MPLS Layer 3 VPN PE-CE OSPF

Hi,

I have a question that i cannot wrap my head around it. When I BGP between CE and PE, then on PE side, I need to do “neighbor x.x.x.x activate” command under “address-family ipv4 vrf X”. However, if i’m using EIGRP beween CE and PE, then I need to do it under “address-family vrf X as X”. So would you please let me know how do I decide which address family is the right one to use? The other question I have is what is the correlation between a VRF routing table and BGP VPNV4 table on a PE?

Thank you as always for your help,

Hello Helen!

When you use eBGP between the CE and PE routers, then the syntax for the address-family command under the router BGP configuration mode is simply:

address-family ipv4 vrf vrf_name

The syntax used for the address-family command under the router EIGRP configuration mode is:

address-family ipv4 vrf vrf_name autonomous-system X

Note here that the autonomous system that we are referring to is the autonomous system of the EIGRP configuration, not a BGP AS. This is the syntax used when configuring an address-family under the router EIGRP mode. More info on this can be found at this Cisco command reference documentation:

Now you can find an example of the configuration of BGP between PE and CEs at the following lesson:

And the corresponding configuration for EIGRP between PEs and CEs can be found here:

I hope this has been helpful!

Laz

i tried but was not able to ping even after getting routes in the CE router
loopback was present with *> symbol in the vrf of the PE routers
i used lo0 as 1.1.1.1/24 instead of /32 when i redistributed the ospf in BGP it showed a error that 5.5.5.5 may not be reachable and vice versa in PE2
i dont understand why it is not pinging

Hello Anoop

Can you let us know from where and to where you are pinging? Keep in mind that when you verify, you must ping with a source of the loopback. If you simply ping 5.5.5.5 from the CE1 router, you won’t get a response, because the source of that ping is the Fa0/0 interface, which has an IP address of 192.168.12.1. That address is unknown to CE2, so the ping will reach the destination, but there is no route to the original source address.

Make sure you are adding the source loopback 0 keywords after the ping. If it is still not working, give us some more info about your setup so that we can help further with troubleshooting.

I hope this has been helpful!

Laz

image

I hope i uploaded the image screenshot
So let me explain
When i do this command on R2 i get this error

R2(config)#router bgp 20
R2(config-router)# address-family ipv4 vrf Customer
R2(config-router-af)#redistribute ospf 2 vrf Customer 
R2(config-router-af)#
***Mar  1 00:09:05.147: %BGP-4-VPNV4NH_MASK: Nexthop 2.2.2.2 may not be reachable from neigbor 5.5.5.5 - not /32 mask**

But on the other end R5 i get the prefix of R1

R5#sh ip bgp vpnv4 all 
BGP table version is 5, local router ID is 5.5.5.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 1:1 (default for vrf CUSTOMER)
*>i1.1.1.1/32       2.2.2.2                 11    100      0 ?
*>i192.168.45.0     2.2.2.2                  0    100      0 ?

These prefixes i redistributed in R2 in BGP from OSPF 2 vrf Customer

I get the same error at other end

**R5(config-router)#**
***Mar  1 00:18:26.935: %BGP-4-VPNV4NH_MASK: Nexthop 5.5.5.5 may not be reachable from neigbor 2.2.2.2 - not /32 mask**

But lets see the routing table at R2 and R5 am i learning the customer routes or not

  1. In bgp vpnv4 table i am getting the routes of customer
R2#sh ip bgp vpnv4 all   
BGP table version is 9, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 1:1 (default for vrf Customer)
*> 1.1.1.1/32       192.168.45.1            11         32768 ?
*>i6.6.6.6/32       5.5.5.5                 11    100      0 ?
*> 192.168.45.0     0.0.0.0                  0         32768 ?
*>i192.168.55.0     5.5.5.5                  0    100      0 ?
R5#sh ip bgp vpnv4 all         
BGP table version is 9, local router ID is 5.5.5.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 1:1 (default for vrf CUSTOMER)
*>i1.1.1.1/32       2.2.2.2                 11    100      0 ?
*> 6.6.6.6/32       192.168.55.2            11         32768 ?
*>i192.168.45.0     2.2.2.2                  0    100      0 ?
*> 192.168.55.0     0.0.0.0                  0         32768 ?

i am getting the *> symbol which means it should be in routing table but here is the problem
Even after redistributing bgp in ospf still i am getting

R2#sh ip route vrf Customer ospf 

Routing Table: Customer

     1.0.0.0/32 is subnetted, 1 subnets
O       1.1.1.1 [110/11] via 192.168.45.1, 00:36:18, FastEthernet0/0

