cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
657
Views
5
Helpful
4
Replies
mautez_mah
Beginner

connect OSPF thru ISP

Hi team
if we have 20 sites, each site has connected to ISP thru L3VPN , 
how can we build ospf between sites as each one in different subnet even there is reachability 

 
 
1 ACCEPTED SOLUTION

Accepted Solutions
Giuseppe Larosa
Hall of Fame Master

Hello @mautez_mah ,

if you are using an MPLS L3 VPN it uses a so called peer model :

each CE router ( your device) peers with the local PE node .

OSPF can be used as PE-CE protocol and then the PE nodes redistribute OSPF into MP BGP in a way that allow to emulate a backbone area by carrying additional data that are needed on remote PE node to rebuild OSPF LSAs as extended community attributes.

Of course, this needs cooperation with MPLS SP and it may require an additional fee as it requires more configuration on PE nodes and a little more resources the per VRF OSPF process when compared to eBGP as PE-CE protocol.

 

As an alternative you could use a form of overlay network over the L3 VPN service for example using a DMVPN to create a virtual flat subnet and running OSPF over it.

The DMVPN would allow to add IPSec encryption for very sensitive data or companies with high security standards.

 

Hope to help

Giuseppe

 

 

View solution in original post

4 REPLIES 4
Harold Ritter
Cisco Employee

Hi @mautez_mah ,

 

Two options come to mind. 

 

1. Run OSPF as the PE-CE protocol. This might or might not be an available option depending on your SP offering.

 

2. Run BGP as the PE-CE protocol and redistributed between OSPF and BGP at each site. BGP as a PE-CE protocol is widely deployed and available with the majority of SPs.

 

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
Giuseppe Larosa
Hall of Fame Master

Hello @mautez_mah ,

if you are using an MPLS L3 VPN it uses a so called peer model :

each CE router ( your device) peers with the local PE node .

OSPF can be used as PE-CE protocol and then the PE nodes redistribute OSPF into MP BGP in a way that allow to emulate a backbone area by carrying additional data that are needed on remote PE node to rebuild OSPF LSAs as extended community attributes.

Of course, this needs cooperation with MPLS SP and it may require an additional fee as it requires more configuration on PE nodes and a little more resources the per VRF OSPF process when compared to eBGP as PE-CE protocol.

 

As an alternative you could use a form of overlay network over the L3 VPN service for example using a DMVPN to create a virtual flat subnet and running OSPF over it.

The DMVPN would allow to add IPSec encryption for very sensitive data or companies with high security standards.

 

Hope to help

Giuseppe

 

 

View solution in original post

MHM Cisco World
Collaborator

All l3vpn is represent a Router, and this imaginary Router can connect to different router “which is CE “ through different subnet so 

yes it can even if each CE connect to PE via different subnet.

mautez_mah
Beginner

Thanks all 
so what I understand , 
on CE I will run BGP , 
on PE (ISP ) will run BGP ,
now I will run OSPF in CE and redistribute into ISP and vice versa, so now is there an additional configuration that should be done in ISP core, in order to Run OSPF in both sites, and what type of LSA will be considered in this case