1. Home
  2. Networking
  3. MPLS and VPN Architectures

PE-to-CE Connectivity?OSPF with Site Area 0 Support

As previously stated, a couple of topologies may be used to connect VPN sites to the MPLS/VPN backbone. The first of these provides the capability for the VPN customer to run an OSPF area 0 within more than one site and to use the MPLS/VPN backbone as a Level 3 hierarchy, above area 0, to provide the connectivity between sites. With this option, the PE-to-CE link is placed into area 0, which means that the CE-router becomes an area border router (ABR) in area 0 for all other areas at the customer site. It is possible for area 0 to extend past the CE-router. In this case, the CE-router will become a backbone router, and the ABR functionality will be moved to another router somewhere else within the site. This ABR will inject summaries from other areas within the site, and these will be propagated by the CE-router to the PE for onward advertisement across the MPLS/VPN backbone.

The PE-router becomes an ASBR for the OSPF-MPLS/VPN backbone, although from the CE-router's perspective, it acts as an ABR when propagating inter-area routes between sites. This means that another site looks exactly like a non-backbone area being linked to the per-site area 0 by the PE-router acting as the ABR.

With this type of connectivity, the PE- and CE-routers form an OSPF adjacency and exchange link state advertisements (LSA) across the adjacency. The CE-router propagates summary LSAs for routes coming from the site areas toward the PE-router, and the PE-router generates summary LSAs or external LSAs for any routes coming from the OSPF-MPLS/VPN backbone. An illustration of this mechanism can be seen in Figure 10-5.

Figure 10-5. OSPF PE-to-CE with Site Area 0 Support

graphics/10fig05.gif

Figure 10-5 shows that the EuroBank San Francisco ABR generates a type 3 summary LSA for network 10.2.1.9 across the PE-to-CE link to the SuperCom San Jose PE-router.

This summary LSA can be seen in Example 10-9.

Example 10-9 Summary LSA Across PE-to-CE Link

San Jose# show ip ospf database summary 10.2.1.9



       OSPF Router with ID (10.2.1.5) (Process ID 200)





                Summary Net Link States (Area 0)



  Routing Bit Set on this LSA

  LS age: 214

  Options: (No TOS-capability, DC, Upward)

  LS Type: Summary Links(Network)

  Link State ID: 10.2.1.9 (summary Network Number)

  Advertising Router: 10.3.1.7

  LS Seq Number: 80000025

  Checksum: 0xA745

  Length: 28

  Network Mask: /32

        TOS: 0  Metric: 1

Example 10-10 shows that this route is placed into the EuroBank VRF and also into MP-iBGP through redistribution. The output highlights the use of the BGP 0x8000 extended community attribute for OSPF routes and shows that the 10.2.1.9/32 prefix is an inter-area route with route type 3.

Example 10-10 Population of VRF with OSPF Routes

San Jose# show ip route vrf EuroBank 10.2.1.9



Routing entry for 10.2.1.9/32

  Known via "ospf 200", distance 110, metric 2, type inter area

  Redistributing via ospf 200

  Last update from 10.2.1.6 on FastEthernet0/0, 00:02:47 ago

  Routing Descriptor Blocks:

  * 10.2.1.6, from 10.3.1.7, 00:02:47 ago, via FastEthernet0/0

      Route metric is 2, traffic share count is 1



San Jose# show ip bgp vpnv4 vrf EuroBank 10.2.1.9

BGP routing table entry for 1:27:10.2.1.9/32, version 64

Paths: (1 available, best #1, table EuroBank)

  Advertised to non peer-group peers:

  194.22.15.1

  Local

    10.2.1.6 from 0.0.0.0 (195.22.15.2)

      Origin incomplete, metric 2, localpref 100, weight 32768, valid,

      sourced, best

      Extended Community: RT:100:27 OSPF RT:0:3:0

Because inter-site routes may be advertised into a site from various locations, it is necessary to provide a mechanism that allows a PE-router to understand whether the route has actually originated from within the attached site, or whether it was injected by another PE-router. This mechanism is provided through use of the down-bit, which is an extension to the OSPF protocol and is part of the Options field of the generic LSA header. Any summary LSAs that are generated by the PE-routers will have the down-bit set within the LSA. As shown in Figure 10-6, this is necessary to prevent routing loops. The PE will propagate summary LSAs received from the CE into the OSPF-MPLS/VPN backbone only if the down-bit is not set.

Note

The down-bit is necessary only if customer CE-routers have connectivity to each other within area 0 and also have attachment to other non-backbone areas. This is because of the rule in OSPF that states: If an ABR receives a summary LSA from a non-backbone area, it should ignore the summary if it has connectivity to area 0. If the PE-to-CE link is within area 0, then this will be the case. In other situations, the down-bit may not be necessary, but the IOS implementation will set the down-bit for ALL summary LSAs that the PE-router generates, regardless of the topology of the site.


Figure 10-6. Summary LSA Down-bit for Prevention of Loops

graphics/10fig06.gif

Figure 10-6 shows that the London and Paris PE-routers receive an MP-iBGP update for prefix 10.2.1.9/32 from the San Jose PE-router. In our example, the Paris PE-router generates a type 3 summary LSA into the EuroBank Paris site. This summary LSA is propagated across the site and eventually is received by the London PE-router. If this router for some reason does not have the route within the EuroBank VRF, and if the down-bit were not set, it would accept the route into the VRF and then advertise it to the San Jose and Paris PE-routers as an MP-iBGP update.

The San Jose PE-router would ignore the route because its OSPF route would be preferred. However, the Paris PE-router would now have two MP-iBGP updates for the same prefix, one from the San Jose PE-router and another from the London PE-router. Depending on which one it chose as the best route, a loop potentially would be formed where the Paris PE-router would direct the traffic to the London PE-router, which, in turn, would direct the traffic to the Paris PE-router.

If we take a look at the SuperCom Paris PE-router's summary LSA for the 10.2.1.9/32 prefix, we can see in Example 10-11 that the down-bit has indeed been set.

Example 10-11 Use of the Down-bit for Summary LSAs

Paris# show ip ospf database summary 10.2.1.9



OSPF Router with ID (10.4.1.9) (Process ID 200)





                Summary Net Link States (Area 0)



  LS age: 1590

  Options: (No TOS-capability, DC, Downward)

  LS Type: Summary Links(Network)

  Link State ID: 10.2.1.9 (summary Network Number)

  Advertising Router: 10.4.1.9

  LS Seq Number: 80000002

  Checksum: 0x5C2F

  Length: 28

  Network Mask: /32

        TOS: 0  Metric: 2


    		MPLS and VPN Architectures
    		About the Authors
    		About the Technical Reviewers
    		Acknowledgments
    		Part I: MPLS Technology and Configuration
    		Part 2: MPLS-based Virtual Private Networks
    		Chapter 7. Virtual Private Network (VPN) Implementation Options
    		Chapter 8. MPLS/VPN Architecture Overview
    		Chapter 9. MPLS/VPN Architecture Operation
    		Chapter 10. Provider Edge (PE) to Customer Edge (CE) Connectivity Options
    		VPN Customer Access into the MPLS/VPN Backbone
    		BGP-4 Between Service Provider and Customer Networks
    		Open Shortest Path First (OSPF) Between PE- and CE-routers
    		Separation of VPN Customer Routing Information
    		Propagation of OSPF Routes Across the MPLS/VPN Backbone
    		PE-to-CE Connectivity?OSPF with Site Area 0 Support
    		PE-to-CE Connectivity?OSPF Without Site Area 0 Support
    		VPN Customer Connectivity?MPLS/VPN Design Choices
    		Summary
    		Chapter 11. Advanced MPLS/VPN Topologies
    		Chapter 12. Advanced MPLS/VPN Topics
    		Chapter 13. Guidelines for the Deployment of MPLS/VPN
    		Chapter 14. Carrier's Carrier and Inter-provider VPN Solutions
    		Chapter 15. IP Tunneling to MPLS/VPN Migration Case Study
    		Appendix A. Tag-switching and MPLS Command Reference