The previous chapters described how MP-BGP Extended attributes are used to preserve some OSPF routing information and to allow two OSPF VPN sites remaining in same OSPF domain while they are connected via MPLS/VPN. In such approach, the MPLS/VPN is acting as OSPF area 0 and the PE router is regarded as an ABR router advertising the inter-site routes in type 3 Summary LSA. The routes are therefore inter-area routes.
However, this may not be a desirable situation for the following scenarios:
> When there is a backdoor connection on two VPN sites and it is desired to use the MPLS VPN connection to reach the other site rather than the backdoor connection
> When one site has two or more connections to MPLS VPN and it is desired to route packets over the VPN connection than over the routes inside of the site
> When two VPN sites want to be in the same OSPF area (for migration purposes or desired objective)
NOTE:
Sham Link provides virtual intra-area‘ connectivity across the MPLS VPN Super-Backbone so that traffic can be attracted to the backbone rather than taking the backdoor link between sites. A Sham link is required between any two sites that share a backdoor link. If no backdoor link exists between the sites, then a sham-link is NOT required.
If i add a ASA box on the site CE1 with the ip address of 10.1.100.4 and all the clients connected to that site have internet access, and i want to allow users on the second site to access the internet how would i add a static route through the MPLS to the ip of my asa box 10.1.100.4
You will have to configure “hairpinning” on your ASA so that it translates traffic that arrived on its OUTSIDE interface and forwards it out of the same OUTSIDE interface again. Here is an example I created before for remote VPN users, your setup will be similar:
I notice RD, and RT are configured on PE1 and PE2 routers. Can you configure RD, and RT on CE1 and CE2 with the same values of the PEs the CEs are connected to? Is there a reason/benefit to configuring RD, and RT on CE1 and CE2. I notice an organization has done this. When I saw this it was confusing to me after your example didn’t include RD, and RT on CE1 and CE2.
I appreciate the work you do in explaining networking where exmaples are easy to understand.
RD and RT are concepts and functionalities that should be confined to the provider’s network. Their functionality should be transparent from the point of view of the CE routers. However, if the provider has extended their MPLS functionality into the customer router for some reason, then you would see RD and RT configs in the CE. This is highly unusual and irregular, however, technically it can happen.