MPLS L3VPN with OSPF as PE-CE routing protocol

In this scenario we have a sample topology that is shown below. Routers R1, R2, R6 and R8 are owned by a customer and he wants us to establish reachability between these two sites through our SP network. Routers at site A are located inside a rack at Istanbul and routers R6 and R8 are located inside a server room at Ankara, Turkey. Our SP network extends across whole country so we have PoP at these two cities. Meantime we are using “OSPF 1” inside our SP network alongside BGP. The IPv4 BGP neighborship inside SP network is presented below:

R3-R7
R4-R7
R5-R7

We implemented BGP neighborship, with R7 as our RR server for IPv4 address family.
Customer uses “OSPF 2” inside his sites, but there are some other points which should be considered:

• R1 uses VRF B that is active on Fe0/0, Se1/0 and Loopback0 interfaces. The customer decides to implement VRF-lite in the near future inside its site located at Istanbul. Router R2 will not use any VRF.
• There are some APs connected to R8 at Ankara office which don’t support OSPF; so they decided to redistribute the routes obtained through those APs to OSPF at R8 (we assume the mentioned external routes as Loopback 1 interface).

So what we need can be briefly concluded as these:

• Creating needed VRFs on PE routers for this customer and put the relative interfaces inside it.
• Enabling OSPF on the links towards customer routers.
• Redistribute between “OSPF 2” and BGP on PE routers.
• Establish VPNv4 neighborship between PE routers.
• Some minor but important changes…

Let’s create our VRFs on SP PE routers and customer-owned R1 router and put the interfaces inside them, and finally enable “OSPF 2” inside customer sites and between PE-CE routers. As I said before, the SP network is running “OSPF 1” inside it.

R1:

ip vrf B
 rd 2:2   
!
interface Loopback0
 ip vrf forwarding B
 ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
 ip vrf forwarding B
 ip address 13.13.13.1 255.255.255.0
!
router ospf 2 vrf B
 log-adjacency-changes
 network 1.1.1.1 0.0.0.0 area 0
 network 13.13.13.0 0.0.0.255 area 0

R2:

interface Loopback0
 ip address 2.2.2.1 255.255.255.255
 ip ospf 2 area 0
!
interface FastEthernet0/0
 ip address 24.24.24.2 255.255.255.0
 ip ospf 2 area 0

R3:

ip vrf A
 rd 1:1
 route-target export 1:1
 route-target import 1:1
!         
interface Loopback0
 ip address 3.3.3.1 255.255.255.255
 ip ospf 1 area 0
!
interface Loopback1
 ip address 3.3.3.2 255.255.255.255
!
interface Loopback2
 ip address 3.3.3.3 255.255.255.255
!
interface FastEthernet0/0
 ip vrf forwarding A
 ip address 13.13.13.3 255.255.255.0
!         
interface FastEthernet0/1
 ip address 37.37.37.3 255.255.255.0
 ip ospf 1 area 0
 mpls ip
!
router ospf 2 vrf A
 network 13.13.13.0 0.0.0.255 area 0

R4:

ip vrf A
 rd 1:1
 route-target export 1:1
 route-target import 1:1
!
interface Loopback0
 ip address 4.4.4.1 255.255.255.255
 ip ospf 1 area 0
!
interface Loopback1
 ip address 4.4.4.2 255.255.255.255
!
interface Loopback2
 ip address 4.4.4.3 255.255.255.255
!
interface FastEthernet0/0
 ip vrf forwarding A
 ip address 24.24.24.4 255.255.255.0
!
interface FastEthernet0/1
 ip address 47.47.47.4 255.255.255.0
 ip ospf 1 area 0
 mpls ip
!
router ospf 2 vrf A
 network 24.24.24.0 0.0.0.255 area 0

R7:

interface Loopback0
 ip address 7.7.7.1 255.255.255.255
 ip ospf 1 area 0
!
interface FastEthernet0/0
 ip address 47.47.47.7 255.255.255.0
 ip ospf 1 area 0
 mpls ip
!
interface FastEthernet0/1
 ip address 37.37.37.7 255.255.255.0
 ip ospf 1 area 0
 mpls ip
!
interface FastEthernet2/0
 ip address 57.57.57.7 255.255.255.0
 ip ospf 1 area 0
 mpls ip

