RE: tiered-multi-area ospf within vrf (mpls pe-ce)

From: Aaron <aaron1_at_gvtc.com>
Date: Fri, 16 Mar 2012 23:36:09 -0500

I see there's something about pe doing some sort of checks during
vrf-contained-ospf process learning lsa's...they go on to mention that in
some cases the pe checks are desirable. So apparently there was a DN bit
set on the type-3's my r5 was rcv'ing from another area within the customer
ospf domain and the PE wasn't considering them during spf calc.
interesting. What causes the DN bit to be set in the first places and why?

 

Aaron

 

 

http://www.cisco.com/en/US/docs/ios/iproute_ospf/command/reference/iro_osp1.
html#wp1012376

 

Usage Guidelines

This command works only if the OSPF process is associated with the VRF.

When the OSPF process is associated with the VRF, several checks are
performed when link-state advertisements (LSAs) are received. PE checks are
needed to prevent loops when the PE is performing a mutual redistribution
between OSPF and Border Gateway Protocol (BGP) interfaces.

Table
<http://www.cisco.com/en/US/docs/ios/iproute_ospf/command/reference/iro_osp1
.html#wp1012431> 1 describes the PE checks performed when Type-3, Type-5,
and Type-7 LSAs are received.

Table 1 PE Checks Performed

Type-3 LSA received

The DN bit is checked. If the DN bit is set, the Type-3 LSA is not
considered during the shortest path first (SPF) calculation.

Type-5 or -7 LSA received

If the Tag in the LSA is equal to the VPN-tag, the Type-5 or-7 LSA is not
considered during the SPF calculation.

 

In some situations, performing PE checks might not be desirable. The concept
of VRFs can be used on a router that is not a PE router (that is, a router
that is not running BGP). With the capability vrf-lite command, the checks
can be turned off to allow correct population of the VRF routing table with
routes to IP prefixes.

Examples

This example shows a router configured with multi-VRF:

router ospf 100 vrf grc
 capability vrf-lite

 

 

 

 

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
Aaron
Sent: Friday, March 16, 2012 11:27 PM
To: 'Cisco certification'
Subject: tiered-multi-area ospf within vrf (mpls pe-ce)

 

Sw1 - ce

 

R5 - pe

 

 

I was wondering why I wasn't seeing routes installed in pe's vrf table
learned from within the customer ospf domain via CE (sw1) for the "myvpn"

 

 

Why did I have to use this router ospf command "capability vrf-lite"? I
don't recall ever needing this before (maybe I've just never had a
multi-area customer edge ospf domain in my lab testing before.

 

 

Also, is this strange to have non-area-zero connected to the pe and customer
bb area zero *deeper* into the customer edge ospf domain? Does this present
any special challenges?

 

 

Aaron

 

 

 

---------------------------------------------------------------

 

r5#sh ip os da

 

 

            OSPF Router with ID (1.1.12.2) (Process ID 1)

 

 

                Router Link States (Area 19)

 

 

Link ID ADV Router Age Seq# Checksum Link count

 

1.1.10.1 1.1.10.1 559 0x80000008 0x006589 1

 

1.1.10.11 1.1.10.11 691 0x80000009 0x009FE2 3

 

1.1.12.2 1.1.12.2 812 0x80000008 0x001DCD 1

 

 

                Net Link States (Area 19)

 

 

Link ID ADV Router Age Seq# Checksum

 

1.1.12.2 1.1.12.2 812 0x80000006 0x0036B7

 

1.1.14.1 1.1.10.1 559 0x80000006 0x0022D0

 

 

                Summary Net Link States (Area 19)

 

 

Link ID ADV Router Age Seq# Checksum

 

1.1.10.1 1.1.10.1 809 0x80000006 0x009A82

 

1.1.10.2 1.1.10.1 809 0x80000006 0x0007D4

 

1.1.10.3 1.1.10.1 809 0x80000006 0x00C139

 

1.1.10.22 1.1.10.1 809 0x80000006 0x005273

 

1.1.10.33 1.1.10.1 809 0x80000006 0x00D9E1

 

1.1.10.44 1.1.10.1 811 0x80000006 0x006B45

 

1.1.13.0 1.1.10.1 811 0x80000006 0x000ECA

 

1.1.15.0 1.1.10.1 811 0x80000006 0x00EDE9

 

1.1.16.0 1.1.10.1 811 0x80000006 0x00D8FE

 

1.1.17.0 1.1.10.1 811 0x80000006 0x00C314

 

r5#

 

 

*** on this PE router, only a couple learned lsa's were making it into the
rib..seemed the only the intra area routes were showing up in rib

 

r5#sh ip ro vrf myvpn

 

 

Routing Table: myvpn

 

 

Gateway of last resort is not set

 

 

      1.0.0.0/8 is variably subnetted, 4 subnets, 2 masks

 

O 1.1.10.11/32 [110/2] via 1.1.12.1, 02:57:18, GigabitEthernet0/1.12

 

C 1.1.12.0/24 is directly connected, GigabitEthernet0/1.12

 

L 1.1.12.2/32 is directly connected, GigabitEthernet0/1.12

 

O 1.1.14.0/24 [110/2] via 1.1.12.1, 02:57:18, GigabitEthernet0/1.12

 

 

---------------------------------------------------------------

 

 

*** on this CE router, it was seeing all OSPF domain prefixes in its' rib.

 

 

sw1#sh ip os da

 

 

            OSPF Router with ID (1.1.10.11) (Process ID 1)

 

 

                Router Link States (Area 19)

 

 

Link ID ADV Router Age Seq# Checksum Link count

 

1.1.10.1 1.1.10.1 545 0x80000008 0x006589 1

 

1.1.10.11 1.1.10.11 677 0x80000009 0x009FE2 3

 

1.1.12.2 1.1.12.2 799 0x80000008 0x001DCD 1

 

 

                Net Link States (Area 19)

 

 

Link ID ADV Router Age Seq# Checksum

 

1.1.12.2 1.1.12.2 799 0x80000006 0x0036B7

 

1.1.14.1 1.1.10.1 545 0x80000006 0x0022D0

 

 

                Summary Net Link States (Area 19)

 

 

Link ID ADV Router Age Seq# Checksum

 

1.1.10.1 1.1.10.1 795 0x80000006 0x009A82

 

1.1.10.2 1.1.10.1 795 0x80000006 0x0007D4

 

1.1.10.3 1.1.10.1 795 0x80000006 0x00C139

 

1.1.10.22 1.1.10.1 795 0x80000006 0x005273

 

1.1.10.33 1.1.10.1 795 0x80000006 0x00D9E1

 

1.1.10.44 1.1.10.1 796 0x80000006 0x006B45

 

1.1.13.0 1.1.10.1 796 0x80000006 0x000ECA

 

1.1.15.0 1.1.10.1 796 0x80000006 0x00EDE9

 

1.1.16.0 1.1.10.1 796 0x80000006 0x00D8FE

 

1.1.17.0 1.1.10.1 796 0x80000006 0x00C314

 

sw1#

 

 

 

sw1#sh ip ro

 

 

Gateway of last resort is not set

 

 

     1.0.0.0/8 is variably subnetted, 13 subnets, 2 masks

 

C 1.1.10.11/32 is directly connected, Loopback0

 

O IA 1.1.10.2/32 [110/3126] via 1.1.14.1, 02:56:44, Vlan14

 

O IA 1.1.10.3/32 [110/1564] via 1.1.14.1, 02:56:44, Vlan14

 

O IA 1.1.10.1/32 [110/2] via 1.1.14.1, 02:56:44, Vlan14

 

C 1.1.12.0/24 is directly connected, Vlan12

 

O IA 1.1.13.0/24 [110/3128] via 1.1.14.1, 02:56:44, Vlan14

 

C 1.1.14.0/24 is directly connected, Vlan14

 

O IA 1.1.15.0/24 [110/3127] via 1.1.14.1, 02:56:44, Vlan14

 

O IA 1.1.16.0/24 [110/3126] via 1.1.14.1, 02:56:44, Vlan14

 

O IA 1.1.17.0/24 [110/3125] via 1.1.14.1, 02:56:44, Vlan14

 

O IA 1.1.10.22/32 [110/3128] via 1.1.14.1, 02:56:44, Vlan14

 

O IA 1.1.10.44/32 [110/3127] via 1.1.14.1, 02:56:44, Vlan14

 

O IA 1.1.10.33/32 [110/3127] via 1.1.14.1, 02:56:44, Vlan14

 

sw1#

 

 

---------------------------------------------------------------------

 

 

I had heard of a command that I wanted to try out.it worked!

 

 

Why did I need to do this to allow routes into the rib from the ospf
topology db ?

 

 

r5#conf t

 

Enter configuration commands, one per line. End with CNTL/Z.

 

r5(config)#router ospf 1

 

 

r5(config-router)#capability ?

 

  lls Link-local Signaling (LLS) support

 

  opaque Opaque LSA

 

  transit Transit Area

 

  vrf-lite Do not perform PE specific checks

 

 

r5(config-router)#capability vrf-lite

 

r5(config-router)#^Z

 

r5#

 

*Mar 17 03:44:09.963: %OSPF-5-ADJCHG: Process 1, Nbr 1.1.10.11 on

GigabitEthernet0/1.12 from FULL to DOWN, Neighbor Down: Interface down or
detached

 

*Mar 17 03:44:09.963: RT(myvpn): delete route to 1.1.10.11/32

 

*Mar 17 03:44:09.963: RT(myvpn): delete route to 1.1.14.0/24

 

*Mar 17 03:44:09.971: %OSPF-5-ADJCHG: Process 1, Nbr 1.1.10.11 on

GigabitEthernet0/1.12 from LOADING to FULL, Loading Done

 

*Mar 17 03:44:10.595: %SYS-5-CONFIG_I: Configured from console by console

 

r5#

 

r5#

 

*Mar 17 03:44:14.971: RT(myvpn): updating ospf 1.1.10.11/32 (0x1) via

1.1.12.1 Gi0/1.12

 

*Mar 17 03:44:14.971: RT(myvpn): add 1.1.10.11/32 via 1.1.12.1, ospf metric
[110/2]

 

*Mar 17 03:44:14.971: RT(myvpn): updating ospf 1.1.14.0/24 (0x1) via

1.1.12.1 Gi0/1.12

 

*Mar 17 03:44:14.971: RT(myvpn): add 1.1.14.0/24 via 1.1.12.1, ospf metric
[110/2]

 

*Mar 17 03:44:14.971: RT(myvpn): updating ospf 1.1.10.44/32 (0x1) via

1.1.12.1 Gi0/1.12

 

*Mar 17 03:44:14.971: RT(myvpn): add 1.1.10.44/32 via 1.1.12.1, ospf metric
[110/3128]

 

*Mar 17 03:44:14.971: RT(myvpn): updating ospf 1.1.10.33/32 (0x1) via

1.1.12.1 Gi0/1.12

 

*Mar 17 03:44:14.971: RT(myvpn): add 1.1.10.33/32 via 1.1.12.1, ospf metric
[110/3128]

 

*Mar 17 03:44:14.971: RT(myvpn): updating ospf 1.1.10.22/32 (0x1) via

1.1.12.1 Gi0/1.12

 

*Mar 17 03:44:14.971: RT(myvpn): add 1.1.10.22/32 via 1.1.12.1, ospf metric
[110/3129]

 

*Mar 17 03:44:14.971: RT(myvpn): updating ospf 1.1.10.3/32 (0x1) via

1.1.12.1 Gi0/1.12

 

*Mar 17 03:44:14.971: RT(myvpn): add 1.1.10.sh ip ro vrf myvpn os3/32 via
1.1.12.1, ospf metric [110/1565]

 

*Mar 17 03:44:14.971: RT(myvpn): updating ospf 1.1.10.2/32 (0x1) via

1.1.12.1 Gi0/1.12

 

*Mar 17 03:44:14.971: RT(myvpn): add 1.1.10.2/32 via 1.1.12.1, ospf metric
[110/3127]

 

