Case Study 7: Implementing Hub and Spoke Topologies with OSPF

Case Study 7 Implementing Hub and Spoke Topologies with OSPF

When a hub and spoke design needs to be deployed using a MPLS VPN, a single CE router functions as the hub router with other CE routers connecting to the hub site over the SP MPLS infrastructure. Figure 14-43 shows a SP network implementing hub and spoke using OSPF for Customer A sites.

Figure 14-43. Case Study 7: Hub and Spoke with OSPF Topology

In the network illustrated in Figure 14-43, CE1-A is configured using OSPF PE-CE connectivity to PE1-AS1 and functions as the hub-site CE router for Customer A. CE Routers CE2-A, CE3-A, and CE4-A function as spoke CE routers. PE Router PE1-AS1 functions as the hub PE router, and PE2-AS1 and PE3-AS1 function as the spoke PE routers.

The flow of traffic from CE2-A to CE3-A will have to traverse CE1-A, which is the CE functioning as the hub for the MPLS VPN. In Figure 14-43, this does not occur if both the spoke CE routers on PE2-AS1 are configured in the same VRF. Therefore, individual VRFs or VPN instances need to be configured on the PE2-AS1 router mapping to each spoke router that has to be associated to the same hub and spoke MPLS VPN, because the PE2-AS1 router is connected to more than one spoke CE router.

If a VRF is configured on the hub PE router, PE1-AS1 mapping to Customer A traffic, this VRF can contain import RT values mapping to the export RT values of the individual VRFs on PE2-AS1. These routes will now have to be forwarded to the hub CE router CE1-A, which will then send them back to the PE Router PE1-AS1 for route propagation to the other spoke CE routers. To have the routes forwarded back from the CE1-AS1 to PE1-AS1, more than one interface is implemented between the hub PE and CE routers. In the absence of separate interfaces for traffic destined from hub PE to hub CE and from hub CE back to hub PE, all traffic will not traverse the hub CE router. Instead, all traffic will traverse through the hub PE router, which does not fulfill the hub and spoke design requirements.

Therefore, a single VRF is configured on the hub PE router, PE1-AS1, to import routes learned from remote CE Routers CE2-AS1 and CE3-AS1. By implementing OSPF PE-CE between PE1-AS1 and CE1-A, the hub CE Router CE1-A learns routes from the hub PE router.

During the redistribution of Routes from the MP-BGP superbackbone to the OSPF PE-CE process on the hub PE Router PE1-AS1, two processes can occur:

  • An External Type 2 (E2) route, which is learned from a remote CE in a different area, is assigned a domain-tag value during translation from the BGP to the OSPF domain. The tag value is a 32-bit value entered in decimal format. The default value is calculated based on the BGP autonomous system (AS) number of the MPLS VPN backbone. The four highest bits are set to 1101, according to RFC 1745. The lowest 16 bits map the BGP AS number of the MPLS VPN backbone. If a user specifies the tag-value, the value does not have to follow any particular format. The tag-value can be changed under the VRF definition using the domain-tag tag-value command to a value not equal to the 32-bit definition for the AS propagating the route as previously mentioned. This enables repropagation of these routes into the MP-BGP backbone.
  • An Inter-Area (IA) route, learned from a remote CE in the same area, is propagated with the down-bit set. Therefore, this route will not be repropagated into the MPLS VPN backbone. To disable the down-bit propagation, sham-links can be configured between the VRF processes on the PE routers to have all IA routes appear as O (intra-area) routes, thus enabling redistribution into the MP-BGP backbone.

The hub CE router needs two interfaces (either physical or logical) connecting to the hub PE router. The hub PE router will be configured with two VRFs mapping to each of these interfaces where one VRF will be used to import routes from the spoke CE routers and propagate the same to the hub CE router, and the other VRF will be used to export routes learned from the hub CE router back to the spoke CE routers.

The hub PE PE1-AS1 propagates information by exporting routes with an appropriate route-target back to the other PE routers, PE2-AS2 and PE3-AS1. On PE2-AS1 and PE3-AS1, the routes learned from PE1-AS1 are imported into the VRFs by configuring the appropriate import route-targets and thus connectivity is achieved.

Hub and Spoke with OSPFv2: Configuration of CE Routers and Spoke PE Routers

The hub CE router, CE1-A, and spoke CE routers, CE2-A, CE3-A, and CE4-A, are all configured for OSPFv2 PE-CE as per the network topology outlined in Figure 14-43. Regular OSPF configurations are the only requirement on the CE routers and have been outlined in Figure 14-44. IP addressing has been omitted for brevity.

Figure 14-44. Case Study 7: Hub and Spoke with OSPF Configuration for CE and Spoke PE Routers

As mentioned earlier, PE2-AS1 requires two individual VRFs for the CE connections to CE2-A and CE3-A to enable hub and spoke connectivity. On PE3-AS1, a single VRF is configured for route propagation to and from CE4-A. In addition, a loopback interface is configured on PE3-AS1 as part of the VRF mapping to Customer A to function as a sham-link endpoint on PE3-AS1 for the VRF routers. All other configurations are as explained earlier with OSPF PE-CE. Only the relevant configurations have been shown in Figure 14-44.

Configuration of Hub-PE Router and Verification of OSPF Hub and Spoke Operation

The hub PE Router PE1-AS1 is where all the important configurations are implemented for hub and spoke operation. Two VRFs, one for route propagation to CE1-A (VRF 2hub) and one for route reception from CE1-A (VRF 2spoke), are configured on the PE1-AS1 router. The nomenclature of VRFs is based on control plane propagation of routes. In addition, VRF 2hub is configured with a loopback interface to function as a sham-link endpoint. The sham-link configuration avoids routes propagating between CE4-A and CE1-A (both belonging to area 0) as IA routes. Instead, the routes from CE4-A will be seen as O (Intra-Area) routes at CE1-A. Therefore, the down bit is not set on these routes, and they can be propagated back into the MP-BGP superbackbone.

In addition, a domain-tag configuration is performed under the VRF 2hub (domain-tag 100) to enable E2 routes learned from CE2-A and CE3-A to be repropagated into the MP-BGP backbone by the CE1-A router.

The configuration of the hub PE, PE1-AS1, as well as the verification steps for OSPFv2 hub and spoke operation for Case Study 7 are shown in Figure 14-45.

Figure 14-45. Configuration of PE1-AS1 and Verification of OSPFv2 Hub and Spoke Operation

MPLS Configuration on Cisco IOS Software
MPLS Configuration on Cisco IOS Software
ISBN: 1587051990
EAN: 2147483647
Year: 2006
Pages: 130
Simiral book on Amazon © 2008-2017.
If you may any questions please contact us: