It follows on from the basic VRFs entry and uses the same network topology, with a couple of networks added to represent each sites internal LAN.
OSPF uses a hierarchical network structure where normally all areas would be connected directly to area 0. In the case of MPLS VPNs, there is always a redistribution to and from BGP in the middle of the network. The way MPLS is implemented avoids these routes being seen as external by using the concept of an MPLS VPN Superbackbone above area 0.
The OSPF network looks as below:
In a vanilla network assuming redistribution was set up everywhere, 172.16.1.0/24 (sourced at CE1) would be redistributed back to OSPF by PE2 as a type-5 external route.
In this case is PE1 redistributes the route from OSPF into BGP and adds extended communities to inform it's peer about the OSPF attributes of the route. The image below shows a capture of the BGP update message from PE1 advertising the 172.16.1.0 route (CE1 LAN). Note the extended attibutes in the update message, you can also see the label mappings advertised in the NRLI section.
PE2 can then take this information and rebuild the route advertisement as an OSPF type-3 (summary) LSA. The output below shows how PE2 receives the route from MP-BGP, containing the domain ID (corresponds to the OSPF process ID), route type (format area:type:option) and the advertising router ID.
PE2#show ip bgp vpnv4 vrf VPN_ONE 172.16.1.0
BGP routing table entry for 1:1:172.16.1.0/24, version 32
Paths: (1 available, best #1, table VPN_ONE)
Flag: 0x820
Not advertised to any peer
Local
10.255.255.51 (metric 129) from 10.255.255.51 (10.255.255.51)
Origin incomplete, metric 10, localpref 100, valid, internal, best
Extended Community: RT:1:1 OSPF DOMAIN ID:0x0005:0x000000640200
OSPF RT:0.0.0.0:3:0 OSPF ROUTER ID:10.254.254.51:0
mpls labels in/out 23/26
The OSPF metric is copied to/from the BGP MED value.
This route ends up in CE2 as an OSPF Summary (type-3 LSA):
CE2#show ip ospf database summary 172.16.1.0
OSPF Router with ID (172.16.2.1) (Process ID 100)
Summary Net Link States (Area 0)
Routing Bit Set on this LSA
LS age: 618
Options: (No TOS-capability, DC, Downward)
LS Type: Summary Links(Network)
Link State ID: 172.16.1.0 (summary Network Number)
Advertising Router: 10.254.254.52
LS Seq Number: 80000001
Checksum: 0x5167
Length: 28
Network Mask: /24
TOS: 0 Metric: 10
The relevant configurations for one half of the network is below (CE1/PE1), the other half is configured in the same way but with different IP addresses. No configuration is needed on the P routers as they purely switch based on labels arranged by the PE routers, P routers don't care about the customer VPNs.
It's worth noting that all the funky business is going on at the PE router which would be managed by the service provider and not accessible to the customer.
PE1
ip vrf VPN_ONE
rd 1:1
route-target export 1:1
route-target import 1:1
interface Loopback1
ip vrf forwarding VPN_ONE
ip address 10.254.254.51 255.255.255.255
interface FastEthernet0/0
description To CE1
ip vrf forwarding VPN_ONE
ip address 10.0.255.2 255.255.255.252
router ospf 100 vrf VPN_ONE
router-id 10.254.254.51
redistribute bgp 65001 metric 10 subnets
network 10.0.255.2 0.0.0.0 area 0
router bgp 65001
[snip - see previous articles for full BGP config]
!
address-family ipv4 vrf VPN_ONE
redistribute connected
redistribute ospf 100 vrf VPN_ONE metric 10 match internal external 1 external 2
exit-address-family
CE1
interface FastEthernet0/0
description To PE1
ip address 10.0.255.1 255.255.255.252
interface FastEthernet0/1
ip address 172.16.1.1 255.255.255.0
router ospf 100
log-adjacency-changes
network 10.0.255.1 0.0.0.0 area 0
network 172.16.1.1 0.0.0.0 area 101
Posts