*Mar 17 03:44:14.971: RT(myvpn): updating ospf 1.1.10.1/32 (0x1) via

1.1.12.1 Gi0/1.12

 

*Mar 17 03:44:14.971: RT(myvpn): add 1.1.10.1/32 via 1.1.12.1, ospf metric
[110/3]

 

*Mar 17 03:44:14.971: RT(myvpn): updating ospf 1.1.17.0/24 (0x1) via

1.1.12.1 Gi0/1.12

 

*Mar 17 03:44:14.971: RT(myvpn): add 1.1.17.0/24 via 1.1.12.1, ospf metric
[110/3126]

 

*Mar 17 03:44:14.971: RT(myvpn): updating ospf 1.1.16.0/24 (0x1) via

1.1.12.1 Gi0/1.12

 

*Mar 17 03:44:14.971: RT(myvpn): add 1.1.16.0/24 via 1.1.12.1, ospf metric
[110/3127]

 

*Mar 17 03:44:14.971: RT(myvpn): updating ospf 1.1.15.0/24 (0x1) via

1.1.12.1 Gi0/1.12

 

*Mar 17 03:44:14.971: RT(myvpn): add 1.1.15.0/24 via 1.1.12.1, ospf metric
[110/3128]

 

*Mar 17 03:44:14.971: RT(myvpn): updating ospf 1.1.13.0/24 (0x1) via

1.1.12.1 Gi0/1.12

 

*Mar 17 03:44:14.971: RT(myvpn): add 1.1.13.0/24 via 1.1.12.1, os

 

 

r5#sh ip ro vrf myvpn

 

 

Routing Table: myvpn

 

 

Gateway of last resort is not set

 

 

      1.0.0.0/8 is variably subnetted, 14 subnets, 2 masks

 

O IA 1.1.10.1/32 [110/3] via 1.1.12.1, 00:00:16, GigabitEthernet0/1.12

 

O IA 1.1.10.2/32 [110/3127] via 1.1.12.1, 00:00:16,

GigabitEthernet0/1.12

 

O IA 1.1.10.3/32 [110/1565] via 1.1.12.1, 00:00:16,

GigabitEthernet0/1.12

 

O 1.1.10.11/32 [110/2] via 1.1.12.1, 00:00:16, GigabitEthernet0/1.12

 

O IA 1.1.10.22/32 [110/3129] via 1.1.12.1, 00:00:16,

GigabitEthernet0/1.12

 

O IA 1.1.10.33/32 [110/3128] via 1.1.12.1, 00:00:17,

GigabitEthernet0/1.12

 

O IA 1.1.10.44/32 [110/3128] via 1.1.12.1, 00:00:17,

GigabitEthernet0/1.12

 

C 1.1.12.0/24 is directly connected, GigabitEthernet0/1.12

 

L 1.1.12.2/32 is directly connected, GigabitEthernet0/1.12

 

O IA 1.1.13.0/24 [110/3129] via 1.1.12.1, 00:00:17,

GigabitEthernet0/1.12

 

O 1.1.14.0/24 [110/2] via 1.1.12.1, 00:00:19, GigabitEthernet0/1.12

 

O IA 1.1.15.0/24 [110/3128] via 1.1.12.1, 00:00:19,

GigabitEthernet0/1.12

 

O IA 1.1.16.0/24 [110/3127] via 1.1.12.1, 00:00:19,

GigabitEthernet0/1.12

 

O IA 1.1.17.0/24 [110/3126] via 1.1.12.1, 00:00:19,

GigabitEthernet0/1.12

 

r5#

 

r5#sh run | sec router ospf

 

router ospf 1 vrf myvpn

 

log-adjacency-changes

 

capability vrf-lite

 

network 1.1.12.2 0.0.0.0 Area 19

 

r5#

 

r5#conf t

 

Enter configuration commands, one per line. End with CNTL/Z.

 

r5(config)#

 

 

 

Aaron

 

 

Blogs and organic groups at <http://www.ccie.net> http://www.ccie.net

 
Received on Fri Mar 16 2012 - 23:36:09 ART

This archive was generated by hypermail 2.2.0 : Sun Apr 01 2012 - 07:56:52 ART