Re: Capability vrf-lite from Malik Nouman Ahmad on 2011-03-09 (Ccielab archives 03/2011)

From: Malik Nouman Ahmad <djmalik_at_gmail.com>
Date: Wed, 9 Mar 2011 16:18:32 +0300

Thanks Brian and Dia for nice explanation. What about ISIS, do we have
similar feature there as well?

Regards,
Malik

On Wed, Mar 9, 2011 at 8:47 AM, Brian McGahan <bmcgahan_at_ine.com> wrote:

> The down bit is only used in Type-3 LSAs. If the router has a
> VRF-aware OSPF process and a Type-3 LSA is received with the down bit, the
> LSA will continue to be flooded, but it will not be installed in the routing
> table. This prevents a Type-3 LSA from being redistributed from VPNv4 into
> OSPF, and then back from OSPF into VPNv4. You don't have to configure
> anything to set the down bit, it is required per the standard to be
> automatically set anytime a Type-3 LSA is originated from VPNv4 BGP into
> OSPF on the PE. "capability vrf-lite" says that these routes can be
> installed in the routing table even if they have the down bit. This should
> be set on any device (typically the CE) that has a VRF-aware OSPF process,
> but is not redistributing into VPNv4 BGP.
>
> For Type-5 LSAs, the BGP AS is automatically encoded in the route
> tag value as the domain-tag. This prevents a Type-5 LSA from being
> redistributed from VPNv4 into OSPF, and then back from OSPF into VPNv4.
>
> For more info see http://tools.ietf.org/html/rfc4577#section-4.2.5
>
>
> HTH,
>
> Brian McGahan, CCIE #8593 (R&S/SP/Security)
> bmcgahan_at_INE.com
>
> Internetwork Expert, Inc.
> http://www.INE.com
>
>
>
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
> ALL From_NJ
> Sent: Tuesday, March 08, 2011 11:22 PM
> To: dia.aliou_at_gmail.com
> Cc: Malik Nouman Ahmad; Cisco certification
> Subject: Re: Capability vrf-lite
>
> Hey team,
>
> Nice email thread. To make sure I understand, do please let me know if I
> have this right.
>
> A CE or OSPF routing domain has multiple VRFs. These routes have been
> advertised the to the PE. Since these come from another VRF previously,
> they have the DN bit set for type 3, 5, and 7.
>
> The PE would normally drop these since it believes there is a loop ... but
> this feature tells the PE to not drop these and allow these LSAs. So this
> needs to be configured only on the PE? That is a little confusing to me.
> Is this correct?
>
> This link is good:
>
> http://www.cisco.com/en/US/docs/ios/12_0st/12_0st21/feature/guide/ospfvrfl.html
>
> Towards the end of this link it has the justification for this feature.
>
> Do please let me know if I understand this right. From the lab
> perspective,
> I would imagine having a PE to CE ospf link, and somewhere in the OSPF
> domain, there is a multiVRF scenario and redistribution into the OSPF
> domain
> is occurring.
>
> I appreciate your respond in advance! Have a good night,
>
> Andrew
>
>
> .
>
>
> On Tue, Mar 8, 2011 at 4:27 AM, dia.aliou_at_gmail.com <dia.aliou_at_gmail.com
> >wrote:
>
> > Hi Malick,
> >
> > Summary LSAs generated from the routes redistributed from BGP have
> special
> > down-bit set in LSA headers. This is used to prevent routing loops. If
> the
> > other PE receive a route with the down-bit set on an interface that
> belong
> > to a vrf it drops this LSA.
> > If your CE is configured with multiple vrf in this situation you need to
> > disable the loop prevention capability using "capability vrf-lite" under
> > ospf process.
> >
> > HTH,
> >
> > Aliou
> >
> > On 7 March 2011 23:49, Malik Nouman Ahmad <djmalik_at_gmail.com> wrote:
> >
> > > Hi,
> > >
> > > I am trying to understand the concept of "capability vrf-lite" but
> > couldn't
> > > simply get it. I was reading on the internet and everywhere they are
> > > talking
> > > about DOWN bit and stuff
> > >
> > > Can anybody explain why is it needed? Suppose we have CE1-PE1-PE2-CE2
> > > connectivity with PE-CE protocol as OSPF with same process-ID and
> MP-iBGP
> > > in
> > > the core. Technically speaking if process-IDs are same then domain-IDs
> > are
> > > equal, therefore intra-area and inter-area routes should appear as
> > > inter-area routes on the remote CE, while external routes will show up
> as
> > > external on the other side.
> > >
> > > So again, where and why this feature is required?
> > >
> > > Thanks,
> > > Malik
> > >
> > >
> > > Blogs and organic groups at http://www.ccie.net
> > >
> > > _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> >
> >
> >
> >
> >
>
>
> --
> Andrew Lee Lissitz
> all.from.nj_at_gmail.com
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Wed Mar 09 2011 - 16:18:32 ART

This archive was generated by hypermail 2.2.0 : Fri Apr 01 2011 - 06:35:41 ART