Solved: Configuring OSPF on sub-interfaces

Cisco Enthusiast · ‎08-29-2023

Greetings everyone,

I'm seeking clarification on the functioning of OSPF in relation to sub-interfaces within a single router.

In my current setup, the physical interfaces are associated with the

192.168.1.0/24

network, while the sub-interfaces fall under the

10.0.1.0/24

range.

I'm specifically interested in understanding whether it's essential to include the network statement

network 192.168.1.0 0.0.0.255 area 0

in every VRF instance.

Here is my configuration:

myrouter#sh running-config

Building configuration...




Current configuration : 3841 bytes

!

version 15.0

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname myrouter

!

boot-start-marker

boot-end-marker

!

vrf definition A

 !

 address-family ipv4

 exit-address-family

!

vrf definition B

 !

 address-family ipv4

 exit-address-family

!

vrf definition C

 !

 address-family ipv4

 exit-address-family

!

vrf definition D

 !

 address-family ipv4

 exit-address-family

!

enable secret X.X.X

enable password X.X.X

!

no aaa new-model

!

no ipv6 cef

ip source-route

ip cef

!

!

!

!

multilink bundle-name authenticated

!

!

!

license udi pid CISCO1921/K9 sn FCZ1434C389

!

!

!

!

!

!

!

!

interface Loopback1

 vrf forwarding A

 ip address 10.0.0.1 255.255.255.255

!

interface Loopback2

 vrf forwarding B

 ip address 10.0.0.2 255.255.255.255

!

interface Loopback3

 vrf forwarding C

 ip address 10.0.0.3 255.255.255.255

!

interface Loopback4

 vrf forwarding D

 ip address 10.0.0.4 255.255.255.255

!

interface GigabitEthernet0/0

 bandwidth 100

 ip address 192.168.1.1 255.255.255.252

 ip ospf network point-to-point

 duplex auto

 speed auto

 no mop enabled

!

interface GigabitEthernet0/0.1

 vrf forwarding A

 encapsulation dot1Q 10

 ip address 10.0.1.9 255.255.255.252

 ip ospf network point-to-point

!

interface GigabitEthernet0/0.2

 vrf forwarding B

 encapsulation dot1Q 20

 ip address 10.0.1.13 255.255.255.252

 ip ospf network point-to-point

!

interface GigabitEthernet0/0.3

 vrf forwarding C

 encapsulation dot1Q 30

 ip address 10.0.1.17 255.255.255.252

 ip ospf network point-to-point

!

interface GigabitEthernet0/0.4

 vrf forwarding D

 encapsulation dot1Q 40

 ip address 10.0.1.21 255.255.255.252

 ip ospf network point-to-point

!

interface GigabitEthernet0/1

 description unused available port

 ip address 192.168.1.5 255.255.255.252

 ip ospf network point-to-point

 duplex auto

 speed auto

 no mop enabled

!

interface GigabitEthernet0/1.1

 vrf forwarding B

 encapsulation dot1Q 10

 ip address 10.0.1.10 255.255.255.252

 ip ospf network point-to-point

!

interface GigabitEthernet0/1.2

 vrf forwarding C

 encapsulation dot1Q 20

 ip address 10.0.1.14 255.255.255.252

 ip ospf network point-to-point

!

interface GigabitEthernet0/1.3

 vrf forwarding D

 encapsulation dot1Q 30

 ip address 10.0.1.18 255.255.255.252

 ip ospf network point-to-point

!

interface GigabitEthernet0/1.4

 vrf forwarding A

 bandwidth 10

 encapsulation dot1Q 40

 ip address 10.0.1.22 255.255.255.252

 ip ospf network point-to-point

!

interface ATM0/0/0

 no ip address

 shutdown

 no atm ilmi-keepalive

!

interface Serial0/1/0

 no ip address

 shutdown

 clock rate 2000000

!

router ospf 10 vrf A

 router-id 10.0.0.1

 log-adjacency-changes

 redistribute static subnets

 network 10.0.1.0 0.0.0.255 area 0

 network 192.168.1.0 0.0.0.255 area 0

!

router ospf 20 vrf B

 router-id 10.0.0.2

 log-adjacency-changes

 redistribute static subnets

 network 10.0.1.0 0.0.0.255 area 0

 network 192.168.1.0 0.0.0.255 area 0

!

router ospf 30 vrf C

 router-id 10.0.0.3

 log-adjacency-changes

 redistribute static subnets

 network 10.0.1.0 0.0.0.255 area 0

 network 192.168.1.0 0.0.0.255 area 0

!

router ospf 40 vrf D

 router-id 10.0.0.4

 log-adjacency-changes

 redistribute static subnets

 network 10.0.1.0 0.0.0.255 area 0

 network 192.168.1.0 0.0.0.255 area 0

!

router rip

 version 2

 network 192.168.1.0

!

router bgp 65000

 no synchronization

 no bgp log-neighbor-changes

 no auto-summary

!

ip forward-protocol nd

!

no ip http server

no ip http secure-server

!

!

!

!

snmp-server community public RO

!

control-plane

!

!

line con 0

 exec-timeout 0 0

 password cisco

line aux 0

 password cisco

 login

 modem InOut

 transport input all

 speed 115200

 flowcontrol hardware

line vty 0 4

 password cisco

 login

 transport input all

line vty 5 15

 password cisco

 login

!

scheduler allocate 20000 1000

end




myrouter#

Harold Ritter · ‎08-29-2023

Hi @Cisco Enthusiast ,

You are fine with just including the sub interface subnet

(10.0.1.0/24)

Adding the

192.168.1.0/24

does not serve any purpose, as this subnet belongs to the default VRF, so not part of any of the other VRFs.

Regards,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

View solution in original post

Jamie_90 · ‎08-29-2023

You do not need to include

network 192.168.1.0 0.0.0.255 area 0

under any of the OSPF vrf instances. Not unless you're attempting to advertise the

192.180.1.0/24

via each vrf? Based on your configuration, i'm assuming not.

Harold Ritter · ‎08-29-2023

Hi @Cisco Enthusiast ,

You are fine with just including the sub interface subnet

(10.0.1.0/24)

Adding the

192.168.1.0/24

does not serve any purpose, as this subnet belongs to the default VRF, so not part of any of the other VRFs.

Regards,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

Joseph W. Doherty · ‎08-29-2023

"I'm specifically interested in understanding whether it's essential to include the network statement

network 192.168.1.0 0.0.0.255 area 0

in every VRF instance."

Essential?

Based on your posted configuration, no, it's not essential. For the reasons already noted by @Jamie_90 and @Harold Ritter.

From your question, and your config, possibly you're don't fully understand VRFs and/or subinterfaces.

Subinterface are the logical equivalent of independent L3 interfaces, which just happen to physically share the same physical interface (conceptionally, much like multiple VLANs sharing a Cisco trunk interface).

VRF create totally different L3 domains (conceptionally much like L2 VLANs).

For example, you can do this:

interface GigabitEthernet0/0
 bandwidth 100
 ip address 10.0.1.10 255.255.255.252 !<<==
 ip ospf network point-to-point
 duplex auto
 speed auto
 no mop enabled

interface GigabitEthernet0/1.1
 vrf forwarding B
 encapsulation dot1Q 10
 ip address 10.0.1.10 255.255.255.252 !<<==
 ip ospf network point-to-point

interface GigabitEthernet0/1.2
 vrf forwarding C
 encapsulation dot1Q 20
 ip address 10.0.1.10 255.255.255.252 !<<==
 ip ospf network point-to-point

interface GigabitEthernet0/1.3
 vrf forwarding D
 encapsulation dot1Q 30
 ip address 10.0.1.10 255.255.255.252 !<<==
 ip ospf network point-to-point

interface GigabitEthernet0/1.4
 vrf forwarding A
 bandwidth 10
 encapsulation dot1Q 40
 ip address 10.0.1.10 255.255.255.252 !<<==
 ip ospf network point-to-point

Do understand why the above is valid?

Cisco Enthusiast · ‎08-29-2023

Hello and thank you for the response.

Yet assigning

10.0.1.10

for each VLAN doesn't work and will result in false connectivity tests when pinging the sub-interfaces.

On the other hand, the issue isn't about understanding whether i can put it or not, i have a suspicion that the router is faulty. It gives different outputs with the same configuration each time.

Joseph W. Doherty · ‎08-29-2023

"Yet assigning

10.0.1.10

for each VLAN doesn't work and will result in false connectivity tests when pinging the sub-interfaces."

Again, what you describes implies a configuration issue most likely due to not fully understanding subinterfaces and/or VRFs.

"On the other hand, the issue isn't about understanding whether i can put it or not, i have a suspicion that the router is faulty. It gives different outputs with the same configuration each time."

Yes, router might be "faulty" but here too might your understanding be "faulty"?

An example of possible "faulty" understanding is your mention assigning

10.0.1.10

to different VLANs doesn't work. Believe me, it can work using VRFs, assuming configuration are correct.

For a second opinion, ask @Harold Ritter as he has CCIE badges, and those with those certifications, I've found, are fairly knowledgeable.

Again, if you accept there's some possibility the different outputs you describe having are not due to a "faulty" router, we might, together, determine some other issue is the cause.

BTW, I not saying there are configuration issues on the router, itself. We would need to analyze your overall network environment.