Saturday 16 February 2013

MPLS VPN PE-CE Protocol(OSPF) Part 3


In this topic, provider will use OSPF as a PE-CE protocol. R5 Lo 0 is in area 0, Lo 1 is in area 1, Lo 2 is redistributed into OSPF.

In this section, provider will run OSPF super-backbone for the OSPF process used for adjacent with customer. On R5, I add another loopback network which is Lo 10 and put into area 1.

Configuration

R1

ip vrf one
 rd 1:1
 route-target export 1:1
 route-target import 1:1
!
interface Loopback0
 ip address 1.1.1.1 255.255.255.255
!
interface Loopback1
 ip vrf forwarding one
 ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
 ip address 192.168.12.1 255.255.255.0
 ip router isis
 duplex auto
 speed auto
 mpls ip
!
interface FastEthernet0/1
 ip vrf forwarding one
 ip address 192.168.14.1 255.255.255.0
 duplex auto
 speed auto
!
router ospf 1 vrf one
 log-adjacency-changes
 area 0 sham-link 1.1.1.1 2.2.2.2
 redistribute bgp 1 subnets route-map BLK_SHAM
 network 192.168.14.1 0.0.0.0 area 0
!
router isis
 net 49.0000.0000.0001.00
 metric-style wide transition
 passive-interface Loopback0
!
router bgp 1
 no bgp default ipv4-unicast
 bgp log-neighbor-changes
 neighbor 2.2.2.2 remote-as 1
 neighbor 2.2.2.2 update-source Loopback0
 !
 address-family ipv4
  neighbor 2.2.2.2 activate
  no auto-summary
  no synchronization
 exit-address-family
 !
 address-family vpnv4
  neighbor 2.2.2.2 activate
  neighbor 2.2.2.2 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf one
  redistribute ospf 1 vrf one match internal external 1 external 2
  no synchronization
  network 1.1.1.1 mask 255.255.255.255
 exit-address-family
!
ip prefix-list SHAM seq 5 permit 1.1.1.1/32
ip prefix-list SHAM seq 10 permit 2.2.2.2/32
ip prefix-list SHAM seq 15 permit 3.3.3.3/32
!
route-map BLK_SHAM deny 10
 match ip address prefix-list SHAM
!
route-map BLK_SHAM permit 100
!
mpls ldp router-id Loopback0 force

R2

ip vrf one
 rd 1:2
 route-target export 1:1
 route-target import 1:1
!
interface Loopback0
 ip address 2.2.2.2 255.255.255.255
!
interface Loopback1
 ip vrf forwarding one
 ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
 ip address 192.168.12.2 255.255.255.0
 ip router isis
 duplex auto
 speed auto
 mpls ip
!
interface FastEthernet1/0
 ip vrf forwarding one
 ip address 192.168.25.2 255.255.255.0
 duplex auto
 speed auto
!
router ospf 1 vrf one
 log-adjacency-changes
 area 0 sham-link 2.2.2.2 1.1.1.1
 redistribute bgp 1 subnets route-map BLK_SHAM
 network 192.168.25.2 0.0.0.0 area 0
!
router isis
 net 49.0000.0000.0002.00
 metric-style wide transition
 passive-interface Loopback0
!
router bgp 1
 no bgp default ipv4-unicast
 bgp log-neighbor-changes
 neighbor IBGP peer-group
 neighbor IBGP remote-as 1
 neighbor IBGP update-source Loopback0
 neighbor 1.1.1.1 peer-group IBGP
 !
 address-family vpnv4
  neighbor IBGP send-community extended
  neighbor IBGP route-reflector-client
  neighbor 1.1.1.1 activate
 exit-address-family
 !
 address-family ipv4 vrf one
  redistribute ospf 1 vrf one match internal external 1 external 2
  no synchronization
  network 2.2.2.2 mask 255.255.255.255
 exit-address-family
!
ip prefix-list SHAM seq 5 permit 1.1.1.1/32
ip prefix-list SHAM seq 10 permit 2.2.2.2/32
ip prefix-list SHAM seq 15 permit 3.3.3.3/32
!
route-map BLK_SHAM deny 10
 match ip address prefix-list SHAM
!
route-map BLK_SHAM permit 100
!
mpls ldp router-id Loopback0 force

R4

interface FastEthernet0/0
 ip address 192.168.14.4 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
router ospf 1
 log-adjacency-changes
 network 192.168.14.4 0.0.0.0 area 0

R5

interface Loopback0
 ip address 5.5.5.5 255.255.255.255
!
interface Loopback1
 ip address 5.5.5.1 255.255.255.255
!
interface Loopback2
 ip address 5.5.5.2 255.255.255.255
!
interface Loopback10
 ip address 5.5.5.10 255.255.255.255
 ip ospf 1 area 1
!
interface FastEthernet0/0
 ip address 192.168.25.5 255.255.255.0
 speed 100
 full-duplex
!
router ospf 1
 log-adjacency-changes
 redistribute connected subnets route-map CONN
 network 5.5.5.1 0.0.0.0 area 1
 network 5.5.5.5 0.0.0.0 area 0
 network 192.168.25.5 0.0.0.0 area 0
!
ip prefix-list LO2 seq 5 permit 5.5.5.2/32
!
route-map CONN permit 10
 match ip address prefix-list LO2

Verification

Due to running super backbone area on Provider routers, provider networks is considered virtual area 0 from the customer routers point of view. So R5 Lo 0 is appeared as intra area routes, Lo1 and Lo10 appeared as inter area routes. In other words, other side of the customer router can see the correct OSPF route type.

R4#show ip route ospf
O    192.168.25.0/24 [110/12] via 192.168.14.1, 00:17:19, FastEthernet0/0
     5.0.0.0/32 is subnetted, 4 subnets
O       5.5.5.5 [110/13] via 192.168.14.1, 00:17:19, FastEthernet0/0
O IA    5.5.5.1 [110/13] via 192.168.14.1, 00:17:19, FastEthernet0/0
O E2    5.5.5.2 [110/20] via 192.168.14.1, 00:13:15, FastEthernet0/0
O IA    5.5.5.10 [110/13] via 192.168.14.1, 00:13:20, FastEthernet0/0

Note

Due to super backbone emulated, from R1 perspective, prefixes from R5 are learnt through OSPF, not via MP BGP anymore.

R1#show ip route vrf one

Gateway of last resort is not set
     1.0.0.0/32 is subnetted, 1 subnets
C       1.1.1.1 is directly connected, Loopback1
     2.0.0.0/32 is subnetted, 1 subnets
B       2.2.2.2 [200/0] via 2.2.2.2, 00:27:32
C    192.168.14.0/24 is directly connected, FastEthernet0/1
O    192.168.25.0/24 [110/2] via 2.2.2.2, 00:27:17
     5.0.0.0/32 is subnetted, 4 subnets
O       5.5.5.5 [110/3] via 2.2.2.2, 00:27:17
O IA    5.5.5.1 [110/3] via 2.2.2.2, 00:27:17
O E2    5.5.5.2 [110/20] via 2.2.2.2, 00:23:02
O IA    5.5.5.10 [110/3] via 2.2.2.2, 00:23:08

R1#show bgp vpnv4 unicast vrf one

Route Distinguisher: 1:1 (default for vrf one)
*> 1.1.1.1/32       0.0.0.0                  0         32768 i
*>i2.2.2.2/32       2.2.2.2                  0    100      0 i
r>i5.5.5.1/32       2.2.2.2                  2    100      0 ?
r>i5.5.5.2/32       2.2.2.2                 20    100      0 ?
r>i5.5.5.5/32       2.2.2.2                  2    100      0 ?
r>i5.5.5.10/32      2.2.2.2                  2    100      0 ?
*> 192.168.14.0     0.0.0.0                  0         32768 ?
r>i192.168.25.0     2.2.2.2                  0    100      0 ?

So consequently, if R1 wants to filter out some prefixes when advertising to R4, it cannot be filtered at the BGP > OSPF level. For testing this, I will add 5.5.5.10/32 under "SHAM" prefix, which prefix is denied when redistributing from BGP to OSPF. But it doesn't work.

R1(config)#ip prefix-list SHAM seq 20 permit 5.5.5.10/32

R4#show ip route ospf
O    192.168.25.0/24 [110/12] via 192.168.14.1, 00:32:38, FastEthernet0/0
     5.0.0.0/32 is subnetted, 4 subnets
O       5.5.5.5 [110/13] via 192.168.14.1, 00:32:38, FastEthernet0/0
O IA    5.5.5.1 [110/13] via 192.168.14.1, 00:32:38, FastEthernet0/0
O E2    5.5.5.2 [110/20] via 192.168.14.1, 00:28:33, FastEthernet0/0
O IA    5.5.5.10 [110/13] via 192.168.14.1, 00:28:38, FastEthernet0/0

GNS File : http://www.4shared.com/rar/4ERKR8Oy/mpls_vpn_pe-ce_with_ospf__supr.html
Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)