mpls: layer3-vpns, pe-ce routing protocol – ospf

Hello everyone!
Right now I am going to show how to use OSPF as a PE-CE routing protocol when using MPLS VPNs.

Here is our topology (same topology like with the other protocols used):

Given:
– a small MPLS backbone with SPCORE as P-Router (MPLS only, no BGP), SPEDGE routers as PE-Routers with MP-BGP enabled
– fa0/1 of the SPEDGE routers are in vrf “CUSTOMER”
– on the SP routers there is an OSPF process “1” which is used for backbone connectivity for the MP-BGP routers and for LDP
– some loopback interfaces which simulate networks connected to the SITE routers

Challenge:
– configure OSPF as the PE-CE routing protocol and make sure that the networks of SITE1 and SITE2 can reach each other via the MPLS VPN backbone.

Here is the config part of the SP routers (the routing protocol part):

SPCORE (MPLS and OSPF “1” only for backbone connectivity)

SPCORE#sh run | sec router
router ospf 1
 router-id 10.10.10.1
 log-adjacency-changes

SPEDGE1 (MPLS, OSPF backbone and MP-BGP)

SPEDGE1(config)#do sh run | sec router 
router ospf 1
 router-id 10.10.10.2
 log-adjacency-changes
router bgp 1
 no synchronization
 bgp log-neighbor-changes
 neighbor 10.10.10.3 remote-as 1
 neighbor 10.10.10.3 update-source Loopback0
 neighbor 10.10.10.3 next-hop-self
 neighbor 10.10.10.3 send-community both
 no auto-summary
 !
 address-family vpnv4
  neighbor 10.10.10.3 activate
  neighbor 10.10.10.3 send-community both
  neighbor 10.10.10.3 next-hop-self
 exit-address-family
 !
 address-family ipv4 vrf CUSTOMER
  no synchronization
 exit-address-family

SPEDGE2 (MPLS, OSPF backbone and MP-BGP)

SPEDGE2#sh run | sec router
router ospf 1
 router-id 10.10.10.3
 log-adjacency-changes
router bgp 1
 no synchronization
 bgp log-neighbor-changes
 neighbor 10.10.10.2 remote-as 1
 neighbor 10.10.10.2 update-source Loopback0
 neighbor 10.10.10.2 next-hop-self
 neighbor 10.10.10.2 send-community extended
 no auto-summary
 !
 address-family vpnv4
  neighbor 10.10.10.2 activate
  neighbor 10.10.10.2 send-community both
  neighbor 10.10.10.2 next-hop-self
 exit-address-family
 !
 address-family ipv4 vrf CUSTOMER
  no synchronization
 exit-address-family

So lets start with configuring OSPF on the SITE routers.

SITE1(config-if)#router ospf 1    
SITE1(config-router)#router-id 1.1.1.1
SITE1(config-router)#redistribute connected subnets
SITE1(config-router)#int fa0/0
SITE1(config-if)#ip ospf 1 are 0
!
SITE2(config)#router ospf 1
SITE2(config-router)#router-id 2.2.2.2
SITE2(config-router)#redistribute connected subnets
SITE2(config-router)#int fa0/0
SITE2(config-if)#ip ospf 1 are 0

Ok so far so good. We will now enter the configuration for the SPEDGE routers. As you can see now, there is no such thing like address families. We need to generate a separate OSPF process and bind this process to the corresponding vrf.

SPEDGE1(config)#router ospf 2 vrf CUSTOMER
SPEDGE1(config-router)#router-id 10.10.11.1
SPEDGE1(config-router)#int fa0/1
SPEDGE1(config-if)#ip ospf 2 are 0
!
SPEDGE2(config)#router ospf 2 vrf CUSTOMER
SPEDGE2(config-router)#router-id 10.10.22.1
SPEDGE2(config-router)#int fa0/1
SPEDGE2(config-if)#ip ospf 2 are 0

We can then see our adjacencies coming up!

SITE1#sh ip o n
!
Neighbor ID     Pri   State           Dead Time   Address         Interface
10.10.11.1        1   FULL/BDR        00:00:36    10.10.11.1      FastEthernet0/0
!
SITE2#sh ip ospf ne  
!
Neighbor ID     Pri   State           Dead Time   Address         Interface
10.10.22.1        1   FULL/BDR        00:00:29    10.10.22.1      FastEthernet0/0

When checking the routing tables we can see that we dont have ALL routes in the routing table. For example at SITE1 we are missing the networks of SITE2 and vice versa.

SITE1#sh ip route ospf
!
SITE1#

Nothing! Well thats quite logical because we have not configured mutual redistribution between OSPF and BGP yet. Lets do this. (By the way, on the SPEDGE routers you now should see the OSPF routes of the attached SITE router).

