Re: Capability VRF Lite from Paul Negron on 2010-05-31 (Ccielab archives 05/2010)

From: Paul Negron <negron.paul_at_gmail.com>
Date: Mon, 31 May 2010 17:13:04 -0400
The routing bit is also not set when the down bit is set. That enables the
router to trust an MP-BGP route over a native OSPF route.
Paul
-- 
Paul Negron
CCSI#22752, CCIE# 14856 (SP)
www.MicronicsTraining.com
Sr. Technical Instructor
We offer R&S, SP, and Security CCIE Boot camps
YES! We take Cisco Learning Credits!
Training And Remote Racks available
> From: Muzammil Malick <malickmuz_at_gmail.com>
> Reply-To: Muzammil Malick <malickmuz_at_gmail.com>
> Date: Mon, 31 May 2010 20:54:45 +0100
> To: Carlos G Mendioroz <tron_at_huapi.ba.ar>
> Cc: Cisco certification <ccielab_at_groupstudy.com>
> Subject: Re: Capability VRF Lite
> 
> Hi Carlos
> I agree with the first point in that the down bit is used to prevent loops
> in mpls backbone but on the
> second point, I have tested this a few times with same result.
> 
> However having played about with this more since your last email I have
> found the following results.
> 
> If the CE is running VRFs and is configured with ospf multi-vrf towards PE
> we effectively extend the MPLS Superbackbone all the way to the CE,
> therefore the loop prevention on the PE kicks in and the CE receives routes
> with down bit set.
> 
> CE1#sh ip ospf 2 | i Superbackbone
>  Connected to MPLS VPN Superbackbone, VRF VPN_A
> 155.1.58.0 is a prefix at the remote CE site
> CE1#sh ip ospf database summ 155.1.58.0
> 
>             OSPF Router with ID (155.1.67.7) (Process ID 2)
> 
>                 Summary Net Link States (Area 1)
> 
>   Routing Bit Set on this LSA
>   LS age: 776
>   Options: (No TOS-capability, DC, *Downward) I have made a big assumption
> here that Downward means the Down bit has been set, feel free to shoot me
> down.*
> 
> I started by configuring capability vrf-lite on the PE and this solved the
> issue of the CE installing routes in the routing table for
> the particular VRF.
> However this stops the PE from connecting to the Superbackbone, which is
> obviously not a good idea.
> Before capability vrf-lite
> PE1#sh ip ospf 2 | i Superbackbone
>  Connected to MPLS VPN Superbackbone, VRF VPN_A
> After capability vrf-lite
> PE1#sh ip ospf 2 | i Superbackbone
> PE1#
> 
> Therefore configuring capability vrf-lite on the CE would be the correct
> behaviour because this allows routes recieved from the PE to be correctly
> installed
> in the routing table even if they have the down bit set and also disconnects
> the CE from the MPLS Superbackbone.
> 
> Everything I have written here is just what I observed when testing this so
> please can one of the experts clarify?
> 
> Thanks in advance.
> 
> 
> 
> 
> On 31 May 2010 19:54, Carlos G Mendioroz <tron_at_huapi.ba.ar> wrote:
> 
>>> Therefore CE1 can see these routes in ospf database with down bit set
>>> and never installs them in routing table.
>> 
>> I don't think this is the way it works. The down bit is used to prevent
>> loops in the mpls backbone. The CE sould use those routes w/o problem.
>> 
>> -Carlos
>> 
>> Muzammil Malick @ 31/5/2010 14:42 -0300 dixit:
>> 
>>> So I am running VRF lite on CE1 and peering via ospf to PE1.
>>> When PE1 redistributes bgp routes from remote site into OSPF and
>>> propagates them to CE1 they are sent as summary LSAs with the Down bit set.
>>> Therefore CE1 can see these routes in ospf database with down bit set and
>>> never installs them in routing table.
>>> However by setting capability vrf-lite on PE's ospf vrf process, the PE
>>> now sends route as external LSAs and to my understanding these LSAs are
>>> excepted from the Down bit check
>>> and are sent to CE1 as normal. CE1 now sees these as external LSAs and
>>> installs them in its routing table (VRF).
>>> 
>>> 
>>> On 31 May 2010 18:33, Carlos G Mendioroz <tron_at_huapi.ba.ar <mailto:
>>> tron_at_huapi.ba.ar>> wrote:
>>> 
>>>    Would you please tell me what "problem" is that you solved ?
>>>    -Carlos
>>> 
>>>    Muzammil Malick @ 31/5/2010 9:21 -0300 dixit:
>>> 
>>>        Hi
>>> 
>>>        I have been studying the use of the capability vrf-lite command
>>>        and I
>>>        was wondering whether there is any difference/issue
>>>        when configuring this on the PE or CE.
>>> 
>>>        For example my PE is redistributing BGP into OSPF and sending
>>>        OSPF routes to
>>>        CE with down bit set. So I configured capability vrf-lite
>>>        command on PE and this solved the problem. But I read somewhere
>>> that
>>>        this should be configured on the CE.
>>> 
>>> 
>>>        Blogs and organic groups at http://www.ccie.net
>>> 
>>> 
>>>  _______________________________________________________________________
>>>        Subscription information may be found at:
>>>        http://www.groupstudy.com/list/CCIELab.html
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>>    --     Carlos G Mendioroz  <tron_at_huapi.ba.ar <mailto:tron_at_huapi.ba.ar
>>>>> 
>>>     LW7 EQI  Argentina
>>> 
>>> 
>>> 
>> --
>> Carlos G Mendioroz  <tron_at_huapi.ba.ar>  LW7 EQI  Argentina
> 
> 
> Blogs and organic groups at http://www.ccie.net
> 
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Mon May 31 2010 - 17:13:04 ART
This archive was generated by hypermail 2.2.0 : Tue Jun 01 2010 - 07:09:54 ART