Problem
You want to use OSPF to exchange routing information between the CE and PE routers.
Solution
You can use OSPF to exchange customer routing information between the CE and PE routers at each site. For this example, we will configure OSPF for the CE to PE IGP at Customer A's Sites 1 and 2, but not 3, so that we can show some of the idiosyncrasies of MP-BGP route redistribution.
First we will configure the CE routers. We will use two OSPF network statements on the router at Site 1. The first, 192.168.1.0/24, allows this router to communicate with the PE router, while the second, 192.168.5.0/24, includes downstream devices in the OSPF network:
Router-CE-A1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router-CE-A1(config)#router ospf 55 Router-CE-A1(config-router)#network 192.168.1.0 0.0.0.255 area 0 Router-CE-A1(config-router)#network 192.168.5.0 0.0.0.255 area 0 Router-CE-A1(config-router)#end Router-CE-A1#
And the CE router at the second site will use only one network statement:
Router-CE-A2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router-CE-A2(config)#router ospf 55 Router-CE-A2(config-router)#network 192.168.3.0 0.0.0.255 area 0 Router-CE-A2(config-router)#end Router-CE-A2#
For the corresponding configuration on the PE routers, we need to create a new OSPF process that is associated with this VRF, and we need to configure the appropriate redistribution:
Router-PE1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router-PE1(config)#router ospf 155 vrf NetworkA Router-PE1(config-router)#redistribute bgp 100 subnets Router-PE1(config-router)#network 192.168.1.0 0.0.0.255 area 0 Router-PE1(config-router)#exit Router-PE1(config)#router bgp 100 Router-PE1(config-router)#address-family ipv4 vrf NetworkA Router-PE1(config-router-af)#redistribute ospf 155 Router-PE1(config-router-af)#exit-address-family Router-PE1(config-router)#end Router-PE1#
The configuration on the other PE router is similar:
Router-PE2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router-PE2(config)#router ospf 155 vrf NetworkA Router-PE2(config-router)#redistribute bgp 100 subnets Router-PE2(config-router)#network 192.168.3.0 0.0.0.255 area 0 Router-PE2(config-router)#exit Router-PE2(config)#router bgp 100 Router-PE2(config-router)#address-family ipv4 vrf NetworkA Router-PE2(config-router-af)#redistribute ospf 155 Router-PE2(config-router-af)#exit-address-family Router-PE2(config-router)#end Router-PE2#
Discussion
Before going into this example, we need to remind the reader that these configuration excerpts are not complete. They assume that the routers have already been configured for their CE and PE roles and that MPLS is functioning end-to-end, as shown in Recipes 26.1, 26.2, and 26.3.
Unlike the RIP example shown in Recipe 26.5, this OSPF example does extend the customer OSPF network across the MPLS cloud. However, it does so in a slightly odd way, which you can see from looking at the output of a show ip route command on one of the CE routers:
Router-CE-A1#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 192.168.57.0/32 is subnetted, 1 subnets O 192.168.57.12 [110/2] via 192.168.5.12, 00:37:06, FastEthernet0/0.2 C 192.168.5.0/24 is directly connected, FastEthernet0/0.2 C 192.168.1.0/24 is directly connected, FastEthernet0/0.1 O E2 192.168.2.0/24 [110/1] via 192.168.1.1, 00:37:06, FastEthernet0/0.1 O IA 192.168.3.0/24 [110/2] via 192.168.1.1, 00:35:00, FastEthernet0/0.1 Router-CE-A1#
Looking back at our OSPF configurations, you can see that everything is configured to be a part of Area 0. However, we can actually see three different varieties of OSPF route in this output. The prefix 192.168.57.12/32 is an intraarea route originating from a C router at the same site as this CE router. Of the other two OSPF prefixes, 192.168.2.0/24 is external and 192.168.3.0/24 is considered an interarea route.
The external status for 192.168.2.0/24 is easy to understand, as this route originates from a third site that is also part of this VRF, but not configured for OSPF. In fact, this site is configured using static routes, as shown in Recipe 26.3. So this route really is external to OSPF.
The interarea status for 192.168.3.0/24, however, is a little more confusing because this prefix is injected from OSPF and is part of Area 0. As you can see from the OSPF database, this has happened because the PE router uses a Type 3 LSA (Summary-LSA) when advertising all internal prefixes learned from MP-BGP:
Router-CE-A1#show ip ospf database OSPF Router with ID (192.168.5.1) (Process ID 55) Router Link States (Area 0) Link ID ADV Router Age Seq# Checksum Link count 192.168.1.1 192.168.1.1 1161 0x80000004 0x00C2AF 1 192.168.5.1 192.168.5.1 1218 0x80000006 0x0097DE 2 192.168.57.12 192.168.57.12 1470 0x80000004 0x00AE6F 2 Net Link States (Area 0) Link ID ADV Router Age Seq# Checksum 192.168.1.5 192.168.5.1 1218 0x80000002 0x0086F8 192.168.5.12 192.168.57.12 1470 0x80000003 0x00DA16 Summary Net Link States (Area 0) Link ID ADV Router Age Seq# Checksum 192.168.3.0 192.168.1.1 1180 0x80000002 0x001EC4 Type-5 AS External Link States Link ID ADV Router Age Seq# Checksum Tag 192.168.2.0 192.168.1.1 1180 0x80000002 0x009115 3489661028 Router-CE-A1#
In a conventional OSPF situation, this prefix would be advertised throughout the area using Type 1 (Router-LSA) or Type 2 (Network-LSA) LSAs. Consequently, even though this prefix is part of the same area, it appears to come from another area.
