 { table T_VRF_RED; };
route 10.10.1.0/24 blackhole; } protocol static S_VRF_BLUE { vrf "blue"; ipv4 { table T_VRF_BLUE; };
route 10.10.1.0/24 blackhole; } protocol bgp B_VRF_RED { vrf "red"; router id 10.16.44.217; local 55.0.0.2 as 100; neighbor 55.0.0.1 as 100; enable as4 on; hold time 90; keepalive time 30; direct; # regular IPv4 unicast (1/1) ipv4 { table T_VRF_RED; import all; export all; }; } protocol bgp B_VRF_BLUE { vrf "blue"; router id 10.16.44.217; local 55.0.0.2 as 100; neighbor 55.0.0.1 as 100; enable as4 on; hold time 90; keepalive time 30; direct; # regular IPv4 unicast (1/1) ipv4 { table T_VRF_BLUE; import all; export all; }; }
Thanks, Ramanathan
participants (2)
-
ch -
Ramanathan Selvamani