MPLS OSPF L3 VPN and SHAM links

 

image

Building this lab on our previous lab

we will run OSPF between PE and CE and we will see how the OSPF process number on the PE affects the type of routes advertised to the CE

We will also see how to setup sham links in mpls environment and why they are used.

Configuration:

R1

interface Loopback0
 ip address 1.1.1.1 255.255.255.0
!
interface FastEthernet0/0
 ip address 10.1.12.1 255.255.255.0
 interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
router ospf 1
router-id 1.1.1.1
net 0.0.0.0 0.0.0.0 area 0
  

R2

ip vrf CUST_A
 rd 2.2.2.2:1
 route-target export 1:1
 route-target import 1:1

interface Loopback0
 ip address 2.2.2.2 255.255.255.255
interface FastEthernet0/0
 ip vrf forwarding CUST_A
 ip address 10.1.12.2 255.255.255.0
interface FastEthernet0/1
 ip address 10.1.23.2 255.255.255.0
 mpls ip

router ospf 1
 log-adjacency-changes
 network 10.1.12.2 0.0.0.0  area 0

router bgp 100
 no bgp default ipv4-unicast
 bgp log-neighbor-changes
 neighbor 4.4.4.4 remote-as 100
 neighbor 4.4.4.4 update-source Loopback0
 address-family vpnv4
  neighbor 4.4.4.4 activate
  neighbor 4.4.4.4 send-community extended
 exit-address-family

R3

interface FastEthernet0/0
 ip address 10.1.23.3 255.255.255.0
 mpls ip
!
interface FastEthernet0/1
 ip address 10.1.34.3 255.255.255.0
 mpls ip
!
router ospf 1
 router-id 3.3.3.3
 log-adjacency-changes
 network 0.0.0.0 255.255.255.255 area 0

R4


ip vrf CUST_A
 rd 4.4.4.4:1
route-target export 1:1
 route-target import 1:1

interface Loopback0
 ip address 4.4.4.4 255.255.255.255

interface FastEthernet0/0
 ip vrf forwarding CUST_A
 ip address 10.1.45.4 255.255.255.0
interface FastEthernet0/1
 ip address 10.1.34.4 255.255.255.0
 mpls ip
router ospf 1
 router-id 4.4.4.4
 log-adjacency-changes
 network 10.1.45.4 0.0.0.0  area 0
router bgp 100
 no bgp default ipv4-unicast
 bgp log-neighbor-changes
 neighbor 2.2.2.2 remote-as 100
 neighbor 2.2.2.2 update-source Loopback0
 address-family vpnv4
  neighbor 2.2.2.2 activate
  neighbor 2.2.2.2 send-community extended
 exit-address-family

R5

interface Loopback0
 ip address 5.5.5.5 255.255.255.0
interface FastEthernet0/1
 ip address 10.1.15.5 255.255.255.0
 shutdown

router ospf 1
 log-adjacency-changes
 network 0.0.0.0 255.255.255.255 area 0

so we have our basic setting ready, we need to enable OSPF for the VRF  and redistribute between OSPF and MP-BGP

on both R2  and R4

router ospf 3 vrf CUST_A
 redistribute bgp 100 subnets

router bgp 100
 address-family ipv4 vrf CUST_A
  redistribute ospf 3 vrf CUST_A
 exit-address-family

Note how the ospf vrf  is configured, even the vrf is referenced the same process id can’t be re-used, you need to create a new opsf process for each vrf process