R5#sh ip route vrf CUSTOMER ospf

Routing Table: CUSTOMER

     6.0.0.0/32 is subnetted, 1 subnets
O       6.6.6.6 [110/11] via 192.168.55.2, 00:18:46, FastEthernet0/1

I am not learning the Customer routes here in routing table of PE

But both my customer learns each others route in their routing table

R1#sh ip route 
Gateway of last resort is not set

     1.0.0.0/32 is subnetted, 1 subnets
C       1.1.1.1 is directly connected, Loopback0
C    192.168.45.0/24 is directly connected, FastEthernet0/0
     6.0.0.0/32 is subnetted, 1 subnets
O IA    6.6.6.6 [110/21] via 192.168.45.2, 00:03:41, FastEthernet0/0
O IA 192.168.55.0/24 [110/11] via 192.168.45.2, 00:03:41, FastEthernet0/0

R6#sh ip route
     1.0.0.0/32 is subnetted, 1 subnets
O IA    1.1.1.1 [110/21] via 192.168.55.1, 00:04:37, FastEthernet0/0
O IA 192.168.45.0/24 [110/11] via 192.168.55.1, 00:04:37, FastEthernet0/0
     6.0.0.0/24 is subnetted, 1 subnets
C       6.6.6.0 is directly connected, Loopback0
C    192.168.55.0/24 is directly connected, FastEthernet0/0

R1#ping 6.6.6.6 source lo0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1 
.....
Success rate is 0 percent (0/5)

R6#ping 1.1.1.1 source lo0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 6.6.6.6 
.....
Success rate is 0 percent (0/5)

providing config of R2 and R5 ( PE router)

R2#sh running-config | s ospf
router ospf 2 vrf Customer
 log-adjacency-changes
 redistribute bgp 20 subnets
 network 192.168.45.0 0.0.0.255 area 0
router ospf 1
 log-adjacency-changes
 network 2.2.2.0 0.0.0.255 area 0
 network 192.168.1.0 0.0.0.255 area 0
  redistribute ospf 2 vrf Customer

router bgp 20
 bgp router-id 2.2.2.2
 bgp log-neighbor-changes
 neighbor 5.5.5.5 remote-as 20
 neighbor 5.5.5.5 update-source Loopback0
 !
 address-family ipv4
  no neighbor 5.5.5.5 activate
  no auto-summary
  no synchronization
 exit-address-family
 !
 address-family vpnv4
  neighbor 5.5.5.5 activate
  neighbor 5.5.5.5 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf Customer
  redistribute ospf 2 vrf Customer
  no synchronization
 exit-address-family


R5#sh running-config | s bgp 
 redistribute bgp 20 subnets
router bgp 20
 bgp log-neighbor-changes
 neighbor 2.2.2.2 remote-as 20
 neighbor 2.2.2.2 update-source Loopback0
 !
 address-family ipv4
  no neighbor 2.2.2.2 activate
  no auto-summary
  no synchronization
 exit-address-family
 !
 address-family vpnv4
  neighbor 2.2.2.2 activate
  neighbor 2.2.2.2 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf CUSTOMER
  redistribute ospf 2 vrf CUSTOMER
  no synchronization
 exit-address-family

router ospf 2 vrf CUSTOMER
 log-adjacency-changes
 redistribute bgp 20 subnets
 network 192.168.55.0 0.0.0.255 area 0
router ospf 1
 log-adjacency-changes
 network 5.5.5.0 0.0.0.255 area 0
 network 192.168.3.0 0.0.0.255 area 0
  redistribute ospf 2 vrf CUSTOMER

Hello Anoop

The error that you are getting has to do with the way in which OSPF advertises loopback networks. OSPF will always advertise loopbacks as /32 networks, even if you have configured them to be /24. This is how OSPF operates, and it is even defined within RFC 2328. You can see this from the prefixes in the BGP tables on R2 and R5.

If you want to change this behaviour, you can use the ip ospf network point-to-point command under the loopback interface configuration mode. Or you can change the subnet mask on the IP addresses of your loopbacks to eliminate the error.

This error should have no effect on the operation of your MPLS network.