R5:

ip vrf A
 rd 1:1
 route-target export 1:1
 route-target import 1:1
!         
interface Loopback0
 ip address 5.5.5.1 255.255.255.255
 ip ospf 1 area 0
!
interface Loopback1
 ip address 5.5.5.2 255.255.255.255
!
interface Loopback2
 ip address 5.5.5.3 255.255.255.255
!
interface FastEthernet0/0
 ip address 57.57.57.5 255.255.255.0
 ip ospf 1 area 0
 mpls ip
!
interface FastEthernet0/1
 ip vrf forwarding A
 ip address 56.56.56.5 255.255.255.0
!
router ospf 2 vrf A
 network 56.56.56.0 0.0.0.255 area 0

R6:

interface Loopback0
 ip address 6.6.6.1 255.255.255.255
 ip ospf 2 area 0
!
interface Loopback1
 ip address 6.6.6.2 255.255.255.255
!
interface Loopback2
 ip address 6.6.6.3 255.255.255.255
!
interface FastEthernet0/0
 ip address 68.68.68.6 255.255.255.0
 ip ospf 2 area 0
!
interface FastEthernet0/1
 ip address 56.56.56.6 255.255.255.0
 ip ospf 2 area 0

R8:

interface Loopback0
 ip address 8.8.8.1 255.255.255.255
 ip ospf 2 area 0
!
interface Loopback1
 ip address 8.8.8.2 255.255.255.255
!
interface Loopback2
 ip address 8.8.8.3 255.255.255.255
!
interface FastEthernet0/0
 ip address 68.68.68.8 255.255.255.0
 ip ospf 2 area 0
!
router ospf 2
 log-adjacency-changes
 redistribute connected subnets route-map C>O
!
! as I said, there are some external routes obtained from APs that need to be 
! redistributed into OSPF; because those APs don’t support OSPF.
!
route-map C>O permit 10
 match interface Loopback1

At this point, we must have our OSPF neighborship up and running between customer routers at each site and between PE routers and CEs. Let’s verify:

R3(config-router)#do show ip ospf 2 neigh
Neighbor ID     Pri   State           Address         Interface
1.1.1.1           1   FULL/BDR        13.13.13.1      FastEthernet0/0
R4(config)#do show ip ospf 2 neigh
Neighbor ID     Pri   State           Address         Interface
2.2.2.3           1   FULL/DR         24.24.24.2      FastEthernet0/0
R5(config-router)#do show ip ospf 2 neigh
Neighbor ID     Pri   State           Address         Interface
6.6.6.2           1   FULL/BDR        56.56.56.6      FastEthernet0/1
R6(config-if)#do show ip ospf neigh 
Neighbor ID     Pri   State           Address         Interface
8.8.8.3            1   FULL/DR         68.68.68.8      FastEthernet0/0
56.56.56.5        1   FULL/DR         56.56.56.5      FastEthernet0/1

For simplicity, I’ve shut down the serial connection between R1 and R2 but will enable it later, while discussing OSPF Sham links. Up to this point, each customer site has reachability to all of its local networks and each PE router has OSPF neighborship with CE router at each site.
For MPLS L3VPN we need to enable LDP inside SP network and if you have noticed, I enabled MPLS on SP’s internal interfaces with these two commands entered on all of them:

mpls ldp router-id Loopback0 force
mpls label protocol ldp

Enabling LDP between routers will make them to establish LDP neighborship; Let’s verify:

