OpenR on NCS5500

For detail info, please refer to following  Akshat’s article, for my article only simply summary step to build openr on ncs5500. Thanks Akshat’s help for the openr set up 🙂

https://xrdocs.io/cisco-service-layer/blogs/2018-02-16-xr-s-journey-to-the-we-b-st-open-r-integration-with-ios-xr/

1. Set up the private insecure registry on your server

Refer as follow:

https://docs.docker.com/registry/deploying/ 

https://xrdocs.io/application-hosting/tutorials/2017-02-26-running-docker-containers-on-ios-xr-6-1-2/#private-insecure-registry

[root@nso ~]# nano /etc/yum.repos.d/docker.repo
[root@nso ~]# yum install docker-engine 
[root@nso ~]# systemctl start docker
[root@nso ~]# docker run -d -p 5000:5000 --restart=always --name registry registry:2
[root@nso ~]# docker pull akshshar/openr-xr
[root@nso ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                    NAMES
c4636568f48a        registry:2          "/entrypoint.sh /e..."   6 minutes ago       Up 6 minutes        0.0.0.0:5000->5000/tcp   registry

[root@nso ~]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
registry            2                   f32a97de94e1        13 days ago         25.8MB
akshshar/openr-xr   latest              b51c260b060e        2 months ago        1.76GB

[root@nso ~]# docker tag akshshar/openr-xr 10.75.58.72:5000/openr-xr
[root@nso ~]# docker images
REPOSITORY                  TAG                 IMAGE ID            CREATED             SIZE
registry                    2                   f32a97de94e1        13 days ago         25.8MB
akshshar/openr-xr           latest              b51c260b060e        2 months ago        1.76GB
10.75.58.72:5000/openr-xr   latest              b51c260b060e        2 months ago        1.76GB
[root@nso ~]# docker push 10.75.58.72:5000/openr-xr
The push refers to a repository [10.75.58.72:5000/openr-xr]
Get https://10.75.58.72:5000/v1/_ping: http: server gave HTTP response to HTTPS client
[root@nso ~]# 

2. Add follow at “/etc/sysconfig/docker”

After changing the docker opts, please wait some seconds, docker will auto restart.

DOCKER_OPTS=" --insecure-registry 10.75.58.72:5000"

3. Config GRPC on ncs55

grpc
 port 57777
 no-tls  <<< after 651, auto enable tls, base on now openr package, disable tls
 service-layer

4. docker pull openr from priviate registry

[xr-vm_node0_RP0_CPU0:~]$docker pull 10.75.58.72:5000/openr-xr
Using default tag: latest
latest: Pulling from openr-xr

4f1bb8b65720: Pull complete 
4791a9f80860: Pull complete 
c7bccbb1d183: Pull complete 
94925a7a8f89: Pull complete 
1a776d5f8f21: Pull complete 
21601f5e9bd9: Extracting [=========================================>         ] 383.3 MB/462.9 MB
21601f5e9bd9: Pull complete 
Digest: sha256:e0fed850c4f0da4ee8f64ed2739cc6efd117f78f7a98491c6688963bfe0c2afd
Status: Downloaded newer image for 10.75.58.72:5000/openr-xr:latest

[xr-vm_node0_RP0_CPU0:~]$docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
[xr-vm_node0_RP0_CPU0:~]$docker images
REPOSITORY                  TAG                 IMAGE ID            CREATED             SIZE
10.75.58.72:5000/openr-xr   latest              b51c260b060e        11 weeks ago        1.756 GB

5. Create “run_openr_.sh” and “hosts_” in /misc/app_host

Detail follow by https://github.com/akshshar/openr-xr/tree/openr20171212/docker/iosxr/slapi/rtr1

,btw please attention, must add “x” priviledge for “run_openr_R31.sh”:

[R31:/misc/app_host]$ ls -l
total 528
lrwxrwxrwx. 1 root root     14 Mar 29 02:33 app_host -> /misc/app_host
drwxr-xr-x. 2 root root   4096 Mar 30 08:36 app_hosting_apply_cmd
drwxr-xr-x. 5 root root   4096 Dec  7 03:18 app_repo
drwx-----x. 9 root root   4096 Dec  7 03:19 docker
srw-rw----. 1 root root      0 Mar 31 14:55 docker.sock
drwxr-xr-x. 5 root root   4096 Dec  7 03:18 etc
-rw-r--r--. 1 root root     60 Apr  1 15:43 hosts_R31 <<< create
drwx------. 2 root root  16384 Dec  7 03:12 lost+found
-rw-r--r--. 1 root root 486071 Apr  1 16:04 openr_logs
-rwxr-xr--. 1 root root   5047 Apr  1 15:44 run_openr_R31.sh <<< create
drwxrwxr-x. 2 root sudo   4096 Dec  7 03:18 scratch
drwxr-xr-x. 3 root root   4096 Dec  7 03:18 var

