L3vpn configuration help

hello, I have a LAB to which I am trying to upload an L3VPN, there are 2 vyos running ospf and with a BGP session with unicast-vpn and I need both vyos to have a management vrf called shared kmg, bgp sessions establish exchange routes, however there is no connectivity between the vyos in the vrf kmg, from what I see with the show ip route vrf kmg command, I only see the local routes with this command.

I’ll show you the settings and check results, maybe you can shed some light on what I’m doing wrong in my lab.

vyos@Router-1# show protocols bgp | commands
set local-as β€˜65530’
set neighbor 198.19.1.255 address-family ipv4-vpn
set neighbor 198.19.1.255 remote-as β€˜65530’
set neighbor 198.19.1.255 update-source β€˜dum0’
set parameters router-id β€˜198.19.2.122’

vyos@Router-1# show vrf name kmg | commands
set protocols bgp address-family ipv4-unicast export vpn
set protocols bgp address-family ipv4-unicast import vpn
set protocols bgp address-family ipv4-unicast label vpn export β€˜100’
set protocols bgp address-family ipv4-unicast rd vpn export β€˜100:100’
set protocols bgp address-family ipv4-unicast redistribute connected
set protocols bgp address-family ipv4-unicast route-target vpn both β€˜100:100’
set protocols bgp local-as β€˜65530’
set table β€˜100’

vyos@Router-1$ show bgp ipv4 vpn
BGP table version is 15, local router ID is 198.19.2.122, vrf id 0
Default local pref 100, local AS 65530
Status codes: s suppressed, d damped, h history, * valid, > best, = multipath,
i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop’s vrf id, < announce-nh-self
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:100
*>i10.1.1.1/32 198.19.1.255 0 100 0 ?
UN=198.19.1.255 EC{100:100} label=100 type=bgp, subtype=0
*> 10.2.2.1/32 0.0.0.0@5< 0 32768 ?
UN=0.0.0.0 EC{100:100} label=100 type=bgp, subtype=5

Displayed 2 routes and 2 total paths

vyos@Router-1$ show ip route vrf kmg
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
f - OpenFabric,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
t - trapped, o - offload failure

VRF kmg:
K>* 0.0.0.0/0 [255/8192] unreachable (ICMP unreachable), 14:54:06
C>* 10.2.2.1/32 is directly connected, dum100, 14:54:05

vyos@Router-2# show protocols bgp | commands
set local-as β€˜65530’
set neighbor 198.19.2.255 address-family ipv4-vpn route-reflector-client
set neighbor 198.19.2.255 remote-as β€˜65530’
set neighbor 198.19.2.255 update-source β€˜dum0’
set parameters router-id β€˜198.19.1.255’

vyos@Router-2# show vrf name kmg | commands
set protocols bgp address-family ipv4-unicast export vpn
set protocols bgp address-family ipv4-unicast import vpn
set protocols bgp address-family ipv4-unicast label vpn export β€˜100’
set protocols bgp address-family ipv4-unicast rd vpn export β€˜100:100’
set protocols bgp address-family ipv4-unicast redistribute connected
set protocols bgp address-family ipv4-unicast route-target vpn both β€˜100:100’
set protocols bgp local-as β€˜65530’
set table β€˜100’

vyos@Router-2$ show bgp ipv4 vpn
BGP table version is 3, local router ID is 198.19.1.255, vrf id 0
Default local pref 100, local AS 65530
Status codes: s suppressed, d damped, h history, * valid, > best, = multipath,
i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop’s vrf id, < announce-nh-self
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:100
*> 10.1.1.1/32 0.0.0.0@5< 0 32768 ?
UN=0.0.0.0 EC{100:100} label=100 type=bgp, subtype=5
*>i10.2.2.1/32 198.19.2.255 0 100 0 ?
UN=198.19.2.255 EC{100:100} label=100 type=bgp, subtype=0

Displayed 2 routes and 2 total paths
vyos@Router-2$ show ip route vrf kmg
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
f - OpenFabric,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
t - trapped, o - offload failure

VRF kmg:
C>* 10.1.1.1/32 is directly connected, dum100, 01:11:51

Hi,

did you check https://blog.vyos.io/l3vpn-evpn-creating-a-multi-tenant-service-provider-network ?

Hi

if you want to configure L3vpn with MP-BGP and ospf to distribute the labels , you 'll need to enable LDP . I suggest checking out this guide:

https://docs.vyos.io/en/latest/configexamples/l3vpn-hub-and-spoke.html

also , our documentation

https://docs.vyos.io/en/latest/configuration/vrf/index.html#l3vpn-vrfs

regards

Hi c-po, I looked at this material, but I thought about doing the next lab with EVPN, in this current one I thought I could only raise L3VPN with MPBGP.

is it possible to raise the l3vpn only with BGP?

L3VPNs are using MPLS labels and those you need to enable label distribution protocol in order to get it work (LDP as suggested previously). Here is an example of L3VPN implementation and use case: L3VPN for Hub-and-Spoke connectivity with VyOS β€” VyOS 1.4.x (sagitta) documentation

2 Likes

vyos@Router-1# show interfaces | commands
set bridge br100 address β€˜10.1.1.1/24’
set bridge br100 description β€˜Bridge KMG’
set bridge br100 member interface vxlan100
set bridge br100 vrf β€˜kmg’
set dummy dum0 address β€˜198.19.2.255/32’
set dummy dum100 address β€˜144.144.144.144/32’
set dummy dum100 vrf β€˜kmg’
set tunnel tun10 address β€˜172.16.252.2/23’
set tunnel tun10 encapsulation β€˜gre’
set tunnel tun10 mtu β€˜1300’
set tunnel tun10 multicast β€˜enable’
set tunnel tun10 parameters ip key β€˜1’
set tunnel tun10 parameters ip ttl β€˜16’
set tunnel tun10 source-address β€˜187.X.X.144’
set vxlan vxlan100 mtu β€˜1500’
set vxlan vxlan100 parameters nolearning
set vxlan vxlan100 port β€˜4789’
set vxlan vxlan100 source-address β€˜198.19.2.255’
set vxlan vxlan100 vni β€˜100’

vyos@Router-1# show protocols ospf | commands
set area 0.0.0.0 network β€˜172.16.252.0/23’
set interface tun10 dead-interval β€˜40’
set interface tun10 hello-interval β€˜10’
set interface tun10 network β€˜broadcast’
set interface tun10 passive disable
set interface tun10 priority β€˜0’
set interface tun10 retransmit-interval β€˜5’
set interface tun10 transmit-delay β€˜1’
set passive-interface β€˜default’
set redistribute connected route-map β€˜OSPF-EXPORT’

vyos@Router-1# show protocols bgp | commands
set address-family ipv4-unicast network 187.49.128.144/29
set address-family l2vpn-evpn advertise ipv4 unicast
set address-family l2vpn-evpn advertise-all-vni
set local-as β€˜65530’
set neighbor 198.19.1.254 address-family l2vpn-evpn
set neighbor 198.19.1.254 remote-as β€˜65530’
set neighbor 198.19.1.254 update-source β€˜dum0’
set neighbor 198.19.1.255 address-family l2vpn-evpn
set neighbor 198.19.1.255 remote-as β€˜65530’
set neighbor 198.19.1.255 update-source β€˜dum0’

vyos@Router-1# show vrf name kmg | commands
set protocols bgp address-family ipv4-unicast redistribute connected
set protocols bgp address-family l2vpn-evpn advertise ipv4 unicast
set protocols bgp local-as β€˜65530’
set table β€˜100’
set vni β€˜100’

vyos@Router-2# show interfaces | commands
set bridge br100 address β€˜10.2.2.1/24’
set bridge br100 description β€˜Bridge KMG’
set bridge br100 member interface vxlan100
set bridge br100 vrf β€˜kmg’
set dummy dum0 address β€˜198.19.1.255/32’
set dummy dum100 address β€˜82.82.82.82/32’
set dummy dum100 vrf β€˜kmg’
set tunnel tun10 address β€˜172.16.253.254/23’
set tunnel tun10 encapsulation β€˜gre’
set tunnel tun10 mtu β€˜1300’
set tunnel tun10 multicast β€˜enable’
set tunnel tun10 parameters ip key β€˜1’
set tunnel tun10 parameters ip ttl β€˜16’
set tunnel tun10 source-address β€˜200.71.79.66’
set vxlan vxlan100 mtu β€˜1500’
set vxlan vxlan100 parameters nolearning
set vxlan vxlan100 port β€˜4789’
set vxlan vxlan100 source-address β€˜198.19.1.255’
set vxlan vxlan100 vni β€˜100’