R7(config-router)#do show mpls ldp neigh
    Peer LDP Ident: 3.3.3.1:0; Local LDP Ident 7.7.7.1:0
        TCP connection: 3.3.3.1.646 - 7.7.7.1.58715
        State: Oper; Msgs sent/rcvd: 234/234; Downstream
        Up time: 03:05:35
        LDP discovery sources:
          FastEthernet0/1, Src IP addr: 37.37.37.3
        Addresses bound to peer LDP Ident:
          37.37.37.3      3.3.3.1         3.3.3.2         
    Peer LDP Ident: 5.5.5.1:0; Local LDP Ident 7.7.7.1:0
        TCP connection: 5.5.5.1.646 - 7.7.7.1.59575
        State: Oper; Msgs sent/rcvd: 231/232; Downstream
        Up time: 03:05:35
        LDP discovery sources:
          FastEthernet2/0, Src IP addr: 57.57.57.5
        Addresses bound to peer LDP Ident:
          57.57.57.5      5.5.5.1         5.5.5.2         5.5.5.3         
    Peer LDP Ident: 4.4.4.1:0; Local LDP Ident 7.7.7.1:0
        TCP connection: 4.4.4.1.646 - 7.7.7.1.59315
        State: Oper; Msgs sent/rcvd: 232/236; Downstream
        Up time: 03:05:32
        LDP discovery sources:
          FastEthernet0/0, Src IP addr: 47.47.47.4
        Addresses bound to peer LDP Ident:
          47.47.47.4      4.4.4.1         4.4.4.2  

Up to now everything looks ok. At the second phase we need to enable MP-BGP (and BGP of course for possible global IPv4 networks that our SP is responsible for) inside SP network.
BGP configuration on SP’s internal routers:

R7:

router bgp 1
 no synchronization
 bgp log-neighbor-changes
 network 7.7.7.2 mask 255.255.255.255
 neighbor 3.3.3.1 remote-as 1
 neighbor 3.3.3.1 update-source Loopback0
 neighbor 3.3.3.1 route-reflector-client
 neighbor 4.4.4.1 remote-as 1
 neighbor 4.4.4.1 update-source Loopback0
 neighbor 4.4.4.1 route-reflector-client
 neighbor 5.5.5.1 remote-as 1
 neighbor 5.5.5.1 update-source Loopback0
 neighbor 5.5.5.1 route-reflector-client
 no auto-summary

R3:

router bgp 1
 bgp log-neighbor-changes
 neighbor 7.7.7.1 remote-as 1
 neighbor 7.7.7.1 update-source Loopback0

R4:

router bgp 1
 bgp log-neighbor-changes
 neighbor 7.7.7.1 remote-as 1
 neighbor 7.7.7.1 update-source Loopback0

R5:

router bgp 1
 bgp log-neighbor-changes
 neighbor 7.7.7.1 remote-as 1
 neighbor 7.7.7.1 update-source Loopback0

And verify “global” BGP neighborship:

R7(config-router)#do show ip bgp sum | beg Neighbor
Neighbor   V    AS MsgRcvd MsgSent    Up/Down  State/PfxRcd
3.3.3.1     4     1     158     150            02:18:42        1
4.4.4.1     4     1     162     150            02:18:25        1
5.5.5.1     4     1     159     150            02:18:08        1

Now this is the time for configuring MP-BGP neighborship between PE routers (R3, R4 and R5). I’ll set the R5 as RR for VPNv4 neighborship to reduce the iBGP neighborship inside SP network. This way, the routes learned by R3 will be sent to R5 and R5 re-advertise them to R4 and vice versa. But because we don’t want to establish BGP neighborship for “global” IPv4 networks between these 3 routers, I will disabled global IPv4 network advertising between them; this will make them to publish just customer’s internal network to each other, and global routes and/or any other customer’s internal routes will not be advertised by this manner. (Because we have BGP neighborship for global IPv4 network inside SP in place and those networks are advertised by that manner).

R3:

router bgp 1
 bgp log-neighbor-changes
 neighbor 5.5.5.1 remote-as 1
 neighbor 5.5.5.1 update-source Loopback0
 neighbor 7.7.7.1 remote-as 1
 neighbor 7.7.7.1 update-source Loopback0
 !
 address-family ipv4
  network 3.3.3.2 mask 255.255.255.255
  no neighbor 5.5.5.1 activate
  neighbor 7.7.7.1 activate
 exit-address-family
 !
 address-family vpnv4
  neighbor 5.5.5.1 activate
  neighbor 5.5.5.1 send-community both
 exit-address-family
 !
 address-family ipv4 vrf A
  network 3.3.3.3 mask 255.255.255.255
  redistribute ospf 2
  exit-address-family

