Thursday, June 10, 2010

MPLS VPN's and OSPF in the VRF's

I wanted to post a quick tidbit today regarding MPLS VPN's that use OSPF in the VRF's.  Consider a topology that looks like so:


Now R6 and R5 are the CE routers, and of course R3 and R0 are the PE routers.  The PE->CE routing protocol is OSPF in this instance.  I want to talk about how the routes look on the CE routers after they are learned via OSPF, redistributed into BGP, sent across the wire, and redistributed back into OSPF and sent to the other CE router.  A unique id comes into play here, it is called the OSPF domain-id.  This IS a configurable parameter under the OSPF process, but by default is derived from the process id if not specified in the configuration.

Here is my initial OSPF configs on R0, R3, and the routing table on R6 (the CE device):

R0#show run | b ospf
router ospf 200 vrf VRF_B
log-adjacency-changes
redistribute bgp 200 subnets
network 10.0.0.0 0.255.255.255 area 0


R3#show run | b ospf
router ospf 200 vrf VRF_A
log-adjacency-changes
redistribute bgp 200 subnets
network 10.0.0.0 0.255.255.255 area 0

R6#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

172.16.0.0/24 is subnetted, 1 subnets
C 172.16.0.0 is directly connected, Loopback0
192.168.5.0/32 is subnetted, 1 subnets
O IA 192.168.5.5 [110/3] via 10.10.60.10, 00:00:00, FastEthernet0/0
10.0.0.0/24 is subnetted, 2 subnets
O IA 10.10.53.0 [110/2] via 10.10.60.10, 00:00:00, FastEthernet0/0
C 10.10.60.0 is directly connected, FastEthernet0/0


Notice the OSPF process-id's are the same in this instance. Therefore the domain-id derived from the id's is the same, and the routes will show up as OSPF inter-area routes. So what happens if one side is different in regards to the OSPF process-id?


R0#show run | b ospf
router ospf 200 vrf VRF_B
log-adjacency-changes
redistribute bgp 200 subnets
network 10.0.0.0 0.255.255.255 area 0


R3#show run | b ospf
router ospf 2 vrf VRF_A
log-adjacency-changes
redistribute bgp 200 subnets
network 10.0.0.0 0.255.255.255 area 0


R6#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

172.16.0.0/24 is subnetted, 1 subnets
C 172.16.0.0 is directly connected, Loopback0
192.168.5.0/32 is subnetted, 1 subnets
O E2 192.168.5.5 [110/2] via 10.10.60.10, 00:00:00, FastEthernet0/0
10.0.0.0/24 is subnetted, 2 subnets
O E2 10.10.53.0 [110/1] via 10.10.60.10, 00:00:00, FastEthernet0/0
C 10.10.60.0 is directly connected, FastEthernet0/0



Hmmm. Interesting...they show up as OSPF external type 2 routes. This is the normal OSPF redistribution behavior. So it shows as we expected here. So lets take a bit closer look at how we can get them back to inter-area routes if the situation we were facing were to dictate that we could NOT use the same OSPF processes. Here's another code snippet, and I will explain what I did after it:


R0#show run | b ospf
router ospf 200 vrf VRF_B
log-adjacency-changes
redistribute bgp 200 subnets
network 10.0.0.0 0.255.255.255 area 0


R3#show run | b ospf
router ospf 2 vrf VRF_A
domain-id type 0005 value 000000C80200 ---- READ BELOW
log-adjacency-changes
redistribute bgp 200 subnets
network 10.0.0.0 0.255.255.255 area 0


R6#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

172.16.0.0/24 is subnetted, 1 subnets
C 172.16.0.0 is directly connected, Loopback0
192.168.5.0/32 is subnetted, 1 subnets
O IA 192.168.5.5 [110/3] via 10.10.60.10, 00:00:00, FastEthernet0/0
10.0.0.0/24 is subnetted, 2 subnets
O IA 10.10.53.0 [110/2] via 10.10.60.10, 00:00:00, FastEthernet0/0
C 10.10.60.0 is directly connected, FastEthernet0/0




So the one difference in this code from the last code is that one line under the OSPF process on router 3. The DOMAIN-ID command. So how was this derived? Lets first looks at the results of some output on R0 and R3:


R0#show ip bgp vpnv4 all 192.168.5.5
BGP routing table entry for 3.3.3.3:1:192.168.5.5/32, version 22
Paths: (1 available, best #1, no table)
Flag: 0x820
Not advertised to any peer
Local
3.3.3.3 (metric 3) from 3.3.3.3 (33.33.33.33)
Origin incomplete, metric 2, localpref 100, valid, internal, best
Extended Community: RT:3:1 OSPF DOMAIN ID:0x0005:0x000000020200
OSPF RT:0.0.0.0:2:0 OSPF ROUTER ID:10.10.53.3:0
mpls labels in/out nolabel/26
BGP routing table entry for 10.10.10.10:1:192.168.5.5/32, version 25
Paths: (1 available, best #1, table VRF_B)
Flag: 0x820
Not advertised to any peer
Local, imported path from 3.3.3.3:1:192.168.5.5/32
3.3.3.3 (metric 3) from 3.3.3.3 (33.33.33.33)
Origin incomplete, metric 2, localpref 100, valid, internal, best
Extended Community: RT:3:1 OSPF DOMAIN ID:0x0005:0x000000020200
OSPF RT:0.0.0.0:2:0 OSPF ROUTER ID:10.10.53.3:0
mpls labels in/out nolabel/26




R3(config-router)#do show ip bgp vpn all 172.16.0.6
BGP routing table entry for 3.3.3.3:1:172.16.0.6/32, version 5
Paths: (1 available, best #1, table VRF_A)
Not advertised to any peer
Local, imported path from 10.10.10.10:1:172.16.0.6/32
10.10.10.10 (metric 3) from 10.10.10.10 (10.10.10.10)
Origin incomplete, metric 2, localpref 100, valid, internal, best
Extended Community: RT:10:1 OSPF DOMAIN ID:0x0005:0x000000C80200
OSPF RT:0.0.0.0:2:0 OSPF ROUTER ID:10.10.60.10:0
mpls labels in/out nolabel/23
BGP routing table entry for 10.10.10.10:1:172.16.0.6/32, version 3
Paths: (1 available, best #1, no table)
Not advertised to any peer
Local
10.10.10.10 (metric 3) from 10.10.10.10 (10.10.10.10)
Origin incomplete, metric 2, localpref 100, valid, internal, best
Extended Community: RT:10:1 OSPF DOMAIN ID:0x0005:0x000000C80200
OSPF RT:0.0.0.0:2:0 OSPF ROUTER ID:10.10.60.10:0
mpls labels in/out nolabel/23



So I highlighted the important parts of these show commands. The domain-id portion. Lets examine further. R0 shows R3's domain-id that is associated with the received routes as "OSPF DOMAIN ID:0x0005:0x000000020200." The first 0x0005 is considered the TYPE portion of it. There are 4 defined types in the IOS that I am using and they are:

0005 Type 0x0005
0105 Type 0x0105
0205 Type 0x0205
8005 Type 0x8005


The second portion being 000000020200 is a bit more interesting. If you take away the first 2 octects on the right you are left with 00000002, converted to binary and back to decimal you will get the domain ID....2. This corresponds with the OSPF process number of 2 on R3.

Lets looks at the other one, the domain-id for R0 as seen by R3. It is "OSPF DOMAIN ID:0x0005:0x000000C80200." Breaking it down again we have a domain-id with a type of 5, and a global administrator id of C8. Again broken down into binary this leaves us with 1100 1000, C and 8 respectively. If we calculate the decimal value of that we will get 200, which is the OSPF process number for R0...brilliant.

So that should give you some insight now, into the command I used above under the R3's OSPF process: domain-id type 0005 value 000000C80200. I merely looked at the output of the show commands above, and made R3's domain-id equal to R0's, and voila, the routes showed back up as inter-area routes instead of external type 2's. There is an easier way to set it though....you can declare null. Hope you enjoyed this. If you have any insight, please feel free to comment!

Thursday, June 3, 2010

Work, Work, Work

Been a while.  Sorry, last week took a CVOICE class with New Horizons under the guidance of a one Ken Peterson, CCIE.  Great instructor, and a fabulous course.  I am not that all into voice right now, but the material and labs were very interesting.  Cheers to the guys at .nil as well for their remote voice labs.   Those area a hard thing to pull off, and they did it well.

So I have been drudging through the MPLS fundamentals book with Definitive MPLS design "on-deck."  I have to say...the fundamentals book is kind of a hard read in my opinion.  I am definitely going to have to keep it close for reference as it contains alot of good facts.  I have now labbed full MPLS VPN scenarios twice, with both RIP and EIGRP running on the vrf's.  I have got my head firmly wrapped around the topics of RD's and RT's, so I have moved on to TE.  I will try to post some labbish' stuff shortly.  With networkers coming quick though, I need to wrap this stuff up fundamentals wise because I test on it the end of networkers week.