Now the problem you’re facing seems to be coming from your redistribution. Remember, that in the R2 and R5 routers, which are the PE routers in your topology, you have BGP routing, and you have two OSPF processes. You must ensure that redistribution is taking place between the appropriate routing domains. In the lesson, you can see that redistribution is taking place:

  1. from BGP to OSPF process 2
  2. from OSPF process 2 to BGP

In your topology, you are also redistributing OSPF 1 into OSPF 2. I suggest you go over the lab again and ensure that you are adhering to the configurations found there. Try it out and let us know how you come along.

I hope this has been helpful!

Laz

Hi Laz,

Great to know the reason for that eroor

But i have done redistribution properly that may be seen in the above config because of sh run | s command

let me show u the entire running config of R2

interface Loopback0
 ip address 2.2.2.2 255.255.255.0
!
interface FastEthernet0/0
 ip vrf forwarding Customer
 ip address 192.168.45.2 255.255.255.0
 duplex auto
 speed auto
!
interface Serial0/0
 no ip address
 shutdown
 clock rate 2000000
!
interface FastEthernet0/1
 ip address 192.168.1.1 255.255.255.0
 duplex auto
 speed auto
 mpls ip
!
interface FastEthernet1/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet2/0
 no ip address
 shutdown 
 duplex auto
 speed auto
!
router ospf 2 vrf Customer
 log-adjacency-changes
 redistribute bgp 20 subnets--------------------( redistribute bgp inside ospf 2)
 network 192.168.45.0 0.0.0.255 area 0
!
router ospf 1
 log-adjacency-changes
 network 2.2.2.0 0.0.0.255 area 0
 network 192.168.1.0 0.0.0.255 area 0
!
router bgp 20
 bgp router-id 2.2.2.2
 bgp log-neighbor-changes
 neighbor 5.5.5.5 remote-as 20
 neighbor 5.5.5.5 update-source Loopback0
 !
 address-family ipv4
  no neighbor 5.5.5.5 activate
  no auto-summary
  no synchronization
 exit-address-family
 !
 address-family vpnv4
  neighbor 5.5.5.5 activate
  neighbor 5.5.5.5 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf Customer
  redistribute ospf 2 vrf Customer ------------(redistribution of ospf2 in bgp)
  no synchronization
 exit-address-family
!
R2#sh ip route vrf Customer         

Routing Table: Customer
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     1.0.0.0/32 is subnetted, 1 subnets
O       1.1.1.1 [110/11] via 192.168.45.1, 01:45:41, FastEthernet0/0
C    192.168.45.0/24 is directly connected, FastEthernet0/0
     6.0.0.0/32 is subnetted, 1 subnets
B       6.6.6.6 [200/11] via 5.5.5.5, 01:10:23
B    192.168.55.0/24 [200/0] via 5.5.5.5, 01:10:38
R2#sh ip route os           
R2#sh ip route ospf 
     5.0.0.0/32 is subnetted, 1 subnets
O       5.5.5.5 [110/31] via 192.168.1.2, 01:45:43, FastEthernet0/1
O    192.168.2.0/24 [110/20] via 192.168.1.2, 01:45:53, FastEthernet0/1
O    192.168.3.0/24 [110/30] via 192.168.1.2, 01:45:53, FastEthernet0/1

Even R1 is learning it

R1#sh ip ospf neighbor            

Neighbor ID     Pri   State           Dead Time   Address         Interface
192.168.45.2      1   FULL/DR         00:00:37    192.168.45.2    FastEthernet0/0
R1#sh ip route                    
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     1.0.0.0/32 is subnetted, 1 subnets
C       1.1.1.1 is directly connected, Loopback0
C    192.168.45.0/24 is directly connected, FastEthernet0/0
     6.0.0.0/32 is subnetted, 1 subnets
O IA    6.6.6.6 [110/21] via 192.168.45.2, 01:11:27, FastEthernet0/0
O IA 192.168.55.0/24 [110/11] via 192.168.45.2, 01:11:27, FastEthernet0/0

I am stuck here dont know where the issue is

Hello Anoop

The redistribution I was referring to in my previous post where I said:

I was referring to this config:
image
It looks like this was fixed in the config you posted after that.

Looking at the new configs that you sent, I don’t immediately see a problem with the setup. The only thing I see, in comparison with Rene’s configs is that in the redistribution of ospf 2 in BGP you configure:

redistribute ospf 2 vrf Customer

while Rene configures:

redistribute ospf

Rene omits the VRF specification. I haven’t labbed this up, and I’m not completely sure what effect this will have, but it may be worth attempting the change. If not, let us know and we’ll see if we can lab it up too with your configs and help in the troubleshooting process.

I hope this has been helpful!

