Configuring MPLS L3VPN with PE - CE Routing Protocol OSPF
Table of Contents
- What is MPLS L3VPN with PE - CE OSPF? ‹
- How to configure OSPF as the PE-CE routing protocol? ‹
- Download section ‹
What is MPLS L3VPN with PE - CE OSPF?
With an MPLS L3VPN deployment OSPF can be used between the PE and CE routers to exchange prefixes. This means, the PE routers have two-way redistribution configured between OSPF and BGP. Specifically, redistribution is configured between OSPF in VRF and the Multiprotocol-BGP VPNv4 address-family. In such a network design, the PE routers consider the MPLS core network as a superbackbone.
When the PE routers redistribute OSPF prefixes into the Multiprotocol-BGP VPNv4 address-family, they add Extended Communities to inform each other about the OSPF network. Particularly, the communities "OSPF Domain Identifier", "OSPF Route Type", and "OSPF Router ID" are added to BGP VPNv4 advertisements, as shown in the following capture.
The following outputs on a PE router show the OSPF Extended Communities. Furthermore, the OSPF RIB is shown on the PE, which indicates that a prefix was received via redistribution from an MPLS VPN (BGP VPNv4). This means that the PE is connected to the MPLS superbackbone which is also visible in the following outputs. The PE router considers itself an Area Border Router (ABR).
PE#show ip bgp vpnv4 vrf Gold 192.168.1.0 BGP routing table entry for 65100:2:192.168.1.0/24, version 28 Paths: (1 available, best #1, table Gold) Not advertised to any peer Refresh Epoch 1 Local, imported path from 65100:1:192.168.1.0/24 (global) 3.3.3.3 (metric 40) (via default) from 10.10.10.10 (10.10.10.10) Origin incomplete, metric 2, localpref 100, valid, internal, best Extended Community: RT:65100:1 OSPF DOMAIN ID:0x0005:0x0000000A0200 OSPF RT:0.0.0.0:2:0 OSPF ROUTER ID:3.3.3.3:0 Originator: 3.3.3.3, Cluster list: 10.10.10.10 mpls labels in/out nolabel/308 rx pathid: 0, tx pathid: 0x0 PE#show ip ospf rib redistribution 192.168.1.0 OSPF Router with ID (7.7.7.7) (Process ID 10) Base Topology (MTID 0) OSPF Redistribution 192.168.1.0/24, type 2, metric 2, tag 3489726028, from BGP Router 65100 (MPLS VPN) Attributes 0x200000, event 1, PDB Index 5, PDB Mask 0x0 Source route metric 2 and tag 0 via 3.3.3.3, unknown interface PE#show ip ospf Routing Process "ospf 10" with ID 7.7.7.7 Domain ID type 0x0005, value 0.0.0.10 Start time: 00:14:22.207, Time elapsed: 05:52:04.671 Supports only single TOS(TOS0) routes Supports opaque LSA Supports Link-local Signaling (LLS) Supports area transit capability Supports NSSA (compatible with RFC 3101) Supports Database Exchange Summary List Optimization (RFC 5243) Connected to MPLS VPN Superbackbone, VRF Gold Event-log disabled It is an area border and autonomous system boundary router Redistributing External Routes from, bgp 65100, includes subnets in redistribution Router is not originating router-LSAs with maximum metric Initial SPF schedule delay 5000 msecs Minimum hold time between two consecutive SPFs 10000 msecs Maximum wait time between two consecutive SPFs 10000 msecs Incremental-SPF disabled Minimum LSA interval 5 secs Minimum LSA arrival 1000 msecs LSA group pacing timer 240 secs Interface flood pacing timer 33 msecs Retransmission pacing timer 66 msecs EXCHANGE/LOADING adjacency limit: initial 300, process maximum 300 Number of external LSA 0. Checksum Sum 0x000000 Number of opaque AS LSA 0. Checksum Sum 0x000000 Number of DCbitless external and opaque AS LSA 0 Number of DoNotAge external and opaque AS LSA 0 Number of areas in this router is 1. 1 normal 0 stub 0 nssa Number of areas transit capable is 0 External flood list length 0 IETF NSF helper support enabled Cisco NSF helper support enabled Reference bandwidth unit is 100 mbps Area BACKBONE(0) Number of interfaces in this area is 1 Area has no authentication SPF algorithm last executed 05:39:19.444 ago SPF algorithm executed 11 times Area ranges are Number of LSA 5. Checksum Sum 0x02B004 Number of opaque link LSA 0. Checksum Sum 0x000000 Number of DCbitless LSA 0 Number of indication LSA 0 Number of DoNotAge LSA 0 Flood list length 0
Meanwhile, when a PE receives a BGP Update which contains a remote OSPF prefix, it will redistribute it into the local OSPF routing process as an Inter-Area Type-3 LSA. As a result, the CE routers receive prefixes for remote locations as OSPF Inter-Area routes (in their respective VRF). The MPLS network is transparent to the CE router.
