Friday, January 13, 2017

CCIE SPv4 - MPLS L3 VPN - OSPF PE-CE Routing with Domain IDs

Software versions:
IOS XE 15.5
IOS XR 5.3

The topology for this demo:
In this post we will examine the "domain id". The domain ID is essentially an identifier that is used to determine whether 2 CE sites area in the same area. Since the MPLS core acts like another area 0 hierarchy above the area 0 we have already defined on the CE side, the domain id is used to differentiate between sites in the same domain and in different domains. If the domain ids match, then those 2 sites are in the same domain, hence, O IA routes; if the domain ids do not match, then those 2 sites are not in the same domain, hence, O E2 routes. Domain ids can be configured on the PEs under the VRF process. There are a few variants however we're only going to look at the 0005 option. 

R13s RIB
R13#sh ip route vrf OSPF | b Gateway

Gateway of last resort is not set

      10.0.0.0/32 is subnetted, 1 subnets
O E2     10.101.10.10 [110/2] via 131.0.0.1, 00:05:18, GigabitEthernet1.1110
      11.0.0.0/24 is subnetted, 1 subnets
O        11.0.0.0 [110/2] via 131.0.0.1, 2d21h, GigabitEthernet1.1110
      16.0.0.0/32 is subnetted, 1 subnets
O E2     16.0.0.6 [110/1] via 131.0.0.1, 2d00h, GigabitEthernet1.1110
      38.0.0.0/32 is subnetted, 2 subnets
O E2     38.0.0.3 [110/1] via 131.0.0.1, 1d01h, GigabitEthernet1.1110
O E2     38.0.0.13 [110/1] via 131.0.0.1, 1d01h, GigabitEthernet1.1110
      83.0.0.0/24 is subnetted, 1 subnets
O E2     83.0.0.0 [110/1] via 131.0.0.1, 00:05:18, GigabitEthernet1.1110
      106.0.0.0/24 is subnetted, 1 subnets
O E2     106.0.0.0 [110/1] via 131.0.0.1, 00:05:18, GigabitEthernet1.1110
      110.0.0.0/32 is subnetted, 3 subnets
O E2     110.110.110.8 [110/2] via 131.0.0.1, 00:05:18, GigabitEthernet1.1110
C        110.110.110.13 is directly connected, Loopback110
O IA     110.110.110.14 [110/3] via 131.0.0.1, 00:04:48, GigabitEthernet1.1110
      131.0.0.0/16 is variably subnetted, 2 subnets, 2 masks
C        131.0.0.0/24 is directly connected, GigabitEthernet1.1110
L        131.0.0.13/32 is directly connected, GigabitEthernet1.1110

As you can see, all of the routes learned except 11.0.0.0/24 and 110.110.110.14. Our goal, is to make all the routes above appear as O IA after we have completed this process. The configuration is very simple, changing the domain id to some value that all PEs have configured will accomplish this. 

XE PEs
router ospf 110 vrf OSPF
 domain-id type 0005 value 000000F40200

XR PEs
router ospf 110
 vrf OSPF
  domain-id type 0005 value 000000f40200

I chose the value of "f40200" as it stands for the IPv4 family, the 200 is just a random value. The same exact configuration is used under the IPv6 variants

I was testing out placement of the "capability vrf lite" command, this is supposed to go on a CE device. I applied it on the PE, honestly by accident during a copy/paste, the CE ended up getting all the routes as O E2, which makes sense. The PE was receiving them, but since we we're redistributing BGP into OSPF, the CE should have seen a bunch of  O IA routes. That wasn't the case, after a few minutes of investigation, I realized the issue. I fixed it, by place "capability vrf lite" on the CE. 

R10#sh ip route vrf OSPF ospf 110
Gateway of last resort is not set

      11.0.0.0/24 is subnetted, 1 subnets
O E2     11.0.0.0 [110/1] via 106.0.0.6, 00:08:59, GigabitEthernet1.1110
      38.0.0.0/32 is subnetted, 2 subnets
O E2     38.0.0.3 [110/1] via 106.0.0.6, 00:08:59, GigabitEthernet1.1110
O E2     38.0.0.13 [110/1] via 106.0.0.6, 00:08:59, GigabitEthernet1.1110
      59.0.0.0/24 is subnetted, 1 subnets
O E2     59.0.0.0 [110/1] via 106.0.0.6, 00:08:59, GigabitEthernet1.1110
      83.0.0.0/24 is subnetted, 1 subnets
O E2     83.0.0.0 [110/1] via 106.0.0.6, 00:08:59, GigabitEthernet1.1110
      110.0.0.0/32 is subnetted, 3 subnets
O E2     110.110.110.8 [110/1] via 106.0.0.6, 00:08:59, GigabitEthernet1.1110
O E2     110.110.110.13 [110/1] via 106.0.0.6, 00:08:59, GigabitEthernet1.1110
O E2     110.110.110.14 [110/1] via 106.0.0.6, 00:08:59, GigabitEthernet1.1110
      131.0.0.0/24 is subnetted, 1 subnets
O E2     131.0.0.0 [110/1] via 106.0.0.6, 00:08:59, GigabitEthernet1.1110