Now let’s check the OSPF table on R1

R1(config-if)#do sh ip route ospf      
     5.0.0.0/32 is subnetted, 1 subnets
O IA    5.5.5.5 [110/21] via 10.1.12.2, 00:39:34, FastEthernet0/0
     10.0.0.0/24 is subnetted, 2 subnets
O IA    10.1.45.0 [110/11] via 10.1.12.2, 00:39:34, FastEthernet0/0

so we see that routes are received as inter-area routes

let’s check the BGP for that specific VRF on R2 and R4

R4(config-router-af)#do sh bgp vpn unica vrf CUST_A 1.1.1.1 | in ID
BGP routing table entry for 4.4.4.4:1:1.1.1.1/32, version 224
Paths: (1 available, best #1, table CUST_A)
  Not advertised to any peer
  Local, imported path from 2.2.2.2:1:1.1.1.1/32
    2.2.2.2 (metric 21) from 2.2.2.2 (2.2.2.2)
      Origin incomplete, metric 11, localpref 100, valid, internal, best
      Extended Community: RT:1:1 OSPF DOMAIN ID:0x0005:0x000000030200
        OSPF RT:0.0.0.0:2:0 OSPF ROUTER ID:10.1.12.2:0
      mpls labels in/out nolabel/18
ID:44.4.4.4:0
      mpls labels in/out 22/nolabel
R4(config-router-af)#do sh bgp vpn unica vrf CUST_A 5.5.5.5
BGP routing table entry for 4.4.4.4:1:5.5.5.5/32, version 236
Paths: (1 available, best #1, table CUST_A)
  Advertised to update-groups:
        1
  Local
    10.1.45.5 from 0.0.0.0 (4.4.4.4)
      Origin incomplete, metric 11, localpref 100, weight 32768, valid, sourced, best
      Extended Community: RT:1:1 OSPF DOMAIN ID:0x0005:0x000000030200
        OSPF RT:0.0.0.0:2:0 OSPF ROUTER ID:44.4.4.4:0
      mpls labels in/out 22/nolabel

As we can see the OSPF Domain-ID matches on both PE that’s why routes are received as Inter-area routes,  if the domain ID doiesn’t match the routes should appear as External routes on the CE .The Domain-ID is the ospf process ID on the PE  in Hexa this can be verified by changing the OSPF domain-id on any of the CE.

So let’s change the Domain-ID under R4 to 40

router ospf 3 vrf CUST_A
 domain-id 0.0.0.40
clear ip os process

now let’s check the routes on R4

 

!
R4(config-router-af)#do sh bgp vpn unica vrf CUST_A 1.1.1.1
BGP routing table entry for 4.4.4.4:1:1.1.1.1/32, version 224
Paths: (1 available, best #1, table CUST_A)
  Not advertised to any peer
  Local, imported path from 2.2.2.2:1:1.1.1.1/32
    2.2.2.2 (metric 21) from 2.2.2.2 (2.2.2.2)
      Origin incomplete, metric 11, localpref 100, valid, internal, best
      Extended Community: RT:1:1 OSPF DOMAIN ID:0x0005:0x000000030200
        OSPF RT:0.0.0.0:2:0 OSPF ROUTER ID:10.1.12.2:0
      mpls labels in/out nolabel/18

R4(config-router-af)#do sh bgp vpn unica vrf CUST_A 5.5.5.5
BGP routing table entry for 4.4.4.4:1:5.5.5.5/32, version 236
Paths: (1 available, best #1, table CUST_A)
  Advertised to update-groups:
        1
  Local
    10.1.45.5 from 0.0.0.0 (4.4.4.4)
      Origin incomplete, metric 11, localpref 100, weight 32768, valid, sourced, best
      Extended Community: RT:1:1 OSPF DOMAIN ID:0x0005:0x000000280200
        OSPF RT:0.0.0.0:2:0 OSPF ROUTER ID:44.4.4.4:0
      mpls labels in/out 22/nolabel

we see the domain ID for 1.1.1.1 is 3 in HEX while the domain ID for 5.5.5.5 is 28 HEX

Now let’s check the routes on R5

R5(config-if)#do sh ip route ospf
     1.0.0.0/32 is subnetted, 1 subnets
O E2    1.1.1.1 [110/11] via 10.1.45.4, 00:32:41, FastEthernet0/0
     10.0.0.0/24 is subnetted, 2 subnets
O E2    10.1.12.0 [110/1] via 10.1.45.4, 00:32:41, FastEthernet0/0

