When a hub and spoke design needs to be deployed using a MPLS VPN, a single CE router functions as the hub router with other CE routers connecting to the hub site over the SP MPLS infrastructure. Figure 14-43 shows a SP network implementing hub and spoke using OSPF for Customer A sites.
Figure 14-43. Case Study 7: Hub and Spoke with OSPF Topology
In the network illustrated in Figure 14-43, CE1-A is configured using OSPF PE-CE connectivity to PE1-AS1 and functions as the hub-site CE router for Customer A. CE Routers CE2-A, CE3-A, and CE4-A function as spoke CE routers. PE Router PE1-AS1 functions as the hub PE router, and PE2-AS1 and PE3-AS1 function as the spoke PE routers.
The flow of traffic from CE2-A to CE3-A will have to traverse CE1-A, which is the CE functioning as the hub for the MPLS VPN. In Figure 14-43, this does not occur if both the spoke CE routers on PE2-AS1 are configured in the same VRF. Therefore, individual VRFs or VPN instances need to be configured on the PE2-AS1 router mapping to each spoke router that has to be associated to the same hub and spoke MPLS VPN, because the PE2-AS1 router is connected to more than one spoke CE router.
If a VRF is configured on the hub PE router, PE1-AS1 mapping to Customer A traffic, this VRF can contain import RT values mapping to the export RT values of the individual VRFs on PE2-AS1. These routes will now have to be forwarded to the hub CE router CE1-A, which will then send them back to the PE Router PE1-AS1 for route propagation to the other spoke CE routers. To have the routes forwarded back from the CE1-AS1 to PE1-AS1, more than one interface is implemented between the hub PE and CE routers. In the absence of separate interfaces for traffic destined from hub PE to hub CE and from hub CE back to hub PE, all traffic will not traverse the hub CE router. Instead, all traffic will traverse through the hub PE router, which does not fulfill the hub and spoke design requirements.
Therefore, a single VRF is configured on the hub PE router, PE1-AS1, to import routes learned from remote CE Routers CE2-AS1 and CE3-AS1. By implementing OSPF PE-CE between PE1-AS1 and CE1-A, the hub CE Router CE1-A learns routes from the hub PE router.
During the redistribution of Routes from the MP-BGP superbackbone to the OSPF PE-CE process on the hub PE Router PE1-AS1, two processes can occur:
The hub CE router needs two interfaces (either physical or logical) connecting to the hub PE router. The hub PE router will be configured with two VRFs mapping to each of these interfaces where one VRF will be used to import routes from the spoke CE routers and propagate the same to the hub CE router, and the other VRF will be used to export routes learned from the hub CE router back to the spoke CE routers.
The hub PE PE1-AS1 propagates information by exporting routes with an appropriate route-target back to the other PE routers, PE2-AS2 and PE3-AS1. On PE2-AS1 and PE3-AS1, the routes learned from PE1-AS1 are imported into the VRFs by configuring the appropriate import route-targets and thus connectivity is achieved.
Hub and Spoke with OSPFv2: Configuration of CE Routers and Spoke PE Routers
The hub CE router, CE1-A, and spoke CE routers, CE2-A, CE3-A, and CE4-A, are all configured for OSPFv2 PE-CE as per the network topology outlined in Figure 14-43. Regular OSPF configurations are the only requirement on the CE routers and have been outlined in Figure 14-44. IP addressing has been omitted for brevity.
Figure 14-44. Case Study 7: Hub and Spoke with OSPF Configuration for CE and Spoke PE Routers
As mentioned earlier, PE2-AS1 requires two individual VRFs for the CE connections to CE2-A and CE3-A to enable hub and spoke connectivity. On PE3-AS1, a single VRF is configured for route propagation to and from CE4-A. In addition, a loopback interface is configured on PE3-AS1 as part of the VRF mapping to Customer A to function as a sham-link endpoint on PE3-AS1 for the VRF routers. All other configurations are as explained earlier with OSPF PE-CE. Only the relevant configurations have been shown in Figure 14-44.
Configuration of Hub-PE Router and Verification of OSPF Hub and Spoke Operation
The hub PE Router PE1-AS1 is where all the important configurations are implemented for hub and spoke operation. Two VRFs, one for route propagation to CE1-A (VRF 2hub) and one for route reception from CE1-A (VRF 2spoke), are configured on the PE1-AS1 router. The nomenclature of VRFs is based on control plane propagation of routes. In addition, VRF 2hub is configured with a loopback interface to function as a sham-link endpoint. The sham-link configuration avoids routes propagating between CE4-A and CE1-A (both belonging to area 0) as IA routes. Instead, the routes from CE4-A will be seen as O (Intra-Area) routes at CE1-A. Therefore, the down bit is not set on these routes, and they can be propagated back into the MP-BGP superbackbone.
In addition, a domain-tag configuration is performed under the VRF 2hub (domain-tag 100) to enable E2 routes learned from CE2-A and CE3-A to be repropagated into the MP-BGP backbone by the CE1-A router.
The configuration of the hub PE, PE1-AS1, as well as the verification steps for OSPFv2 hub and spoke operation for Case Study 7 are shown in Figure 14-45.
Figure 14-45. Configuration of PE1-AS1 and Verification of OSPFv2 Hub and Spoke Operation