Page MenuHomeVyOS Platform

[L3VPN] VPNv4/VPNv6 add commands
Closed, ResolvedPublic

Description

Hi Team!

I've been worked with vpnv4/v6 on Vyos and some commands are missing . I'll give a example on FRR(it's official documentation):

http://docs.frrouting.org/en/stable-7.5/bgp.html?highlight=l3vpn#l3vpn-vrfs

these news command they should be below 'address-family ipv4/v6 unicast' , let me show:

vyos@rt-pe-01:~$ show configuration commands | match bgp
set protocols bgp local-as '65001'
set protocols bgp neighbor 1.1.1.1 address-family ipv4-vpn nexthop-self
set protocols bgp neighbor 1.1.1.1 peer-group 'RR_VPNv4'
set protocols bgp parameters default no-ipv4-unicast
set protocols bgp parameters log-neighbor-changes
set protocols bgp parameters router-id '7.7.7.7'
set protocols bgp peer-group RR_VPNv4 remote-as '65001'
set protocols bgp peer-group RR_VPNv4 update-source 'dum10'
set vrf name BLUE_C protocols bgp address-family ipv4-unicast network 10.50.50.0/24
set vrf name BLUE_C protocols bgp address-family ipv4-unicast redistribute connected
### set vrf name BLUE_C protocols bgp address-family ipv4-unicast  rd vpn [xxxxx:xxx -new command]
### set vrf name BLUE_C protocols bgp address-family ipv4-unicast  rt  vpn [xxxxx:xxx -new command}
set vrf name BLUE_C protocols bgp local-as '65001'
set vrf name BLUE_C protocols bgp neighbor 10.50.50.2 address-family ipv4-unicast
set vrf name BLUE_C protocols bgp neighbor 10.50.50.2 remote-as '65035'

on FRR example :

router bgp 65001 vrf BLUE_C
 no bgp ebgp-requires-policy
 no bgp network import-check
 neighbor 10.50.50.2 remote-as 65035
 !
 address-family ipv4 unicast
  network 10.50.50.0/24
  redistribute connected
  label vpn export auto
  rd vpn export 10.50.50.1:1011
  rt vpn both 65035:1011
  export vpn
  import vpn
 exit-address-family

example with 'show vpn v4/v6':

rt-rr1# show bgp ipv4 vpn 10.50.50.0/24
BGP routing table entry for 10.50.50.1:1011:10.50.50.0/24
not allocated
Paths: (1 available, best #1)
  Advertised to non peer-group peers:
  7.7.7.7
  Local, (Received from a RR-client)
    7.7.7.7 from 7.7.7.7 (7.7.7.7)
      Origin incomplete, metric 0, localpref 100, valid, internal, best (First path received)
      Extended Community: RT:65035:1011
      Remote label: 144
      Last update: Mon Aug 16 22:15:45 2021

I think it is possible to add these new commands ,it'll be great to add function l3vpn-vrf (any-to-any or hub/spoke)

vyos@rt-pe-01:~$ show version

Version:          VyOS 1.4-rolling-202108081830
Release Train:    sagitta

Built by:         [email protected]
Built on:         Sun 08 Aug 2021 19:41 UTC
Build UUID:       fecd9688-d9f6-4b3e-bcdf-4ab20291c7af
Build Commit ID:  559585eb29e8b1

Architecture:     x86_64
Boot via:         installed image
System type:      KVM guest

Hardware vendor:  QEMU
Hardware model:   Standard PC (Q35 + ICH9, 2009)
Hardware S/N:
Hardware UUID:    e5568f03-b550-409d-a78f-1b02b92c6323

Copyright:        VyOS maintainers and contributor

Details

Difficulty level
Unknown (require assessment)
Version
- VyOS 1.4-rolling-202108081830
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)

Event Timeline

fernando created this object in space S1 VyOS Public.
fernando added a project: VyOS 1.4 Sagitta.
fernando changed Version from - to - VyOS 1.4-rolling-202108081830.Aug 17 2021, 1:44 PM
c-po changed the task status from Open to In progress.Aug 17 2021, 4:10 PM
c-po claimed this task.
c-po triaged this task as Low priority.

Hi @fernando,

thanks for pushing and testing this featureset. Your requested changes will make it into the rolling image the next couple of days!

c-po changed the task status from In progress to Needs testing.EditedAug 18 2021, 2:11 PM

The latest rolling 1.4-rolling-202108180805 should have it all.

@c-po

I have a good news, we already able to setting vpnv4 on Vyos ! thanks for your support , I was testing it and didn't have problems .let me show:

set vrf name BLUE_C protocols bgp address-family ipv4-unicast export vpn
set vrf name BLUE_C protocols bgp address-family ipv4-unicast import vpn
set vrf name BLUE_C protocols bgp address-family ipv4-unicast label vpn export 'auto'
set vrf name BLUE_C protocols bgp address-family ipv4-unicast network 10.50.50.0/24
set vrf name BLUE_C protocols bgp address-family ipv4-unicast rd vpn export '10.50.50.1:1011'
set vrf name BLUE_C protocols bgp address-family ipv4-unicast redistribute connected
set vrf name BLUE_C protocols bgp address-family ipv4-unicast route-target vpn both '65035:1011'

routes learning on bgp/vpnv4 :

vyos@rt-pe-01:~$ show bgp vrf all

Instance default:
No BGP prefixes displayed, 0 exist

Instance BLUE_C:
BGP table version is 4, local router ID is 10.50.50.1, vrf id 6
Default local pref 100, local AS 65001
Status codes:  s suppressed, d damped, h history, * valid, > best, = multipath,
               i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
Origin codes:  i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*  10.50.50.0/24    0.0.0.0                  0         32768 i
*>                  0.0.0.0                  0         32768 ?
*> 10.60.60.0/24    10.10.10.10@0<           0    100      0 ?      ( customer external  neighbor prefixes)
*> 80.80.80.80/32   10.50.50.2               0             0 65035 i    (customer neighbor prefixes)

local RIB on VRF :

vyos@rt-pe-01:~$ show ip route  vrf BLUE_C
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
       F - PBR, f - OpenFabric,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup

VRF BLUE_C:
K>* 0.0.0.0/0 [255/8192] unreachable (ICMP unreachable), 00:58:23
C>* 10.50.50.0/24 is directly connected, eth3, 00:58:22
B>  10.60.60.0/24 [200/0] via 10.10.10.10 (vrf default) (recursive), label 144, weight 1, 00:04:04
  *                         via 172.16.90.1, eth0 (vrf default), label 19/144, weight 1, 00:04:04
B>* 80.80.80.80/32 [20/0] via 10.50.50.2, eth3, weight 1, 00:58:07

I'll continues to test different features (vpnv6 ,etc) and if there are a extras commands , i 'll let you know .