As expected the routes are now showing as External OSPF routes

Now imagine that this customer has a secondary link that runs directly between R1 and R5, the backup link should be used only when primary MPLS links fail

so let’s un-shut f0/1 interface on both R1 and R5 and check the OSPF

R1(config-if)#do sh ip route ospf      
     5.0.0.0/32 is subnetted, 1 subnets
O       5.5.5.5 [110/11] via 10.1.15.5, 00:12:32, FastEthernet0/1
     10.0.0.0/24 is subnetted, 3 subnets
O       10.1.45.0 [110/20] via 10.1.15.5, 00:12:32, FastEthernet0/1

R5(config-if)#do sh ip route ospf
     1.0.0.0/32 is subnetted, 1 subnets
O       1.1.1.1 [110/11] via 10.1.15.1, 00:12:14, FastEthernet0/1
     10.0.0.0/24 is subnetted, 3 subnets
O       10.1.12.0 [110/20] via 10.1.15.1, 00:12:14, FastEthernet0/1

As we can see, both R1 and R5 are using the direct link to reach each other, the reason that inter-area routes will always be preferred over any other routes so cost wouldn’t help much in this scenario sham links was introduced for this type of scenarios

to configure sham links over MPLS PE routers we need the following

1- Two loopback interfaces with  /32 prefix

2- advertise the new prefixes under the BGP-MP

3- configure sham link under the PE VRF OSPF process using this command

area X sham-link x.x.x.x y.y.y.y

where x.x.x.x is the source and y.y.y.y is the source of the sham link on each router

so let’s try this on R2 and R4

R2

interf lo1
ip vrf forwarding CUST_A
ip address 22.2.2.2 255.255.255.255

router bgp 100
address-family ipv4 vrf CUST_A
net 22.2.2.2 mask 255.255.255.255

router ospf 3
area 0 sham-link 22.2.2.2 44.4.4.4 

R4

interface Loopback1
ip vrf forwarding CUST_A
ip address 44.4.4.4 255.255.255.255

router bgp 100
address-family ipv4 vrf CUST_A
net 44.4.4.4 mask 255.255.255.255

router ospf 3
area 0 sham-link 44.4.4.4 22.2.2.2

now let’s check the routes on R5

R5(config-if)#do sh ip route os
     1.0.0.0/32 is subnetted, 1 subnets
O       1.1.1.1 [110/11] via 10.1.15.1, 00:13:51, FastEthernet0/1
     22.0.0.0/32 is subnetted, 1 subnets
O E2    22.2.2.2 [110/1] via 10.1.45.4, 00:05:46, FastEthernet0/0
     10.0.0.0/24 is subnetted, 3 subnets
O       10.1.12.0 [110/20] via 10.1.15.1, 00:13:51, FastEthernet0/1
     44.0.0.0/32 is subnetted, 1 subnets
O E2    44.4.4.4 [110/1] via 10.1.45.4, 00:07:40, FastEthernet0/0

We see that R5 is still using R1 to reach 1.1.1.1 prefix and the cost is 11

now let’s check the OSPF routes on R4 for that particular VRF

R4(config-router)#do sh ip route vrf CUST_A ospf

Routing Table: CUST_A

     1.0.0.0/32 is subnetted, 1 subnets
O       1.1.1.1 [110/12] via 2.2.2.2, 00:05:41
     5.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
O       5.5.5.5/32 [110/11] via 10.1.45.5, 00:11:06, FastEthernet0/0
     10.0.0.0/24 is subnetted, 3 subnets
O       10.1.15.0 [110/20] via 10.1.45.5, 00:11:06, FastEthernet0/0
O       10.1.12.0 [110/11] via 2.2.2.2, 00:05:41

We see that we do receive the route from R2 as Intra area routes and the cost is 12

if we change the cost on R5  to R1 we should be able to use the mpls link as primary

