01-20-2016 05:50 AM - last edited on 01-25-2022 09:52 AM by Translator
My understanding is:
1. "capability vrf lite" will make OSPF process to install the routes even with DN bit set.
2. PE running VRF will set the DN bit when advertising to CE if OSPF is used for PE-CE routing. But CE is the device to check the DN bit when installing the route...
So where to configure the
"capability vrf lite", assuming CE is not running VRF at all (most likely in real production)?
And also what if CE is actually running VRF?
Solved! Go to Solution.
01-20-2016 06:19 AM - last edited on 01-21-2022 03:19 AM by Translator
The DN bit is a check that, usually, PE routers use to check whether to install certain types of LSAs into a VRF and is used as a loop prevention method.
If your CE router is not running VRFs but using OSPF to connect to the PE router then you do not need that command anywhere.
If however you configure VRFs on your CE router then it now uses the same checks as the PE routers because it believes it is directly connected to the MPLS network in the way the PE is, even though it isn't.
And then you would need to use that command on your CE router.
So, put simply, you only need to use that command if your CE router is using "VRF-Lite" and OSPF is in use between the CE and PE routers.
There are a few good detailed explanations on this site if you want to go into it more.
Jon
01-20-2016 07:20 AM - last edited on 01-25-2022 09:59 AM by Translator
Jon, Shuai,
In addition to Jon's very good explanation, it is also noteworthy to mention that on Cisco routers, if an OSPF process is run in a VRF then it automatically and unconditionally considers itself to be an ABR - it believes to be connected to a so-called MPLS Superbackbone (even though there may be no BGP/MPLS configured on the router at all).
This may pose problems if such a router is actually a part of a network that uses multiple areas. Consider the following scenario:
R1 (VRF) --- Link in Area 1 --- R2 --- Link in Area 0 --- R3
Here, R2 is obviously an ABR because it has two links, one in Area 0, the other in Area 1. R1 is, by all means, an internal router in Area 1. However, because R1 runs the link toward R2, and OSPF over this link, in a VRF, R1 considers itself to also be an ABR toward the MPLS Superbackbone.
As a result, R1 - thinking it is an ABR - will not place any networks from Area 0 nor from any other area behind R2 into its routing table, because by OSPF rules, an ABR processes only those inter-area routes (that is, LSA-3 and LSA-4) that have been received over an adjacency in Area 0, and R1 has no such adjacency. The end result will be that R1 will be unable to talk with any network outside its own Area 1.
This behavior on R1 is also deactivated by the
"capability vrf-lite" command.
Thus, "capability vrf-lite" has several effects:
Best regards,
Peter
01-20-2016 06:19 AM - last edited on 01-21-2022 03:19 AM by Translator
The DN bit is a check that, usually, PE routers use to check whether to install certain types of LSAs into a VRF and is used as a loop prevention method.
If your CE router is not running VRFs but using OSPF to connect to the PE router then you do not need that command anywhere.
If however you configure VRFs on your CE router then it now uses the same checks as the PE routers because it believes it is directly connected to the MPLS network in the way the PE is, even though it isn't.
And then you would need to use that command on your CE router.
So, put simply, you only need to use that command if your CE router is using "VRF-Lite" and OSPF is in use between the CE and PE routers.
There are a few good detailed explanations on this site if you want to go into it more.
Jon
01-20-2016 06:30 AM
If however you configure VRFs on your CE router then it now uses the same checks as the PE routers because it believes it is directly connected to the MPLS network in the way the PE is, even though it isn't.
Thanks.
01-20-2016 07:20 AM - last edited on 01-25-2022 09:59 AM by Translator
Jon, Shuai,
In addition to Jon's very good explanation, it is also noteworthy to mention that on Cisco routers, if an OSPF process is run in a VRF then it automatically and unconditionally considers itself to be an ABR - it believes to be connected to a so-called MPLS Superbackbone (even though there may be no BGP/MPLS configured on the router at all).
This may pose problems if such a router is actually a part of a network that uses multiple areas. Consider the following scenario:
R1 (VRF) --- Link in Area 1 --- R2 --- Link in Area 0 --- R3
Here, R2 is obviously an ABR because it has two links, one in Area 0, the other in Area 1. R1 is, by all means, an internal router in Area 1. However, because R1 runs the link toward R2, and OSPF over this link, in a VRF, R1 considers itself to also be an ABR toward the MPLS Superbackbone.
As a result, R1 - thinking it is an ABR - will not place any networks from Area 0 nor from any other area behind R2 into its routing table, because by OSPF rules, an ABR processes only those inter-area routes (that is, LSA-3 and LSA-4) that have been received over an adjacency in Area 0, and R1 has no such adjacency. The end result will be that R1 will be unable to talk with any network outside its own Area 1.
This behavior on R1 is also deactivated by the
"capability vrf-lite" command.
Thus, "capability vrf-lite" has several effects:
Best regards,
Peter
10-20-2018 04:02 AM
explanation is very deeply ,many thanks
05-08-2019 07:48 AM
05-08-2019 10:07 AM - edited 05-08-2019 10:08 AM
Hello
The superbackone (area 0) refers to the service providers internal ospf MPLS VPN network which is completely transparent to customers that use any IGP (including ospf) as its routing protocol.
However a network without mpls vpns that uses ospf as it routing protocol then area 0 would be referred to the Backbone that interconnect non backbone (ospf 0) areas
05-09-2019 09:43 AM
10-11-2019 05:04 AM
Hi Peter Paluch ,
What if Area-1 in your topology is configured as Stub ?
In that case R2 (actual ABR) will generate Default route in Stub Area-1 and since R1 also considers itself as ABR , it will generate default route as well , right ?
Now if there is any packet to R1 or R2 (for which they do not have specific destination , it will get infinite looped between R1 and R2 ?
Thanks,
Gaurav Sukhadia
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide