MPLS Layer 3 VPN PE-CE OSPF

ReneMolenaar · December 27, 2015, 2:00pm

Hi Davis,

There’s a lot of things that could be wrong. Here’s a simple checklist you can use:

Here’s what you should check and in what order:

Make sure your PE/P routers have established LDP neighbor adjacencies using loopback interfaces as the transport addresses.
Make sure the VRF is created on both PE routers.
Make sure you use the correct RD for each VRF.
Make sure you have the correct import/export route-targets.
Check if you see routes in the VRF routing table on the PE routers.
Check if you have an IBGP neighbor adjacency between the PE routers for the VPN address-family.
Make sure that extended communities are sent between the PE routers.
Make sure you see VPN routes on each PE router.
Make sure you see routes on both CE routers.

These are basically all the things you should check.

Rene

naotane · March 8, 2016, 2:16am

Hi Rene,

Do we have a lesson for OSPF Sham link available?

ReneMolenaar · March 8, 2016, 9:40am

Hi Jinbee,

Not yet, I’ll let you know once I published it.

Rene

shyam444 · May 1, 2016, 8:22pm

Hi Rene,

Pls explain about the use of Sham links in mpls vpn

Thanks
Shyam

ReneMolenaar · May 2, 2016, 1:50pm

Hi Shyam,

Once I have a lesson on it, I’ll post it here.

Rene

agatyinta · May 15, 2016, 3:18pm

Hi Rene,
Cleared posting as usual. However I don’t see lesson on the Sham Link topic. Would you mind advise ?

thx

Ahmad

andrew · May 15, 2016, 6:05pm

Ahmad,
In the post right above yours Rene mentions he will let everyone know when he has a sham link lesson.

andrew · May 15, 2016, 6:05pm

Ahmad,
In the post right above yours Rene mentions he will let everyone know when he has a sham link lesson.

adriantiamson · July 19, 2016, 9:04am

I want to share my studies in MPLS VPN,

The previous chapters described how MP-BGP Extended attributes are used to preserve some OSPF routing information and to allow two OSPF VPN sites remaining in same OSPF domain while they are connected via MPLS/VPN. In such approach, the MPLS/VPN is acting as OSPF area 0 and the PE router is regarded as an ABR router advertising the inter-site routes in type 3 Summary LSA. The routes are therefore inter-area routes.
However, this may not be a desirable situation for the following scenarios:
> When there is a backdoor connection on two VPN sites and it is desired to use the MPLS VPN connection to reach the other site rather than the backdoor connection
> When one site has two or more connections to MPLS VPN and it is desired to route packets over the VPN connection than over the routes inside of the site
> When two VPN sites want to be in the same OSPF area (for migration purposes or desired objective)

NOTE:

Sham Link provides virtual intra-area‘ connectivity across the MPLS VPN Super-Backbone so that traffic can be attracted to the backbone rather than taking the backdoor link between sites. A Sham link is required between any two sites that share a backdoor link. If no backdoor link exists between the sites, then a sham-link is NOT required.

lagapidis · July 26, 2016, 10:46am

Hello Adrian.

Thanks for sharing that, it’s much appreciated!

Laz

thomash · August 4, 2016, 3:49pm

Hi,

If i add a ASA box on the site CE1 with the ip address of 10.1.100.4 and all the clients connected to that site have internet access, and i want to allow users on the second site to access the internet how would i add a static route through the MPLS to the ip of my asa box 10.1.100.4

Thanks

ReneMolenaar · August 30, 2016, 12:14pm

Hi Thomas,

You will have to configure “hairpinning” on your ASA so that it translates traffic that arrived on its OUTSIDE interface and forwards it out of the same OUTSIDE interface again. Here is an example I created before for remote VPN users, your setup will be similar:

Cisco ASA Hairpin Remote VPN users

In your case, you don’t have remote VPN users but the idea is the same.

Rene

shantel · December 29, 2016, 8:13pm

19 posts were merged into an existing topic: MPLS Layer 3 VPN PE-CE OSPF

karanpuri88 · July 13, 2017, 6:12pm

Urgent Request
Hi Rene,

Please explain the sham link concept and OSPF loop prevention mechanism as mentioned by you.

Thanks and Regards,
KP

ReneMolenaar · July 19, 2017, 10:12am

@karan I figured it was about time I wrote something about the sham link:

karanpuri88 · July 19, 2017, 10:55am

Thank you Rene , that’s superb writeup and enjoyed as usual.

I was wondering if you have any plan to write the blog for CCIE-SP track…

ReneMolenaar · July 20, 2017, 10:06am

I might add some SP material sometime but first I want to work on Nexus material.

tsignal32 · September 6, 2017, 6:03pm

Rene,

I notice RD, and RT are configured on PE1 and PE2 routers. Can you configure RD, and RT on CE1 and CE2 with the same values of the PEs the CEs are connected to? Is there a reason/benefit to configuring RD, and RT on CE1 and CE2. I notice an organization has done this. When I saw this it was confusing to me after your example didn’t include RD, and RT on CE1 and CE2.

I appreciate the work you do in explaining networking where exmaples are easy to understand.

Thanks
Tim

lagapidis · September 7, 2017, 5:43am

Hello Timothy

RD and RT are concepts and functionalities that should be confined to the provider’s network. Their functionality should be transparent from the point of view of the CE routers. However, if the provider has extended their MPLS functionality into the customer router for some reason, then you would see RD and RT configs in the CE. This is highly unusual and irregular, however, technically it can happen.

I hope this has been helpful!

Laz

chrisnewnham17 · February 9, 2018, 8:38am

Was there ever a lesson about the loop prevention required? Would you need to tag routes that are redistributed on the PE’s?