MPLS VPN using OSPFv3 address family between PE-CE link

Meddane · ‎07-14-2022

The interfaces of P and PE routers are enabled for frame mode MPLS with the mpls ip interface subcommand and all P and PE routers use a common IGP (EIGRP with AS 200):

P#show mpls ldp neighbor

Peer LDP Ident: 1.1.1.1:0; Local LDP Ident 3.3.3.3:0

TCP connection: 1.1.1.1.646 - 3.3.3.3.33628

State: Oper; Msgs sent/rcvd: 10/11; Downstream

Up time: 00:01:54

LDP discovery sources:

Serial1/0, Src IP addr: 192.168.1.1

Addresses bound to peer LDP Ident:

10.1.1.1 192.168.1.1 1.1.1.1

Peer LDP Ident: 2.2.2.2:0; Local LDP Ident 3.3.3.3:0

TCP connection: 2.2.2.2.646 - 3.3.3.3.17194

State: Oper; Msgs sent/rcvd: 9/10; Downstream

Up time: 00:01:19

LDP discovery sources:

Serial1/1, Src IP addr: 192.168.2.1

Addresses bound to peer LDP Ident:

10.2.2.1 192.168.2.1 2.2.2.2

P#

PE1#show mpls ldp neighbor

Peer LDP Ident: 3.3.3.3:0; Local LDP Ident 1.1.1.1:0

TCP connection: 3.3.3.3.33628 - 1.1.1.1.646

State: Oper; Msgs sent/rcvd: 10/9; Downstream

Up time: 00:01:43

LDP discovery sources:

Serial1/0, Src IP addr: 192.168.1.2

Addresses bound to peer LDP Ident:

192.168.1.2 192.168.2.2 3.3.3.3

PE1#

PE2#show mpls ldp neighbor

Peer LDP Ident: 3.3.3.3:0; Local LDP Ident 2.2.2.2:0

TCP connection: 3.3.3.3.17194 - 2.2.2.2.646

State: Oper; Msgs sent/rcvd: 10/9; Downstream

Up time: 00:01:13

LDP discovery sources:

Serial1/0, Src IP addr: 192.168.2.2

Addresses bound to peer LDP Ident:

192.168.1.2 192.168.2.2 3.3.3.3

PE2#

PE1#show mpls forwarding-table

Local Outgoing Prefix Bytes Label Outgoing Next Hop

Label Label or Tunnel Id Switched interface

16 Pop Label 3.3.3.0/24 0 Se1/0 point2point

17 Pop Label 192.168.2.0/24 0 Se1/0 point2point

18 17 2.2.2.0/24 0 Se1/0 point2point

PE1#

PE2#show mpls forwarding-table

Local Outgoing Prefix Bytes Label Outgoing Next Hop

Label Label or Tunnel Id Switched interface

16 Pop Label 3.3.3.0/24 0 Se1/0 point2point

17 Pop Label 192.168.1.0/24 0 Se1/0 point2point

18 16 1.1.1.0/24 0 Se1/0 point2point

PE2#

Configuration of VRF:

Create each VRF, RD, and RT, plus associating the customer-facing PE interfaces with the correct VRF:

VRF CUST-A, RD 1:111, RT 1:100

VRF CUST-B, RD 2:222, RT 2:200

PE1

ip vrf CUST-A

rd 1:111

route-target export 1:100

route-target import 1:100

!

ip vrf CUST-B

rd 2:222

route-target export 2:200

route-target import 2:200

!

interface FastEthernet0/0

ip vrf forwarding CUST-A

ip address 10.1.1.1 255.255.255.0

!

interface FastEthernet0/1

ip vrf forwarding CUST-B

ip address 10.3.3.1 255.255.255.0

PE2

ip vrf CUST-A

rd 1:111

route-target export 1:100

route-target import 1:100

!

ip vrf CUST-B

rd 2:222

route-target export 2:200

route-target import 2:200

!

interface FastEthernet0/0

ip vrf forwarding CUST-A

ip address 10.2.2.1 255.255.255.0

!

interface FastEthernet0/1

ip vrf forwarding CUST-B

ip address 10.4.4.1 255.255.255.0

Configuring the IGP Between PE and CE routers

I am using OSPFv3 address families between CEs and PEs routers:

CE-A1:

interface Loopback0

ospfv3 1 ipv4 area 0

!

interface FastEthernet0/0

ipv6 enable

ospfv3 1 ipv4 area 0

!

router ospfv3 1

!

address-family ipv4 unicast

exit-address-family

CE-A2:

interface Loopback0

ospfv3 1 ipv4 area 0

!

interface FastEthernet0/0

ipv6 enable

ospfv3 1 ipv4 area 0

!

router ospfv3 1

!

address-family ipv4 unicast

exit-address-family

PE1:

interface FastEthernet0/0

ipv6 enable

ospfv3 1 ipv4 area 0

!

interface FastEthernet0/1

ipv6 enable

ospfv3 1 ipv4 area 0

!

router ospfv3 1

!

address-family ipv4 unicast vrf CUST-B

exit-address-family

!

address-family ipv4 unicast vrf CUST-A

exit-address-family

PE2:

interface FastEthernet0/0

ipv6 enable

ospfv3 1 ipv4 area 0

!

interface FastEthernet0/1

ipv6 enable

ospfv3 1 ipv4 area 0

!

router ospfv3 1

!

address-family ipv4 unicast vrf CUST-B

exit-address-family

!

address-family ipv4 unicast vrf CUST-A

exit-address-family

Verify the OSPFv3 neighbors for each VRF on the PE routers:

PE1#show ospfv3 vrf CUST-A neighbor

OSPFv3 1 address-family ipv4 vrf CUST-A (router-id 10.1.1.1)

Neighbor ID Pri State Dead Time Interface ID Interface

172.16.1.1 1 FULL/DR 00:00:30 2 FastEthernet0/0

PE1#

PE1#show ospfv3 vrf CUST-B neighbor

OSPFv3 1 address-family ipv4 vrf CUST-B (router-id 10.3.3.1)

Neighbor ID Pri State Dead Time Interface ID Interface

172.16.1.1 1 FULL/DR 00:00:36 2 FastEthernet0/1

PE1#

PE2#show ospfv3 vrf CUST-A neighbor

OSPFv3 1 address-family ipv4 vrf CUST-A (router-id 10.2.2.1)

Neighbor ID Pri State Dead Time Interface ID Interface

172.16.2.1 1 FULL/DR 00:00:35 2 FastEthernet0/0

PE2#

PE2#show ospfv3 vrf CUST-B neighbor

OSPFv3 1 address-family ipv4 vrf CUST-B (router-id 10.4.4.1)

Neighbor ID Pri State Dead Time Interface ID Interface

172.16.2.1 1 FULL/DR 00:00:39 2 FastEthernet0/1

PE2#

The PE routers create two separate LSDB for each VRF customers as shown by the following output on PE1 router:

PE1#show ospfv3 vrf CUST-A database

OSPFv3 1 address-family ipv4 vrf CUST-A (router-id 10.1.1.1)

Router Link States (Area 0)

ADV Router Age Seq# Fragment ID Link count Bits

10.1.1.1 603 0x80000002 0 1 B

172.16.1.1 609 0x80000002 0 1 None

Net Link States (Area 0)

ADV Router Age Seq# Link ID Rtr count

172.16.1.1 608 0x80000001 2 2

Link (Type-8) Link States (Area 0)

ADV Router Age Seq# Link ID Interface

10.1.1.1 608 0x80000001 2 Fa0/0

172.16.1.1 990 0x80000001 2 Fa0/0

Intra Area Prefix Link States (Area 0)

ADV Router Age Seq# Link ID Ref-lstype Ref-LSID

172.16.1.1 608 0x80000003 0 0x2001 0

172.16.1.1 608 0x80000001 2048 0x2002 2

PE1#

The show ospfv3 vrf CUST-A command shown that the MPLS VPN backbone acts as a Super Backbone, therefore the PE routers act as an ABR, notice the lines "Connected to

MPLS VPN Superbackbone" and "It is an area border router".

PE1#show ospfv3 vrf CUST-A

OSPFv3 1 address-family ipv4 vrf CUST-A

Router ID 10.1.1.1

Supports NSSA (compatible with RFC 3101)

Domain ID (none)

Connected to MPLS VPN Superbackbone

Event-log enabled, Maximum number of events: 1000, Mode: cyclic

It is an area border router

Router is not originating router-LSAs with maximum metric

Initial SPF schedule delay 5000 msecs

Minimum hold time between two consecutive SPFs 10000 msecs

Maximum wait time between two consecutive SPFs 10000 msecs

Minimum LSA interval 5 secs

Minimum LSA arrival 1000 msecs

LSA group pacing timer 240 secs

Interface flood pacing timer 33 msecs

Retransmission pacing timer 66 msecs

Retransmission limit dc 24 non-dc 24

Number of external LSA 0. Checksum Sum 0x000000

Number of areas in this router is 1. 1 normal 0 stub 0 nssa

Graceful restart helper support enabled

Reference bandwidth unit is 100 mbps

RFC1583 compatibility enabled

Area BACKBONE(0)

Number of interfaces in this area is 1

SPF algorithm executed 2 times

Number of LSA 7. Checksum Sum 0x0340D2

Number of DCbitless LSA 0

Number of indication LSA 0

Number of DoNotAge LSA 0

Flood list length 0

PE1#

The LSA Type 1 generated by PE1 router confirms that the B-bit has been set to 1 to tell to the CE routers that it is an ABR, notice the line "Area Border Router".

PE1#show ospfv3 vrf CUST-A database router self-originate

OSPFv3 1 address-family ipv4 vrf CUST-A (router-id 10.1.1.1)

Router Link States (Area 0)

LS age: 908

Options: (E-Bit, R-bit, DC-Bit, AF-Bit)

LS Type: Router Links

Link State ID: 0

Advertising Router: 10.1.1.1

LS Seq Number: 80000002

Checksum: 0x35F7

Length: 40

Area Border Router

Number of Links: 1

Link connected to: a Transit Network

Link Metric: 1

Local Interface ID: 2

Neighbor (DR) Interface ID: 2

Neighbor (DR) Router ID: 172.16.1.1

PE1#

Verify the IP routes for each VRF:

PE1#show ip route vrf CUST-A ospfv3

Routing Table: CUST-A

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

+ - replicated route, % - next hop override

Gateway of last resort is not set

172.16.0.0/32 is subnetted, 1 subnets

O 172.16.1.1 [110/1] via 10.1.1.2, 00:19:40, FastEthernet0/0

PE1#

PE1#show ip route vrf CUST-B ospfv3

Routing Table: CUST-B

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

+ - replicated route, % - next hop override

Gateway of last resort is not set

172.16.0.0/32 is subnetted, 1 subnets

O 172.16.1.1 [110/1] via 10.3.3.2, 00:19:52, FastEthernet0/1

PE1#

PE2#show ip route vrf CUST-A ospfv3

Routing Table: CUST-A

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

+ - replicated route, % - next hop override

Gateway of last resort is not set

172.16.0.0/32 is subnetted, 1 subnets

O 172.16.2.1 [110/1] via 10.2.2.2, 00:20:02, FastEthernet0/0

PE2#

PE2#show ip route vrf CUST-B ospfv3

Routing Table: CUST-B

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

+ - replicated route, % - next hop override

Gateway of last resort is not set

172.16.0.0/32 is subnetted, 1 subnets

O 172.16.2.1 [110/1] via 10.4.4.2, 00:20:36, FastEthernet0/1

PE2#

Redistribution Between PE-CE routers (between OSPFv3 and MP-BGP):

PE1(config)#router bgp 65000

PE1(config-router)#address-family ipv4 vrf CUST-A

PE1(config-router-af)#redistribute ospfv3 1

PE1(config-router-af)#address-family ipv4 vrf CUST-B

PE1(config-router-af)#redistribute ospfv3 1

PE1(config-router-af)#router ospfv3 1

PE1(config-router)#address-family ipv4 vrf CUST-A

PE1(config-router-af)#redistribute bgp 65000

PE1(config-router-af)#address-family ipv4 vrf CUST-B

PE1(config-router-af)#redistribute bgp 65000

PE2(config)#router bgp 65000

PE2(config-router)#address-family ipv4 vrf CUST-A

PE2(config-router-af)#redistribute ospfv3 1

PE2(config-router-af)#address-family ipv4 vrf CUST-B

PE2(config-router-af)#redistribute ospfv3 1

PE2(config-router-af)#router ospfv3 1

PE2(config-router)#address-family ipv4 vrf CUST-A

PE2(config-router-af)#redistribute bgp 65000

PE2(config-router-af)#address-family ipv4 vrf CUST-B

PE2(config-router-af)#redistribute bgp 65000

Configuration MP-BGP Between PEs routers:

PE1(config)#router bgp 65000

PE1(config-router)#neighbor 2.2.2.2 remote-as 65000

PE1(config-router)#neighbor 2.2.2.2 update-source loop0

PE1(config-router)#address-family vpnv4

PE1(config-router-af)#neighbor 2.2.2.2 activate

PE1(config-router-af)#neighbor 2.2.2.2 send-community

PE2(config)#router bgp 65000

PE2(config-router)#neighbor 1.1.1.1 remote-as 65000

PE2(config-router)#neighbor 1.1.1.1 update-source loop0

PE2(config-router)#address-family vpnv4

PE2(config-router-af)#neighbor 1.1.1.1 activate

PE2(config-router-af)#neighbor 1.1.1.1 send-community

Verify the BGP neighbor:

PE1#show ip bgp summary

BGP router identifier 1.1.1.1, local AS number 65000

BGP table version is 1, main routing table version 1

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd

2.2.2.2 4 65000 17 9 1 0 0 00:00:46 0

PE1#

PE2#show ip bgp summary

BGP router identifier 2.2.2.2, local AS number 65000

BGP table version is 1, main routing table version 1

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd

1.1.1.1 4 65000 10 17 1 0 0 00:01:20 0

PE2#

Verify the per-RD BGP table. And we can see the overlapping subnets 172.16.1.1/32 and 172.16.2.1/32 are a part of the two customers’ address spaces:

PE1#show ip bgp vpnv4 all

BGP table version is 13, local router ID is 1.1.1.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,

x best-external, a additional-path, c RIB-compressed,

Origin codes: i - IGP, e - EGP, ? - incomplete

RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 1:111 (default for vrf CUST-A)

*> 10.1.1.0/24 0.0.0.0 0 32768 ?

*>i 10.2.2.0/24 2.2.2.2 0 100 0 ?

*> 172.16.1.1/32 10.1.1.2 1 32768 ?

*>i 172.16.2.1/32 2.2.2.2 1 100 0 ?

Route Distinguisher: 2:222 (default for vrf CUST-B)

*> 10.3.3.0/24 0.0.0.0 0 32768 ?

*>i 10.4.4.0/24 2.2.2.2 0 100 0 ?

*> 172.16.1.1/32 10.3.3.2 1 32768 ?

*>i 172.16.2.1/32 2.2.2.2 1 100 0 ?

PE1#

PE2#show ip bgp vpnv4 all

BGP table version is 13, local router ID is 2.2.2.2

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,

x best-external, a additional-path, c RIB-compressed,

Origin codes: i - IGP, e - EGP, ? - incomplete

RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 1:111 (default for vrf CUST-A)

*>i 10.1.1.0/24 1.1.1.1 0 100 0 ?

*> 10.2.2.0/24 0.0.0.0 0 32768 ?

*>i 172.16.1.1/32 1.1.1.1 1 100 0 ?

*> 172.16.2.1/32 10.2.2.2 1 32768 ?

Route Distinguisher: 2:222 (default for vrf CUST-B)

*>i 10.3.3.0/24 1.1.1.1 0 100 0 ?

*> 10.4.4.0/24 0.0.0.0 0 32768 ?

*>i 172.16.1.1/32 1.1.1.1 1 100 0 ?

*> 172.16.2.1/32 10.4.4.2 1 32768 ?

PE2#

Verify the the per-VRF routing tables of PEs routers, they receive both the BGP routes toward 172.16.1.1/32 and 172.16.2.1/32 for each VRF:

PE1#show ip route vrf CUST-A | beg Gate

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks

C 10.1.1.0/24 is directly connected, FastEthernet0/0

L 10.1.1.1/32 is directly connected, FastEthernet0/0

B 10.2.2.0/24 [200/0] via 2.2.2.2, 00:05:21

172.16.0.0/32 is subnetted, 2 subnets

O 172.16.1.1 [110/1] via 10.1.1.2, 00:09:55, FastEthernet0/0

B 172.16.2.1 [200/1] via 2.2.2.2, 00:05:21

PE1#

PE1#show ip route vrf CUST-B | beg Gate

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks

C 10.3.3.0/24 is directly connected, FastEthernet0/1

L 10.3.3.1/32 is directly connected, FastEthernet0/1

B 10.4.4.0/24 [200/0] via 2.2.2.2, 00:06:24

172.16.0.0/32 is subnetted, 2 subnets

O 172.16.1.1 [110/1] via 10.3.3.2, 00:10:50, FastEthernet0/1

B 172.16.2.1 [200/1] via 2.2.2.2, 00:06:24

PE1#

PE2#show ip route vrf CUST-A | beg Gate

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks

B 10.1.1.0/24 [200/0] via 1.1.1.1, 00:07:41

C 10.2.2.0/24 is directly connected, FastEthernet0/0

L 10.2.2.1/32 is directly connected, FastEthernet0/0

172.16.0.0/32 is subnetted, 2 subnets

B 172.16.1.1 [200/1] via 1.1.1.1, 00:07:41

O 172.16.2.1 [110/1] via 10.2.2.2, 00:10:45, FastEthernet0/0

PE2#

PE2#show ip route vrf CUST-B | beg Gate

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks

B 10.3.3.0/24 [200/0] via 1.1.1.1, 00:07:46

C 10.4.4.0/24 is directly connected, FastEthernet0/1

L 10.4.4.1/32 is directly connected, FastEthernet0/1

172.16.0.0/32 is subnetted, 2 subnets

B 172.16.1.1 [200/1] via 1.1.1.1, 00:07:46

O 172.16.2.1 [110/1] via 10.4.4.2, 00:10:46, FastEthernet0/1

PE2#

Verify that the customer routers have learned the routes from each customer router in the same VRF:

By definition when the PE router redistributes the VPNv4 routes to the OSPF domain, it checks the Domain ID to decide whether the routes should be redistributed as inter-area (same Domain ID) or external (different Domain ID) routes to the CE router.

Each OSPF instance must be assigned a unique Domain ID. On Cisco routers, the OSPF Domain ID is the OSPF Process ID by default. When BGP distributes VPNv4 routes to other PE routers, the Domain ID is carried with the routes as extended community.

Since the Domain IDs on both PE routers match , PE routers redistributes the subnets 172.16.1.1/32 and 172.16.2.1/32 to CE routers as inter-area routes (LSA Type 3) as shown by the routing tables of the CE routers:

CE-A1# show ip route OSPFv3 | beg Gate

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks

O IA 10.2.2.0/24 [110/2] via 10.1.1.1, 00:09:48, FastEthernet0/0

172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks

O IA 172.16.2.1/32 [110/2] via 10.1.1.1, 00:09:48, FastEthernet0/0

CE-A1#

CE-A2#show ip route OSPFv3 | beg Gate

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks

O IA 10.1.1.0/24 [110/2] via 10.2.2.1, 00:10:53, FastEthernet0/0

172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks

O IA 172.16.1.1/32 [110/2] via 10.2.2.1, 00:10:53, FastEthernet0/0

CE-A2#

CE-B1#show ip route OSPFv3 | beg Gate

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks

O IA 10.4.4.0/24 [110/2] via 10.3.3.1, 00:11:53, FastEthernet0/0

172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks

O IA 172.16.2.1/32 [110/2] via 10.3.3.1, 00:11:53, FastEthernet0/0

CE-B1#

CE-B2#show ip route OSPFv3 | beg Gate

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks

O IA 10.3.3.0/24 [110/2] via 10.4.4.1, 00:12:54, FastEthernet0/0

172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks

O IA 172.16.1.1/32 [110/2] via 10.4.4.1, 00:12:54, FastEthernet0/0

CE-B2#

Verify the connectivity between the customers:

CE-A1#ping 172.16.2.1 sou 172.16.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.2.1, timeout is 2 seconds:

Packet sent with a source address of 172.16.1.1

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 156/188/224 ms

CE-A1#

CE-B1#ping 172.16.2.1 sou 172.16.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.2.1, timeout is 2 seconds:

Packet sent with a source address of 172.16.1.1

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 184/284/356 ms

CE-B1#

The above following output shown that PE2 router is advertising the 172.16.2.1/32 prefixes for each VRF to PE1 using BGP. PE2 has included all OSPF related BGP

Extended communities. The route-type is set as LSA Type-2 (intra-area) route as shown by the line: OSPF RT:0.0.0.0:2:0. The Router ID is the router-id of PE2 router set for that VRF instance (ROUTER ID:10.2.2.1:0 for VRF CUST-A and ROUTER ID:10.4.4.1:0 for VRF CUST-B).

PE1#show ip bgp vpnv4 all 172.16.2.1

BGP routing table entry for 1:111:172.16.2.1/32, version 11

Paths: (1 available, best #1, table CUST-A)

Not advertised to any peer

Refresh Epoch 1

Local

2.2.2.2 (metric 2809856) from 2.2.2.2 (2.2.2.2)

Origin incomplete, metric 1, localpref 100, valid, internal, best

Extended Community: RT:1:100 OSPF ROUTER ID:10.2.2.1:0

OSPF RT:0.0.0.0:2:0

mpls labels in/out nolabel/21

rx pathid: 0, tx pathid: 0x0

BGP routing table entry for 2:222:172.16.2.1/32, version 13

Paths: (1 available, best #1, table CUST-B)

Not advertised to any peer

Refresh Epoch 1

Local

2.2.2.2 (metric 2809856) from 2.2.2.2 (2.2.2.2)

Origin incomplete, metric 1, localpref 100, valid, internal, best

Extended Community: RT:2:200 OSPF ROUTER ID:10.4.4.1:0

OSPF RT:0.0.0.0:2:0

mpls labels in/out nolabel/20

rx pathid: 0, tx pathid: 0x0

PE1#

Since the Domain IDs on both PE routers match, the CE routers receives the prefixes 172.16.1.1/32 and 172.16.2.1/32 as inter-area routes as shown by the routing table

of the CE-A1 router for the prefix 172.16.2.1/32:

CE-A1#show ip route 172.16.2.1

Routing entry for 172.16.2.1/32

Known via "ospfv3 1", distance 110, metric 2, type inter area

Last update from 10.1.1.1 on FastEthernet0/0, 00:23:04 ago

Routing Descriptor Blocks:

* 10.1.1.1, from 10.1.1.1, 00:23:04 ago, via FastEthernet0/0

Route metric is 2, traffic share count is 1

CE-A1#

Verify that PE1 router created the Summary LSA Type 3 for the prefix 172.16.2.1/32 with the show ospfv3 vrf CUST-A database inter-area prefix command:

PE1#show ospfv3 vrf CUST-A database inter-area prefix

OSPFv3 1 address-family ipv4 vrf CUST-A (router-id 10.1.1.1)

Inter Area Prefix Link States (Area 0)

LS age: 1519

LS Type: Inter Area Prefix Links

Link State ID: 0

Advertising Router: 10.1.1.1

LS Seq Number: 80000001

Checksum: 0x10E6

Length: 32

Metric: 1

Prefix Address: 10.2.2.0

Prefix Length: 24, Options: DN

LS age: 1519

LS Type: Inter Area Prefix Links

Link State ID: 1

Advertising Router: 10.1.1.1

LS Seq Number: 80000001

Checksum: 0xF14A

Length: 32

Metric: 1

Prefix Address: 172.16.2.1

Prefix Length: 32, Options: DN

PE1#

Verify the LSDB of the PE1 router for the VRF CUST-A:

PE1#show ospfv3 vrf CUST-A database

OSPFv3 1 address-family ipv4 vrf CUST-A (router-id 10.1.1.1)

Router Link States (Area 0)

ADV Router Age Seq# Fragment ID Link count Bits

10.1.1.1 1903 0x80000004 0 1 B E

172.16.1.1 172 0x80000004 0 1 None

Net Link States (Area 0)

ADV Router Age Seq# Link ID Rtr count

172.16.1.1 172 0x80000003 2 2

Inter Area Prefix Link States (Area 0)

ADV Router Age Seq# Prefix

10.1.1.1 1624 0x80000001 10.2.2.0/24

10.1.1.1 1624 0x80000001 172.16.2.1/32

Link (Type-8) Link States (Area 0)

ADV Router Age Seq# Link ID Interface

10.1.1.1 1989 0x80000002 2 Fa0/0

172.16.1.1 430 0x80000003 2 Fa0/0

Intra Area Prefix Link States (Area 0)

ADV Router Age Seq# Link ID Ref-lstype Ref-LSID

172.16.1.1 172 0x80000005 0 0x2001 0

172.16.1.1 172 0x80000003 2048 0x2002 2

PE1#

PE1#show ip bgp vpnv4 vrf CUST-A 172.16.2.1

BGP routing table entry for 1:111:172.16.2.1/32, version 11

Paths: (1 available, best #1, table CUST-A)

Not advertised to any peer

Refresh Epoch 1

Local

2.2.2.2 (metric 2809856) from 2.2.2.2 (2.2.2.2)

Origin incomplete, metric 1, localpref 100, valid, internal, best

Extended Community: RT:1:100 OSPF ROUTER ID:10.2.2.1:0

OSPF RT:0.0.0.0:2:0

mpls labels in/out nolabel/21

rx pathid: 0, tx pathid: 0x0

PE1#

Configure the Domain ID manually with the value 000000000310 for the VRF CUST-A on PE2 router:

PE2(config-router)#router ospfv3 1

PE2(config-router)#address-family ipv4 vrf CUST-A

PE2(config-router-af)#domain-id type 0005 value 000000000310

PE2 router advertises the 172.16.2.1/32 prefix for the VRF CUST-A with Domain ID 000000000309. PE1 matches that with its own Domain ID (which is by default is equal to 1 the process ID of OSPF) before redistributing the prefix to CE-A1 router. Since the Domain IDs dont match, PE1 advertises the prefix as an External Type-2 prefix to CE-A1 router as shown by the following output below and notice the prefix 172.16.2.1/32 for the VRF CUST-B is advertised with the default domain ID by PE2 router.

PE1#show ip bgp vpnv4 all 172.16.2.1/32

BGP routing table entry for 1:111:172.16.2.1/32, version 15

Paths: (1 available, best #1, table CUST-A)

Not advertised to any peer

Refresh Epoch 1

Local

2.2.2.2 (metric 2809856) from 2.2.2.2 (2.2.2.2)

Origin incomplete, metric 1, localpref 100, valid, internal, best

Extended Community: RT:1:100 OSPF DOMAIN ID:0x0005:0x000000000310

OSPF ROUTER ID:10.2.2.1:0 OSPF RT:0.0.0.0:2:0

mpls labels in/out nolabel/21

rx pathid: 0, tx pathid: 0x0

BGP routing table entry for 2:222:172.16.2.1/32, version 13

Paths: (1 available, best #1, table CUST-B)

Not advertised to any peer

Refresh Epoch 1

Local

2.2.2.2 (metric 2809856) from 2.2.2.2 (2.2.2.2)

Origin incomplete, metric 1, localpref 100, valid, internal, best

Extended Community: RT:2:200 OSPF ROUTER ID:10.4.4.1:0

OSPF RT:0.0.0.0:2:0

mpls labels in/out nolabel/20

rx pathid: 0, tx pathid: 0x0

PE1#

We can display only the entry for the 172.16.2.1/32 prefix in VRF CUST-A using the show ip bgp vpnv4 vrf CUST-A 172.16.2.1 command:

