cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3695
Views
25
Helpful
17
Replies
Evlaa2021
Beginner

MPLS Redistribution between BGP and OSPF

In my lab configuration i am not able to redistribute between BGP and OSPF in an MPLS type setup, i've attached a topology diagram and full configs for reference. On my PE routers i can see that they are learning routes from the CE/CPE routers via OSPF, example below. Routes are being redistributed into BGP but then at the remote side of the MPLS VPN they do not get put back into OSPF.


PE1#show ip route vrf MFT_CORP 192.168.200.0
Routing entry for 192.168.200.0/32, 1 known subnets
Redistributing via bgp 50

O 192.168.200.1
[110/2] via 192.168.1.2, 00:06:12, GigabitEthernet3/0.100

This is a loopback interface on CPE 1

The routes are being learned across the BGP neighborship and passed to PE2 but not redistributed back into OSPF.

PE1#show run | sec router
router ospf 100 vrf MFT_CORP
router-id 55.55.55.55
log-adjacency-changes
redistribute bgp 50 subnets
router ospf 20 vrf HSCN
router-id 5.5.5.5
log-adjacency-changes
redistribute bgp 50 subnets
router ospf 1
mpls ldp autoconfig
log-adjacency-changes
router bgp 50
no synchronization
bgp log-neighbor-changes
bgp redistribute-internal
neighbor 10.0.0.6 remote-as 50
neighbor 10.0.0.6 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 10.0.0.6 activate
neighbor 10.0.0.6 send-community extended
exit-address-family
!
address-family ipv4 vrf MFT_CORP
redistribute ospf 100 vrf MFT_CORP
no synchronization
exit-address-family
!
address-family ipv4 vrf HSCN
redistribute ospf 20 vrf HSCN
no synchronization
exit-address-family
mpls ldp router-id Loopback0

PE2(config-router)#do show run | sec router
router ospf 100 vrf MFT_CORP
router-id 66.66.66.66
log-adjacency-changes
redistribute bgp 50 subnets
router ospf 20 vrf HSCN
router-id 6.6.6.6
log-adjacency-changes
redistribute bgp 50 subnets
router ospf 1
mpls ldp autoconfig
log-adjacency-changes
router bgp 50
no synchronization
bgp log-neighbor-changes
bgp redistribute-internal
neighbor 10.0.0.5 remote-as 50
neighbor 10.0.0.5 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 10.0.0.5 activate
neighbor 10.0.0.5 send-community extended
exit-address-family
!
address-family ipv4 vrf MFT_CORP
redistribute ospf 100 vrf MFT_CORP
no synchronization
exit-address-family
!
address-family ipv4 vrf HSCN
redistribute ospf 20 vrf HSCN
no synchronization
exit-address-family
mpls ldp router-id Loopback0

Recently added command 'bgp redistribute-internal' as i read iBGP learned routes will not redistribute into an IGP, i've never had to add this command before though?

17 REPLIES 17
Harold Ritter
Cisco Employee

Hi @Evlaa2021 ,

 

Can you post the output from these commands from PE2:

 

show bgp vpnv4 uni vrf MFT_CORP

show ip route vrf MFT_CORP 192.168.200.0

 

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Hi Harold,

 

Thanks for assisting, please see below:
PE2#show bgp vpnv4 uni vrf MFT_CORP
BGP table version is 60, local router ID is 10.0.0.6
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 65000:100 (default for vrf MFT_CORP)
*>i10.0.101.0/24 10.0.0.5 0 100 0 ?
*> 10.0.102.0/24 0.0.0.0 0 32768 ?
*> 172.16.0.1/32 192.168.21.2 2 32768 ?
*> 172.16.3.1/32 192.168.21.2 2 32768 ?
*>i172.16.4.1/32 10.0.0.5 2 100 0 ?
*>i192.168.1.0/30 10.0.0.5 0 100 0 ?
*> 192.168.21.0/30 0.0.0.0 0 32768 ?

PE2#show ip route vrf MFT_CORP 192.168.200.0
Routing entry for 192.168.200.0/32, 1 known subnets
Redistributing via ospf 100

B 192.168.200.1 [200/2] via 10.0.0.5, 00:00:26
PE2#

 

Sorry there was some output missing on that:


PE2#show bgp vpnv4 uni vrf MFT_CORP
BGP table version is 62, local router ID is 10.0.0.6
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 65000:100 (default for vrf MFT_CORP)
*>i10.0.101.0/24 10.0.0.5 0 100 0 ?
*> 10.0.102.0/24 0.0.0.0 0 32768 ?
*> 172.16.0.1/32 192.168.21.2 2 32768 ?
*> 172.16.3.1/32 192.168.21.2 2 32768 ?
*>i172.16.4.1/32 10.0.0.5 2 100 0 ?
*>i192.168.1.0/30 10.0.0.5 0 100 0 ?
*> 192.168.21.0/30 0.0.0.0 0 32768 ?
*>i192.168.200.1/32 10.0.0.5 2 100 0 ?
PE2#

Hi @Evlaa2021 ,

 

Can you also provide the output for the following command from PE2:

 

show ip ospf 100 database 

 

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

PE2#show ip ospf 100 database

OSPF Router with ID (66.66.66.66) (Process ID 100)

Router Link States (Area 0)

Link ID ADV Router Age Seq# Checksum Link count
8.8.8.8 8.8.8.8 1332 0x8000000C 0x001C13 4
66.66.66.66 66.66.66.66 1346 0x8000000C 0x004520 3
192.168.31.2 192.168.31.2 3730 0x80000005 0x008693 1

Summary Net Link States (Area 0)

Link ID ADV Router Age Seq# Checksum
10.0.101.0 66.66.66.66 353 0x80000001 0x006AD8
172.16.4.1 66.66.66.66 353 0x80000001 0x009659
192.168.1.0 66.66.66.66 353 0x80000001 0x0079D1
192.168.200.1 66.66.66.66 353 0x80000001 0x00F588

Hi @Evlaa2021 ,

 

As you can see in the output, the route (192.168.200.1) is indeed redistributed in ospf. Are you not seeing it being installed on CPE2? If not, can you share CPE2 configuration?

 

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Hi Harold,

It all seems to be working on the PE routers but not being installed into the routing table on the CPE side:

CPE2#show ip route vrf MFT_CORP

Routing Table: MFT_CORP
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

172.16.0.0/24 is subnetted, 2 subnets
C 172.16.0.0 is directly connected, Loopback0
C 172.16.3.0 is directly connected, Loopback2
192.168.21.0/30 is subnetted, 1 subnets
C 192.168.21.0 is directly connected, GigabitEthernet1/0.100
10.0.0.0/32 is subnetted, 1 subnets
O 10.0.102.1 [110/2] via 192.168.21.1, 00:55:25, GigabitEthernet1/0.100
CPE2#

Full CPE config is below:

0
CPE2#show run
Building configuration...

Current configuration : 2112 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CPE2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
no ip icmp rate-limit unreachable
ip cef
ip tcp synwait-time 5
!
!
!
!
ip vrf HSCN
!
ip vrf MFT_CORP
!
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip vrf forwarding MFT_CORP
ip address 172.16.0.1 255.255.255.0
ip ospf 100 area 0
!
interface Loopback1
ip vrf forwarding HSCN
ip address 172.16.0.1 255.255.255.0
ip ospf 20 area 0
!
interface Loopback2
ip vrf forwarding MFT_CORP
ip address 172.16.3.1 255.255.255.0
ip ospf 100 area 0
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface GigabitEthernet1/0
no ip address
negotiation auto
!
interface GigabitEthernet1/0.20
description HSCN
encapsulation dot1Q 20
ip vrf forwarding HSCN
ip address 192.168.31.2 255.255.255.252
ip ospf network point-to-point
ip ospf 20 area 0
!
interface GigabitEthernet1/0.100
description MFT_CORF
encapsulation dot1Q 100
ip vrf forwarding MFT_CORP
ip address 192.168.21.2 255.255.255.252
ip ospf network point-to-point
ip ospf 100 area 0
!
interface GigabitEthernet2/0
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet3/0
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet4/0
no ip address
shutdown
negotiation auto
!
router ospf 20 vrf HSCN
router-id 88.88.88.88
log-adjacency-changes
redistribute connected subnets
redistribute static subnets
!
router ospf 100 vrf MFT_CORP
router-id 8.8.8.8
log-adjacency-changes
redistribute connected subnets
redistribute static subnets
!
router ospf 1
log-adjacency-changes
!
no ip http server
no ip http secure-server
!
!
!
logging alarm informational
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!
end