After the "vrf-lite" configuration migration from the PE to the CE.

R10#sh ip route vrf OSPF ospf | b Gateway
Gateway of last resort is not set

      11.0.0.0/24 is subnetted, 1 subnets
O IA     11.0.0.0 [110/2] via 106.0.0.6, 00:04:15, GigabitEthernet1.1110
      38.0.0.0/32 is subnetted, 2 subnets
O E2     38.0.0.3 [110/1] via 106.0.0.6, 00:04:15, GigabitEthernet1.1110
O E2     38.0.0.13 [110/1] via 106.0.0.6, 00:04:15, GigabitEthernet1.1110
      59.0.0.0/24 is subnetted, 1 subnets
O IA     59.0.0.0 [110/2] via 106.0.0.6, 00:04:15, GigabitEthernet1.1110
      83.0.0.0/24 is subnetted, 1 subnets
O IA     83.0.0.0 [110/2] via 106.0.0.6, 00:04:15, GigabitEthernet1.1110
      110.0.0.0/32 is subnetted, 3 subnets
O IA     110.110.110.8 [110/3] via 106.0.0.6, 00:04:15, GigabitEthernet1.1110
O IA     110.110.110.13 [110/3] via 106.0.0.6, 00:04:15, GigabitEthernet1.1110
O IA     110.110.110.14 [110/3] via 106.0.0.6, 00:04:15, GigabitEthernet1.1110
      131.0.0.0/24 is subnetted, 1 subnets
O IA     131.0.0.0 [110/2] via 106.0.0.6, 00:04:15, GigabitEthernet1.1110

Now all the routes that should be showing up as Inter Area are doing so.

Let's take a look at the PE side and breakdown the BGP outputs for these routes. Its important to know what your looking at to ensure the proper propagation is happening.

R6#sh bgp vpnv4 unicast vrf OSPF 131.0.0.0/24
BGP routing table entry for 110:50693:131.0.0.0/24, version 373
Paths: (2 available, best #1, table OSPF)
  Not advertised to any peer
  Refresh Epoch 2
  Local
    192.168.1.1 (metric 2) (via default) from 192.168.1.2 (192.168.1.2)
      Origin incomplete, metric 0, localpref 100, valid, internal, best
      Extended Community: RT:110:50693 OSPF DOMAIN ID:0x0005:0x000000F40200
        OSPF RT:0.0.0.0:2:0 OSPF ROUTER ID:131.0.0.1:0
      Originator: 192.168.1.1, Cluster list: 192.168.1.2
      mpls labels in/out nolabel/42
      rx pathid: 0, tx pathid: 0x0
  Refresh Epoch 1
  Local
    192.168.1.1 (metric 2) (via default) from 192.168.1.14 (192.168.1.14)
      Origin incomplete, metric 0, localpref 100, valid, internal
      Extended Community: RT:110:50693 OSPF DOMAIN ID:0x0005:0x000000F40200
        OSPF RT:0.0.0.0:2:0 OSPF ROUTER ID:131.0.0.1:0
      Originator: 192.168.1.1, Cluster list: 192.168.1.14
      mpls labels in/out nolabel/42
      rx pathid: 0, tx pathid: 0

The extended community portion is where I want to focus on. The RT is the route target value, configured as 110:50693 that is uniquely configured for OSPF traffic over the core.The OSPF Domain ID is the focus of this post, like I stated above, used to code the routes propagated by BGP after being learned from OSPF, an attribute used to ID LSAs that belong to the same domain. The OSPF RT is the Route Type. The 0.0.0.0 is the area ID, the 2 is the LSA type, where this one shows as a DR. The 0 is the options field. 

The IOS and IOS XR variations are literally the same, configured the same, the outputs are summarized a bit more in XR, not enough to warrant an output. 

Thanks for stopping by!
Rob Riker, CCIE #50693
Posted by at
Labels: , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)