Re: tiered-multi-area ospf within vrf (mpls pe-ce) from nitin shettigar on 2012-03-17 (Ccielab archives 03/2012)

From: nitin shettigar <nitinbizzy_at_gmail.com>
Date: Sat, 17 Mar 2012 12:50:24 +0530

try creating a sham-link between PE routers.....
and to make ospf work as required create a virtual-link between
non-backbone areas...

On Sat, Mar 17, 2012 at 10:06 AM, Aaron <aaron1_at_gvtc.com> wrote:

> I see there's something about pe doing some sort of checks during
> vrf-contained-ospf process learning lsa's...they go on to mention that in
> some cases the pe checks are desirable. So apparently there was a DN bit
> set on the type-3's my r5 was rcv'ing from another area within the customer
> ospf domain and the PE wasn't considering them during spf calc.
> interesting. What causes the DN bit to be set in the first places and why?
>
>
>
> Aaron
>
>
>
>
>
>
> http://www.cisco.com/en/US/docs/ios/iproute_ospf/command/reference/iro_osp1.
> html#wp1012376
>
>
>
>
> Usage Guidelines
>
>
> This command works only if the OSPF process is associated with the VRF.
>
> When the OSPF process is associated with the VRF, several checks are
> performed when link-state advertisements (LSAs) are received. PE checks are
> needed to prevent loops when the PE is performing a mutual redistribution
> between OSPF and Border Gateway Protocol (BGP) interfaces.
>
> Table
> <
> http://www.cisco.com/en/US/docs/ios/iproute_ospf/command/reference/iro_osp1
> .html#wp1012431> 1 describes the PE checks performed when Type-3, Type-5,
> and Type-7 LSAs are received.
>
>
> Table 1 PE Checks Performed
>
>
> Type-3 LSA received
>
> The DN bit is checked. If the DN bit is set, the Type-3 LSA is not
> considered during the shortest path first (SPF) calculation.
>
>
> Type-5 or -7 LSA received
>
> If the Tag in the LSA is equal to the VPN-tag, the Type-5 or-7 LSA is not
> considered during the SPF calculation.
>
>
>
> In some situations, performing PE checks might not be desirable. The
> concept
> of VRFs can be used on a router that is not a PE router (that is, a router
> that is not running BGP). With the capability vrf-lite command, the checks
> can be turned off to allow correct population of the VRF routing table with
> routes to IP prefixes.
>
>
> Examples
>
>
> This example shows a router configured with multi-VRF:
>
> router ospf 100 vrf grc
> capability vrf-lite
>
>
>
>
>
>
>
>
>
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
> Aaron
> Sent: Friday, March 16, 2012 11:27 PM
> To: 'Cisco certification'
> Subject: tiered-multi-area ospf within vrf (mpls pe-ce)
>
>
>
> Sw1 - ce
>
>
>
> R5 - pe
>
>
>
>
>
> I was wondering why I wasn't seeing routes installed in pe's vrf table
> learned from within the customer ospf domain via CE (sw1) for the "myvpn"
>
>
>
>
>
> Why did I have to use this router ospf command "capability vrf-lite"? I
> don't recall ever needing this before (maybe I've just never had a
> multi-area customer edge ospf domain in my lab testing before.
>
>
>
>
>
> Also, is this strange to have non-area-zero connected to the pe and
> customer
> bb area zero *deeper* into the customer edge ospf domain? Does this
> present
> any special challenges?
>
>
>
>
>
> Aaron
>
>
>
>
>
>
>
> ---------------------------------------------------------------
>
>
>
> r5#sh ip os da
>
>
>
>
>
> OSPF Router with ID (1.1.12.2) (Process ID 1)
>
>
>
>
>
> Router Link States (Area 19)
>
>
>
>
>
> Link ID ADV Router Age Seq# Checksum Link count
>
>
>
> 1.1.10.1 1.1.10.1 559 0x80000008 0x006589 1
>
>
>
> 1.1.10.11 1.1.10.11 691 0x80000009 0x009FE2 3
>
>
>
> 1.1.12.2 1.1.12.2 812 0x80000008 0x001DCD 1
>
>
>
>
>
> Net Link States (Area 19)
>
>
>
>
>
> Link ID ADV Router Age Seq# Checksum
>
>
>
> 1.1.12.2 1.1.12.2 812 0x80000006 0x0036B7
>
>
>
> 1.1.14.1 1.1.10.1 559 0x80000006 0x0022D0
>
>
>
>
>
> Summary Net Link States (Area 19)
>
>
>
>
>
> Link ID ADV Router Age Seq# Checksum
>
>
>
> 1.1.10.1 1.1.10.1 809 0x80000006 0x009A82
>
>
>
> 1.1.10.2 1.1.10.1 809 0x80000006 0x0007D4
>
>
>
> 1.1.10.3 1.1.10.1 809 0x80000006 0x00C139
>
>
>
> 1.1.10.22 1.1.10.1 809 0x80000006 0x005273
>
>
>
> 1.1.10.33 1.1.10.1 809 0x80000006 0x00D9E1
>
>
>
> 1.1.10.44 1.1.10.1 811 0x80000006 0x006B45
>
>
>
> 1.1.13.0 1.1.10.1 811 0x80000006 0x000ECA
>
>
>
> 1.1.15.0 1.1.10.1 811 0x80000006 0x00EDE9
>
>
>
> 1.1.16.0 1.1.10.1 811 0x80000006 0x00D8FE
>
>
>
> 1.1.17.0 1.1.10.1 811 0x80000006 0x00C314
>
>
>
> r5#
>
>
>
>
>
> *** on this PE router, only a couple learned lsa's were making it into the
> rib..seemed the only the intra area routes were showing up in rib
>
>
>
> r5#sh ip ro vrf myvpn
>
>
>
>
>
> Routing Table: myvpn
>
>
>
>
>
> Gateway of last resort is not set
>
>
>
>
>
> 1.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
>
>
>
> O 1.1.10.11/32 [110/2] via 1.1.12.1, 02:57:18,
> GigabitEthernet0/1.12
>
>
>
> C 1.1.12.0/24 is directly connected, GigabitEthernet0/1.12
>
>
>
> L 1.1.12.2/32 is directly connected, GigabitEthernet0/1.12
>
>
>
> O 1.1.14.0/24 [110/2] via 1.1.12.1, 02:57:18, GigabitEthernet0/1.12
>
>
>
>
>
> ---------------------------------------------------------------
>
>
>
>
>
> *** on this CE router, it was seeing all OSPF domain prefixes in its' rib.
>
>
>
>
>
> sw1#sh ip os da
>
>
>
>
>
> OSPF Router with ID (1.1.10.11) (Process ID 1)
>
>
>
>
>
> Router Link States (Area 19)
>
>
>
>
>
> Link ID ADV Router Age Seq# Checksum Link count
>
>
>
> 1.1.10.1 1.1.10.1 545 0x80000008 0x006589 1
>
>
>
> 1.1.10.11 1.1.10.11 677 0x80000009 0x009FE2 3
>
>
>
> 1.1.12.2 1.1.12.2 799 0x80000008 0x001DCD 1
>
>
>
>
>
> Net Link States (Area 19)
>
>
>
>
>
> Link ID ADV Router Age Seq# Checksum
>
>
>
> 1.1.12.2 1.1.12.2 799 0x80000006 0x0036B7
>
>
>
> 1.1.14.1 1.1.10.1 545 0x80000006 0x0022D0
>
>
>
>
>
> Summary Net Link States (Area 19)
>
>
>
>
>
> Link ID ADV Router Age Seq# Checksum
>
>
>
> 1.1.10.1 1.1.10.1 795 0x80000006 0x009A82
>
>
>
> 1.1.10.2 1.1.10.1 795 0x80000006 0x0007D4
>
>
>
> 1.1.10.3 1.1.10.1 795 0x80000006 0x00C139
>
>
>
> 1.1.10.22 1.1.10.1 795 0x80000006 0x005273
>
>
>
> 1.1.10.33 1.1.10.1 795 0x80000006 0x00D9E1
>
>
>
> 1.1.10.44 1.1.10.1 796 0x80000006 0x006B45
>
>
>
> 1.1.13.0 1.1.10.1 796 0x80000006 0x000ECA
>
>
>
> 1.1.15.0 1.1.10.1 796 0x80000006 0x00EDE9
>
>
>
> 1.1.16.0 1.1.10.1 796 0x80000006 0x00D8FE
>
>
>
> 1.1.17.0 1.1.10.1 796 0x80000006 0x00C314
>
>
>
> sw1#
>
>
>
>
>
>
>
> sw1#sh ip ro
>
>
>
>
>
> Gateway of last resort is not set
>
>
>
>
>
> 1.0.0.0/8 is variably subnetted, 13 subnets, 2 masks
>
>
>
> C 1.1.10.11/32 is directly connected, Loopback0
>
>
>
> O IA 1.1.10.2/32 [110/3126] via 1.1.14.1, 02:56:44, Vlan14
>
>
>
> O IA 1.1.10.3/32 [110/1564] via 1.1.14.1, 02:56:44, Vlan14
>
>
>
> O IA 1.1.10.1/32 [110/2] via 1.1.14.1, 02:56:44, Vlan14
>
>
>
> C 1.1.12.0/24 is directly connected, Vlan12
>
>
>
> O IA 1.1.13.0/24 [110/3128] via 1.1.14.1, 02:56:44, Vlan14
>
>
>
> C 1.1.14.0/24 is directly connected, Vlan14
>
>
>
> O IA 1.1.15.0/24 [110/3127] via 1.1.14.1, 02:56:44, Vlan14
>
>
>
> O IA 1.1.16.0/24 [110/3126] via 1.1.14.1, 02:56:44, Vlan14
>
>
>
> O IA 1.1.17.0/24 [110/3125] via 1.1.14.1, 02:56:44, Vlan14
>
>
>
> O IA 1.1.10.22/32 [110/3128] via 1.1.14.1, 02:56:44, Vlan14
>
>
>
> O IA 1.1.10.44/32 [110/3127] via 1.1.14.1, 02:56:44, Vlan14
>
>
>
> O IA 1.1.10.33/32 [110/3127] via 1.1.14.1, 02:56:44, Vlan14
>
>
>
> sw1#
>
>
>
>
>
> ---------------------------------------------------------------------
>
>
>
>
>
> I had heard of a command that I wanted to try out.it worked!
>
>
>
>
>
> Why did I need to do this to allow routes into the rib from the ospf
> topology db ?
>
>
>
>
>
> r5#conf t
>
>
>
> Enter configuration commands, one per line. End with CNTL/Z.
>
>
>
> r5(config)#router ospf 1
>
>
>
>
>
> r5(config-router)#capability ?
