Re: MPLS Inter-AS Option A using OSPF (capability vrf-lite)

If you look at the information that is encoded into BGP to do this (see below:
OSPF DOMAIN ID, OSPF RT, and OSPF ROUTER ID) and then look at what you have
to work with (32-bit field) using OSPF type 5 LSAs you can see why OSPF
doesn't support it.

Rack1R4#sho bgp vpnv4 un vrf Z 50.1.52.0
BGP routing table entry for 44:44:50.1.52.0/24, version 78
Paths: (1 available, best #1, table Z)
  Advertised to update-groups:
        2
  Local, imported path from 3:1:50.1.52.0/24
    10.3.3.3 (metric 2) from 10.6.6.6 (10.6.6.6)
      Origin incomplete, metric 4, localpref 100, valid, internal, best
      Extended Community: OSPF DOMAIN ID:0x0005:0x000000640200 RT:10.2.2.2:1
        OSPF RT:0.0.0.0:2:0 OSPF ROUTER ID:3.3.3.3:0
      Originator: 10.3.3.3, Cluster list: 10.6.6.6
      mpls labels in/out nolabel/34
Rack1R4#

--
Brian Dennis, CCIEx5 #2210 (R&S/ISP-Dial/Security/SP/Voice)
bdennis_at_ine.com<mailto:bdennis_at_ine.com>
INE, Inc.
http://www.INE.com<http://www.ine.com/>
From: Tom Kacprzynski <tom.kac_at_gmail.com<mailto:tom.kac_at_gmail.com>>
Date: Friday, March 8, 2013 4:56 PM
To: Brian Dennis <bdennis_at_ine.com<mailto:bdennis_at_ine.com>>, Brian McGahan
<bmcgahan_at_ine.com<mailto:bmcgahan_at_ine.com>>
Cc: Cisco certification
<ccielab_at_groupstudy.com<mailto:ccielab_at_groupstudy.com>>
Subject: Re: MPLS Inter-AS Option A using OSPF (capability vrf-lite)
Thanks Brian D. and Brian M. for your explanations. That makes sense. I did
forget about the the fact that it "disconnects" you from the superbackbone. I
remember a while back doing labs with multiple areas in MPLS env, need to
revisit that.
So going back to my original question, the only way to do provide LSA 3 over
Inter-AS Option A is to use eBGP and include ext community between the ASBRs,
no tricks to get it working with OSPF.
Thanks again,
Tom Kacprzynski
On Fri, Mar 8, 2013 at 3:10 PM, Brian Dennis
<bdennis_at_ine.com<mailto:bdennis_at_ine.com>> wrote:
If you use "capability vrf-lite" then you're saying the router is not
connected to the "MPLS Super Backbone" so I don't see why it would
continue to behave as if it was.
> Capability vrf-lite is usually used on CEs that have OSPF running on
>vrfs. When enabled, it disables checks like for Downward bit and domain
>tag.
You can think of the disabling of the checks as a byproduct of the router
disconnecting itself from the "MPLS Super Backbone".  It also stops the
router from being an ABR for the VRF's OSPF process.  When it's enabled it
needs to be an ABR to generate the type 3 LSAs even if it's only in a
single non-area 0 area.  Many people stumble across this issue when the PE
to CE link isn't in area 0 but area 0 is "behind" the CE.
--
Brian Dennis, CCIEx5 #2210 (R&S/ISP-Dial/Security/SP/Voice)
bdennis_at_ine.com<mailto:bdennis_at_ine.com>
INE, Inc.
http://www.INE.com
On 3/8/13 10:32 AM, "Tom Kacprzynski"
<tom.kac_at_gmail.com<mailto:tom.kac_at_gmail.com>> wrote:
>I was playing around with MPLS Inter-As option A (back to back vrf) and
>wanted to lab all routing protocols that are used between the ASBRs on
>their respective subinterfaces.  I used eBGP, EIGRP and OSPF. I had some
>problems with OSPF where I could not get the LSA 3 to be reassembled at
>the
>other end of the VPN.  This leads me to a very specific question: When
>using OSPF in Inter-AS Option A, is it possible to reassemble the internal
>OSPF (LSA 3) route on the other end of the VPN? I've tried it with EIGRP
>and that worked but with OSPF I only see External LSA 5 routes.
>
>
>
>Here is a sample topology:
>
>
>
>CE--(OSPF)---PE----*(AS1)*----*ASBR1---*(OSPF)*--ASBR2*---*(AS2)*
>---PE---(OSPF)--CE
>
>
>
>I know that usually you would use eBGP as the routing protocol between the
>ASBRs but I wanted to try using OSPF. The problem I'm encountering has to
>do with "capability vrf-lite" on the PEs. When I enter that command on one
>ASBR it doesn't reassemble  OSPF routes as LSA 3 but as LSA 5. I've
>checked
>the domain ID and they are matching.
>
>
>
>Based on my observation it looks like when you apply the "capability
>vrf-lite" command on a PE(in this case the ASBR), it will always
>redistribute OSPF routes as external LSA 5, no matter what domain-id you
>are using.
>
>
>
>Capability vrf-lite is usually used on CEs that have OSPF running on vrfs.
>When enabled, it disables checks like for Downward bit and domain tag.
>Looks like another feature of this is to always redistribute M-BGP routes
>as External LSA 5, even if domain ID matches and extended communities are
>propagated.
>
>
>Has anyone seen something like that?
>
>
>Thanks
>
>
>Tom Kacprzynski
>
>
>Blogs and organic groups at http://www.ccie.net
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net