Mpls Layer 3 VPN Pe-Ce Ospf

7/26/2021 MPLS Layer 3 VPN PE-CE OSPF
Get Full Access to our 731 Cisco Lessons Now Start $1 Trial
Search … 
You are here: Home » MPLS
MPLS Layer 3 VPN PE-CE OSPF

Lesson Contents
1. Configuration
1.1. IGP and LDP
1.2. VRFs on the PE Routers
1.3. IBGP between PE1 and PE2
1.4. OSPF between PE and CE Routers
2. Verification
This lesson explains how to use OSPF as the PE-CE routing protocol for MPLS L3 VPN.
The configuration is very similar to PE-CE RIP or PE-CE EIGRP but OSPF has some extra
options as a link-state routing protocol.
The first part is about configuring LDP, VRFs and iBGP between the PE routers. This is the
same as my previous lessons so you might want to skip to the PE-CE OSPF section.
Here’s the topology we will use:
https://networklessons.com/mpls/mpls-layer-3-vpn-pe-ce-ospf 1/11
Above we have 5 routers. CE and CE2 belong to the customer who wants to run
OSPF between their sites. The service provider has two PE routers and one P router in
the middle.
1. Configuration
1.1. IGP and LDP
Let’s prepare the service provider routers. We need an IGP (OSPF) and LDP on the PE1,
PE2 and P router.
PE1(config)#interface loopback 0
PE1(config-if)#ip address 2.2.2.2 255.255.255.255
P(config)#interface loopback 0
P(config-if)#ip address 3.3.3.3 255.255.255.255
PE2(config)#interface loopback 0
Now we can configure OSPF for routing in the service provider network:
PE1(config)#router ospf 1
PE1(config-router)#network 192.168.23.0 0.0.0.255 area 0
PE1(config-router)#mpls ldp autoconfig
P(config)#router ospf 1
P(config-router)#network 192.168.23.0 0.0.0.255 area 0
P(config-router)#mpls ldp autoconfig
PE2(config)#router ospf 1
PE2(config-router)#mpls ldp autoconfig
This takes care of IGP and LDP. Make sure you have LDP neighbors before we continue:
P#show mpls ldp neighbor | include Peer
Peer LDP Ident: 2.2.2.2:0; Local LDP Ident 3.3.3.3:0
Peer LDP Ident: 4.4.4.4:0; Local LDP Ident 3.3.3.3:0
Our P router in the middle has two neighbors so this is looking good. Just in case, let’s
verify if there is connectivity between PE1 and PE2:
PE1#traceroute 4.4.4.4 source loopback 0
Type escape sequence to abort.
Tracing the route to 4.4.4.4
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.23.3 [MPLS: Label 17 Exp 0] 0 msec 0 msec 4 msec
2 192.168.34.4 0 msec 0 msec *
The PE routers are able to reach each others loopback interfaces and we are using label
switching.
1.2. VRFs on the PE Routers

Our next step in the configuration is to configure the VRFs. I will use a VRF called
“CUSTOMER”, the route distinguisher and route-target will be 1:1.
PE1 & PE2
(config)#ip vrf CUSTOMER
(config-vrf)#rd 1:1
(config-vrf)#route-target both 1:1
Don’t forget to add the interfaces facing the customer routers into the VRF:
PE1(config)#interface FastEthernet 0/0
PE1(config-if)#ip vrf forwarding CUSTOMER
PE2(config)#interface FastEthernet 0/1
PE2(config-if)#ip vrf forwarding CUSTOMER
Let’s check if the PE routers are able to ping the CE routers from the VRF:
PE1#ping vrf CUSTOMER 192.168.12.1
Sending 5, 100-byte ICMP Echos to 192.168.12.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
PE2#ping vrf CUSTOMER 192.168.45.5
!!!!!
So far so good…
1.3. IBGP between PE1 and PE2

Our two PE routers require iBGP to exchange the VPNv4 routes. Let’s configure this:
PE1(config)#router bgp 234
PE1(config-router)#neighbor 4.4.4.4 remote-as 234
PE1(config-router)#neighbor 4.4.4.4 update-source loopback 0
PE1(config-router)#address-family vpnv4
PE1(config-router-af)#neighbor 4.4.4.4 activate
PE2(config)#router bgp 234
PE2(config-router)#neighbor 2.2.2.2 remote-as 234
PE2(config-router)#neighbor 2.2.2.2 update-source loopback 0
PE2(config-router)#address-family vpnv4
PE2(config-router-af)#neighbor 2.2.2.2 activate
Before we continue we should check if our routers have formed an IBGP neighbor
adjacency:
PE1#show bgp vpnv4 unicast all summary
BGP router identifier 2.2.2.2, local AS number 234
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ

Up/Down State/PfxRcd
4.4.4.4 4 234 5 6 1 0 0
00:01:03 0
Great, the BGP session has been established.
1.4. OSPF between PE and CE Routers

Now we can work on OSPF between the PE and CE routers. Let’s start with CE1 and CE2
first:
CE1(config)#interface loopback 0
CE1(config-if)#ip address 1.1.1.1 255.255.255.255
CE1(config)#router ospf 1
CE1(config-router)#network 192.168.12.0 0.0.0.255 area 0
CE2(config)#interface loopback 0
CE2(config-if)#ip address 5.5.5.5 255.255.255.255
CE2(config)#router ospf 1
Each CE router has a loopback which is advertised in OSPF. Now we can configure OSPF
on the PE routers for the customer VRF:
PE1(config)#router ospf 2 vrf CUSTOMER
PE2(config)#router ospf 2 vrf CUSTOMER
Unlike RIP or EIGRP, we don’t use an address-family but a different process for a VRF.
Let’s see if we have learned anything:
PE1#show ip route vrf CUSTOMER ospf
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/2] via 192.168.12.1, 16:01:37, FastEthernet0/0
PE2#show ip route vrf CUSTOMER ospf
O 5.5.5.5 [110/2] via 192.168.45.5, 00:01:39, FastEthernet0/1
Great, our PE routers learned the loopback interfaces from the CE routers. Let’s
redistribute this into BGP:
PE1 & PE2
(config)#router bgp 234
(config-router)#address-family ipv4 vrf CUSTOMER
(config-router-af)#redistribute ospf 2
If everything went ok, we should now have some VPNv4 routes:
PE1#show bgp vpnv4 unicast vrf CUSTOMER
BGP table version is 7, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i -

internal,
r RIB-failure, S Stale, m multipath, b backup-path, x

best-external, f RT-Filter
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:1 (default for vrf CUSTOMER)
*> 1.1.1.1/32 192.168.12.1 2 32768 ?
*>i5.5.5.5/32 4.4.4.4 2 100 0 ?
*> 192.168.12.0 0.0.0.0 0 32768 ?
*>i192.168.45.0 4.4.4.4 0 100 0 ?
PE2#show bgp vpnv4 unicast vrf CUSTOMER
BGP table version is 7, local router ID is 192.168.34.4
Status codes: s suppressed, d damped, h history, * valid, > best, i -

internal,
r RIB-failure, S Stale, m multipath, b backup-path, x

best-external, f RT-Filter
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:1 (default for vrf CUSTOMER)
*>i1.1.1.1/32 2.2.2.2 2 100 0 ?
*> 5.5.5.5/32 192.168.45.5 2 32768 ?
*>i192.168.12.0 2.2.2.2 0 100 0 ?
*> 192.168.45.0 0.0.0.0 0 32768 ?
Exellent, we have VPNv4 routes. You can also see that the metric from OSPF (cost 2) has
been saved in the BGP MED attribute. Now let’s redistribute these VPNv4 routes back
into OSPF:
PE1 & PE2
(config)#router ospf 2
(config-router)#redistribute bgp 234 subnets
Our configuration is now complete.
2. Verification
First we’ll check if we have connectivity between our CE routers. Did they learn anything?
CE1#show ip route ospf
O IA 5.5.5.5 [110/3] via 192.168.12.2, 00:02:19, FastEthernet0/0
O IA 192.168.45.0/24 [110/2] via 192.168.12.2, 00:02:19,

FastEthernet0/0
CE2#show ip route ospf
O IA 1.1.1.1 [110/3] via 192.168.45.4, 00:02:43, FastEthernet0/0
O IA 192.168.12.0/24 [110/2] via 192.168.45.4, 00:02:43,

FastEthernet0/0
Our CE routers have learned each others networks. There’s something interesting in the
output above…normally when we redistribute something into OSPF then our prefixes
show up as O E2 or E1, now we seem to have O IA prefixes. I’ll explain why in a bit, first
let’s see if we have connectivity:
CE1#ping 5.5.5.5 source loopback 0
Packet sent with a source address of 1.1.1.1
!!!!!
Our two CE routers are able to reach each other, let’s try a trace as well:
CE1#traceroute 5.5.5.5 source loopback 0
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.12.2 0 msec 0 msec 4 msec
2 192.168.23.3 [MPLS: Labels 17/16 Exp 0] 0 msec 0 msec 4 msec
3 192.168.45.4 [MPLS: Label 16 Exp 0] 0 msec 0 msec 4 msec
4 192.168.45.5 0 msec 0 msec *
Everything seems to be working, the CE routers are able to reach each other and above
you can see the transport label (17) and VPN label (16).
There’s a couple of things left I’d like to explain however, let’s think about the prefixes
that we have seen on the CE routers.
Our CE routers advertise routes to the PE routers who redistribute it into BGP so they
become VPNv4 routes. These VPNv4 routes are exchanged from one PE router to
another. Once a PE router receives a VPNv4 route and redistributes it into OSPF, how
does it know what LSA type to use and to what area the prefix belongs? Also, how is it
possible that redistributed routes show up as inter-area routes?
OSPF works a bit different when we use it as the PE-CE routing protocol, I’ll give you the
short version here but if you want to know all details you can check RFC 4577.
Both of our customer sites are using OSPF area 0, normally it’s impossible to have two
backbone areas unless you connect them to each other with a virtual link. When we use
MPLS L3 VPN, the service provider network is seen by OSPF as the superbackbone:
Course
Contents
MPLS
Unit 1:

Introduction
Unit 2: LDP
 (Label
Distribution
Protocol)
Unit 3:
 MPLS
VPN
VRFs
(Virtual
Routing
and
Forwarding)
MPLS L3
VPN
Explained
MPLS L3 VPN
Configuration
MPLS
L3
VPN
BGP
Allow
AS in
MPLS L3
VPN BGP
AS
Override
MPLS
L3
VPN
PE-
CE
RIP
MPLS
L3
VPN
PE-CE
EIGRP
MPLS
L3
VPN
PE-
CE
OSPF
MPLS
L3 VPN
PE-CE
OSPF
Default
Route
MPLS
L3 VPN
PE-CE
OSPF
Global
Default
Route
MPLS
L3
VPN
PE-CE
OSPF
OS
Sham
Link Get Full Access to our 731 Cisco Lessons Now Start $1 Trial
VRF
Lite
Route
Leaking
MPLS
VPN
Extranet
Route
Leaking
MPLS
VPN
VRF
Export
Map
MPLS
VPN
VRF
Import
Map
MPLS
over
FlexVPN
Unit 4: MPLS
 L2
Encapsulation
Unit 5:
 IPv6
MPLS
We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is why:
 Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
 Try for Just $1. The Best Dollar You’ve Ever Spent on Your Cisco Career!
 Full Access to our 731 Lessons. More Lessons Added Every Week!
 Content created by Rene Molenaar (CCIE #41726)
Give Membership a try - it's just $1 ►
491 Sign Ups in the last 30 days
100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!
« Previous Lesson
MPLS L3 VPN PE-CE EIGRP

Next Lesson
MPLS L3 VPN PE-CE OSPF
Default Route
»
 Tags: PE-CE
Forum Replies Get Full Access to our 731 Cisco Lessons Now Start $1 Trial

ReneMolenaar
Hi Davis,
There’s a lot of things that could be wrong. Here’s a simple checklist you can use:
Here’s what you should check and in what order:
1. Make sure your PE/P routers have established LDP neighbor adjacencies using loopback interfaces as the transport addresses.
2. Make sure the VRF is created on both PE routers.
3. Make sure you use the correct RD for each VRF.
4. Make sure you have the correct import/export route-targets.
5. Check if you see routes in the VRF routing table on the PE routers.
6. Check if you have an IBGP neighbor adjacency between the PE route
... Continue reading in our forum

tsignal32
Rene,
I notice RD, and RT are configured on PE1 and PE2 routers. Can you configure RD, and RT on CE1 and CE2 with the same values of the PEs the CEs
are connected to? Is there a reason/benefit to configuring RD, and RT on CE1 and CE2. I notice an organization has done this. When I saw this it
was confusing to me after your example didn’t include RD, and RT on CE1 and CE2.
I appreciate the work you do in explaining networking where exmaples are easy to understand.
Thanks
Tim

ReneMolenaar
Hi Chris,
I didn’t create a lesson for this (yet). In OSPF, it’s simple since the DN bit is set automatically. You need this in a scenario where you have two
OSPF customer routers that are connected to each other on the same site. Cisco does have a good example for this:
https://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/118800-configure-ospf-00.html
Rene

kent2612
On CE routers why can’t I see MPLS label in traceroute result?
CE1#trace 5.5.5.5
1 192.168.12.2 8 msec 16 msec 20 msec
2 192.168.23.3 36 msec 52 msec 64 msec
3 192.168.45.4 28 msec 24 msec 40 msec
4 192.168.45.5 64 msec 68 msec 64 msec

lagapides
Hello Andrew
The OSPF domain ID is used as a BGP Extended Community Attribute. It’s primary use is indeed with MPLS VPNs. I am not familiar with any
other uses of this particular attribute.
I hope this has been helpful!
Laz
 47 more replies! Ask a question or join the discussion by visiting our Community Forum
© 2013 - 2021 NetworkLessons.com Disclaimer Privacy Policy Support About

Mpls Layer 3 VPN Pe-Ce Ospf

Uploaded by

Copyright:

Available Formats

You might also like

Mpls Layer 3 VPN Pe-Ce Ospf

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Mpls Layer 3 VPN Pe-Ce Ospf

Uploaded by

Copyright:

Available Formats

7/26/2021 MPLS Layer 3 VPN PE-CE OSPF

You are here: Home » MPLS

MPLS Layer 3 VPN PE-CE OSPF

Here’s the topology we will use:

PE1(config-if)#ip address 2.2.2.2 255.255.255.255

P(config-if)#ip address 3.3.3.3 255.255.255.255

PE2(config-if)#ip address 4.4.4.4 255.255.255.255

PE1(config-router)#network 2.2.2.2 0.0.0.0 area 0

PE1(config-router)#mpls ldp autoconfig

P(config-router)#network 192.168.23.0 0.0.0.255 area 0

P(config-router)#network 192.168.34.0 0.0.0.255 area 0

P(config-router)#network 3.3.3.3 0.0.0.0 area 0

P(config-router)#mpls ldp autoconfig

PE2(config-router)#network 192.168.34.0 0.0.0.255 area 0

PE2(config-router)#network 4.4.4.4 0.0.0.0 area 0

PE2(config-router)#mpls ldp autoconfig

P#show mpls ldp neighbor | include Peer

Peer LDP Ident: 2.2.2.2:0; Local LDP Ident 3.3.3.3:0

Peer LDP Ident: 4.4.4.4:0; Local LDP Ident 3.3.3.3:0

PE1#traceroute 4.4.4.4 source loopback 0

Type escape sequence to abort.

Tracing the route to 4.4.4.4

VRF info: (vrf in name/id, vrf out name/id)

1 192.168.23.3 [MPLS: Label 17 Exp 0] 0 msec 0 msec 4 msec

2 192.168.34.4 0 msec 0 msec *

1.2. VRFs on the PE Routers

PE1 & PE2

(config)#ip vrf CUSTOMER

(config-vrf)#route-target both 1:1

PE1(config)#interface FastEthernet 0/0

PE1(config-if)#ip vrf forwarding CUSTOMER

PE1(config-if)#ip address 192.168.12.2 255.255.255.0

PE2(config)#interface FastEthernet 0/1

PE2(config-if)#ip address 192.168.45.4 255.255.255.0

PE1#ping vrf CUSTOMER 192.168.12.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.12.1, timeout is 2 seconds:

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

PE2#ping vrf CUSTOMER 192.168.45.5

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.45.5, timeout is 2 seconds:

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

1.3. IBGP between PE1 and PE2

PE1(config)#router bgp 234

PE1(config-router)#neighbor 4.4.4.4 remote-as 234

PE1(config-router)#neighbor 4.4.4.4 update-source loopback 0

PE1(config-router-af)#neighbor 4.4.4.4 activate

PE2(config)#router bgp 234

PE2(config-router)#neighbor 2.2.2.2 remote-as 234

PE2(config-router)#neighbor 2.2.2.2 update-source loopback 0

PE2(config-router-af)#neighbor 2.2.2.2 activate

PE1#show bgp vpnv4 unicast all summary

BGP router identifier 2.2.2.2, local AS number 234

BGP table version is 1, main routing table version 1

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ

Great, the BGP session has been established.

1.4. OSPF between PE and CE Routers

CE1(config-router)#network 192.168.12.0 0.0.0.255 area 0