This is often not a problem, but it can easily become a problem if you have other links between these sites. In this case, OSPF will always favor an intra-area route over an inter-area route, even if the MPLS network is the better path. You could get around this problem using a tunnel, as we did in Recipe 26.5, but OSPF has a more elegant solution using sham-links, which became available in IOS Version 12.2(8)T.
In this case, we want to configure an OSPF sham-link between the two OSPF PE routers inside the MPLS cloud. The sham link is essentially a tunnel, similar to an OSPF virtual link, except that it has this special function of maintaining LSA types across the cloud. We always recommend using loopback interfaces for the end points of any tunnel because they never go down. Consequently, if there is any path available through the MPLS cloud, the sham link will remain available.
To facilitate this, we will first create new loopback interfaces that are also members of the NetworkA VRF on both PE routers. Because we used the redistribute connected command in our MP-BGP configuration for this VRF, we don't need to explicitly add the IP addresses for these interfaces. They will be distributed automatically, saving us a step. Then we will configure the sham link in our OSPF routing instance for this VRF:
Router-PE1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router-PE1(config)#interface Loopback155 Router-PE1(config-if)#ip vrf forwarding NetworkA Router-PE1(config-if)#ip address 192.168.155.1 255.255.255.255 Router-PE1(config-if)#exit Router-PE1(config)#router ospf 155 vrf NetworkA Router-PE1(config-router)#area 0 sham-link 192.168.155.1 192.168.155.2 cost 10 Router-PE1(config-router)#redistribute bgp 100 subnets Router-PE1(config-router)#network 192.168.1.0 0.0.0.255 area 0 Router-PE1(config-router)#end Router-PE1#
We must apply the same nearly identical steps on the other PE router:
Router-PE2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router-PE2(config)#interface Loopback155 Router-PE2(config-if)#ip vrf forwarding NetworkA Router-PE2(config-if)#ip address 192.168.155.2 255.255.255.255 Router-PE2(config-if)#exit Router-PE2(config)#router ospf 155 vrf NetworkA Router-PE2(config-router)#area 0 sham-link 192.168.155.2 192.168.155.1 cost 10 Router-PE2(config-router)#redistribute bgp 100 subnets Router-PE2(config-router)#network 192.168.3.0 0.0.0.255 area 0 Router-PE2(config-router)#end Router-PE2#
Now when we look at the routing tables on the CE routers, all of the intra-area routes look like intra-area routes:
Router-CE-A1#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 192.168.57.0/32 is subnetted, 1 subnets O 192.168.57.12 [110/2] via 192.168.5.12, 01:25:24, FastEthernet0/0.2 C 192.168.5.0/24 is directly connected, FastEthernet0/0.2 C 192.168.1.0/24 is directly connected, FastEthernet0/0.1 192.168.155.0/32 is subnetted, 1 subnets O E2 192.168.155.1 [110/1] via 192.168.1.1, 01:25:24, FastEthernet0/0.1 O E2 192.168.2.0/24 [110/1] via 192.168.1.1, 01:25:24, FastEthernet0/0.1 O 192.168.3.0/24 [110/12] via 192.168.1.1, 01:25:26, FastEthernet0/0.1 Router-CE-A1#
We note in passing that this has added one prefix to the routing table, which is the loopback interface we added to the nearest PE router. Some engineers may be tempted to filter this out, as it is a prefix that has been added to the customer's routing table by the MPLS cloud. We discuss methods for filtering OSPF routes in Chapter 8, if the reader is interested in doing this. However, we would also caution against this idea, as it would be very easy for somebody within the customer's network to assign these addresses if they didn't appear in the routing table. This would immediately break the sham link and could cause very strange routing problems that would be difficult to troubleshoot.
See Also
Chapter 8; Recipe 26.1; Recipe 26.2; Recipe 26.3; Recipe 26.5
Router Configuration and File Management
Router Management
User Access and Privilege Levels
TACACS+
IP Routing
RIP
EIGRP
OSPF
BGP
Frame Relay
Handling Queuing and Congestion
Tunnels and VPNs
Dial Backup
NTP and Time
DLSw
Router Interfaces and Media
Simple Network Management Protocol
Logging
Access-Lists
DHCP
NAT
First Hop Redundancy Protocols
IP Multicast
IP Mobility
IPv6
MPLS
Security
Appendix 1. External Software Packages
Appendix 2. IP Precedence, TOS, and DSCP Classifications
Index