R4:

router bgp 1
 bgp log-neighbor-changes
 neighbor 5.5.5.1 remote-as 1
 neighbor 5.5.5.1 update-source Loopback0
 neighbor 7.7.7.1 remote-as 1
 neighbor 7.7.7.1 update-source Loopback0
 !        
 address-family ipv4
  network 4.4.4.2 mask 255.255.255.255
  no neighbor 5.5.5.1 activate
  neighbor 7.7.7.1 activate
 exit-address-family
 !
 address-family vpnv4
  neighbor 5.5.5.1 activate
  neighbor 5.5.5.1 send-community both
 exit-address-family
 !
 address-family ipv4 vrf A
  network 4.4.4.3 mask 255.255.255.255
  redistribute ospf 2
 exit-address-family

R5:

router bgp 1
 bgp log-neighbor-changes
 neighbor 3.3.3.1 remote-as 1
 neighbor 3.3.3.1 update-source Loopback0
 neighbor 4.4.4.1 remote-as 1
 neighbor 4.4.4.1 update-source Loopback0
 neighbor 7.7.7.1 remote-as 1
 neighbor 7.7.7.1 update-source Loopback0
 !
 address-family ipv4
  network 5.5.5.2 mask 255.255.255.255
  no neighbor 3.3.3.1 activate
  no neighbor 4.4.4.1 activate
  neighbor 7.7.7.1 activate
 exit-address-family
 !
 address-family vpnv4
  neighbor 3.3.3.1 activate
  neighbor 3.3.3.1 send-community both
  neighbor 3.3.3.1 route-reflector-client
  neighbor 4.4.4.1 activate
  neighbor 4.4.4.1 send-community both
  neighbor 4.4.4.1 route-reflector-client
 exit-address-family
 !
 address-family ipv4 vrf A
  redistribute ospf 2 
 exit-address-family

The next thing will be redistributing customer routes into MP-BGP and vice versa on each PE router. As you can see above, I did it with various “redistribute” commands.
At this point we should have reachability between customer sites. So let’s verify:

R1(config-router)#do show ip route vrf B 
Routing Table: B
Gateway of last resort is not set

     1.0.0.0/32 is subnetted, 1 subnets
C       1.1.1.1 is directly connected, Loopback0
     8.0.0.0/32 is subnetted, 1 subnets
C       13.13.13.0 is directly connected, FastEthernet0/0

This is strange, because we don’t have any routes inside R1’s VRF B routing table! Why? Let’s check R2’s routing table:

R2(config-if)#do show ip route
Gateway of last resort is not set

     68.0.0.0/24 is subnetted, 1 subnets
O IA    68.68.68.0 [110/12] via 24.24.24.4, 00:02:46, FastEthernet0/0
     1.0.0.0/32 is subnetted, 1 subnets
O IA    1.1.1.1 [110/3] via 24.24.24.4, 00:02:46, FastEthernet0/0
     2.0.0.0/32 is subnetted, 3 subnets
C       2.2.2.2 is directly connected, Loopback1
C       2.2.2.3 is directly connected, Loopback2
C       2.2.2.1 is directly connected, Loopback0
     6.0.0.0/32 is subnetted, 1 subnets
O IA    6.6.6.1 [110/3] via 24.24.24.4, 00:02:46, FastEthernet0/0
     8.0.0.0/32 is subnetted, 2 subnets
O IA    8.8.8.1 [110/13] via 24.24.24.4, 00:02:47, FastEthernet0/0
     24.0.0.0/24 is subnetted, 1 subnets
C       24.24.24.0 is directly connected, FastEthernet0/0
     56.0.0.0/24 is subnetted, 1 subnets
O IA    56.56.56.0 [110/2] via 24.24.24.4, 00:02:48, FastEthernet0/0
     12.0.0.0/24 is subnetted, 1 subnets
C       12.12.12.0 is directly connected, Serial1/0
     13.0.0.0/24 is subnetted, 1 subnets
O IA    13.13.13.0 [110/2] via 24.24.24.4, 00:02:48, FastEthernet0/0

You see we have almost everything inside router R2’s routing table except the external routes that were redistributed on R8. The reason for these external networks to not to appear inside R2’s routing table is relates to a BGP/OSPF rule. With regards to this rule, while redistributing OSPF routes into BGP, just internal OSPF routes will be redistributed into BGP by default. For external routes, we need another command:

R5:

Router bgp 1
 address-family ipv4 vrf A
  redistribute ospf 2 match internal external 1 external 2
  exit-address-family

After issuing this command, the external routes should appear inside customer router’s routing table.

R2(config-if)#do show ip route
Gateway of last resort is not set

     68.0.0.0/24 is subnetted, 1 subnets
O IA    68.68.68.0 [110/12] via 24.24.24.4, 00:02:46, FastEthernet0/0
     1.0.0.0/32 is subnetted, 1 subnets
O IA    1.1.1.1 [110/3] via 24.24.24.4, 00:02:46, FastEthernet0/0
     2.0.0.0/32 is subnetted, 3 subnets
C       2.2.2.2 is directly connected, Loopback1
C       2.2.2.3 is directly connected, Loopback2
C       2.2.2.1 is directly connected, Loopback0
     6.0.0.0/32 is subnetted, 1 subnets
O IA    6.6.6.1 [110/3] via 24.24.24.4, 00:02:46, FastEthernet0/0
     8.0.0.0/32 is subnetted, 2 subnets
O IA    8.8.8.1 [110/13] via 24.24.24.4, 00:02:47, FastEthernet0/0
O E2    8.8.8.2 [110/20] via 24.24.24.4, 00:01:29, FastEthernet0/0
     24.0.0.0/24 is subnetted, 1 subnets
C       24.24.24.0 is directly connected, FastEthernet0/0
     56.0.0.0/24 is subnetted, 1 subnets
O IA    56.56.56.0 [110/2] via 24.24.24.4, 00:02:48, FastEthernet0/0
     12.0.0.0/24 is subnetted, 1 subnets
C       12.12.12.0 is directly connected, Serial1/0
     13.0.0.0/24 is subnetted, 1 subnets
O IA    13.13.13.0 [110/2] via 24.24.24.4, 00:02:48, FastEthernet0/0

And for R1:

R1(config-router)#dir vrf B 
Routing Table: B
Gateway of last resort is not set

     1.0.0.0/32 is subnetted, 1 subnets
C       1.1.1.1 is directly connected, Loopback0
     8.0.0.0/32 is subnetted, 1 subnets
O E2    8.8.8.2 [110/20] via 13.13.13.3, 00:03:05, FastEthernet0/0
     13.0.0.0/24 is subnetted, 1 subnets
C       13.13.13.0 is directly connected, FastEthernet0/0

You see that we have just external OSPF routes inside routers R1’s VRF B routing table and no other OSPF routes are here. This is because of another rule of OSPF that was designed to prevent possible loops in MPLS L3VPN networks. With regard to this rule, if a router receives routes from PE router through its interface that is inside a VRF on local router, the router will ignore that routes (that is not to put them inside routing table). You can follow some tricky methods to make routers accept those routes. One of them is changing OSPF route types from “O IA” to “external”, because this check will not performed by routers against external OSPF routes. We can do this by changing “OSPF domain-id” on PE router R3. You can get the OSPF domain-id by issuing “show ip ospf” command.

R3(config-router)#do show ip ospf 2 | inc ID
 Routing Process "ospf 2" with ID 13.13.13.3
   Domain ID type 0x0005, value 0.0.0.22
R4(config)#do show ip ospf 2 | inc ID
 Routing Process "ospf 2" with ID 24.24.24.4
   Domain ID type 0x0005, value 0.0.0.2
R5(config-router)#do show ip ospf 2 | inc ID
 Routing Process "ospf 2" with ID 56.56.56.5
   Domain ID type 0x0005, value 0.0.0.2  

Let’s change OSPF domain-id on R3:

router ospf 2 vrf A
 domain-id 0.0.0.22

this will change the OSPF route type from “O IA” to “External” and finally these routes will pass the loop prevention check performed by R1 and will appear in R1’s VRF routing table:

R1(config-if)#do show ip route vrf B       
Routing Table: B
Gateway of last resort is not set

     68.0.0.0/24 is subnetted, 1 subnets
O E2    68.68.68.0 [110/11] via 13.13.13.3, 00:26:04, FastEthernet0/0
     1.0.0.0/32 is subnetted, 1 subnets
C       1.1.1.1 is directly connected, Loopback0
     2.0.0.0/32 is subnetted, 1 subnets
O       2.2.2.1 [110/4] via 13.13.13.3, 00:25:59, FastEthernet0/0
     3.0.0.0/32 is subnetted, 1 subnets
O E2    3.3.3.3 [110/1] via 13.13.13.3, 01:25:18, FastEthernet0/0
     4.0.0.0/32 is subnetted, 1 subnets
O E2    4.4.4.3 [110/1] via 13.13.13.3, 00:26:07, FastEthernet0/0
     6.0.0.0/32 is subnetted, 1 subnets
O E2    6.6.6.1 [110/2] via 13.13.13.3, 00:26:06, FastEthernet0/0
     8.0.0.0/32 is subnetted, 2 subnets
O E2    8.8.8.1 [110/12] via 13.13.13.3, 00:00:09, FastEthernet0/0
O E2    8.8.8.2 [110/20] via 13.13.13.3, 00:00:09, FastEthernet0/0
     24.0.0.0/24 is subnetted, 1 subnets
O       24.24.24.0 [110/3] via 13.13.13.3, 00:26:01, FastEthernet0/0
     56.0.0.0/24 is subnetted, 1 subnets
O E2    56.56.56.0 [110/1] via 13.13.13.3, 00:26:06, FastEthernet0/0
     12.0.0.0/24 is subnetted, 1 subnets
     13.0.0.0/24 is subnetted, 1 subnets
C       13.13.13.0 is directly connected, FastEthernet0/0

Let’s verify our reachability:

R1(config-if)#do ping vrf B 2.2.2.1 so lo0
Sending 5, 100-byte ICMP Echos to 2.2.2.1, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1 
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 148/154/156 ms
R1(config-if)#do ping vrf B 8.8.8.1 
Sending 5, 100-byte ICMP Echos to 8.8.8.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 156/184/204 ms

We did it. GREAT!

Another thing that I want to discuss as a final spot is OSPF sham link. This feature will make routers to choose optimal path, that is through SP network, to another local networks while there is some backdoor links. As I said before there is a backdoor link between R1 and R2 (through Serial 1/0) which connects these two routers to each other directly. The customer wants this link to act as a backup while there is any possible failure in SP network. So the customer expects the traffic between R1 and R2 to pass through SP network first and just if there is any problem in connecting to SP network, the slower backup link is used to maintain reachability.
So first of all we need to enable this link and activate OSPF on it and check what happens.

R1:

interface Serial1/0
 ip vrf forwarding B
 ip address 12.12.12.1 255.255.255.0
 no shut
 
R1(config-if)#do show run | sec router ospf 
router ospf 2 vrf B
 log-adjacency-changes
 network 1.1.1.1 0.0.0.0 area 0
 network 12.12.12.0 0.0.0.255 area 0
 network 13.13.13.0 0.0.0.255 area 0

R2:

interface Serial1/0
 ip address 12.12.12.2 255.255.255.0
 ip ospf 2 area 0
 no shut

Let’s take a look at routing tables on R1 and R2:

