Extending your OSPF Domain through MPLS

This post is about extending your OSPF routing domain through a VRF in a MPLS backbone. If you are unfamiliar with the MPLS side of things check the previous post out. This post only focuses on the PE/CE side of things, it assumes that a working MPLS backbone has been set up.

Then you have the choice of if you plan on using the MPLS link as a primary link or as a backup.

Here is the topology:

OSPFVRF

 

This is very similar to the topology in the Simple MPLS VPN post. There is one key physical difference – there is a link between Zeus and Poseidon. This is so that I can show you the options for choosing between using your MPLS path and your native MPLS path later on.

Step 1 Basic MPLS

As per the last post, I have set up MPLS on the links between the P and PE routers, enabled OSPF as the IGP, set up an iBGP session between the PE routers and configured the VRF. What I have not done is enable an eBGP session between the CE and PE routers.

Step 2 Basic OSPF

First, we give Zeus and Poseidon some IP addresses, and enable OSPF area 0 on them.

Zeus(config)#interface Loopback0
Zeus(config-if)# ip address 203.0.113.254 255.255.255.255
Zeus(config-if)#interface FastEthernet0/0
Zeus(config-if)# ip address 203.0.113.2 255.255.255.252
Zeus(config-if)#interface FastEthernet0/1
Zeus(config-if)# ip address 203.0.113.9 255.255.255.252
Zeus(config-if)#router ospf 10
Zeus(config-router)# network 203.0.113.2 0.0.0.0 area 0
Zeus(config-router)# network 203.0.113.9 0.0.0.0 area 0
Zeus(config-router)# network 203.0.113.254 0.0.0.0 area 0
Poseidon(config)#interface Loopback0
Poseidon(config-if)# ip address 203.0.113.253 255.255.255.255
Poseidon(config-if)#interface FastEthernet0/0
Poseidon(config-if)# ip address 203.0.113.6 255.255.255.252
Poseidon(config-if)#interface FastEthernet0/1
Poseidon(config-if)# ip address 203.0.113.10 255.255.255.252
Poseidon(config-if)#router ospf 10
Poseidon(config-router)# network 203.0.113.6 0.0.0.0 area 0
Poseidon(config-router)# network 203.0.113.10 0.0.0.0 area 0
Poseidon(config-router)# network 203.0.113.253 0.0.0.0 area 0

This will bring OSPF up, hopefully this is pretty straight forward.

Step 3 Basic OSPF in a VRF

Alright, now for something new. We need to configure OSPF on our PE routers. This is slightly different to normal OSPF, because it must run within a VRF. The other thing to do is have these routes propagated across the MPLS core. This is done by redistributing the OSPF routes into the MBGP and then conversely redistribute from BGP into OSPF. This is all configured on the PE routers:

Njord(config)#router ospf 10 vrf Olympus
Njord(config-router)# redistribute bgp 64496 subnets
Njord(config-router)# network 203.0.113.5 0.0.0.0 area 0
Njord(config-router)#
Njord(config-router)#router bgp 64496
Njord(config-router)# address-family ipv4 vrf Olympus
Njord(config-router-af)# redistribute ospf 10 vrf Olympus
Thor(config)#router ospf 10 vrf Olympus
Thor(config-router)# redistribute bgp 64496 subnets
Thor(config-router)# network 203.0.113.1 0.0.0.0 area 0
Thor(config-router)#router bgp 64496
Thor(config-router)# address-family ipv4 vrf Olympus
Thor(config-router-af)# redistribute ospf 10 vrf Olympus

Notice the vrf Olympus when defining the OSPF process on the PE.

Now, to show the routes propagating through the MPLS backbone I have shut down the link between Zeus and Poseidon.

Poseidon#show ip route
 203.0.113.0/24 is variably subnetted, 5 subnets, 2 masks
O IA 203.0.113.254/32 [110/3] via 203.0.113.5, 00:19:21, FastEthernet0/0
C 203.0.113.253/32 is directly connected, Loopback0
O IA 203.0.113.8/30 [110/3] via 203.0.113.5, 00:19:21, FastEthernet0/0
O IA 203.0.113.0/30 [110/2] via 203.0.113.5, 00:19:21, FastEthernet0/0
C 203.0.113.4/30 is directly connected, FastEthernet0/0
Poseidon#ping 203.0.113.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 203.0.113.254, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 72/80/96 ms
Poseidon#traceroute 203.0.113.254
Type escape sequence to abort.
Tracing the route to 203.0.113.254
 1 203.0.113.5 16 msec 28 msec 20 msec
 2 198.51.100.5 [MPLS: Labels 16/19 Exp 0] 72 msec 80 msec 72 msec
 3 203.0.113.1 [MPLS: Label 19 Exp 0] 80 msec 48 msec 72 msec
 4 203.0.113.2 92 msec * 72 msec

Yay! So it’s all working nicely and we can go home and drink hot chocolate right.

Well, not quite. While this works fine, notice the output from show ip route? These routes are shown as interarea routes. Why is that important? Well, if you think about the way OSPF works – internal, as in intraarea routes are always preferred over interarea routes.

So it’s fine presuming you never want to use the MPLS route unless your non-MPLS route fails. It’s a backup only.

But what if you want to use the MPLS route as the primary? Either permanently, or during a controlled maintenance window? This is where sham-links come in. They are basically a point-to-point OSPF link through the MPLS core that ensure the routes stay intra-area.


Configuring a Sham-link

Basic steps are, configure a loopback on your two PE routers in the VRF, advertise this PE route via BGP and OSPF and then configure a sham-link between the two in OSPF.

Njord(config)#interface Loopback10
Njord(config-if)# ip vrf forwarding Olympus
Njord(config-if)# ip address 203.0.113.251 255.255.255.255
Njord(config-if)#
Njord(config-if)#router ospf 10 vrf Olympus
Njord(config-router)# area 0 sham-link 203.0.113.251 203.0.113.252
Njord(config-router)# network 203.0.113.251 0.0.0.0 area 0
Njord(config-router)#
Njord(config-router)#router bgp 64496
Njord(config-router)# address-family ipv4 vrf Olympus
Njord(config-router-af)# network 203.0.113.251 mask 255.255.255.255
Thor(config)#interface Loopback10
Thor(config-if)#ip vrf forwarding Olympus
Thor(config-if)#ip address 203.0.113.252 255.255.255.255
Thor(config-if)#router ospf 10 vrf Olympus
Thor(config-router)#area 0 sham-link 203.0.113.252 203.0.113.251
Thor(config-router)#network 203.0.113.252 0.0.0.0 area 0
Thor(config-router)#router bgp 64496
Thor(config-router)#address-family ipv4 vrf Olympus
Thor(config-router-af)#network 203.0.113.252 mask 255.255.255.255

 

Note, there is a bit of a random bug/feature here that seems IOS dependant. The issue causes the sham-link to continually come up, and then goes down again. I was left chasing around for a bit, thinking I was having MTU issues or some such thing, but nope. When the sham-link comes up, the route for the loopback of the far end of the sham-link changes from an iBGP route (ad 200) to an internal OSPF route (ad 110). Which causes the link to go down. I need to check which versions of IOS this causes an issue, because it didn’t seem to be entirely common/consistent. There is a quick fix for this – which may or may not be ideal – but change the AD of OSPF on the PE routers.

router ospf 10 vrf Olympus
 distance 210

This keeps the far end loopback as an iBGP route and everything stays stable. You could also lower the AD of the iBGP network.

Anyhow, back to the topic at hand.

Poseidon#show ip route
 203.0.113.0/24 is variably subnetted, 7 subnets, 2 masks
O 203.0.113.251/32 [110/2] via 203.0.113.5, 00:02:17, FastEthernet0/0
O 203.0.113.254/32 [110/4] via 203.0.113.5, 00:02:17, FastEthernet0/0
O 203.0.113.252/32 [110/3] via 203.0.113.5, 00:02:17, FastEthernet0/0
C 203.0.113.253/32 is directly connected, Loopback0
O 203.0.113.8/30 [110/4] via 203.0.113.5, 00:02:17, FastEthernet0/0
O 203.0.113.0/30 [110/3] via 203.0.113.5, 00:02:17, FastEthernet0/0
C 203.0.113.4/30 is directly connected, FastEthernet0/0

Yay, they are now all internal routes. Woo.

If you want to do a bit of path-cost engineering it’s a little different to usual. You could cost the path between the PE and CEs, but the other option is to cost the sham-link.

This is done by changing the sham-link command to:

Njord(config-router)#area 0 sham-link 203.0.113.251 203.0.113.252 cost 10

Or cost whatever you want.

Yay, you now have one big contiguous area 0. Ain’t life grand?

This entry was posted in Config, IOS, MPLS, OSPF, Sham-link by Tom. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *