Professional Documents
Culture Documents
Mpls Layer 3 VPN Pe-Ce Ospf
Mpls Layer 3 VPN Pe-Ce Ospf
Mpls Layer 3 VPN Pe-Ce Ospf
Get Full Access to our 731 Cisco Lessons Now Start $1 Trial
Search …
1. Configuration
1.1. IGP and LDP
1.2. VRFs on the PE Routers
1.3. IBGP between PE1 and PE2
1.4. OSPF between PE and CE Routers
2. Verification
This lesson explains how to use OSPF as the PE-CE routing protocol for MPLS L3 VPN.
The configuration is very similar to PE-CE RIP or PE-CE EIGRP but OSPF has some extra
options as a link-state routing protocol.
The first part is about configuring LDP, VRFs and iBGP between the PE routers. This is the
same as my previous lessons so you might want to skip to the PE-CE OSPF section.
https://networklessons.com/mpls/mpls-layer-3-vpn-pe-ce-ospf 1/11
7/26/2021 MPLS Layer 3 VPN PE-CE OSPF
Get Full Access to our 731 Cisco Lessons Now Start $1 Trial
Above we have 5 routers. CE and CE2 belong to the customer who wants to run
OSPF between their sites. The service provider has two PE routers and one P router in
the middle.
1. Configuration
1.1. IGP and LDP
Let’s prepare the service provider routers. We need an IGP (OSPF) and LDP on the PE1,
PE2 and P router.
PE1(config)#interface loopback 0
P(config)#interface loopback 0
PE2(config)#interface loopback 0
Now we can configure OSPF for routing in the service provider network:
https://networklessons.com/mpls/mpls-layer-3-vpn-pe-ce-ospf 2/11
7/26/2021 MPLS Layer 3 VPN PE-CE OSPF
PE1(config)#router ospf 1
Get Full Access to our 731 Cisco Lessons Now Start $1 Trial
PE1(config-router)#network 192.168.23.0 0.0.0.255 area 0
P(config)#router ospf 1
PE2(config)#router ospf 1
This takes care of IGP and LDP. Make sure you have LDP neighbors before we continue:
Our P router in the middle has two neighbors so this is looking good. Just in case, let’s
verify if there is connectivity between PE1 and PE2:
The PE routers are able to reach each others loopback interfaces and we are using label
switching.
(config-vrf)#rd 1:1
Don’t forget to add the interfaces facing the customer routers into the VRF:
https://networklessons.com/mpls/mpls-layer-3-vpn-pe-ce-ospf 3/11
7/26/2021 MPLS Layer 3 VPN PE-CE OSPF
Get Full Access to our 731 Cisco Lessons Now Start $1 Trial
PE2(config-if)#ip vrf forwarding CUSTOMER
Let’s check if the PE routers are able to ping the CE routers from the VRF:
!!!!!
!!!!!
So far so good…
PE1(config-router)#address-family vpnv4
PE2(config-router)#address-family vpnv4
Before we continue we should check if our routers have formed an IBGP neighbor
adjacency:
4.4.4.4 4 234 5 6 1 0 0
00:01:03 0
https://networklessons.com/mpls/mpls-layer-3-vpn-pe-ce-ospf 4/11
7/26/2021 MPLS Layer 3 VPN PE-CE OSPF
CE1(config)#interface loopback 0
Get Full Access to our 731 Cisco Lessons Now Start $1 Trial
CE1(config-if)#ip address 1.1.1.1 255.255.255.255
CE1(config)#router ospf 1
CE2(config)#interface loopback 0
CE2(config)#router ospf 1
Each CE router has a loopback which is advertised in OSPF. Now we can configure OSPF
on the PE routers for the customer VRF:
Unlike RIP or EIGRP, we don’t use an address-family but a different process for a VRF.
Let’s see if we have learned anything:
Great, our PE routers learned the loopback interfaces from the CE routers. Let’s
redistribute this into BGP:
(config-router-af)#redistribute ospf 2
https://networklessons.com/mpls/mpls-layer-3-vpn-pe-ce-ospf 5/11
7/26/2021 MPLS Layer 3 VPN PE-CE OSPF
Get Full Access to our 731 Cisco Lessons Now Start $1 Trial
BGP table version is 7, local router ID is 3.3.3.3
Exellent, we have VPNv4 routes. You can also see that the metric from OSPF (cost 2) has
been saved in the BGP MED attribute. Now let’s redistribute these VPNv4 routes back
into OSPF:
(config)#router ospf 2
2. Verification
First we’ll check if we have connectivity between our CE routers. Did they learn anything?
https://networklessons.com/mpls/mpls-layer-3-vpn-pe-ce-ospf 6/11
7/26/2021 MPLS Layer 3 VPN PE-CE OSPF
Get Full Access to our 731 Cisco Lessons Now Start $1 Trial
1.0.0.0/32 is subnetted, 1 subnets
Our CE routers have learned each others networks. There’s something interesting in the
output above…normally when we redistribute something into OSPF then our prefixes
show up as O E2 or E1, now we seem to have O IA prefixes. I’ll explain why in a bit, first
let’s see if we have connectivity:
!!!!!
Our two CE routers are able to reach each other, let’s try a trace as well:
Everything seems to be working, the CE routers are able to reach each other and above
you can see the transport label (17) and VPN label (16).
There’s a couple of things left I’d like to explain however, let’s think about the prefixes
that we have seen on the CE routers.
Our CE routers advertise routes to the PE routers who redistribute it into BGP so they
become VPNv4 routes. These VPNv4 routes are exchanged from one PE router to
another. Once a PE router receives a VPNv4 route and redistributes it into OSPF, how
does it know what LSA type to use and to what area the prefix belongs? Also, how is it
possible that redistributed routes show up as inter-area routes?
OSPF works a bit different when we use it as the PE-CE routing protocol, I’ll give you the
short version here but if you want to know all details you can check RFC 4577.
Both of our customer sites are using OSPF area 0, normally it’s impossible to have two
backbone areas unless you connect them to each other with a virtual link. When we use
MPLS L3 VPN, the service provider network is seen by OSPF as the superbackbone:
Course
Contents
MPLS
https://networklessons.com/mpls/mpls-layer-3-vpn-pe-ce-ospf 7/11
7/26/2021 MPLS Layer 3 VPN PE-CE OSPF
Unit 1:
Introduction
Get Full Access to our 731 Cisco Lessons Now Start $1 Trial
Unit 2: LDP
(Label
Distribution
Protocol)
Unit 3:
MPLS
VPN
VRFs
(Virtual
Routing
and
Forwarding)
MPLS L3
VPN
Explained
MPLS L3 VPN
Configuration
MPLS
L3
VPN
BGP
Allow
AS in
MPLS L3
VPN BGP
AS
Override
MPLS
L3
VPN
PE-
CE
RIP
MPLS
L3
VPN
PE-CE
EIGRP
MPLS
L3
VPN
PE-
CE
OSPF
MPLS
L3 VPN
PE-CE
OSPF
Default
Route
MPLS
L3 VPN
PE-CE
OSPF
Global
Default
Route
MPLS
L3
VPN
PE-CE
OSPF
https://networklessons.com/mpls/mpls-layer-3-vpn-pe-ce-ospf 8/11
7/26/2021 MPLS Layer 3 VPN PE-CE OSPF
OS
Sham
Link Get Full Access to our 731 Cisco Lessons Now Start $1 Trial
VRF
Lite
Route
Leaking
MPLS
VPN
Extranet
Route
Leaking
MPLS
VPN
VRF
Export
Map
MPLS
VPN
VRF
Import
Map
MPLS
over
FlexVPN
Unit 4: MPLS
L2
Encapsulation
Unit 5:
IPv6
MPLS
Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
Try for Just $1. The Best Dollar You’ve Ever Spent on Your Cisco Career!
Full Access to our 731 Lessons. More Lessons Added Every Week!
Content created by Rene Molenaar (CCIE #41726)
No Questions Asked!
« Previous Lesson
https://networklessons.com/mpls/mpls-layer-3-vpn-pe-ce-ospf 9/11
7/26/2021 MPLS Layer 3 VPN PE-CE OSPF
Forum Replies Get Full Access to our 731 Cisco Lessons Now Start $1 Trial
ReneMolenaar
Hi Davis,
There’s a lot of things that could be wrong. Here’s a simple checklist you can use:
1. Make sure your PE/P routers have established LDP neighbor adjacencies using loopback interfaces as the transport addresses.
5. Check if you see routes in the VRF routing table on the PE routers.
tsignal32
Rene,
I notice RD, and RT are configured on PE1 and PE2 routers. Can you configure RD, and RT on CE1 and CE2 with the same values of the PEs the CEs
are connected to? Is there a reason/benefit to configuring RD, and RT on CE1 and CE2. I notice an organization has done this. When I saw this it
was confusing to me after your example didn’t include RD, and RT on CE1 and CE2.
I appreciate the work you do in explaining networking where exmaples are easy to understand.
Thanks
Tim
ReneMolenaar
Hi Chris,
I didn’t create a lesson for this (yet). In OSPF, it’s simple since the DN bit is set automatically. You need this in a scenario where you have two
OSPF customer routers that are connected to each other on the same site. Cisco does have a good example for this:
https://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/118800-configure-ospf-00.html
Rene
kent2612
https://networklessons.com/mpls/mpls-layer-3-vpn-pe-ce-ospf 10/11
7/26/2021 MPLS Layer 3 VPN PE-CE OSPF
CE1#trace 5.5.5.5
Get Full Access to our 731 Cisco Lessons Now Start $1 Trial
Type escape sequence to abort.
lagapides
Hello Andrew
The OSPF domain ID is used as a BGP Extended Community Attribute. It’s primary use is indeed with MPLS VPNs. I am not familiar with any
other uses of this particular attribute.
Laz
47 more replies! Ask a question or join the discussion by visiting our Community Forum
https://networklessons.com/mpls/mpls-layer-3-vpn-pe-ce-ospf 11/11