[R31:/misc/app_host]$ chmod +x /misc/app_host/run_openr_R31.sh
[R31:/misc/app_host]$ ls -l /misc/app_host/run_openr_R31.sh
-rwxr-xr-x. 1 root root 5048 Apr  3 04:05 /misc/app_host/run_openr_R31.sh

6. docker run the openr

As above instruct, all the expected files must be created before docker run, e.g “/var/run/netns”, “/misc/app_host” and “/misc/app_host/hosts_R31”. If docker run have issue, suggest remove all -v option, then add back one by one for troubleshooting.

docker run -itd --name openr --cap-add=SYS_ADMIN --cap-add=NET_ADMIN -v /var/run/netns:/var/run/netns -v /misc/app_host:/root -v /misc/app_host/hosts_R31:/etc/hosts --hostname R31 10.75.58.72:5000/openr-xr bash

If use “bash” keyword, I must manual login docker and enable openr after docker start each time, so replaced by follow. Then stop it only using “docker stop openr”  and start again using “docker start openr”, not need manual enable openr again 🙂

docker run -itd --name openr --cap-add=SYS_ADMIN --cap-add=NET_ADMIN -v /var/run/netns:/var/run/netns -v /misc/app_host:/root -v /misc/app_host/hosts_R31:/etc/hosts --hostname R31 10.75.58.72:5000/openr-xr /root/run_openr_R31.sh

7. Check SL info after docker and openr runing

RP/0/RP0/CPU0:R31#show service-layer vrf all
Mon Apr  1 16:12:33.961 UTC
vrf name: default,  vrf afi: IPv4,  vrf state: eof,
vrf magic: valid,  vrf purge time: 500,  vrf admin distance: 99,
vrf flags: eof ,

vrf name: default,  vrf afi: IPv6,  vrf state: eof,
vrf magic: valid,  vrf purge time: 500,  vrf admin distance: 99,
vrf flags: eof ,

8. Enable peer openr, then check openr interface info

After enabling 1st openr, no any interface info. Until 2nd openr enable, link monitor will send “hello” and auto detect adj by a link-local ipv6 multicast address/udp, then update to KV-Store. But you will find only interface up, but no any adj info, that mean no hello interaction between openr.

RP/0/RP0/CPU0:R31#bash
Tue Apr  2 00:13:33.262 UTC
[R31:~]$ docker exec -it openr bash
root@R31:/#  ip netns exec global-vrf bash
root@R31:/# breeze kvstore interfaces
> R31's interfaces
Interface    Status      ifIndex  Addresses
-----------  --------  ---------  -----------------------
Hg0_0_1_1    UP               55  fe80::2bc:60ff:fe72:4a4
Hg0_0_1_3    UP               53  fe80::2bc:60ff:fe72:4ac
Tg0_0_0_19   UP               29  fe80::2bc:60ff:fe72:44c
root@R31:/#  breeze kvstore adj       


root@R31:/#

9. Troubleshooting and enable openr adj

After checked, there are two issues, after fixed, adj info is ok.

– Peer devices R32 miss a cmd

RP/0/RP0/CPU0:R32#sh run int hun0/0/1/1
Tue Apr 2 15:04:24.116 UTC
interface HundredGigE0/0/1/1
description To-R31-HundredGigE0/0/1/1
mtu 9000
ipv6 nd unicast-ra   <<< this must have
ipv6 address 2001:ab::2/64
ipv6 enable  <<< this must have, miss the cmd that will enable ipv6 in openr
load-interval 30

– Due to I am not enable ipv4 on physical port, so need to disable ipv4 in “run_openr_R31.sh”, at default, open/R will not send discovery messages out of interfaces without ipv4 addresses. Setting it to false will restrict operation to ipv6 neighbors and ipv6 routes only.

# Enable v4
ENABLE_V4=false   <<< default is true

– Due to I use the same “run_openr_<xxx>.sh” at R31 and R32, that will cuase two openr send same ipv4 and ipv6 prefix…this is incorrect. A neighbor will only learn routes and program them into IOS-XR RIB if they are new/unique, so correct that:

R32:

# List of comma separated list of prefixes to announce
# e.g. “face:cafe::1/128,face:b00c::/64”
#ROUTE_LIST=$(python /root/increment_ipv4_prefix2.py)
ROUTE_LIST=
PREFIXES=“60.1.1.1/32,${ROUTE_LIST},face:cafe::20/128,face:b00c::20/128”

R31:

# List of comma separated list of prefixes to announce
# e.g. “face:cafe::1/128,face:b00c::/64”
#ROUTE_LIST=$(python /root/increment_ipv4_prefix1.py)
ROUTE_LIST=
PREFIXES=“50.1.1.1/32,${ROUTE_LIST},face:cafe::10/128,face:b00c::10/128”

Then check adj again:

RP/0/RP0/CPU0:R31#bash
Wed Apr  3 03:14:19.317 UTC
[R31:~]$ docker exec -it openr bash
root@R31:/# ip netns exec global-vrf bash
root@R31:/# breeze kvstore adj 

> R31's adjacencies, version: 529, Node Label: 27028, Overloaded?: False
Neighbor    Local Interface    Remote Interface      Metric    Weight    Adj Label  NextHop-v4    NextHop-v6                Uptime
R32         Hg0_0_1_1          Hg0_0_1_1                  2         1        50051  0.0.0.0       fe80::2bc:60ff:fe71:eca4  11h28m


root@R31:/# breeze fib list

== R31's FIB routes by client 786  ==

> face:b00c::20/128
via fe80::2bc:60ff:fe71:eca4@Hg0_0_1_1

> face:cafe::20/128
via fe80::2bc:60ff:fe71:eca4@Hg0_0_1_1


root@R31:/# exit
exit
root@R31:/# exit
exit
[R31:~]$ exit
logout

RP/0/RP0/CPU0:R31#show ipv6 interface hun0/0/1/1
Wed Apr  3 03:18:04.457 UTC
HundredGigE0/0/1/1 is Up, ipv6 protocol is Up, Vrfid is default (0x60000000)
  IPv6 is enabled, link-local address is fe80::2bc:60ff:fe72:4a4 
  Global unicast address(es):
    2001:ab::1, subnet is 2001:ab::/64 
  Joined group address(es): ff02::1:ff00:1 ff02::1:ff72:4a4 ff02::2
      ff02::1
  MTU is 9000 (8986 is available to IPv6)
  ICMP redirects are disabled
  ICMP unreachables are enabled
  ND DAD is enabled, number of DAD attempts 1
  ND reachable time is 0 milliseconds
  ND cache entry limit is 1000000000
  ND advertised retransmit interval is 0 milliseconds
  ND router advertisements are sent every 160 to 240 seconds
  ND router advertisements live for 1800 seconds
  Hosts use stateless autoconfig for addresses.
  Outgoing access list is not set
  Inbound  common access list is not set, access list is not set
  Table Id is 0xe0800000
  Complete protocol adjacency: 0
  Complete glean adjacency: 1
  Incomplete protocol adjacency: 0
  Incomplete glean adjacency: 0
  Dropped protocol request: 0
  Dropped glean request: 0
RP/0/RP0/CPU0:R31#sh ipv6 nei hun0/0/1/1
Wed Apr  3 03:18:14.247 UTC
IPv6 Address                             Age  Link-layer Add State Interface            Location
fe80::2bc:60ff:fe71:eca4                 92   00bc.6071.eca4 REACH Hu0/0/1/1            0/0/CPU0       
[Mcast adjacency]                           - 0000.0000.0000 REACH Hu0/0/1/1            0/0/CPU0       
RP/0/RP0/CPU0:R31#sh route ipv6
Wed Apr  3 03:18:29.241 UTC

Codes: C - connected, S - static, R - RIP, B - BGP, (>) - Diversion path
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, su - IS-IS summary null, * - candidate default
       U - per-user static route, o - ODR, L - local, G  - DAGR, l - LISP
       A - access/subscriber, a - Application route
       M - mobile route, r - RPL, t - Traffic Engineering, (!) - FRR Backup path

Gateway of last resort is not set

C    2001:1a::/64 is directly connected,
      12:37:58, TenGigE0/0/0/19
L    2001:1a::2/128 is directly connected,
      12:37:58, TenGigE0/0/0/19
C    2001:ab::/64 is directly connected,
      12:37:58, HundredGigE0/0/1/1
L    2001:ab::1/128 is directly connected,
      12:37:58, HundredGigE0/0/1/1
C    2001:ac::/64 is directly connected,
      12:37:59, HundredGigE0/0/1/3
L    2001:ac::1/128 is directly connected,
      12:37:59, HundredGigE0/0/1/3
i L2 2001:bc::/64 
      [115/2] via fe80::2bc:60ff:fe71:d4a0, 11:47:58, HundredGigE0/0/1/3
      [115/2] via fe80::2bc:60ff:fe71:eca4, 11:47:58, HundredGigE0/0/1/1
a    face:b00c::20/128   <<<---
      [99/0] via fe80::2bc:60ff:fe71:eca4, 00:01:09, HundredGigE0/0/1/1
a    face:cafe::20/128   <<<---
      [99/0] via fe80::2bc:60ff:fe71:eca4, 00:01:09, HundredGigE0/0/1/1
S    fc00:1::1/128 
      [1/0] via 2001:1a::1, 12:37:58
i L2 fc00:c::/64 
      [115/1] via fe80::2bc:60ff:fe71:d4a0, 12:37:59, HundredGigE0/0/1/3
RP/0/RP0/CPU0:R31#
0
你可以留言,或者trackback 从你的网站

留言哦

blonde teen swallows load.xxx videos