RE: MPLS VPN OSPF "domain-id" issue

From: Roman Rodichev <romangs_at_iementor.com>
Date: Mon, 15 Feb 2010 15:32:14 -0600

your SW1 OSPF process is vrf-enabled, hence it's going to use loop
prevention check by rejecting type 3 ospf routes with down bit set by R6.
When you make routes external (different domain-id), then down bit no longer
applies (normally domain tag is used for loop prevention then). Try
configuring "capability vrf-lite" on sw1.

Regards,

Roman Rodichev
6xCCIE #7927 (R&S, Security, Voice, Storage, Service Provider, Wireless)
Instructor, Content Developer
ieMentor Corporation http://www.iementor.com
Y!M: roman7927

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
Muhammad Anser Khan
Sent: Monday, February 15, 2010 2:52 PM
To: Cisco Group
Subject: MPLS VPN OSPF "domain-id" issue

Dear Experts,

What I understand that, If domain-id is same on both PE, then routes will be
visible as LSA type 3 on other CE site. And If domain-id is changed then LSA
type 5.

But I am stuck in a weird issue:

If I set the domain-id same on both PEs then I cannot see any route from
other CE in the routing table but in the database whereas other site can the
site A routes as an Internal.

Following is my configuration and the output:

Both are in same VPN_A (both CE are in same Area 1)

SW1 >> R6 >> R5 >> SW2
(CE >> PE) >>( PE >> CE)

Config SW1:

router ospf 10 vrf VPN_A
 log-adjacency-changes
 network 0.0.0.0 255.255.255.255 area 1

Config R6:

!
router ospf 10 vrf VPN_A
 domain-id 0.0.0.6
 log-adjacency-changes
 redistribute bgp 100 subnets
 network 0.0.0.0 255.255.255.255 area 1
!

router bgp 100
!
 address-family ipv4 vrf VPN_A
  redistribute ospf 10 vrf VPN_A
  no synchronization
 exit-address-family
!

Config R5:

!
router ospf 10 vrf VPN_A
 domain-id 0.0.0.5
 log-adjacency-changes
 redistribute bgp 100 subnets
 network 0.0.0.0 255.255.255.255 area 1
!

router bgp 100
!
 address-family ipv4 vrf VPN_A
  redistribute ospf 10 vrf VPN_A
  no synchronization
 exit-address-family
!

Config SW2:

!
router ospf 10
 log-adjacency-changes
 network 0.0.0.0 0.0.0.0 area 1
!

======================

OUTPUT:

>>>>>>> When domain-id is different:

SW1:

Rack1SW1#sh ip route vrf VPN_A ospf 10

Routing Table: VPN_A

     155.1.0.0/24 is subnetted, 2 subnets
O E2 155.1.58.0 [110/1] via 155.1.76.6, 00:11:49, Vlan76
     172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
O E2 172.16.8.8/32 [110/2] via 155.1.76.6, 00:11:46, Vlan76

>>>>>> When domain-id is same:

Rack1SW1#sh ip route vrf VPN_A ospf 10

Routing Table: VPN_A

>>>>>> But in the ospf database. I can see the prefixes as a Summary
>>>>>> LSA

Rack1SW1#sh ip ospf 10 data

            OSPF Router with ID (172.16.7.7) (Process ID 10)

                Router Link States (Area 1)

Link ID ADV Router Age Seq# Checksum Link count
155.1.76.6 155.1.76.6 1727 0x8000000A 0x00DF8A 1
172.16.7.7 172.16.7.7 1723 0x8000000E 0x00C80B 2

                Net Link States (Area 1)

Link ID ADV Router Age Seq# Checksum
155.1.76.7 172.16.7.7 1723 0x80000007 0x00D3EB

                Summary Net Link States (Area 1)

Link ID ADV Router Age Seq# Checksum
155.1.58.0 155.1.76.6 22 0x80000001 0x00DD18
172.16.8.8 155.1.76.6 22 0x80000001 0x002DD1
Rack1SW1#

==================================

OUTPUT on SW2:

>>>>>> When domain-id is different:

Rack1SW2#sh ip route ospf
     155.1.0.0/24 is subnetted, 4 subnets
O E2 155.1.76.0 [110/1] via 155.1.58.5, 00:12:43, Vlan58
     172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks
O E2 172.16.7.7/32 [110/2] via 155.1.58.5, 00:12:15, Vlan58
O 172.16.5.5/32 [110/2] via 155.1.58.5, 00:12:43, Vlan58
O E2 192.168.6.0/24 [110/1] via 155.1.58.5, 00:12:43, Vlan58

>>>>>>> When domain id is same:

Rack1SW2#sh ip route ospf
     155.1.0.0/24 is subnetted, 4 subnets
O IA 155.1.76.0 [110/2] via 155.1.58.5, 00:00:00, Vlan58
     172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks
O IA 172.16.7.7/32 [110/3] via 155.1.58.5, 00:00:00, Vlan58
O 172.16.5.5/32 [110/2] via 155.1.58.5, 00:12:44, Vlan58
O E2 192.168.6.0/24 [110/1] via 155.1.58.5, 00:12:44, Vlan58

=================================================================

I dont know why routes are not coming in the routing table when domain-id is
same?

Please suggest or correct my understanding and commands as well.

Regards,
Anser

Blogs and organic groups at http://www.ccie.net
Received on Mon Feb 15 2010 - 15:32:14 ART

This archive was generated by hypermail 2.2.0 : Mon Mar 01 2010 - 06:28:36 ART