PE-CE Communication via OSPF
Problem
You want to use OSPF to exchange routing information between the CE and PE routers.
Solution
You can use OSPF to exchange customer routing information between the CE and PE routers at each site. For this example, we will configure OSPF for the CE to PE IGP at Customer A's Sites 1 and 2, but not 3, so that we can show some of the idiosyncrasies of MP-BGP route redistribution.
First we will configure the CE routers. We will use two OSPF network statements on the router at Site 1. The first, 192.168.1.0/24, allows this router to communicate with the PE router, while the second, 192.168.5.0/24, includes downstream devices in the OSPF network:
Router-CE-A1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router-CE-A1(config)#router ospf 55
Router-CE-A1(config-router)#network 192.168.1.0 0.0.0.255 area 0
Router-CE-A1(config-router)#network 192.168.5.0 0.0.0.255 area 0
Router-CE-A1(config-router)#end
Router-CE-A1#
And the CE router at the second site will use only one network statement:
Router-CE-A2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router-CE-A2(config)#router ospf 55
Router-CE-A2(config-router)#network 192.168.3.0 0.0.0.255 area 0
Router-CE-A2(config-router)#end
Router-CE-A2#
For the corresponding configuration on the PE routers, we need to create a new OSPF process that is associated with this VRF, and we need to configure the appropriate redistribution:
Router-PE1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router-PE1(config)#router ospf 155 vrf NetworkA
Router-PE1(config-router)#redistribute bgp 100 subnets
Router-PE1(config-router)#network 192.168.1.0 0.0.0.255 area 0
Router-PE1(config-router)#exit
Router-PE1(config)#router bgp 100
Router-PE1(config-router)#address-family ipv4 vrf NetworkA
Router-PE1(config-router-af)#redistribute ospf 155
Router-PE1(config-router-af)#exit-address-family
Router-PE1(config-router)#end
Router-PE1#
The configuration on the other PE router is similar:
Router-PE2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router-PE2(config)#router ospf 155 vrf NetworkA
Router-PE2(config-router)#redistribute bgp 100 subnets
Router-PE2(config-router)#network 192.168.3.0 0.0.0.255 area 0
Router-PE2(config-router)#exit
Router-PE2(config)#router bgp 100
Router-PE2(config-router)#address-family ipv4 vrf NetworkA
Router-PE2(config-router-af)#redistribute ospf 155
Router-PE2(config-router-af)#exit-address-family
Router-PE2(config-router)#end
Router-PE2#
Discussion
Before going into this example, we need to remind the reader that these configuration excerpts are not complete. They assume that the routers have already been configured for their CE and PE roles and that MPLS is functioning end-to-end, as shown in Recipes 26.1, 26.2, and 26.3.
Unlike the RIP example shown in Recipe 26.5, this OSPF example does extend the customer OSPF network across the MPLS cloud. However, it does so in a slightly odd way, which you can see from looking at the output of a show ip route command on one of the CE routers:
Router-CE-A1#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
192.168.57.0/32 is subnetted, 1 subnets
O 192.168.57.12 [110/2] via 192.168.5.12, 00:37:06, FastEthernet0/0.2
C 192.168.5.0/24 is directly connected, FastEthernet0/0.2
C 192.168.1.0/24 is directly connected, FastEthernet0/0.1
O E2 192.168.2.0/24 [110/1] via 192.168.1.1, 00:37:06, FastEthernet0/0.1
O IA 192.168.3.0/24 [110/2] via 192.168.1.1, 00:35:00, FastEthernet0/0.1
Router-CE-A1#
Looking back at our OSPF configurations, you can see that everything is configured to be a part of Area 0. However, we can actually see three different varieties of OSPF route in this output. The prefix 192.168.57.12/32 is an intraarea route originating from a C router at the same site as this CE router. Of the other two OSPF prefixes, 192.168.2.0/24 is external and 192.168.3.0/24 is considered an interarea route.
The external status for 192.168.2.0/24 is easy to understand, as this route originates from a third site that is also part of this VRF, but not configured for OSPF. In fact, this site is configured using static routes, as shown in Recipe 26.3. So this route really is external to OSPF.
The interarea status for 192.168.3.0/24, however, is a little more confusing because this prefix is injected from OSPF and is part of Area 0. As you can see from the OSPF database, this has happened because the PE router uses a Type 3 LSA (Summary-LSA) when advertising all internal prefixes learned from MP-BGP:
Router-CE-A1#show ip ospf database
OSPF Router with ID (192.168.5.1) (Process ID 55)
Router Link States (Area 0)
Link ID ADV Router Age Seq# Checksum Link count
192.168.1.1 192.168.1.1 1161 0x80000004 0x00C2AF 1
192.168.5.1 192.168.5.1 1218 0x80000006 0x0097DE 2
192.168.57.12 192.168.57.12 1470 0x80000004 0x00AE6F 2
Net Link States (Area 0)
Link ID ADV Router Age Seq# Checksum
192.168.1.5 192.168.5.1 1218 0x80000002 0x0086F8
192.168.5.12 192.168.57.12 1470 0x80000003 0x00DA16
Summary Net Link States (Area 0)
Link ID ADV Router Age Seq# Checksum
192.168.3.0 192.168.1.1 1180 0x80000002 0x001EC4
Type-5 AS External Link States
Link ID ADV Router Age Seq# Checksum Tag
192.168.2.0 192.168.1.1 1180 0x80000002 0x009115 3489661028
Router-CE-A1#
In a conventional OSPF situation, this prefix would be advertised throughout the area using Type 1 (Router-LSA) or Type 2 (Network-LSA) LSAs. Consequently, even though this prefix is part of the same area, it appears to come from another area.
This is often not a problem, but it can easily become a problem if you have other links between these sites. In this case, OSPF will always favor an intra-area route over an inter-area route, even if the MPLS network is the better path. You could get around this problem using a tunnel, as we did in Recipe 26.5, but OSPF has a more elegant solution using sham-links, which became available in IOS Version 12.2(8)T.
In this case, we want to configure an OSPF sham-link between the two OSPF PE routers inside the MPLS cloud. The sham link is essentially a tunnel, similar to an OSPF virtual link, except that it has this special function of maintaining LSA types across the cloud. We always recommend using loopback interfaces for the end points of any tunnel because they never go down. Consequently, if there is any path available through the MPLS cloud, the sham link will remain available.
To facilitate this, we will first create new loopback interfaces that are also members of the NetworkA VRF on both PE routers. Because we used the redistribute connected command in our MP-BGP configuration for this VRF, we don't need to explicitly add the IP addresses for these interfaces. They will be distributed automatically, saving us a step. Then we will configure the sham link in our OSPF routing instance for this VRF:
Router-PE1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router-PE1(config)#interface Loopback155
Router-PE1(config-if)#ip vrf forwarding NetworkA
Router-PE1(config-if)#ip address 192.168.155.1 255.255.255.255
Router-PE1(config-if)#exit
Router-PE1(config)#router ospf 155 vrf NetworkA
Router-PE1(config-router)#area 0 sham-link 192.168.155.1 192.168.155.2 cost 10
Router-PE1(config-router)#redistribute bgp 100 subnets
Router-PE1(config-router)#network 192.168.1.0 0.0.0.255 area 0
Router-PE1(config-router)#end
Router-PE1#
We must apply the same nearly identical steps on the other PE router:
Router-PE2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router-PE2(config)#interface Loopback155
Router-PE2(config-if)#ip vrf forwarding NetworkA
Router-PE2(config-if)#ip address 192.168.155.2 255.255.255.255
Router-PE2(config-if)#exit
Router-PE2(config)#router ospf 155 vrf NetworkA
Router-PE2(config-router)#area 0 sham-link 192.168.155.2 192.168.155.1 cost 10
Router-PE2(config-router)#redistribute bgp 100 subnets
Router-PE2(config-router)#network 192.168.3.0 0.0.0.255 area 0
Router-PE2(config-router)#end
Router-PE2#
Now when we look at the routing tables on the CE routers, all of the intra-area routes look like intra-area routes:
Router-CE-A1#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
192.168.57.0/32 is subnetted, 1 subnets
O 192.168.57.12 [110/2] via 192.168.5.12, 01:25:24, FastEthernet0/0.2
C 192.168.5.0/24 is directly connected, FastEthernet0/0.2
C 192.168.1.0/24 is directly connected, FastEthernet0/0.1
192.168.155.0/32 is subnetted, 1 subnets
O E2 192.168.155.1 [110/1] via 192.168.1.1, 01:25:24, FastEthernet0/0.1
O E2 192.168.2.0/24 [110/1] via 192.168.1.1, 01:25:24, FastEthernet0/0.1
O 192.168.3.0/24 [110/12] via 192.168.1.1, 01:25:26, FastEthernet0/0.1
Router-CE-A1#
We note in passing that this has added one prefix to the routing table, which is the loopback interface we added to the nearest PE router. Some engineers may be tempted to filter this out, as it is a prefix that has been added to the customer's routing table by the MPLS cloud. We discuss methods for filtering OSPF routes in Chapter 8, if the reader is interested in doing this. However, we would also caution against this idea, as it would be very easy for somebody within the customer's network to assign these addresses if they didn't appear in the routing table. This would immediately break the sham link and could cause very strange routing problems that would be difficult to troubleshoot.