CPE2#

I can see that routes have been recieved from PE 2 but not installed in the routing table, even when setting the metric specifically (redistribute bgp 50 metric 100 metric-type 1 subnets) :

 

CPE2# show ip osp 100 database

OSPF Router with ID (8.8.8.8) (Process ID 100)

Router Link States (Area 0)

Link ID ADV Router Age Seq# Checksum Link count
8.8.8.8 8.8.8.8 1470 0x8000000D 0x001A14 4
66.66.66.66 66.66.66.66 1516 0x8000000D 0x004321 3

Summary Net Link States (Area 0)

Link ID ADV Router Age Seq# Checksum
10.0.101.0 66.66.66.66 238 0x80000002 0x004A94
172.16.4.1 66.66.66.66 238 0x80000002 0x006C20
192.168.1.0 66.66.66.66 238 0x80000002 0x00598D
192.168.200.1 66.66.66.66 238 0x80000002 0x00CB4F
CPE2#show ip osp 100 database summary 192.168.200.1

OSPF Router with ID (8.8.8.8) (Process ID 100)

Summary Net Link States (Area 0)

LS age: 276
Options: (No TOS-capability, DC, Downward)
LS Type: Summary Links(Network)
Link State ID: 192.168.200.1 (summary Network Number)
Advertising Router: 66.66.66.66
LS Seq Number: 80000002
Checksum: 0xCB4F
Length: 28
Network Mask: /32
TOS: 0 Metric: 100

One thing i wasn't totally sure on is if i need any route-target import or export setting on the CE/CPE side, i've tried combinations of with and without without any luck. Can you advise?




Hi @Evlaa2021 ,

 

The reason the route is not installed on the CPE is that you configured ospf with VRF lite. In this type of configuration, you need to configure the following command on the CPE for the route to be installed.

 

router ospf 100 vrf MFT_CORP

capability vrf-lite

 

This should fix the issue.

 

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Hello @Evlaa2021 , @MHM Cisco World ,

capability vrf-lite

solves the issue of the original poster because it disables the check of the DOWN bit in the LSA.

When coming from MP BGP the re-constructed LSA has a flag set called DN down bit so that the route cannot be re-injected via another PE or VRF lite device.

So no need for import/export commands on CPE2 just to disable the check of the DN bit.

 

see

https://datatracker.ietf.org/doc/html/rfc4577

 

Hope to help

Giuseppe

 

 

MHM Cisco World
Advisor

As Mr.Harold mention you need capability vrf-lite, 
Also I think he need route import-export in each CE since we push the VRF from PE toward CE.

Hi @MHM Cisco World ,

 

VRF lite does not require the configuration of any route-target import/export.

 

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
MHM Cisco World
Advisor

Mr.Harold And Mr.Giuseppe
You Are My network Wikipedia,
thanks for sharing knowledge with us.

I see many Lab about VRF-lite with OSPF and MPLS and as I mention before since we push the VRF separation into CE then we need route import/export under VRF.
please see the lab below and I wait your opinion. 
 https://sites.google.com/site/amitsciscozone/mpls/multi-vrf-or-vrf

 

 

Hi @MHM Cisco World ,

 

Thanks for the kind words.

 

The route-target is only used when importing or exporting routes to VPNv4 to VPNv6 for L3VPN. Configuring the RT import/export on the CE will not break anything, but it will not have any effect on which routes will be present in a given VRF.

 

What keeps the isolation between the VRFs in the VRF lite context is the configuration of multiple sub interfaces each belonging to a separate VRF.

 

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Hello @MHM Cisco World ,

thanks for your kind words    we have simply working experience in the service provider context.

 

About the lab  you have mentioned:

I agree with @Harold Ritter multi VRF CE or VRF lite is a subset of a standard PE node with MP BGP signaling plane but it is missing the MPLS forwarding plane.

As a result of this the PE - CE link has to use a dedicated subinterface one for each customer to achieve connectivity.

A standard PE node requires a single link with MPLS IP on it to serve N different VRF customers.

VRF lite or multi VRF CPE are useful for service providers to offer value added services like a managed multi tenant CPE serving multiple customers in the same building.

 

Hope to help

Giuseppe