How to configure OSPF as the PE-CE routing protocol?
In the following scenario, an MPLS L3VPN network is configured with the PE - CE routing protocol OSPF. Both sites as well as the PE - CE link are configured in OSPF area 0. It is important to add the command capability vrf-lite on the CE routers under the OSPF routing process.
Configuration:
R3 (PE)
R3#show run all | sec ^mpls ip$ mpls ip R3#show run | sec ^mpls mpls label range 300 399 mpls ldp router-id Loopback10 force R3#show run | sec ^vrf vrf definition Gold rd 65100:1 ! address-family ipv4 route-target export 65100:1 route-target import 65100:2 exit-address-family R3#show run int Lo10 | sec int interface Loopback10 ip address 3.3.3.3 255.255.255.255 R3#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to CE R2 ** no ip address duplex auto speed auto media-type rj45 R3#show run int Gi0/0.10 | sec int interface GigabitEthernet0/0.10 description ** to CE R2 in VRF Gold ** encapsulation dot1Q 10 vrf forwarding Gold ip address 10.0.1.1 255.255.255.252 ip ospf network point-to-point R3#show run int Gi0/1 | sec int interface GigabitEthernet0/1 description ** to R4 ** ip address 10.1.0.1 255.255.255.252 ip router isis duplex auto speed auto media-type rj45 mpls ip isis circuit-type level-2-only isis network point-to-point R3#show run | sec ^router router ospf 10 vrf Gold router-id 3.3.3.3 redistribute bgp 65100 subnets network 10.0.1.0 0.0.0.3 area 0 router isis net 49.0010.0000.0000.0003.00 is-type level-2-only advertise passive-only metric-style wide log-adjacency-changes passive-interface Loopback10 router bgp 65100 bgp router-id 3.3.3.3 bgp log-neighbor-changes neighbor 10.10.10.10 remote-as 65100 neighbor 10.10.10.10 update-source Loopback10 ! address-family vpnv4 neighbor 10.10.10.10 activate neighbor 10.10.10.10 send-community extended exit-address-family ! address-family ipv4 vrf Gold redistribute ospf 10 exit-address-family
R7 (PE)
R7#show run all | sec ^mpls ip$ mpls ip R7#show run | sec ^mpls mpls label range 700 799 mpls ldp router-id Loopback10 force R7#show run | sec ^vrf vrf definition Gold rd 65100:2 ! address-family ipv4 route-target export 65100:2 route-target import 65100:1 exit-address-family R7#show run int Lo10 | sec int interface Loopback10 ip address 7.7.7.7 255.255.255.255 R7#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to CE R8 ** no ip address duplex auto speed auto media-type rj45 R7#show run int Gi0/0.10 | sec int interface GigabitEthernet0/0.10 description ** to CE R8 in VRF Gold ** encapsulation dot1Q 10 vrf forwarding Gold ip address 10.0.2.1 255.255.255.252 ip ospf network point-to-point R7#show run int Gi0/1 | sec int interface GigabitEthernet0/1 description ** to R6 ** ip address 10.4.0.1 255.255.255.252 ip router isis duplex auto speed auto media-type rj45 mpls ip isis circuit-type level-2-only isis network point-to-point R7#show run | sec ^router router ospf 10 vrf Gold router-id 7.7.7.7 redistribute bgp 65100 subnets network 10.0.2.0 0.0.0.3 area 0 router isis net 49.0010.0000.0000.0007.00 is-type level-2-only advertise passive-only metric-style wide log-adjacency-changes passive-interface Loopback10 router bgp 65100 bgp router-id 7.7.7.7 bgp log-neighbor-changes neighbor 10.10.10.10 remote-as 65100 neighbor 10.10.10.10 update-source Loopback10 ! address-family vpnv4 neighbor 10.10.10.10 activate neighbor 10.10.10.10 send-community extended exit-address-family ! address-family ipv4 vrf Gold redistribute ospf 10 exit-address-family
R2 (CE)
R2#show run | sec ^vrf vrf definition Gold rd 1:1 ! address-family ipv4 exit-address-family R2#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to R1 Site1 ** no ip address duplex auto speed auto media-type rj45 R2#show run int Gi0/0.10 | sec int interface GigabitEthernet0/0.10 description ** to R1 Site1 in VRF Gold ** encapsulation dot1Q 10 vrf forwarding Gold ip address 192.168.1.2 255.255.255.0 ip ospf network point-to-point R2#show run int Gi0/1 | sec int interface GigabitEthernet0/1 description ** to PE R3 ** no ip address duplex auto speed auto media-type rj45 R2#show run int Gi0/1.10 | sec int interface GigabitEthernet0/1.10 description ** to PE R3 in VRF Gold ** encapsulation dot1Q 10 vrf forwarding Gold ip address 10.0.1.2 255.255.255.252 ip ospf network point-to-point R2#show run | sec ^router router ospf 10 vrf Gold router-id 2.2.2.2 capability vrf-lite network 10.0.1.0 0.0.0.3 area 0 network 192.168.1.0 0.0.0.255 area 0
R8 (CE)
R8#show run | sec ^vrf vrf definition Gold rd 1:1 ! address-family ipv4 exit-address-family R8#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to R9 Site2 ** no ip address duplex auto speed auto media-type rj45 R8#show run int Gi0/0.10 | sec int interface GigabitEthernet0/0.10 description ** to R9 Site2 in VRF Gold ** encapsulation dot1Q 10 vrf forwarding Gold ip address 192.168.2.2 255.255.255.0 ip ospf network point-to-point R8#show run int Gi0/1 | sec int interface GigabitEthernet0/1 description ** to PE R7 ** no ip address duplex auto speed auto media-type rj45 R8#show run int Gi0/1.10 | sec int interface GigabitEthernet0/1.10 description ** to PE R7 in VRF Gold ** encapsulation dot1Q 10 vrf forwarding Gold ip address 10.0.2.2 255.255.255.252 ip ospf network point-to-point R8#show run | sec ^router router ospf 10 vrf Gold router-id 8.8.8.8 capability vrf-lite network 10.0.2.0 0.0.0.3 area 0 network 192.168.2.0 0.0.0.255 area 0
R10 (BGP RR)
R10#show run int Lo10 | sec int interface Loopback10 ip address 10.10.10.10 255.255.255.255 R10#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to R5 ** ip address 10.5.0.1 255.255.255.252 ip router isis duplex auto speed auto media-type rj45 isis circuit-type level-2-only isis network point-to-point R10#show run | sec ^router router isis net 49.0010.0000.0000.0010.00 is-type level-2-only advertise passive-only metric-style wide log-adjacency-changes passive-interface Loopback10 router bgp 65100 bgp router-id 10.10.10.10 bgp log-neighbor-changes neighbor 3.3.3.3 remote-as 65100 neighbor 3.3.3.3 update-source Loopback10 neighbor 7.7.7.7 remote-as 65100 neighbor 7.7.7.7 update-source Loopback10 ! address-family vpnv4 neighbor 3.3.3.3 activate neighbor 3.3.3.3 send-community extended neighbor 3.3.3.3 route-reflector-client neighbor 7.7.7.7 activate neighbor 7.7.7.7 send-community extended neighbor 7.7.7.7 route-reflector-client exit-address-family
R4
R4#show run all | sec ^mpls ip$ mpls ip R4#show run | sec ^mpls mpls label range 400 499 mpls ldp router-id Loopback10 force R4#show run int Lo10 | sec int interface Loopback10 ip address 4.4.4.4 255.255.255.255 R4#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to PE R3 ** ip address 10.1.0.2 255.255.255.252 ip router isis duplex auto speed auto media-type rj45 mpls ip isis circuit-type level-2-only isis network point-to-point R4#show run int Gi0/1 | sec int interface GigabitEthernet0/1 description ** to R5 ** ip address 10.2.0.1 255.255.255.252 ip router isis duplex auto speed auto media-type rj45 mpls ip isis circuit-type level-2-only isis network point-to-point R4#show run | sec ^router router isis net 49.0010.0000.0000.0004.00 is-type level-2-only advertise passive-only metric-style wide log-adjacency-changes passive-interface Loopback10
R5
R5#show run all | sec ^mpls ip$ mpls ip R5#show run | sec ^mpls mpls label range 500 599 mpls ldp router-id Loopback10 force R5#show run int Lo10 | sec int interface Loopback10 ip address 5.5.5.5 255.255.255.255 R5#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to R4 ** ip address 10.2.0.2 255.255.255.252 ip router isis duplex auto speed auto media-type rj45 mpls ip isis circuit-type level-2-only isis network point-to-point R5#show run int Gi0/1 | sec int interface GigabitEthernet0/1 description ** to R6 ** ip address 10.3.0.1 255.255.255.252 ip router isis duplex auto speed auto media-type rj45 mpls ip isis circuit-type level-2-only isis network point-to-point R5#show run int Gi0/2 | sec int interface GigabitEthernet0/2 description ** to BGP RR R10 ** ip address 10.5.0.2 255.255.255.252 ip router isis duplex auto speed auto media-type rj45 isis circuit-type level-2-only isis network point-to-point R5#show run | sec ^router router isis net 49.0010.0000.0000.0005.00 is-type level-2-only advertise passive-only metric-style wide log-adjacency-changes passive-interface Loopback10