>
>
>
> lls Link-local Signaling (LLS) support
>
>
>
> opaque Opaque LSA
>
>
>
> transit Transit Area
>
>
>
> vrf-lite Do not perform PE specific checks
>
>
>
>
>
> r5(config-router)#capability vrf-lite
>
>
>
> r5(config-router)#^Z
>
>
>
> r5#
>
>
>
> *Mar 17 03:44:09.963: %OSPF-5-ADJCHG: Process 1, Nbr 1.1.10.11 on
>
> GigabitEthernet0/1.12 from FULL to DOWN, Neighbor Down: Interface down or
> detached
>
>
>
> *Mar 17 03:44:09.963: RT(myvpn): delete route to 1.1.10.11/32
>
>
>
> *Mar 17 03:44:09.963: RT(myvpn): delete route to 1.1.14.0/24
>
>
>
> *Mar 17 03:44:09.971: %OSPF-5-ADJCHG: Process 1, Nbr 1.1.10.11 on
>
> GigabitEthernet0/1.12 from LOADING to FULL, Loading Done
>
>
>
> *Mar 17 03:44:10.595: %SYS-5-CONFIG_I: Configured from console by console
>
>
>
> r5#
>
>
>
> r5#
>
>
>
> *Mar 17 03:44:14.971: RT(myvpn): updating ospf 1.1.10.11/32 (0x1) via
>
> 1.1.12.1 Gi0/1.12
>
>
>
> *Mar 17 03:44:14.971: RT(myvpn): add 1.1.10.11/32 via 1.1.12.1, ospf
> metric
> [110/2]
>
>
>
> *Mar 17 03:44:14.971: RT(myvpn): updating ospf 1.1.14.0/24 (0x1) via
>
> 1.1.12.1 Gi0/1.12
>
>
>
> *Mar 17 03:44:14.971: RT(myvpn): add 1.1.14.0/24 via 1.1.12.1, ospf metric
> [110/2]
>
>
>
> *Mar 17 03:44:14.971: RT(myvpn): updating ospf 1.1.10.44/32 (0x1) via
>
> 1.1.12.1 Gi0/1.12
>
>
>
> *Mar 17 03:44:14.971: RT(myvpn): add 1.1.10.44/32 via 1.1.12.1, ospf
> metric
> [110/3128]
>
>
>
> *Mar 17 03:44:14.971: RT(myvpn): updating ospf 1.1.10.33/32 (0x1) via
>
> 1.1.12.1 Gi0/1.12
>
>
>
> *Mar 17 03:44:14.971: RT(myvpn): add 1.1.10.33/32 via 1.1.12.1, ospf
> metric
> [110/3128]
>
>
>
> *Mar 17 03:44:14.971: RT(myvpn): updating ospf 1.1.10.22/32 (0x1) via
>
> 1.1.12.1 Gi0/1.12
>
>
>
> *Mar 17 03:44:14.971: RT(myvpn): add 1.1.10.22/32 via 1.1.12.1, ospf
> metric
> [110/3129]
>
>
>
> *Mar 17 03:44:14.971: RT(myvpn): updating ospf 1.1.10.3/32 (0x1) via
>
> 1.1.12.1 Gi0/1.12
>
>
>
> *Mar 17 03:44:14.971: RT(myvpn): add 1.1.10.sh ip ro vrf myvpn os3/32 via
> 1.1.12.1, ospf metric [110/1565]
>
>
>
> *Mar 17 03:44:14.971: RT(myvpn): updating ospf 1.1.10.2/32 (0x1) via
>
> 1.1.12.1 Gi0/1.12
>
>
>
> *Mar 17 03:44:14.971: RT(myvpn): add 1.1.10.2/32 via 1.1.12.1, ospf metric
> [110/3127]
>
>
>
> *Mar 17 03:44:14.971: RT(myvpn): updating ospf 1.1.10.1/32 (0x1) via
>
> 1.1.12.1 Gi0/1.12
>
>
>
> *Mar 17 03:44:14.971: RT(myvpn): add 1.1.10.1/32 via 1.1.12.1, ospf metric
> [110/3]
>
>
>
> *Mar 17 03:44:14.971: RT(myvpn): updating ospf 1.1.17.0/24 (0x1) via
>
> 1.1.12.1 Gi0/1.12
>
>
>
> *Mar 17 03:44:14.971: RT(myvpn): add 1.1.17.0/24 via 1.1.12.1, ospf metric
> [110/3126]
>
>
>