R5(config)# interf f0/1
R5(config-if)# ip ops cost 100

R5(config-if)#do sh ip route os
     1.0.0.0/32 is subnetted, 1 subnets
O       1.1.1.1 [110/22] via 10.1.45.4, 00:00:14, FastEthernet0/0
     22.0.0.0/32 is subnetted, 1 subnets
O E2    22.2.2.2 [110/1] via 10.1.45.4, 00:10:11, FastEthernet0/0
     10.0.0.0/24 is subnetted, 3 subnets
O       10.1.12.0 [110/21] via 10.1.45.4, 00:00:14, FastEthernet0/0
     44.0.0.0/32 is subnetted, 1 subnets
O E2    44.4.4.4 [110/1] via 10.1.45.4, 00:12:05, FastEthernet0/0

As expected we see that after changing the cost on R5 forced it to use the R4 link to R1 loopback interface

Also check R4 and R2 OSPF neighborship

R4(config-router)#do sh ip os ne

Neighbor ID     Pri   State           Dead Time   Address         Interface
10.1.12.2         0   FULL/  -           -        22.2.2.2        OSPF_SL0

R2


R2(config-router)#do sh ip os ne

Neighbor ID     Pri   State           Dead Time   Address         Interface
10.1.45.4         0   FULL/  -           -        44.4.4.4        OSPF_SL0

Comments

Post a Comment

Popular posts from this blog

BPDU Filter vs BPDU Guard

        Today we will try to explore the difference between these 2 options, BPDU guard and BPDU filter We know that BPDU are used to communicate between switches in L2 networks  to ensure loop free topology. BPDU Guard is used to protect our access (or trunks incase of servers) ports from receiving undesired BPDU packets, this feature is helpful in enforcing your network boundary in access layer BPDU Guard can be enabled on global configuration as well as under the interface configuration BPDU Filter on the other hand is used to filter BPDU packets outbound when configured  in global configuration (after sending 11 BPDU out ) and will filter BPDU inbound/outbound when configured under the interface level To better understand these two features, let’s use this simple topology R1 is connected to SW1 through F0/0 to have R1 send and receive BPDU we will simple configure bridging group 1 on the router and we will join the bridge group when desired to test our configuration BPDU
Read more

BGP Weight Attribute

Image
Before we start the lab let's see the BGP path selection process If the path specifies a next hop that is inaccessible, drop the update. •Prefer the path with the highest weight. •If the weights are the same, prefer the path with the largest local preference. •If the local preferences are the same, prefer the path that was originated by BGP running on this router. •If no route was originated, prefer the route that has the shortest AS_path. •If all paths have the same AS_path length, prefer the path with the lowest origin code (where IGP is lower than EGP, and EGP is lower than incomplete). •If the origin codes are the same, prefer the path with the lowest MED attribute. •If the paths have the same MED, prefer the external path over the internal path. •If the paths are still the same, prefer the path through the closest IGP neighbor. •Prefer the path with the lowest IP address, as specified by the BGP router ID. I read this on CCIE Pursuit blog We Love Oranges As O
Read more

OSPF–Point To Multipoint Non-Broadcast

Image
Using same setup that we have been using in the last 3 posts, we will change the network type to point-to-multipoint Non-Broadcast we will also add a Ethernet link between R2 and R3 and enable OSPF on it Our final configuration should be something like this R1 interface Serial0/0   no ip address   encapsulation frame-relay   no frame-relay inverse-arp ! interface Serial0/0.123 multipoint   ip address 10.1.123.1 255.255.255.0   ip ospf network point-to-multipoint non-broadcast   ip ospf 1 area 0   frame-relay map ip 10.1.123.2 102   frame-relay map ip 10.1.123.3 103 !          router ospf 1   router-id 1.1.1.1   log-adjacency-changes   neighbor 10.1.123.2   neighbor 10.1.123.3 R2 interface Serial0/0   no ip address   encapsulation frame-relay   no frame-relay inverse-arp ! interface Serial0/0.123 multipoint   ip address 10.1.123.2 255.255.255.0   ip ospf network point-to-multipoint non-broadcast   ip ospf 1 area 0   frame-relay map ip 10.1.123.1 201 R3 interface
Read more