As previously stated, a couple of topologies may be used to connect VPN sites to the MPLS/VPN backbone. The first of these provides the capability for the VPN customer to run an OSPF area 0 within more than one site and to use the MPLS/VPN backbone as a Level 3 hierarchy, above area 0, to provide the connectivity between sites. With this option, the PE-to-CE link is placed into area 0, which means that the CE-router becomes an area border router (ABR) in area 0 for all other areas at the customer site. It is possible for area 0 to extend past the CE-router. In this case, the CE-router will become a backbone router, and the ABR functionality will be moved to another router somewhere else within the site. This ABR will inject summaries from other areas within the site, and these will be propagated by the CE-router to the PE for onward advertisement across the MPLS/VPN backbone.
The PE-router becomes an ASBR for the OSPF-MPLS/VPN backbone, although from the CE-router's perspective, it acts as an ABR when propagating inter-area routes between sites. This means that another site looks exactly like a non-backbone area being linked to the per-site area 0 by the PE-router acting as the ABR.
With this type of connectivity, the PE- and CE-routers form an OSPF adjacency and exchange link state advertisements (LSA) across the adjacency. The CE-router propagates summary LSAs for routes coming from the site areas toward the PE-router, and the PE-router generates summary LSAs or external LSAs for any routes coming from the OSPF-MPLS/VPN backbone. An illustration of this mechanism can be seen in Figure 10-5.
Figure 10-5 shows that the EuroBank San Francisco ABR generates a type 3 summary LSA for network 10.2.1.9 across the PE-to-CE link to the SuperCom San Jose PE-router.
This summary LSA can be seen in Example 10-9.
San Jose# show ip ospf database summary 10.2.1.9 OSPF Router with ID (10.2.1.5) (Process ID 200) Summary Net Link States (Area 0) Routing Bit Set on this LSA LS age: 214 Options: (No TOS-capability, DC, Upward) LS Type: Summary Links(Network) Link State ID: 10.2.1.9 (summary Network Number) Advertising Router: 10.3.1.7 LS Seq Number: 80000025 Checksum: 0xA745 Length: 28 Network Mask: /32 TOS: 0 Metric: 1
Example 10-10 shows that this route is placed into the EuroBank VRF and also into MP-iBGP through redistribution. The output highlights the use of the BGP 0x8000 extended community attribute for OSPF routes and shows that the 10.2.1.9/32 prefix is an inter-area route with route type 3.
San Jose# show ip route vrf EuroBank 10.2.1.9 Routing entry for 10.2.1.9/32 Known via "ospf 200", distance 110, metric 2, type inter area Redistributing via ospf 200 Last update from 10.2.1.6 on FastEthernet0/0, 00:02:47 ago Routing Descriptor Blocks: * 10.2.1.6, from 10.3.1.7, 00:02:47 ago, via FastEthernet0/0 Route metric is 2, traffic share count is 1 San Jose# show ip bgp vpnv4 vrf EuroBank 10.2.1.9 BGP routing table entry for 1:27:10.2.1.9/32, version 64 Paths: (1 available, best #1, table EuroBank) Advertised to non peer-group peers: 184.108.40.206 Local 10.2.1.6 from 0.0.0.0 (220.127.116.11) Origin incomplete, metric 2, localpref 100, weight 32768, valid, sourced, best Extended Community: RT:100:27 OSPF RT:0:3:0
Because inter-site routes may be advertised into a site from various locations, it is necessary to provide a mechanism that allows a PE-router to understand whether the route has actually originated from within the attached site, or whether it was injected by another PE-router. This mechanism is provided through use of the down-bit, which is an extension to the OSPF protocol and is part of the Options field of the generic LSA header. Any summary LSAs that are generated by the PE-routers will have the down-bit set within the LSA. As shown in Figure 10-6, this is necessary to prevent routing loops. The PE will propagate summary LSAs received from the CE into the OSPF-MPLS/VPN backbone only if the down-bit is not set.
The down-bit is necessary only if customer CE-routers have connectivity to each other within area 0 and also have attachment to other non-backbone areas. This is because of the rule in OSPF that states: If an ABR receives a summary LSA from a non-backbone area, it should ignore the summary if it has connectivity to area 0. If the PE-to-CE link is within area 0, then this will be the case. In other situations, the down-bit may not be necessary, but the IOS implementation will set the down-bit for ALL summary LSAs that the PE-router generates, regardless of the topology of the site.
Figure 10-6 shows that the London and Paris PE-routers receive an MP-iBGP update for prefix 10.2.1.9/32 from the San Jose PE-router. In our example, the Paris PE-router generates a type 3 summary LSA into the EuroBank Paris site. This summary LSA is propagated across the site and eventually is received by the London PE-router. If this router for some reason does not have the route within the EuroBank VRF, and if the down-bit were not set, it would accept the route into the VRF and then advertise it to the San Jose and Paris PE-routers as an MP-iBGP update.
The San Jose PE-router would ignore the route because its OSPF route would be preferred. However, the Paris PE-router would now have two MP-iBGP updates for the same prefix, one from the San Jose PE-router and another from the London PE-router. Depending on which one it chose as the best route, a loop potentially would be formed where the Paris PE-router would direct the traffic to the London PE-router, which, in turn, would direct the traffic to the Paris PE-router.
If we take a look at the SuperCom Paris PE-router's summary LSA for the 10.2.1.9/32 prefix, we can see in Example 10-11 that the down-bit has indeed been set.
Paris# show ip ospf database summary 10.2.1.9 OSPF Router with ID (10.4.1.9) (Process ID 200) Summary Net Link States (Area 0) LS age: 1590 Options: (No TOS-capability, DC, Downward) LS Type: Summary Links(Network) Link State ID: 10.2.1.9 (summary Network Number) Advertising Router: 10.4.1.9 LS Seq Number: 80000002 Checksum: 0x5C2F Length: 28 Network Mask: /32 TOS: 0 Metric: 2