SPEDGE1#sh ip route vrf CUSTOMER ospf
!
Routing Table: CUSTOMER
!
     1.0.0.0/32 is subnetted, 1 subnets
O E2    1.1.1.1 [110/20] via 10.10.11.2, 00:03:31, FastEthernet0/1
     11.0.0.0/32 is subnetted, 3 subnets
O E2    11.11.11.11 [110/20] via 10.10.11.2, 00:03:31, FastEthernet0/1
O E2    11.11.11.13 [110/20] via 10.10.11.2, 00:03:31, FastEthernet0/1
O E2    11.11.11.12 [110/20] via 10.10.11.2, 00:03:31, FastEthernet0/1

So here is the config of BGP and OSPF on the SPEDGE routers:

SPEDGE1(config-router)#router ospf 2 vrf CUSTOMER           
SPEDGE1(config-router)#redistribute bgp 1 metric 100 subnets
SPEDGE1(config-router)#router bgp 1
SPEDGE1(config-router)#address-family ipv4 unicast vrf CUSTOMER
SPEDGE1(config-router-af)#redistribute ospf 2 metric 100 match internal external
!
SPEDGE2(config)#router ospf 2 vrf CUSTOMER
SPEDGE2(config-router)#redistribute bgp 1 metric 100 subnets 
SPEDGE2(config-router)#router bgp 1
SPEDGE2(config-router)#address-family ipv4 unicast vrf CUSTOMER
SPEDGE2(config-router-af)#redistribute ospf 2 metric 100 match internal external

We should now have all networks in the BGP table and after that we can check the site routers if they are receiving OSPF routes from the MPLS backbone.

SPEDGE1#sh ip bgp vpnv4 all
BGP table version is 282, local router ID is 10.10.10.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 1:1 (default for vrf CUSTOMER)
*> 1.1.1.1/32       10.10.11.2             100         32768 ?
*>i2.2.2.2/32       10.10.10.3             100    100      0 ?
*> 10.10.11.0/30    0.0.0.0                  0         32768 ?
*>i10.10.22.0/30    10.10.10.3               0    100      0 ?
*> 11.11.11.11/32   10.10.11.2             100         32768 ?
*> 11.11.11.12/32   10.10.11.2             100         32768 ?
*> 11.11.11.13/32   10.10.11.2             100         32768 ?
*>i22.22.22.21/32   10.10.10.3             100    100      0 ?
*>i22.22.22.22/32   10.10.10.3             100    100      0 ?
*>i22.22.22.23/32   10.10.10.3             100    100      0 ?
*>i192.168.11.0/30  10.10.10.3             100    100      0 ?
!
SPEDGE2#sh ip bgp vpnv4 al
BGP table version is 277, local router ID is 10.10.10.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 1:1 (default for vrf CUSTOMER)
*>i1.1.1.1/32       10.10.10.2             100    100      0 ?
*> 2.2.2.2/32       10.10.22.2             100         32768 ?
*>i10.10.11.0/30    10.10.10.2               0    100      0 ?
*> 10.10.22.0/30    0.0.0.0                  0         32768 ?
*>i11.11.11.11/32   10.10.10.2             100    100      0 ?
*>i11.11.11.12/32   10.10.10.2             100    100      0 ?
*>i11.11.11.13/32   10.10.10.2             100    100      0 ?
*> 22.22.22.21/32   10.10.22.2             100         32768 ?
*> 22.22.22.22/32   10.10.22.2             100         32768 ?
*> 22.22.22.23/32   10.10.22.2             100         32768 ?
*> 192.168.11.0/30  10.10.22.2             100         32768 ?

Looks good. Lets check the routing tables of the site routers.

SITE1#sh ip route ospf
     2.0.0.0/32 is subnetted, 1 subnets
O E2    2.2.2.2 [110/100] via 10.10.11.1, 00:00:43, FastEthernet0/0
     22.0.0.0/32 is subnetted, 3 subnets
O E2    22.22.22.22 [110/100] via 10.10.11.1, 00:00:43, FastEthernet0/0
O E2    22.22.22.23 [110/100] via 10.10.11.1, 00:00:43, FastEthernet0/0
O E2    22.22.22.21 [110/100] via 10.10.11.1, 00:00:43, FastEthernet0/0
     10.0.0.0/30 is subnetted, 2 subnets
O IA    10.10.22.0 [110/110] via 10.10.11.1, 00:03:12, FastEthernet0/0
!
SITE2#sh ip route ospf
     1.0.0.0/32 is subnetted, 1 subnets
O E2    1.1.1.1 [110/100] via 10.10.22.1, 00:01:24, FastEthernet0/0
     10.0.0.0/30 is subnetted, 2 subnets
O IA    10.10.11.0 [110/110] via 10.10.22.1, 00:03:34, FastEthernet0/0
     11.0.0.0/32 is subnetted, 3 subnets
O E2    11.11.11.11 [110/100] via 10.10.22.1, 00:01:24, FastEthernet0/0
O E2    11.11.11.13 [110/100] via 10.10.22.1, 00:01:24, FastEthernet0/0
O E2    11.11.11.12 [110/100] via 10.10.22.1, 00:01:24, FastEthernet0/0

Perfect! Lets check the connectivity to see if the VPN labels are used correctly in the MPLS backbone.

SITE1#ping 22.22.22.22 so lo1
!
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 22.22.22.22, timeout is 2 seconds:
Packet sent with a source address of 11.11.11.11 
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 76/136/172 ms

So thats it :). I hope you enjoyed this little post.
Feel free to comment!
Regards!
Markus

Advertisements

About markus.wirth

Living near Limburg in Germany, working as a Network Engineer around Frankfurt am Main.
This entry was posted in MPLS, Routing and tagged , , , , , , , , , , , , , , , , , . Bookmark the permalink.

2 Responses to mpls: layer3-vpns, pe-ce routing protocol – ospf

  1. Pingback: OSPF | Suyash Jain

  2. Arash Nabavi says:

    Hey, Thank you for the detailed information. Would it be possible to also post the startup configuration before applying the modification. I keep have to go back and forth to find out if I’m missing something in this configuration or something has to change prior to these guys.

    appreciate it.

    regards,
    Arash Nabavi

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s