From: Scott M Vermillion (scott_ccie_list@it-ag.com)
Date: Sat Mar 21 2009 - 22:27:31 ART
Hi Gavin,
So imagine a scenario where you're running VRF-Lite - say, an office
building and you, as the SP, have multiple clients in this building.
You've set up VRF-Lite on a switch you control to keep the various
client routing isolated and so forth. Now you have a dot1q trunk
between this switch of yours on the customer premise and a true PE
within your SP network. At your PE, you're doing mutual
redistribution between MP-BGP and OSPF, the latter of which being your
PE-CE protocol of choice. The problem here is that this PE will
automatically (without any explicit configuration on the part of you,
the SP) be setting the down bit as prefixes from other VPN sites are
redistributed from MP-BGP into OSPF. So the lowly VRF-Lite box on the
customer premise is rejecting these routes as a loop prevention
mechanism (this the whole point of the down bit). The command
'capability vrf-lite' on your VRF-Lite box enlightens same as to its
own position as a VRF-Lite device within the topology. It can then
safely ignore the down bit and make use of the routes coming from the
PE.
That's as I have recently come to understand it and record it in my
notes, anyway. Time permitting during the upcoming week, I was
actually planning to modify an existing topology I have laying around
to support OSPF capability vrf-lite just so that I could see it all in
action and collect some packet capture of this whole down-bit thing.
LOL, I "lost" a good part of my study day today capturing and toying
with pw-wire xconnect (incidentally, Wireshark seems to have a minor
bug when it come to decoding encapsulated pw-wire traffic, at least
when it's native Ethernet being encapsulated for Cisco HDLC
transport)...
Regards,
Scott
On Mar 21, 2009, at 6:26 , Gavin Schokman wrote:
> Hi all,
>
> I've been playing with all things OSPF this weekend and I've hit a
> bit of a
> wall with one feature.
> The feature is "OSPF support for Multi-VR on CE Routers".
> Specifcally, I
> don't understand exactly what the "capability vrf-lite" command does.
>
> When using it in my environment, I don't see a difference between
> when I
> have the command in my configs and when it's not.
> Doing some digging on the net hasn't proven particularly helpful. Many
> references say it has something to do with suppressing PE checks
> without
> saying what those checks are.
> It may be that the scenarios I'm working on aren't making the effect
> of the
> "capability vrf-lite" command visible.
>
> Can someone please let me know what the command does and also what the
> "suppressed PE checks" are?
>
> Many thanks.
>
> Kind regards,
> Gavin
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Mon Apr 06 2009 - 06:44:06 ART