PE1#show ip bgp vpnv4 vrf CUST-A 172.16.2.1

BGP routing table entry for 1:111:172.16.2.1/32, version 15

Paths: (1 available, best #1, table CUST-A)

Not advertised to any peer

Refresh Epoch 1

Local

2.2.2.2 (metric 2809856) from 2.2.2.2 (2.2.2.2)

Origin incomplete, metric 1, localpref 100, valid, internal, best

Extended Community: RT:1:100 OSPF DOMAIN ID:0x0005:0x000000000310

OSPF ROUTER ID:10.2.2.1:0 OSPF RT:0.0.0.0:2:0

mpls labels in/out nolabel/21

rx pathid: 0, tx pathid: 0x0

PE1#

And we can verify that CE-A1 router received an external route for the prefix 172.16.2.1/32 as shown by its routing table:

CE-A1#show ip route ospfv3 | beg Gate

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks

O E2 10.2.2.0/24 [110/1] via 10.1.1.1, 00:00:31, FastEthernet0/0

172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks

O E2 172.16.2.1/32 [110/1] via 10.1.1.1, 00:00:31, FastEthernet0/0

CE-A1#

CE-A1#show ip route 172.16.2.1

Routing entry for 172.16.2.1/32

Known via "ospfv3 1", distance 110, metric 1, type extern 2, forward metric 1

Last update from 10.1.1.1 on FastEthernet0/0, 00:01:28 ago

Routing Descriptor Blocks:

* 10.1.1.1, from 10.1.1.1, 00:01:28 ago, via FastEthernet0/0

Route metric is 1, traffic share count is 1

CE-A1#

Verify that PE1 router is advertising an LSA Type 5 for the 172.16.2.1/32 prefix:

PE1#show ospfv3 vrf CUST-A database external

OSPFv3 1 address-family ipv4 vrf CUST-A (router-id 10.1.1.1)

Type-5 AS External Link States

LS age: 5

LS Type: AS External Link

Link State ID: 0

Advertising Router: 10.1.1.1

LS Seq Number: 80000001

Checksum: 0x1EB2

Length: 32

Prefix Address: 10.2.2.0

Prefix Length: 24, Options: DN

Metric Type: 2 (Larger than any link state path)

Metric: 1

LS age: 5

LS Type: AS External Link

Link State ID: 1

Advertising Router: 10.1.1.1

LS Seq Number: 80000001

Checksum: 0xFF16

Length: 32

Prefix Address: 172.16.2.1

Prefix Length: 32, Options: DN

Metric Type: 2 (Larger than any link state path)

Metric: 1

PE1#

Verify the LSDB of the VRF CUST-A on PE1 router and the LSA Type 5:

PE1#show ospfv3 vrf CUST-A database

OSPFv3 1 address-family ipv4 vrf CUST-A (router-id 10.1.1.1)

Router Link States (Area 0)

ADV Router Age Seq# Fragment ID Link count Bits

10.1.1.1 892 0x80000005 0 1 B E

172.16.1.1 1087 0x80000004 0 1 None

Net Link States (Area 0)

ADV Router Age Seq# Link ID Rtr count

172.16.1.1 1087 0x80000003 2 2

Link (Type-8) Link States (Area 0)

ADV Router Age Seq# Link ID Interface

10.1.1.1 892 0x80000003 2 Fa0/0

172.16.1.1 1345 0x80000003 2 Fa0/0

Intra Area Prefix Link States (Area 0)

ADV Router Age Seq# Link ID Ref-lstype Ref-LSID

172.16.1.1 1087 0x80000005 0 0x2001 0

172.16.1.1 1087 0x80000003 2048 0x2002 2

Type-5 AS External Link States

ADV Router Age Seq# Prefix

10.1.1.1 539 0x80000001 10.2.2.0/24

10.1.1.1 539 0x80000001 172.16.2.1/32

PE1#

Verify that the prefix 172.16.2.1/32 is advertised as inter-area route for VRF CUST-B by looking the LSBD for VRF CUST-B, because simply the prefix 172.16.2.1/32 for the VRF CUST-B is advertised with the default domain ID by PE2 router:

PE1#show ospfv3 vrf CUST-B database

OSPFv3 1 address-family ipv4 vrf CUST-B (router-id 10.3.3.1)

Router Link States (Area 0)

ADV Router Age Seq# Fragment ID Link count Bits

10.3.3.1 850 0x80000005 0 1 B E

172.16.1.1 808 0x80000004 0 1 None

Net Link States (Area 0)

ADV Router Age Seq# Link ID Rtr count

172.16.1.1 808 0x80000003 2 2

Inter Area Prefix Link States (Area 0)

ADV Router Age Seq# Prefix

10.3.3.1 608 0x80000002 10.4.4.0/24

10.3.3.1 608 0x80000002 172.16.2.1/32

Link (Type-8) Link States (Area 0)

ADV Router Age Seq# Link ID Interface

10.3.3.1 850 0x80000003 3 Fa0/1

172.16.1.1 1067 0x80000003 2 Fa0/1

Intra Area Prefix Link States (Area 0)

ADV Router Age Seq# Link ID Ref-lstype Ref-LSID

172.16.1.1 808 0x80000005 0 0x2001 0

172.16.1.1 809 0x80000003 2048 0x2002 2

PE1#

At the other side, PE2 router advertises an LSA Type 5 for the prefix 172.16.1.1/32 into VRF CUST-A because the PE1 advertises it with the default domain ID 1 and PE2's domain ID has been changed earlier to be 000000000310 for VRF CUST-A:

PE2#show ospfv3 vrf CUST-A database

OSPFv3 1 address-family ipv4 vrf CUST-A (router-id 10.2.2.1)

Router Link States (Area 0)

ADV Router Age Seq# Fragment ID Link count Bits

10.2.2.1 1015 0x80000005 0 1 B E

172.16.2.1 1070 0x80000004 0 1 None

Net Link States (Area 0)

ADV Router Age Seq# Link ID Rtr count

172.16.2.1 1070 0x80000003 2 2

Link (Type-8) Link States (Area 0)

ADV Router Age Seq# Link ID Interface

10.2.2.1 1015 0x80000003 2 Fa0/0

172.16.2.1 1330 0x80000003 2 Fa0/0

Intra Area Prefix Link States (Area 0)

ADV Router Age Seq# Link ID Ref-lstype Ref-LSID

172.16.2.1 1070 0x80000005 0 0x2001 0

172.16.2.1 1070 0x80000003 2048 0x2002 2

Type-5 AS External Link States

ADV Router Age Seq# Prefix

10.2.2.1 712 0x80000001 10.1.1.0/24

10.2.2.1 712 0x80000001 172.16.1.1/32

Verify that PE2 is receiving the prefix 172.16.1.1/32 as inter-area route because both PE routers are using their default domain ID which the process ID of OSPF:

PE2#show ospfv3 vrf CUST-B database

OSPFv3 1 address-family ipv4 vrf CUST-B (router-id 10.4.4.1)

Router Link States (Area 0)

ADV Router Age Seq# Fragment ID Link count Bits

10.4.4.1 983 0x80000005 0 1 B E

172.16.2.1 926 0x80000004 0 1 None

Net Link States (Area 0)

ADV Router Age Seq# Link ID Rtr count

172.16.2.1 926 0x80000003 2 2

Inter Area Prefix Link States (Area 0)

ADV Router Age Seq# Prefix

10.4.4.1 724 0x80000002 10.3.3.0/24

10.4.4.1 724 0x80000002 172.16.1.1/32

Link (Type-8) Link States (Area 0)

ADV Router Age Seq# Link ID Interface

10.4.4.1 983 0x80000003 3 Fa0/1

172.16.2.1 1179 0x80000003 2 Fa0/1

Intra Area Prefix Link States (Area 0)

ADV Router Age Seq# Link ID Ref-lstype Ref-LSID

172.16.2.1 926 0x80000005 0 0x2001 0

172.16.2.1 926 0x80000003 2048 0x2002 2

PE2#

Finally verify the routing tables of the CE routers:

CE-A1 and CE-A2 routers are receiving external routes O E2 from PE1 and PE2 routers respectively because the mismatched domain ID.

CE-B1 and CE-B2 routers are receiving inter-area routes O IA from PE1 and PE2 routers respectively because the matched domain ID.

CE-A1#show ip route OSPFv3 | beg Gate

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks

O E2 10.2.2.0/24 [110/1] via 10.1.1.1, 00:13:45, FastEthernet0/0

172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks

O E2 172.16.2.1/32 [110/1] via 10.1.1.1, 00:13:45, FastEthernet0/0

CE-A1#

CE-A2#show ip route ospfv3 | beg Gate

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks

O E2 10.1.1.0/24 [110/1] via 10.2.2.1, 00:15:06, FastEthernet0/0

172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks

O E2 172.16.1.1/32 [110/1] via 10.2.2.1, 00:15:06, FastEthernet0/0

CE-A2#

CE-B1#show ip route ospfv3 | beg Gate

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks

O IA 10.4.4.0/24 [110/2] via 10.3.3.1, 00:48:56, FastEthernet0/0

172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks

O IA 172.16.2.1/32 [110/2] via 10.3.3.1, 00:48:56, FastEthernet0/0

CE-B1#

CE-B2#show ip route ospfv3 | beg Gate

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks

O IA 10.3.3.0/24 [110/2] via 10.4.4.1, 00:50:02, FastEthernet0/0

172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks

O IA 172.16.1.1/32 [110/2] via 10.4.4.1, 00:50:02, FastEthernet0/0

CE-B2#