vyos@Router-2# show protocols ospf | commands
set area 0.0.0.0 network β€˜172.16.252.0/23’
set interface tun10 dead-interval β€˜40’
set interface tun10 hello-interval β€˜10’
set interface tun10 network β€˜broadcast’
set interface tun10 passive disable
set interface tun10 priority β€˜255’
set interface tun10 retransmit-interval β€˜5’
set interface tun10 transmit-delay β€˜1’
set passive-interface β€˜default’
set redistribute connected route-map β€˜OSPF-OUT’

vyos@Router-2# show protocols bgp | commands
set address-family l2vpn-evpn advertise ipv4 unicast
set address-family l2vpn-evpn advertise-all-vni
set local-as β€˜65530’
set neighbor 198.19.2.255 address-family ipv4-vpn
set neighbor 198.19.2.255 address-family l2vpn-evpn
set neighbor 198.19.2.255 remote-as β€˜65530’
set neighbor 198.19.2.255 update-source β€˜dum0’
set parameters router-id β€˜198.19.1.255’

vyos@Router-2# show vrf name kmg | commands kmg
set protocols bgp address-family ipv4-unicast redistribute connected
set protocols bgp address-family l2vpn-evpn advertise ipv4 unicast
set protocols bgp local-as β€˜65530’
set table β€˜100’
set vni β€˜100’

vyos@Router-1# run show bgp l2vpn evpn
BGP table version is 5, local router ID is 198.19.2.122
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
EVPN type-1 prefix: [1]:[EthTag]:[ESI]:[IPlen]:[VTEP-IP]
EVPN type-2 prefix: [2]:[EthTag]:[MAClen]:[MAC]:[IPlen]:[IP]
EVPN type-3 prefix: [3]:[EthTag]:[IPlen]:[OrigIP]
EVPN type-4 prefix: [4]:[ESI]:[IPlen]:[OrigIP]
EVPN type-5 prefix: [5]:[EthTag]:[IPlen]:[IP]

Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 10.1.1.1:2
*> [5]:[0]:[24]:[10.1.1.0]
198.19.2.255 0 32768 ?
ET:8 RT:65530:100 Rmac:8e:59:d3:1b:ad:80
Route Distinguisher: 10.2.2.1:2
*>i[5]:[0]:[24]:[10.2.2.0]
198.19.1.255 0 100 0 ?
RT:65530:100 ET:8 Rmac:62:b3:ea:76:2b:c1

Displayed 2 out of 2 total prefixes

vyos@Router-2# run show bgp l2vpn evpn
BGP table version is 7, local router ID is 198.19.1.255
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
EVPN type-1 prefix: [1]:[EthTag]:[ESI]:[IPlen]:[VTEP-IP]
EVPN type-2 prefix: [2]:[EthTag]:[MAClen]:[MAC]:[IPlen]:[IP]
EVPN type-3 prefix: [3]:[EthTag]:[IPlen]:[OrigIP]
EVPN type-4 prefix: [4]:[ESI]:[IPlen]:[OrigIP]
EVPN type-5 prefix: [5]:[EthTag]:[IPlen]:[IP]

Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 10.1.1.1:2
*>i[5]:[0]:[24]:[10.1.1.0]
198.19.2.255 0 100 0 ?
RT:65530:100 ET:8 Rmac:8e:59:d3:1b:ad:80
Route Distinguisher: 10.2.2.1:2
*> [5]:[0]:[24]:[10.2.2.0]
198.19.1.255 0 32768 ?
ET:8 RT:65530:100 Rmac:62:b3:ea:76:2b:c1

Displayed 2 out of 2 total prefixes

I only see ip addresses of the bridge br100.

what I need is to have connectivity from the dum100 interface, as I intend to use vrf kmg as it manages.

I must be wrong somewhere, could you help me find the error.