> *Mar 17 03:44:14.971: RT(myvpn): updating ospf 1.1.16.0/24 (0x1) via
>
> 1.1.12.1 Gi0/1.12
>
>
>
> *Mar 17 03:44:14.971: RT(myvpn): add 1.1.16.0/24 via 1.1.12.1, ospf metric
> [110/3127]
>
>
>
> *Mar 17 03:44:14.971: RT(myvpn): updating ospf 1.1.15.0/24 (0x1) via
>
> 1.1.12.1 Gi0/1.12
>
>
>
> *Mar 17 03:44:14.971: RT(myvpn): add 1.1.15.0/24 via 1.1.12.1, ospf metric
> [110/3128]
>
>
>
> *Mar 17 03:44:14.971: RT(myvpn): updating ospf 1.1.13.0/24 (0x1) via
>
> 1.1.12.1 Gi0/1.12
>
>
>
> *Mar 17 03:44:14.971: RT(myvpn): add 1.1.13.0/24 via 1.1.12.1, os
>
>
>
>
>
> r5#sh ip ro vrf myvpn
>
>
>
>
>
> Routing Table: myvpn
>
>
>
>
>
> Gateway of last resort is not set
>
>
>
>
>
> 1.0.0.0/8 is variably subnetted, 14 subnets, 2 masks
>
>
>
> O IA 1.1.10.1/32 [110/3] via 1.1.12.1, 00:00:16, GigabitEthernet0/1.12
>
>
>
> O IA 1.1.10.2/32 [110/3127] via 1.1.12.1, 00:00:16,
>
> GigabitEthernet0/1.12
>
>
>
> O IA 1.1.10.3/32 [110/1565] via 1.1.12.1, 00:00:16,
>
> GigabitEthernet0/1.12
>
>
>
> O 1.1.10.11/32 [110/2] via 1.1.12.1, 00:00:16,
> GigabitEthernet0/1.12
>
>
>
> O IA 1.1.10.22/32 [110/3129] via 1.1.12.1, 00:00:16,
>
> GigabitEthernet0/1.12
>
>
>
> O IA 1.1.10.33/32 [110/3128] via 1.1.12.1, 00:00:17,
>
> GigabitEthernet0/1.12
>
>
>
> O IA 1.1.10.44/32 [110/3128] via 1.1.12.1, 00:00:17,
>
> GigabitEthernet0/1.12
>
>
>
> C 1.1.12.0/24 is directly connected, GigabitEthernet0/1.12
>
>
>
> L 1.1.12.2/32 is directly connected, GigabitEthernet0/1.12
>
>
>
> O IA 1.1.13.0/24 [110/3129] via 1.1.12.1, 00:00:17,
>
> GigabitEthernet0/1.12
>
>
>
> O 1.1.14.0/24 [110/2] via 1.1.12.1, 00:00:19, GigabitEthernet0/1.12
>
>
>
> O IA 1.1.15.0/24 [110/3128] via 1.1.12.1, 00:00:19,
>
> GigabitEthernet0/1.12
>
>
>
> O IA 1.1.16.0/24 [110/3127] via 1.1.12.1, 00:00:19,
>
> GigabitEthernet0/1.12
>
>
>
> O IA 1.1.17.0/24 [110/3126] via 1.1.12.1, 00:00:19,
>
> GigabitEthernet0/1.12
>
>
>
> r5#
>
>
>
> r5#sh run | sec router ospf
>
>
>
> router ospf 1 vrf myvpn
>
>
>
> log-adjacency-changes
>
>
>
> capability vrf-lite
>
>
>
> network 1.1.12.2 0.0.0.0 Area 19
>
>
>
> r5#
>
>
>
> r5#conf t
>
>
>
> Enter configuration commands, one per line. End with CNTL/Z.
>
>
>
> r5(config)#
>
>
>
>
>
>
>
> Aaron
>
>
>
>
>
> Blogs and organic groups at <http://www.ccie.net> http://www.ccie.net
>
>
>
> _______________________________________________________________________
>
> Subscription information may be found at:
>
> <http://www.groupstudy.com/list/CCIELab.html>
> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Sat Mar 17 2012 - 12:50:24 ART

This archive was generated by hypermail 2.2.0 : Sun Apr 01 2012 - 07:56:52 ART