Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1533
Views
5
Helpful
4
Replies

connect OSPF thru ISP

Go to solution
mautez_mah
Level 1
Level 1

‎07-15-2021 12:00 PM

Hi team
if we have 20 sites, each site has connected to ISP thru L3VPN , 
how can we build ospf between sites as each one in different subnet even there is reachability 

 
 
Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎07-15-2021 02:09 PM - edited ‎07-15-2021 02:12 PM

Hello @mautez_mah ,

if you are using an MPLS L3 VPN it uses a so called peer model :

each CE router ( your device) peers with the local PE node .

OSPF can be used as PE-CE protocol and then the PE nodes redistribute OSPF into MP BGP in a way that allow to emulate a backbone area by carrying additional data that are needed on remote PE node to rebuild OSPF LSAs as extended community attributes.

Of course, this needs cooperation with MPLS SP and it may require an additional fee as it requires more configuration on PE nodes and a little more resources the per VRF OSPF process when compared to eBGP as PE-CE protocol.

 

As an alternative you could use a form of overlay network over the L3 VPN service for example using a DMVPN to create a virtual flat subnet and running OSPF over it.

The DMVPN would allow to add IPSec encryption for very sensitive data or companies with high security standards.

 

Hope to help

Giuseppe

 

 

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Harold Ritter
Spotlight
Spotlight

‎07-15-2021 01:52 PM

Hi @mautez_mah ,

 

Two options come to mind. 

 

1. Run OSPF as the PE-CE protocol. This might or might not be an available option depending on your SP offering.

 

2. Run BGP as the PE-CE protocol and redistributed between OSPF and BGP at each site. BGP as a PE-CE protocol is widely deployed and available with the majority of SPs.

 

Regards,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)
0 Helpful

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎07-15-2021 02:09 PM - edited ‎07-15-2021 02:12 PM

Hello @mautez_mah ,

if you are using an MPLS L3 VPN it uses a so called peer model :

each CE router ( your device) peers with the local PE node .

OSPF can be used as PE-CE protocol and then the PE nodes redistribute OSPF into MP BGP in a way that allow to emulate a backbone area by carrying additional data that are needed on remote PE node to rebuild OSPF LSAs as extended community attributes.

Of course, this needs cooperation with MPLS SP and it may require an additional fee as it requires more configuration on PE nodes and a little more resources the per VRF OSPF process when compared to eBGP as PE-CE protocol.

 

As an alternative you could use a form of overlay network over the L3 VPN service for example using a DMVPN to create a virtual flat subnet and running OSPF over it.

The DMVPN would allow to add IPSec encryption for very sensitive data or companies with high security standards.

 

Hope to help

Giuseppe

 

 

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP

‎07-15-2021 03:05 PM

All l3vpn is represent a Router, and this imaginary Router can connect to different router “which is CE “ through different subnet so 

yes it can even if each CE connect to PE via different subnet.

0 Helpful

Go to solution
mautez_mah
Level 1
Level 1

‎07-16-2021 10:34 PM

Thanks all 
so what I understand , 
on CE I will run BGP , 
on PE (ISP ) will run BGP ,
now I will run OSPF in CE and redistribute into ISP and vice versa, so now is there an additional configuration that should be done in ISP core, in order to Run OSPF in both sites, and what type of LSA will be considered in this case 

 

 
 
0 Helpful
Customers Also Viewed These Support Documents