L3VPN - OSPF Between CE and PE

clive.gwyther · March 8, 2021, 10:37pm

Someone can hopefully help as I know this is predominantly Cisco.

I have a Juniper quetion (also valid for Cisco I expect). I have two customer using the same topology as below:

CustA: CE → PE → P → P → PE → CE: CustA:SiteB
CustB: CE → PE → P → P → PE → CE: CustB:SiteB

Customer A utilises eBGP between the CE and the PE and the VONv4 is created with no issue and it works between the end points.
The porblem is with Customer B who uses OSPF between the CE and the PE and the config (juniper) is as follows for the CE and PE (Basic):

Customer B - CE

set interfaces ge-0/0/0 unit 0 family inet address 10.10.10.2/30
set interfaces lo0 unit 0 family inet address 3.3.3.3/32
set routing-options router-id 3.3.3.3
set protocols ospf area 0.0.0.0 interface ge-0/0/0.0
set protocols ospf area 0.0.0.0 interface lo0.0 passive

PE Router:

set routing-instances london-custA instance-type vrf
set routing-instances london-custA interface ge-0/0/0.0
set routing-instances london-custA route-distinguisher 65533:10
set routing-instances london-custA vrf-target target:65533:10
set routing-instances london-custA protocols ospf area 0.0.0.0 interface ge-0/0/0.0

So, I think what is happening is that the routes received from the CE in the PE vrf are actually IPv4 routes and they need distributing into MP-BGP. The problem I have is I cannot find any docs to suggest how that is completed within an actual vrf with the iBGP being configured external to the vrf in global config.

Can anyone point me in the right direction please?

530dreynolds · March 9, 2021, 6:33pm

I’m not going to be very helpful here, unfortunately, but my rule of thumb with customers I peer with for L3VPN is I dictate all routing. They will configure BGP with me or I’ll help them do it. I don’t let the customer make the decision and it makes my life much much easier.

Saying that, in this case, you can re-distribute the routes as you specified. I don’t run Juniper so sorry I can’t be more helpful with your actual question here. I’m sure there is a good Juniper engineer that will chime in with a better technical answer.

clive.gwyther · March 9, 2021, 9:55pm

It’s all good. I now have it all working as expected. After some more investigation I discovered that the best way to achieve this over L3 VPN was to configure a sham-link.

lagapidis · March 10, 2021, 11:39am

Hello Clive

First of all, thanks to @530dreynolds for your response and your suggestions, experience such as yours can be useful to everyone on the forum. Also, thanks to Clive for mentioning your solution to your particular problem. Your solution sounds good. You can find out more about related MPLS and OSPF features in the following lessons. Hopefully, it will be useful for you, even though you use Juniper.

Let us know if you need any further clarification!

Laz

530dreynolds · March 11, 2021, 5:45pm

I have not used Sham Links before, this is a new concept for me. Thanks for sharing your solution @clive.gwyther ! I’ll keep it in mind if I ever run into this issue myself.