Solved: Integration of second OSPF process (area) into MPLS

Filip Knezevic · ‎08-01-2017

Hi Cisco fellows and experts,

I would need a quick advice if possible.

We have an ISP MPLS network with six 7600 series routers. We need to add another chassis and do a reorganization of internal network. Customers are mostly connected via static routes.

My director would like to dump static routes (too many of them) and move on to the iBGP or OSPF.

My idea is that it's better to use OSPF for lot of internal business customers, since it's highly scalable. Customers can be put into NSSA areas, sending only default routes to ABRs, thus not knowing the entire routing table.

Questions:

1. Is it better to use OSPF in that purpose (I mean it's designed for that, right?)?

2. Since we have an OSPF backbone area carrying MPLS labels, we don't won't customers in that same OSPF process, right?

3. If question 2 is true, should we redistribute the customer OSPF process into the global OSPF process? Is that needed?

Any insight would be highly appreciated. I have a chance to make a good suggestion that can improve our network and learn great stuff in the process :)

Filip

Mario Grozdanovic · ‎08-01-2017

Hi Filip,

1. OSPF can be used for that purpose. Its vendor diverse so it would not matter what equipment your customer has on their end. You can also use BGP or EIGRP for the customer facing side.

2. All of your customers would need to use another process, correct. You typically would put each customer in its own VRF.

3.You would not redistribute the customers routes into your backbone OSPF process. Instead, you would redistribute them into your backbone Multi Protocol iBGP (BGP VPN) See the sketch of how the PE router would look like.

Hope that helps a little :)

CE Routing with OSPF

Configuration

router ospf 100 vrf VPN_A

domain-id 0.0.0.5

network 0.0.0.0 255.255.255.255 area 1

redistribute bgp 100 subnets

capability vrf-lit (this command is needed to disable the OSPF VRF loop prevention)

router bgp 100

address-family ipv4 vrf VPN_A

redistribute ospf 100 vrf VPN_A

View solution in original post

Mario Grozdanovic · ‎08-01-2017

Hi Filip,

1. OSPF can be used for that purpose. Its vendor diverse so it would not matter what equipment your customer has on their end. You can also use BGP or EIGRP for the customer facing side.

2. All of your customers would need to use another process, correct. You typically would put each customer in its own VRF.

3.You would not redistribute the customers routes into your backbone OSPF process. Instead, you would redistribute them into your backbone Multi Protocol iBGP (BGP VPN) See the sketch of how the PE router would look like.

Hope that helps a little :)

CE Routing with OSPF

Configuration

router ospf 100 vrf VPN_A

domain-id 0.0.0.5

network 0.0.0.0 255.255.255.255 area 1

redistribute bgp 100 subnets

capability vrf-lit (this command is needed to disable the OSPF VRF loop prevention)

router bgp 100

address-family ipv4 vrf VPN_A

redistribute ospf 100 vrf VPN_A

Filip Knezevic · ‎08-01-2017

Mario that was awesome, thank you very much.

I love your drawing skills ;) :D

Only problem is that VRF service is expensive for most of the customers here in Serbia, and they are not utilizing it's wonderful abilities.

I think vrfs are great, but that usually mean customers have to have good firewalls (like centralized internet gateways) at one point of the network, because if they are using only private ips for the WAN links, port forwarding etc can be a pain in the arse if they don't have a good firewall in front the vrf.