Laz

Hi Laz,

Yes saw that aswell but in my GNS3 even when i am trying to do the command
redistribute ospf 2
its autmatically showing
redistribute ospf 2 vrf Customer
i am using image
c3725-adventerprisek9-mz124-15.image
Version 12.4(15)T7, RELEASE SOFTWARE (fc3)

is there some limitaions in gns3 i dont know

Hello Anoop

Hmm, as I said before, this doesn’t seem to be a problem, and since you tell me that the IOS puts it in there automatically, then you should be OK. In any case, your configs in your last post look good, and I don’t see an issue with the configurations. It could be a GNS3 problem. If you have the ability to do so, try employing this on CML or EVE-NG, or even on real devices if you can, just to see if we’re missing something or if it is indeed a GNS3 bug…

Let us know how you come along!

I hope this has been helpful!

Laz

image

Finally pinged in eve ng

CE11# ping 6.6.6.6 source lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1 
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 13/20/24 ms
CE11#

PE1 end
PE1#sh bgp vpnv4 unicast vrf customerC
BGP table version is 7, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, 
              x best-external, a additional-path, c RIB-compressed, 
              t secondary path, 
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 2:2 (default for vrf customerC)
 *>   1.1.1.1/32       192.168.1.1              2         32768 ?
 *>i  6.6.6.6/32       5.5.5.5                  2    100      0 ?
 *>   192.168.1.0      0.0.0.0                  0         32768 ?
 *>i  192.168.5.0      5.5.5.5                  0    100      0 ?
PE1#sh ip route vrf customerC ospf    

Routing Table: customerC
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is not set

      1.0.0.0/32 is subnetted, 1 subnets
O        1.1.1.1 [110/2] via 192.168.1.1, 00:05:34, GigabitEthernet0/0
PE1#

The only difference i made between gns3 and eve ng is that in eve ng both end i have defined vrf customerC
But in gns3 one end it was customer and other end it was Customer but with same RT value
dont think thats the issue though
so i guess its a gns3 issue may be

Hello Anoop

This is great, thanks for letting us know of your success in setting this up in EVE-NG!

VRF names are locally significant, so having one named “customer” and the other named “Customer” will make no difference. As long as the RT values are correct you’re good to go. So it looks like it was a GNS3 issue after all… Good work!

Thanks for sharing!

Laz

1 Like

easy to understand topic thanks again Rene

1 Like

Hi Rene,

Do you have something on multi- VPN- instance customer edge? Do we use the same RD for the PE and MCE?
Regards,

Hello Moven

What you are describing is called Multi-VRF CE according to Cisco. It allows a single CE device to terminate multiple VPNs enabling multiple customers to share the same physical link between the PE and CE, or a single customer to use multiple VPNs.

You can find out more information about this feature and how to configure it at the following Cisco documentation:

As can be seen from this documentation, within the same CE, you configure two different VRFs each of which has its own route distinguisher.

I hope this has been helpful!

Laz

Hi Lazaros,

Thank you so much. I have seen the documentation and went through it.

Regards,
Moven.

1 Like

Hi Laz,

Below configuration needs to be corrected because I tested it. I configured below without specifying the “vrf customer” after “router ospf” and it did not work. When I specified the “vrf customer” it all worked. I am using GNS3 in Dynamips mode Router 7200.

PE1 & PE2
(config)#router ospf 2
(config-router)#redistribute bgp 234 subnets

Also, please check the 2nd diagram in the lesson, it should be “CE” in Area 0 but it shows PE. Please correct this as well.

Thanks,
Rahul

Hello Rahul

Yes, you are correct, the command there should be as follows:

PE1 & PE2
(config)#router ospf 2 vrf CUSTOMER
(config-router)#redistribute bgp 234 subnets

Actually, if you look at the final configurations at the end, you will see that for PE1 that command is actually correct. I will let @ReneMolenaar know to make the correction in the lesson.

Thanks for pointing out the typo in the second diagram as well, I’ll pass it on to Rene.

Laz

Hi Rene,

I do not find any MPLS TE contants in networks.com website.

Could you please share the link for that?

Hello Costa

The truth is that there is little content on MPLS TE on the NetworkLessons site since this topic is not part of any of the Cisco certifications that are covered so far. In the meantime, you can find some useful links in this NetworkLessons note on the subject of MPLS traffic engineering.

If you would like to see this as a future topic on the site, take a look at the following Member Ideas page:

Here you can suggest the topics you would like to see, and you may find that others have already suggested this topic, so you can add your voice to theirs.

I hope this has been helpful!

Laz