Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
© 2011 Cisco and/or its affiliates. All rights reserved. SPEDGE v1.0—2-1
• Configure an OSPF PE-CE routing session
• Configure a BGP PE-CE routing session
• Describe how to troubleshoot MPLS VPNs
© 2011 Cisco and/or its affiliates. All rights reserved. SPEDGE v1.0—2-2
OSPF as the PE-CE Routing Protocol
© 2011 Cisco and/or its affiliates. All rights reserved. SPEDGE v1.0—2-3
OSPF Area 0 (Backbone Area) • OSPF divides a network into areas,
all of them linked through the
backbone (Area 0).
• Areas could correspond to
Area Border Router Area Border Router
individual sites from an MPLS VPN
perspective.
© 2011 Cisco and/or its affiliates. All rights reserved. SPEDGE v1.0—2-5
• The OSPF route type is not preserved when the OSPF route is
redistributed into BGP.
• All OSPF routes from a site are inserted as external (type 5 LSA) routes
into other sites.
• The result is that OSPF route summarization and stub areas are hard to
implement.
Conclusion: MPLS VPNs must extend the classic OSPF-BGP routing
model.
© 2011 Cisco and/or its affiliates. All rights reserved. SPEDGE v1.0—2-6
• OSPF Area 0 might extend into individual sites.
• The MPLS VPN backbone has to become a superbackbone for OSPF.
BGP Backbone
PE Router PE Router
ABR ABR
4. The interarea route
is propagated into
other areas.
• Extended BGP communities are used to propagate OSPF route types across the
BGP backbone.
• OSPF cost is copied into the MED attribute.
© 2011 Cisco and/or its affiliates. All rights reserved. SPEDGE v1.0—2-8
BGP
10.0.0.0/8
Backbone OSPF RT = 1:1:0
Internal OSPF routes MED = 768
transformation. BGP
10.0.0.0/8
Backbone OSPF RT = 1:5:1
External OSPF routes MED = 768
RIP Area 2
© 2011 Cisco and/or its affiliates. All rights reserved. SPEDGE v1.0—2-9
Follow these steps to configure OSPF as the PE-CE routing
protocol:
• Configure a per-VRF copy of OSPF.
• Configure redistribution of MP-BGP into OSPF.
• Configure redistribution of OSPF into MP-BGP.
© 2011 Cisco and/or its affiliates. All rights reserved. SPEDGE v1.0—2-10
router(config)#
router ospf process-id vrf vrf-name
... Standard OSPF parameters ...
• This command starts the per-VRF OSPF routing process.
router(config-router)#
redistribute bgp as-number subnets
• This command redistributes MP-BGP routes into OSPF. The
subnets keyword is mandatory for proper operation.
router(config)#
router bgp as-number
address-family ipv4 vrf vrf-name
redistribute ospf process-id [match [internal]
[external-1] [external-2]]
• OSPF-BGP route redistribution is configured with the redistribute
command under the proper address-family command.
© 2011 Cisco and/or its affiliates. All rights reserved. SPEDGE v1.0—2-11
RP/0/RP0/CPU0:router(config-ospf)#
vrf vrf-name
... Standard OSPF parameters ...
• This command starts the per-VRF OSPF routing process.
RP/0/RP0/CPU0:router(config-ospf-vrf)#
redistribute bgp as-number
• This command redistributes MP-BGP routes into OSPF.
RP/0/RP0/CPU0:router(config)#
router bgp as-number
vrf vrf-name
address-family ipv4 unicast
redistribute ospf process-id [match {external [1|2] |
internal}]
Area 1 Area 2
1. The local subnetwork is announced to the PE router.
© 2011 Cisco and/or its affiliates. All rights reserved. SPEDGE v1.0—2-13
• A down bit has been introduced in the options field of the OSPF LSA header.
• PE routers set the down bit when redistributing routes from MP-BGP into OSPF.
• PE routers never redistribute OSPF routes with the down bit set into MP-BGP.
2. An OSPF route is received by a PE router, redistributed into
MP-BGP, and propagated across the MPLS VPN backbone.
BGP Backbone
3. The route from the superbackbone is inserted
as the interarea route.
Area 1 Area 2
1. The local subnetwork is announced without the down bit.
© 2011 Cisco and/or its affiliates. All rights reserved. SPEDGE v1.0—2-14
2. The OSPF route is propagated with the down 3. Because of administrative distances,
bit set. an OSPF route is preferred over an
MP-IBGP route. Packet flow across
the network is not optimal.
BGP Backbone
Another OSPF or
Area 1 Area 2 Non-OSPF Site
1. The OSPF route is received by a PE router
and redistributed into MP-BGP and OSPF.
© 2011 Cisco and/or its affiliates. All rights reserved. SPEDGE v1.0—2-15
1. The OSPF route is propagated with the down 2. The OSPF route is ignored because
bit set. the down bit is set.
BGP Backbone
Another OSPF or
Area 1 Area 2 Non-OSPF Site
Packet flow across the network is optimal.
© 2011 Cisco and/or its affiliates. All rights reserved. SPEDGE v1.0—2-16
• OSPF prefers intra-area paths to interarea paths.
• The path over a backdoor link will always be selected.
• A sham link is a logical intra-area link.
• It is carried by the superbackbone.
• A sham link is required only
between two VPN sites High-Bandwidth
BGP Backbone
that belong to the same
area and have a backdoor
link for backup purposes.
• OSPF adjacency is PE Router PE Router
established across the Low-Bandwidth
sham link. Backdoor Link
© 2011 Cisco and/or its affiliates. All rights reserved. SPEDGE v1.0—2-17
2. The site 1 PE redistributes 3. The site 2 PE receives the OSPF type 1
the OSPF route into MP- LSA for the selected route from two
BGP because the selected directions. The OSPF cost of the sham
OSPF route was not High-Bandwidth link has been configured so that the
received via a sham link. sham link is preferred.
BGP Backbone
Preferred Path
LSA 1
LSA 1
allow the best path selection.
selected OSPF
Area 1 route into MP-BGP
LSA 1 because the
preferred route was
received via a sham
Low-Bandwidth link.
Backdoor Link
Site 1 Site 2
© 2011 Cisco and/or its affiliates. All rights reserved. SPEDGE v1.0—2-18
• A separate /32 address space is BGP Backbone AS 64500
required in each PE router for each
sham link. PE Router PE Router
Sham Link
• This /32 address space:
- Is required so that OSPF packets can gi 0/2/0/0
be sent over the VPN backbone to the
remote end of the sham link Area 1
© 2011 Cisco and/or its affiliates. All rights reserved. SPEDGE v1.0—2-19
BGP as the PE-CE Routing Protocol
© 2011 Cisco and/or its affiliates. All rights reserved. SPEDGE v1.0—2-20
Router(config)#
router bgp as-number
Cisco IOS address-family ipv4 vrf vrf-name
and IOS XE ... Per-VRF BGP definitions ...
RP/0/RP0/CPU0:Router(config)#
router bgp as-number
Cisco IOS vrf vrf-name
XR address-family ipv4 unicast
... Per-VRF BGP definitions ...
CE-BGP-A1 CE-BGP-A3
PE-X PE-Y
© 2011 Cisco and/or its affiliates. All rights reserved. SPEDGE v1.0—2-22
• Service providers offering MPLS VPN services are at risk of denial-of-
service attacks similar to those aimed at service providers offering BGP
connectivity:
- Any customer can generate any number of routes, using resources in the PE
routers.
- Therefore, the resources that are used by a single customer have to be
limited.
• Cisco IOS Software offers two solutions:
- You can limit the number of routes received from a BGP neighbor.
- You can limit the total number of routes in a VRF.
© 2011 Cisco and/or its affiliates. All rights reserved. SPEDGE v1.0—2-23
Router(config-router-af)#
Cisco IOS
neighbor ip-address maximum-prefix maximum [threshold]
and IOS
[warning-only]
XE
RP/0/RP0/CPU0:Router(config-bgp-nbr-af)#
Cisco
IOS XR maximum-prefix maximum [threshold] [warning-only]
© 2011 Cisco and/or its affiliates. All rights reserved. SPEDGE v1.0—2-24
• The VRF maximum routes limit command limits the number of routes that are
imported into a VRF:
- Routes coming from CE routers
- Routes coming from other PE routers (imported routes)
• The route limit is configured for each VRF.
• If the number of routes exceeds the route limit:
- A syslog message (Cisco IOS and IOS XE Software) is generated.
- A SNMP trap (Cisco IOS XR Software) is generated.
- Cisco IOS, IOS XE, and IOS XR Software can be configured to reject routes (optional).
Router(config-vrf)#
Cisco IOS
and IOS XE maximum routes limit {warn-threshold | warn-only}
© 2011 Cisco and/or its affiliates. All rights reserved. SPEDGE v1.0—2-25
Customer A P-Network
AS 64501 AS 64500
4 3
1 2 VPN-IPv4 Update: VPN-IPv4 Update:
IPv4 Update: IPv4 Update: RD:192.168.60.0/24 RD:192.168.61.0/24
192.168.0.5/32 192.168.50.0/24 RT = 64500:2 RT = 64500:2
© 2011 Cisco and/or its affiliates. All rights reserved. SPEDGE v1.0—2-26
The customer wants to reuse an AS number on several sites:
• CE-BGP-A1 announces network 10.1.0.0/16 to PE-Site-X.
• The prefix announced by CE-BGP-A1 is propagated to PE-Site-Y as an
internal route through MP-BGP.
• PE-Site-Y prepends AS 64500 to the AS path and propagates the prefix to
CE-BGP-A2.
• CE-BGP-A2 drops the update because AS 64501 is already in the AS path.
© 2011 Cisco and/or its affiliates. All rights reserved. SPEDGE v1.0—2-27
• New AS path update procedures have been implemented to reuse an AS
number on all VPN sites.
• The procedures allow the use of private and public AS numbers.
• The same AS number may be used for all sites.
• With as-override configured, the AS path update procedure on the PE router is
as follows:
- If the first AS number in the AS path is equal to the neighboring AS, it is replaced with
the provider AS number.
- If the first AS number has multiple occurrences (because of AS path prepend), all
occurrences are replaced with the provider AS number.
- After this operation, the provider AS number is prepended to the AS path.
Router(config-router-af)#
Cisco IOS
and IOS XE neighbor ip-address as-override
RP/0/RP0/CPU0:router(config-bgp-vrf-nbr-af)#
Cisco IOS
XR as-override
© 2011 Cisco and/or its affiliates. All rights reserved. SPEDGE v1.0—2-28
• PE-Site-Y replaces AS 64501 with AS 64500 in the AS path, prepends
another copy of AS 64500 to the AS path, and propagates the prefix.
Cisco IOS and IOS XE Cisco IOS XR
router bgp 64500
router bgp 64500
vrf Customer_2
address-family ipv4 vrf Customer_A
neighbor 10.1.1.1
neighbor 10.1.1.1 remote-as 64501
remote-as 64501
neighbor 10.1.1.1 activate
address-family ipv4 unicast
neighbor 10.1.1.1 activate
as-override
© 2011 Cisco and/or its affiliates. All rights reserved. SPEDGE v1.0—2-29
The BGP route is rejected because the PE3 router sees its own AS number
in the AS path.
Customer A:
Customer A: VPN
VPN Hub Site
Site Spoke 1 EBGP Update EBGP Update
as-path (64501) as-path (64501) AS 64503
AS 64501 CE3
AS1
VRFa
CE1
AS 64502 PE3
PE2 VRFb
Site B AS 64501
CE-BGP-A2
© 2011 Cisco and/or its affiliates. All rights reserved. SPEDGE v1.0—2-32
Perform basic MPLS troubleshooting:
• Is Cisco Express Forwarding enabled?
• Are labels for IGP routes generated and propagated?
• Are large labeled packets propagated across the MPLS backbone
(maximum transmission unit issues)?
© 2011 Cisco and/or its affiliates. All rights reserved. SPEDGE v1.0—2-33
2. Are routes redistributed into MP-BGP 5. Are VPNv4 routes inserted into
with the proper extended communities? VRFs on other PE routers?
© 2011 Cisco and/or its affiliates. All rights reserved. SPEDGE v1.0—2-34
show route vrf
show bgp vpnv4 vrf vrf-name ip-prefix show bgp ip-prefix
debug bgp show vrf detail
P-Network
CE-Spoke P CE-Spoke
show route
PE-1 PE-2
© 2011 Cisco and/or its affiliates. All rights reserved. SPEDGE v1.0—2-35
Is there an end-to-end LSP
tunnel between the PE routers?
Is the Cisco Express
Forwarding entry correct on
the ingress PE router?
P-Network
CE-Spoke P CE-Spoke
Is Cisco Express Forwarding
enabled on the ingress PE
router interface?
PE-1 PE-2
CE-Spoke CE-Spoke
Is the LFIB entry on the
egress PE router correct?
© 2011 Cisco and/or its affiliates. All rights reserved. SPEDGE v1.0—2-36
show cef vrf vrf-name ip-prefix/length detail
P-Network
CE-Spoke P CE-Spoke
show cef interface
PE-1 PE-2
CE-Spoke CE-Spoke
© 2011 Cisco and/or its affiliates. All rights reserved. SPEDGE v1.0—2-37
• Check for summarization issues. The BGP next hop should be
reachable as a host route.
• Quick check—If TTL propagation is disabled, the trace from PE-2 to
PE-1 should contain only one hop.
• If needed, check LFIB values hop by hop.
• Check for MTU issues on the path. MPLS VPN requires a larger label
header than pure MPLS.
P-Network
CE-Spoke P CE-Spoke
PE-1 PE-2
CE-Spoke CE-Spoke
© 2011 Cisco and/or its affiliates. All rights reserved. SPEDGE v1.0—2-38
show cef vrf vrf-name ip-prefix/length detail
show mpls forwarding vrf vrf-name value detail
P-Network
CE-Spoke P CE-Spoke
PE-1 PE-2
CE-Spoke CE-Spoke
© 2011 Cisco and/or its affiliates. All rights reserved. SPEDGE v1.0—2-39
Cisco IOS and IOS XE Cisco IOS XR
show ip ospf database Control Plane show ospf database
show ip bgp show bgp
show ip eigrp topology Routing Protocol show eigrp topology
show mpls ldp bindings Label Exchange Protocol show mpls ldp bindings
(LFIB)
Data Plane
show ip cef show cef
show ip cef vrf show cef vrf
IP Forwarding Table (FIB)
© 2011 Cisco and/or its affiliates. All rights reserved. SPEDGE v1.0—2-40
• OSPF as a PE-CE routing protocol is implemented as a separate routing
process.
• BGP is very scalable and predictable as a PE-CE routing protocol.
• MPLS VPN troubleshooting has two main steps: verifying routing
information flow and verifying proper data flow.
© 2011 Cisco and/or its affiliates. All rights reserved. SPEDGE v1.0—2-41
© 2011 Cisco and/or its affiliates. All rights reserved. SPEDGE v1.0—2-42