cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2405
Views
15
Helpful
13
Replies

OSPF transit non-backbone area

saccom
Level 1
Level 1

Hello all,

i'm having some trouble on a lab with this topology FOTO.PNG

Both Loopback1 are redistributed into OSPF (so they are E2).From R1, i can see this routing table (ospf)

FOTO.PNG

So, in order to reach 2.2.2.2 (that is IA) i will pass through R3 (so via area 0), while to reach 10.2.2.2 (the external one) i will use the bypass link between R1 and R2. Now, i know that OSPF says that all the path must pass through area 0 if there is a path via this area, but why this is not applied for E2?

 

I have a second question. I would like to pass via bypass link even for 2.2.2.2, how should i do? If i put a distribute-list on R1, denying 2.2.2.2 from R3

 

ip prefix-list DEN seq 5 deny 2.2.2.2/32
ip prefix-list DEN seq 10 permit 0.0.0.0/0 le 32
ip prefix-list GAT seq 5 permit 155.1.13.0/24 le 32

router ospf 100

  distribute-list prefix DEN gateway GAT in

 

I will see this

FOTO.PNG

So i'm not using the bypass path

 

FOTO.PNG

The routing bit is always set on the area0 path, even if i raise the metric.

FOTO.PNG

Do you know why?

 

Thanks a lot.

1 Accepted Solution

Accepted Solutions

Hello Frello,

>> Now i can use the bypass link. My question is why? Why can't i select this as best also when the link between R1 and R3 is up? 

Because when R1 to R3 link is up R1 is connected to area 0 and as a result of this the LSA type 3 in area 120 describing prefix 2.2.2.2/32 (that comes from area 2) is ignored.

when R1 to R3 link in area 0 goes down, R1 becomes a router in area 120 (except for its loopback in area 1 that becomes not reachable from other areas).

 

>> This question was born while i was taking a lab on MPLS environment, where between R3 and R4 there was an iBGP VPNv4 session (with mutual redistribution OSPF<->BGP). Even filtering the redistribution BGP->OSPF for one prefix (for example 2.2.2.2), the bypass link was not used at all (in ospf database, there is LSA3 in area 120 generated by R2, but the routing bit was not set). I expected that if i have a path through area 0, ok i will use it. If not i will use the bypass link, but it didn't happen.

 

When OSPF is used as PE-CE routing protocol additional rules are applied.

A PE node uses the DN bit (down bit) to signal the route is coming from the backbone (from VPNv4 AF).

CE nodes do not care of DN bit, however there are other aspects to consider.

 

If R1 and R2 act as CE nodes in OSPF and R3 and R4 act as PE nodes, the superbackbone concept is used:

 

Area 120 --- R1 --- area 0 OSPF PE/CE --- R3/PE --- area 0 emulated via MP BGP ----- R4 --- area 0 --- R2 --- area 120.

MP BGP uses additional extcommunities for OSPF domain id and other parameters to make possible for the remote PE node to rebuild an OSPF LSA at remote end before sending to remote CE.

When OSPF domain id match (if it is not set is enough to use the same OSPF process id on the two PE nodes) O and O IA routes are seen on remote site as O IA route. Type 5 external LSAs are still seen as type 5 routes

If the OSPF domain id does not match ( or the OSPF process id is different on the remote PE) all routes O, O IA, O E1, O E2 are seen as O E1 or O E2 on remote site.

This is the so called OSPF emulation over MP BGP that allows the PE nodes to pretend to have an OSPF  routing domain and to hide the presence of MP BGP and MPLS in the path.

After having explained this. The following considerations apply:

To support direct links between CE nodes of different VRF sites there are other tools called sham links that need to be configured on PE nodes.

A valid inter site link R1 --- R2 should use area 0, but to avoid to make it the primary path between sites the sham links can be used on PE nodes to make O routes to appear as O  routes on remote site (and not as O IA as explained above)

By playing with OSPF metric you can make the R1 to R2 link in area 0 a backup path to be used when the MPLS L3 VPN link to PE node is broken.

 

Another supported configuration is to make R1/CE --- R3/PE link in area 120, R2/CE --- R3/PE link in area 120 with area 0 in the emulated backbone.

In this case still using sham-links on PE nodes you should be able to use R1 to R2 link in area 120 as a backup path.

 

 

Hope to help

Giuseppe

 

 

View solution in original post

13 Replies 13

Joseph W. Doherty
Hall of Fame
Hall of Fame
"Now, i know that OSPF says that all the path must pass through area 0 if there is a path via this area, but why this is not applied for E2?"

Different rules for externals, as R2 is also acting as an ASBR so it advertises the external to all its connected areas.

"I have a second question. I would like to pass via bypass link even for 2.2.2.2, how should i do? If i put a distribute-list on R1, denying 2.2.2.2 from R3"

Place interface in area 120.

Thanks a lot for your reply. Is there a way to achieve this mantaining the area 0?

 

OSPF prefers O (Intra Area) routes over O IA (Inter area) routes. If you put loopback 0 of R2 in area 0 (or any other area except area 120), it has to go through area 0. Theoretically, you can create virtual-link over area 120 to route traffic to 2.2.2.2 on R1-R2 link (I do not see any advantage in your case though).

 

HTH,

Meheretab

HTH,
Meheretab

You could place a static on R1 to prefer the shorter path across area 120 to 2.2.2.2. However, return traffic will take area zero path.

You could also "add" an area zero path between R1 and R2 (i.e. while keeping link in area 120 too). Could be accomplished by using subinterfaces.

Hello Frello,

there is no other way to do this.

 

Note:

if 2.2.2.2/32 was in area  0 , R1 would see it as an O route in area 0. It sees it as on O IA route. (inter area)

if 2.2.2.2/32 is moved to area 120 R1 would see it as an O route in area 120.

 

In your current setup R2 2.2.2.2/32 is not in area 0 and it is not in area 120.

Joseph's answer is correct.

When using a link state protocol like OSPF you are constrained by its rules.

Inter area updates and inter area traffic has to go via the backbone area.

 

I have learned by experience that distribute-list have only local effects : it can filter what routes are installed in the local routing table but it does not block LSA flooding.

Using distribute lists with OSPF when downstream OSPF routers are present can cause routing problems as they reiceve all the LSAs (this is required by OSPF rule that all routers in an area must have the same set of  LSAs) and they can install the corresponding routes pointing to a device that is missing the route in its local routing table.

 

Hope to help

Giuseppe

 

Hello,

thank you. The strange thing is that if i shutdown the link between R1 and R3, i have this RIB

 

FOTO.PNG

Now i can use the bypass link. My question is why? Why can't i select this as best also when the link between R1 and R3 is up? This question was born while i was taking a lab on MPLS environment, where between R3 and R4 there was an iBGP VPNv4 session (with mutual redistribution OSPF<->BGP). Even filtering the redistribution BGP->OSPF for one prefix (for example 2.2.2.2), the bypass link was not used at all (in ospf database, there is LSA3 in area 120 generated by R2, but the routing bit was not set). I expected that if i have a path through area 0, ok i will use it. If not i will use the bypass link, but it didn't happen.

 

Thanks

Because 2.2.2.2 is injected as a IA route and before you broke the link between R1 and R3, OSPF would use area zero for transit. Once you broke the area zero path, the route is still seen as its been injected into area 120 and that's now the only path (again when the area zero path is good, its the preferred path due to area preference rules).

BTW, also note how the 155.1.x.x. networks are now also known/seen as IA routes.

Hello,

i know that the area 0 path is preferred, but the strange thing is that if i cannot learn (for different reasons) the area 0 path, i will not use the bypass one. This is my problem.

 

Let's think that between R3 and R4 there is an MPLS environment, where R3 and R4 are iBGP vpnv4 peerings. If, during the redistribution between BGP->OSPF, i will deny the redistribution of 2.2.2.2 prefix, R1 will not have the area 0 path, right? The problem is that it will have the LSA3 that describe 2.2.2.2 via area 120, but it will not use it! 

 

Oh, maybe i forgot to tell you that 1.1.1.1/32 is in area 1, while 2.2.2.2/32 is in area 2.

 

Thanks a lot

"i know that the area 0 path is preferred, but the strange thing is that if i cannot learn (for different reasons) the area 0 path, i will not use the bypass one. This is my problem."