R1(config-if)#do show ip route vrf B

     68.0.0.0/24 is subnetted, 1 subnets
O E2    68.68.68.0 [110/11] via 13.13.13.3, 00:01:22, FastEthernet0/0
     1.0.0.0/32 is subnetted, 1 subnets
C       1.1.1.1 is directly connected, Loopback0
     2.0.0.0/32 is subnetted, 1 subnets
O       2.2.2.1 [110/1001] via 12.12.12.2, 00:00:30, Serial1/0
     3.0.0.0/32 is subnetted, 1 subnets
O E2    3.3.3.3 [110/1] via 13.13.13.3, 02:07:22, FastEthernet0/0
     4.0.0.0/32 is subnetted, 1 subnets
O E2    4.4.4.3 [110/1] via 13.13.13.3, 00:01:14, FastEthernet0/0
     6.0.0.0/32 is subnetted, 1 subnets
O E2    6.6.6.1 [110/2] via 13.13.13.3, 00:01:24, FastEthernet0/0
     8.0.0.0/32 is subnetted, 2 subnets
O E2    8.8.8.1 [110/12] via 13.13.13.3, 00:01:24, FastEthernet0/0
O E2    8.8.8.2 [110/20] via 13.13.13.3, 00:01:24, FastEthernet0/0
     24.0.0.0/24 is subnetted, 1 subnets
O       24.24.24.0 [110/1001] via 12.12.12.2, 00:00:32, Serial1/0
     56.0.0.0/24 is subnetted, 1 subnets
O E2    56.56.56.0 [110/1] via 13.13.13.3, 00:01:24, FastEthernet0/0
     12.0.0.0/24 is subnetted, 1 subnets
C       12.12.12.0 is directly connected, Serial1/0
     13.0.0.0/24 is subnetted, 1 subnets
C       13.13.13.0 is directly connected, FastEthernet0/0
R2(config-if)#do show ip route ospf
     68.0.0.0/24 is subnetted, 1 subnets
O IA    68.68.68.0 [110/12] via 24.24.24.4, 00:30:01, FastEthernet0/0
     1.0.0.0/32 is subnetted, 1 subnets
O       1.1.1.1 [110/1001] via 12.12.12.1, 00:01:52, Serial1/0
     3.0.0.0/32 is subnetted, 1 subnets
O E2    3.3.3.3 [110/1] via 24.24.24.4, 00:02:45, FastEthernet0/0
     4.0.0.0/32 is subnetted, 1 subnets
O E2    4.4.4.3 [110/1] via 24.24.24.4, 02:09:00, FastEthernet0/0
     6.0.0.0/32 is subnetted, 1 subnets
O IA    6.6.6.1 [110/3] via 24.24.24.4, 00:30:01, FastEthernet0/0
     8.0.0.0/32 is subnetted, 2 subnets
O IA    8.8.8.1 [110/13] via 24.24.24.4, 00:30:01, FastEthernet0/0
O E2    8.8.8.2 [110/20] via 24.24.24.4, 00:30:01, FastEthernet0/0
     56.0.0.0/24 is subnetted, 1 subnets
O IA    56.56.56.0 [110/2] via 24.24.24.4, 00:30:01, FastEthernet0/0
     13.0.0.0/24 is subnetted, 1 subnets
O       13.13.13.0 [110/1001] via 12.12.12.1, 00:01:52, Serial1/0

You might notice that R1 and R2 now prefer the serial 1/0 direct link between them to reach each other internal networks which is undesirable. The reason for this is that routers prefer internal OSPF routes over “O IA” and “O E” routes. OSPF Sham link is a mechanism that solves this issue. Actually OSPF sham link is a virtual link that is established between two PE routers and seems to be inside the customer’s local network. As a result, the CE routers (like R1 and R2) will see the routes coming from PE routers as “O” routes and refer to OSPF cost as a tie breaker to select optimal path. If you need to understand OSPF Sham links, please refer to Cisco website and/or other freely available topics everywhere. What I want to show you is a configuration part of Sham link that is something like this:

R3:

interface Loopback2
 ip vrf forwarding A
 ip address 3.3.3.3 255.255.255.255
!
router bgp 1
 address-family ipv4 vrf A
  network 3.3.3.3 mask 255.255.255.255
!
router ospf 2 vrf A
 domain-id 0.0.0.22
 area 0 sham-link 3.3.3.3 4.4.4.3 cost 1

R4:

interface Loopback2
 ip vrf forwarding A
 ip address 4.4.4.3 255.255.255.255
!
router ospf 2 vrf A
 area 0 sham-link 4.4.4.3 3.3.3.3 cost 1
!
router bgp 1
 address-family ipv4 vrf A
  network 4.4.4.3 mask 255.255.255.255

And increasing the OSPF cost on Serial 1/0 on R1 and R2 to make these routers to pick lower cost newly created OSPF “internal” path through SP network, by the help of OSPF Sham link.

