Separation of VPN Customer Routing Information

Whichever of the two connectivity options are chosen (we will look at each in detail in the sections that follow), a mechanism is needed so that the PE-router can distinguish which routes belong to which VRF. This is accomplished through association of a particular customer interface to a specific VRF (per the standard MPLS/VPN model that we have already described) and to a particular OSPF process.

A separate OSPF process is necessary for each VRF that will receive VPN routes via OSPF. This is different than the procedures used when either RIP Version 2 or BGP are deployed across the PE-to-CE link because these protocols can run different routing contexts within the same process. Due to the complexity of OSPF and the associated topology database, this option is not currently available, so a different OSPF process (with a different process-ID) is required per VRF. To support this requirement, an extension to the router ospf command has been provided, as shown in Example 10-3.

Example 10-3 Extension to router ospf Command

San Jose(config)# router ospf ospf-Process-ID VRF vrf-name

Using the example topology shown in Figure 10-4, we can see in Example 10-4 the use of the router ospf command to set up the relevant OSPF processes for the EuroBank and FastFoods VPN customers on the San Jose PE-router.

Example 10-4 Configuration of OSPF Processes for VPN Customers

hostname San Jose

!

ip vrf EuroBank

 rd 1:27

 route-target export 100:27

 route-target import 100:27

!

ip vrf FastFoods

 rd 1:26

 route-target export 100:26

 route-target export 100:26

!

interface serial 1/0

 description ** interface to EuroBank San Francisco**

 ip vrf forwarding EuroBank

 ip address 10.2.1.5 255.255.255.252

!

interface serial 1/1

 description ** interface to FastFoods San Jose**

 ip vrf forwarding FastFoods

 ip address 195.12.2.5 255.255.255.252

!

router ospf 200 vrf EuroBank

 network 10.2.1.4 0.0.0.3 area 0

!

router ospf 100 vrf FastFoods

 network 195.12.2.4 0.0.0.3 area 1

Given the configuration in Example 10-4, we can see in Example 10-5 both OSPF processes and the number of interfaces in each process through use of the show ip ospf command.

Example 10-5 show ip ospf Confirmation of Multiple OSPF Processes

San Jose# show ip ospf



Routing Process "ospf 100" with ID 195.12.2.5

 Supports only single TOS(TOS0) routes

 Supports opaque LSA

 Connected to MPLS VPN Superbackbone

 It is an area border router

 SPF schedule delay 5 secs, Hold time between two SPFs 10 secs

 Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs

 Number of external LSA 0. Checksum Sum 0x0

 Number of opaque AS LSA 0. Checksum Sum 0x0

 Number of DCbitless external and opaque AS LSA 0

 Number of DoNotAge external and opaque AS LSA 0

 Number of areas in this router is 1. 1 normal 0 stub 0 nssa

 External flood list length 0

    Area 1

        Number of interfaces in this area is 1

        Area has no authentication

        SPF algorithm executed 2 times

        Area ranges are

        Number of LSA 1. Checksum Sum 0xC4E7

        Number of opaque link LSA 0. Checksum Sum 0x0

        Number of DCbitless LSA 0

        Number of indication LSA 0

        Number of DoNotAge LSA 0



Routing Process "ospf 200" with ID 10.2.1.5

 Supports only single TOS(TOS0) routes

 Supports opaque LSA

 Connected to MPLS VPN Superbackbone

 It is an area border router

 SPF schedule delay 5 secs, Hold time between two SPFs 10 secs

 Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs

 Number of external LSA 1. Checksum Sum 0xCAE8

 Number of opaque AS LSA 0. Checksum Sum 0x0

 Number of DCbitless external and opaque AS LSA 0

 Number of DoNotAge external and opaque AS LSA 0

 Number of areas in this router is 1. 1 normal 0 stub 0 nssa

 External flood list length 0

    Area BACKBONE(0)

        Number of interfaces in this area is 1

        Area has no authentication

        SPF algorithm executed 6 times

        Area ranges are

        Number of LSA 7. Checksum Sum 0x4A01D

        Number of opaque link LSA 0. Checksum Sum 0x0

        Number of DCbitless LSA 0

        Number of indication LSA 0

        Number of DoNotAge LSA 0

        Flood list length 0

When the relevant OSPF processes have been configured on the PE-router, it is now possible to learn routes from the CE-router using OSPF. These routes are placed into the relevant OSPF database, and the VPN customer VRF is populated.

Note

Because each OSPF process requires the use of a separate protocol descriptor block (PDB) within IOS, there is a limitation on the number of OSPF processes that can be run on each PE-router. This issue is discussed in detail in Chapter 12, "Advanced MPLS/VPN Topics," in the section "PE-router Provisioning and Scaling."




    Part 2: MPLS-based Virtual Private Networks