Cannot or can? If you meant can, again, when you have inter-area routing, OSPF prefers using area zero. Only when there is no area zero (and you have the LSA3), then the other path can be chosen.

The only way to avoid this is to have a topology that takes into account area zero transit priority vs. other areas or don't use OSPF with multiple areas or at all.

Hello Joseph,

Cannot :)

 

Just think that: for any reason R1 does not generate LSA3 in area 0. The only LSA3 that R1 is receiving about 2.2.2.2/32 is the one received via area 120 from R2. And yep, R1 will not use the area 120 path even if it will not have the area 0 one. Do you know why? And how to solve it

 

Thanks a lot

I thought earlier you showed that without the area zero path, traffic used the area 120 path?

Hello Frello,

>> Now i can use the bypass link. My question is why? Why can't i select this as best also when the link between R1 and R3 is up? 

Because when R1 to R3 link is up R1 is connected to area 0 and as a result of this the LSA type 3 in area 120 describing prefix 2.2.2.2/32 (that comes from area 2) is ignored.

when R1 to R3 link in area 0 goes down, R1 becomes a router in area 120 (except for its loopback in area 1 that becomes not reachable from other areas).

 

>> This question was born while i was taking a lab on MPLS environment, where between R3 and R4 there was an iBGP VPNv4 session (with mutual redistribution OSPF<->BGP). Even filtering the redistribution BGP->OSPF for one prefix (for example 2.2.2.2), the bypass link was not used at all (in ospf database, there is LSA3 in area 120 generated by R2, but the routing bit was not set). I expected that if i have a path through area 0, ok i will use it. If not i will use the bypass link, but it didn't happen.

 

When OSPF is used as PE-CE routing protocol additional rules are applied.

A PE node uses the DN bit (down bit) to signal the route is coming from the backbone (from VPNv4 AF).

CE nodes do not care of DN bit, however there are other aspects to consider.

 

If R1 and R2 act as CE nodes in OSPF and R3 and R4 act as PE nodes, the superbackbone concept is used:

 

Area 120 --- R1 --- area 0 OSPF PE/CE --- R3/PE --- area 0 emulated via MP BGP ----- R4 --- area 0 --- R2 --- area 120.

MP BGP uses additional extcommunities for OSPF domain id and other parameters to make possible for the remote PE node to rebuild an OSPF LSA at remote end before sending to remote CE.

When OSPF domain id match (if it is not set is enough to use the same OSPF process id on the two PE nodes) O and O IA routes are seen on remote site as O IA route. Type 5 external LSAs are still seen as type 5 routes

If the OSPF domain id does not match ( or the OSPF process id is different on the remote PE) all routes O, O IA, O E1, O E2 are seen as O E1 or O E2 on remote site.

This is the so called OSPF emulation over MP BGP that allows the PE nodes to pretend to have an OSPF  routing domain and to hide the presence of MP BGP and MPLS in the path.

After having explained this. The following considerations apply:

To support direct links between CE nodes of different VRF sites there are other tools called sham links that need to be configured on PE nodes.

A valid inter site link R1 --- R2 should use area 0, but to avoid to make it the primary path between sites the sham links can be used on PE nodes to make O routes to appear as O  routes on remote site (and not as O IA as explained above)

By playing with OSPF metric you can make the R1 to R2 link in area 0 a backup path to be used when the MPLS L3 VPN link to PE node is broken.

 

Another supported configuration is to make R1/CE --- R3/PE link in area 120, R2/CE --- R3/PE link in area 120 with area 0 in the emulated backbone.

In this case still using sham-links on PE nodes you should be able to use R1 to R2 link in area 120 as a backup path.

 

 

Hope to help

Giuseppe

 

 

Hello Giuseppe,

 

<< 

Because when R1 to R3 link is up R1 is connected to area 0 and as a result of this the LSA type 3 in area 120 describing prefix 2.2.2.2/32 (that comes from area 2) is ignored.

when R1 to R3 link in area 0 goes down, R1 becomes a router in area 120 (except for its loopback in area 1 that becomes not reachable from other areas). >>

 

That's the point! It looks like an unbreakable rule of OSPF. 

 

Thanks a lot for your help.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: