Re: [mpls-linux-general] Problem with Layer 2 VPN when connecting 3 or more sites

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

My ethernet of MPLS implementation was only designed for point-to-point
ethernet connections, that explains why you are having so many issues.
(it sounds like it it constantly in flooding state)

I haven't put much thought into how to make it work for multi-point
connections, but ....

The first step is to try to gather info about the MAC learning
and see if you can figure out why it is not associating the MACs from
incoming packets with outgoing interfaces.  Maybe there is some sort of
debug mode you can enable, or some brctl command that will you enough
info.  Once you can 'see' the MAC learning process, then try to influence
it by using the 'set' opcode on ILMs to tell it which interface to make it
look like the packets are arriving on.  Maybe it comes down to needing to
write a small daemon that listens for MAC learning messages and then
dynamically builds the ebtables rules to map the MAC to a LSP.
=20
On Mon, Jul 16, 2007 at 03:51:00PM +0300, Sami Ruponen wrote:
> Hello,
>=20
> I have a problem with the following scenario.
>=20
>           eth2   eth1
>  -----      .----.           .---              ----       -----
> |host1|-----|LER1|-----------|LSR|------------|LER2|-----|host2|
>  -----       ----             ---              ----       -----
>                                |
>                                |
>                                |
>                              ----          -----
>                             |LER3|--------|host3|
>                              ----          -----
>=20
> Label 500 --> LER1
> Label 600 --> LER2
> Label 700 --> LER3
> VPN's inner label is 16
>=20
> I'm trying to get a layer 2 VPN working between these 3 hosts. I managed =
to=20
> get this working so that the hosts appear to be in the same LAN (connecte=
d in=20
> layer 2). The problem is that in LERs I had to use linux bridge with coup=
le=20
> of dummy interfaces attached to it and proper ebtables rules so that the=
=20
> frames are sent to each host.
>=20
> At the moment this is working so that for example host1 can send data to =
host2=20
> but everything (ethernet frames) is also sent to host3. Obviously this=20
> generates extra traffic, since and I want the LER to learn the mac addres=
ses=20
> that reside at the other end of each tunnel so that the traffic goes only=
=20
> where it should go (to act as a real switch). The problem at the moment i=
s=20
> that the bridge in LER isn't learning the mac addresses.
>=20
> Here's some information about LER1...
>=20
> I use following ebtables rules:
> -t nat -A POSTROUTING -o dummy0 -j mpls  --nhlfe 0x19
> -t nat -A POSTROUTING -o dummy1 -j mpls  --nhlfe 0x1b
>=20
> and the bridge looks like this:
> bridge name     bridge id               STP enabled     interfaces
> br0             8000.001b243d78b1       no              eth2
>                                                         dummy0
>                                                         dummy1
>=20
> mpls nhlfe show:
> NHLFE entry key 0x0000001e mtu 1500 propagate_ttl
>         set eth2 packet (14148 bytes, 124 pkts)
> NHLFE entry key 0x0000001b mtu 1492 propagate_ttl
>         push gen 16 forward key 0x0000001a  (18348 bytes, 228 pkts)
> NHLFE entry key 0x0000001a mtu 1496 propagate_ttl
>         push gen 700 set eth1 ipv4 10.1.5.1  (19260 bytes, 228 pkts)
> NHLFE entry key 0x00000019 mtu 1492 propagate_ttl
>         push gen 16 forward key 0x00000018  (18348 bytes, 228 pkts)
> NHLFE entry key 0x00000018 mtu 1496 propagate_ttl
>         push gen 600 set eth1 ipv4 10.1.5.1  (19260 bytes, 228 pkts)
>=20
> mpls ilm show:
> ILM entry label gen 16 labelspace 0 proto packet
>         pop forward key 0x0000001e  (14644 bytes, 124 pkts)
> ILM entry label gen 500 labelspace 0 proto ipv4
>         pop peek  (15140 bytes, 124 pkts)
>=20
> Is there any solution to this scenario. Am I missing or misunderstood=20
> something. How can I get the incoming traffic also to pass the bridge so =
that=20
> bridge learns the addresses. Is the solution to use some mpls tunnel comm=
ands=20
> or to use some other interfaces than dummy interfaces (tun/tap/mpls0). Th=
e=20
> solution should also scale moderately.
>=20
> I'd appreciated for any help.
>=20
> -------------------------------------------------------------------------
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> _______________________________________________
> mpls-linux-general mailing list
> mpl...@li...
> https://lists.sourceforge.net/lists/listinfo/mpls-linux-general

--=20
James R. Leu
jl...@mi...