R1
R1#show run | sec ^vrf vrf definition Gold rd 1:1 ! address-family ipv4 exit-address-family R1#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to CE R2 ** no ip address duplex auto speed auto media-type rj45 R1#show run int Gi0/0.10 | sec int interface GigabitEthernet0/0.10 description ** to CE R2 in VRF Gold ** encapsulation dot1Q 10 vrf forwarding Gold ip address 192.168.1.1 255.255.255.0 ip ospf network point-to-point R1#show run | sec ^router router ospf 10 vrf Gold router-id 1.1.1.1 capability vrf-lite network 192.168.1.0 0.0.0.255 area 0
R1#ping vrf Gold 192.168.2.1 source 192.168.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds: Packet sent with a source address of 192.168.1.1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/7 ms « R1 in Site 1 can reach R9 in Site 2 through MPLS network R1#trace vrf Gold 192.168.2.1 probe 1 Type escape sequence to abort. Tracing the route to 192.168.2.1 VRF info: (vrf in name/id, vrf out name/id) 1 192.168.1.2 2 msec 2 10.0.1.1 2 msec 3 10.1.0.2 [MPLS: Labels 403/708 Exp 0] 5 msec « MPLS label stack is used 4 10.2.0.2 [MPLS: Labels 503/708 Exp 0] 5 msec 5 10.3.0.2 [MPLS: Labels 603/708 Exp 0] 5 msec 6 10.0.2.1 [MPLS: Label 708 Exp 0] 4 msec 7 10.0.2.2 5 msec 8 192.168.2.1 5 msec R2#show ip route vrf Gold | beg Ga Gateway of last resort is not set 10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks C 10.0.1.0/30 is directly connected, GigabitEthernet0/1.10 L 10.0.1.2/32 is directly connected, GigabitEthernet0/1.10 O IA 10.0.2.0/30 [110/2] via 10.0.1.1, 02:00:52, GigabitEthernet0/1.10 « On CE router OSPF Inter-Area remote prefix received 192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks C 192.168.1.0/24 is directly connected, GigabitEthernet0/0.10 L 192.168.1.2/32 is directly connected, GigabitEthernet0/0.10 O IA 192.168.2.0/24 [110/3] via 10.0.1.1, 02:00:52, GigabitEthernet0/1.10 R2#show ip ospf database OSPF Router with ID (2.2.2.2) (Process ID 10) Router Link States (Area 0) Link ID ADV Router Age Seq# Checksum Link count 1.1.1.1 1.1.1.1 1475 0x80000014 0x001812 2 2.2.2.2 2.2.2.2 1325 0x80000016 0x00AF32 4 3.3.3.3 3.3.3.3 50 0x8000000D 0x00C916 2 Summary Net Link States (Area 0) Link ID ADV Router Age Seq# Checksum 10.0.2.0 3.3.3.3 1328 0x80000004 0x0001A2 192.168.2.0 3.3.3.3 1328 0x80000004 0x00ED52 R2#show ip ospf database summary 192.168.2.0 OSPF Router with ID (2.2.2.2) (Process ID 10) Summary Net Link States (Area 0) LS age: 1362 Options: (No TOS-capability, DC, Downward) « MPLS PE router sets the DN bit for OSPF prefixes advertised to CE LS Type: Summary Links(Network) Link State ID: 192.168.2.0 (summary Network Number) Advertising Router: 3.3.3.3 LS Seq Number: 80000004 Checksum: 0xED52 Length: 28 Network Mask: /24 MTID: 0 Metric: 2 R3#show ip bgp vpnv4 vrf Gold 192.168.2.0 BGP routing table entry for 65100:1:192.168.2.0/24, version 29 Paths: (1 available, best #1, table Gold) Not advertised to any peer Refresh Epoch 1 Local, imported path from 65100:2:192.168.2.0/24 (global) « BGP VPNv4 route received from remote PE 7.7.7.7 (metric 40) (via default) from 10.10.10.10 (10.10.10.10) Origin incomplete, metric 2, localpref 100, valid, internal, best Extended Community: RT:65100:2 OSPF DOMAIN ID:0x0005:0x0000000A0200 OSPF RT:0.0.0.0:2:0 OSPF ROUTER ID:7.7.7.7:0 Originator: 7.7.7.7, Cluster list: 10.10.10.10 mpls labels in/out nolabel/708 rx pathid: 0, tx pathid: 0x0