R1:

interface Serial1/0
 ip vrf forwarding B
 ip address 12.12.12.1 255.255.255.0
 ip ospf cost 1000

R2:

interface Serial1/0
 ip address 12.12.12.2 255.255.255.0
 ip ospf cost 1000
 ip ospf 2 area 0

And final verification:

R1:

R1(config-if)#do show ip route vrf B ospf

Routing Table: B

     68.0.0.0/24 is subnetted, 1 subnets
O E2    68.68.68.0 [110/11] via 13.13.13.3, 00:15:00, FastEthernet0/0
     2.0.0.0/32 is subnetted, 1 subnets
O       2.2.2.1 [110/4] via 13.13.13.3, 00:04:37, FastEthernet0/0
     3.0.0.0/32 is subnetted, 1 subnets
O E2    3.3.3.3 [110/1] via 13.13.13.3, 02:21:00, FastEthernet0/0
     4.0.0.0/32 is subnetted, 1 subnets
O E2    4.4.4.3 [110/1] via 13.13.13.3, 00:05:16, FastEthernet0/0
     6.0.0.0/32 is subnetted, 1 subnets
O E2    6.6.6.1 [110/2] via 13.13.13.3, 00:15:00, FastEthernet0/0
     8.0.0.0/32 is subnetted, 2 subnets
O E2    8.8.8.1 [110/12] via 13.13.13.3, 00:15:00, FastEthernet0/0
O E2    8.8.8.2 [110/20] via 13.13.13.3, 00:15:00, FastEthernet0/0
     24.0.0.0/24 is subnetted, 1 subnets
O       24.24.24.0 [110/3] via 13.13.13.3, 00:04:37, FastEthernet0/0
     56.0.0.0/24 is subnetted, 1 subnets
O E2    56.56.56.0 [110/1] via 13.13.13.3, 00:15:00, FastEthernet0/0

R2:

R2(config-if)#do show ip route ospf
     68.0.0.0/24 is subnetted, 1 subnets
O IA    68.68.68.0 [110/12] via 24.24.24.4, 00:05:40, FastEthernet0/0
     1.0.0.0/32 is subnetted, 1 subnets
O       1.1.1.1 [110/4] via 24.24.24.4, 00:05:00, FastEthernet0/0
     3.0.0.0/32 is subnetted, 1 subnets
O E2    3.3.3.3 [110/1] via 24.24.24.4, 00:05:40, FastEthernet0/0
     4.0.0.0/32 is subnetted, 1 subnets
O E2    4.4.4.3 [110/1] via 24.24.24.4, 02:21:39, FastEthernet0/0
     6.0.0.0/32 is subnetted, 1 subnets
O IA    6.6.6.1 [110/3] via 24.24.24.4, 00:05:40, FastEthernet0/0
     8.0.0.0/32 is subnetted, 2 subnets
O IA    8.8.8.1 [110/13] via 24.24.24.4, 00:05:40, FastEthernet0/0
O E2    8.8.8.2 [110/20] via 24.24.24.4, 00:05:40, FastEthernet0/0
     56.0.0.0/24 is subnetted, 1 subnets
O IA    56.56.56.0 [110/2] via 24.24.24.4, 00:05:40, FastEthernet0/0
     13.0.0.0/24 is subnetted, 1 subnets
O       13.13.13.0 [110/3] via 24.24.24.4, 00:05:00, FastEthernet0/0

Again on R1:

R1(config-if)#do trace vrf B 2.2.2.1 ttl 0 4
Tracing the route to 2.2.2.1

  0 13.13.13.3 96 msec 120 msec 112 msec
  1 13.13.13.3 92 msec 84 msec 68 msec
  2 37.37.37.7 [MPLS: Labels 16/21 Exp 0] 176 msec 156 msec 152 msec
  3 24.24.24.4 [MPLS: Label 21 Exp 0] 144 msec 172 msec 144 msec
  4 24.24.24.2 152 msec 188 msec 124 msec

Great! We did what were expected to be done.

Leave a Comment

Your email address will not be published. Required fields are marked *

* Copy This Password *

* Type Or Paste Password Here *

2,028 Spam Comments Blocked so far by Spam Free Wordpress

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>