PE-CE Dual-Home OSPF Design question

Answered Question
Oct 4th, 2009

Hey guys,

I have an MPLS VPN design question. Here's the network diagram - http://img53.imageshack.us/img53/1920/mplsvpn.jpg.

My question is: Is there any way for CE-1 router to be able to reach the 10.0.0.0/24 network if for example the links B and D (or A and E) go down at the same time without using static routing? The problem is that OSPF has a loop prevention mechanism (Down Bit and Domain Tag) that doesn't allow the prefixes that were learned from one PE and redistributed into the OSPF domain to be installed in the routing table of another PE in the same OSPF domain although they are present in the OSPF database. What are best practices for such a topology? Thanks.

I have this problem too.
0 votes
Correct Answer by Peter Paluch about 7 years 2 months ago

Hello Saiven,

A good question! Notice that you are trying to run the customer's IGP protocol (the OSPF) between provider's edge routers. However, this is not the way it is usually done. All your PE routers run their own IGP protocol (the provider's IGP) and have a BGP peering with a route reflector. Even if B/D or A/E links go down, these BGP peerings should stay up and it is up to the provider's IGP protocol to resolve the reachability issues between the PE routers. In your particular case, if, say, A/E links go down, the provider's IGP protocol will make sure that the PE-2 can reach the P and networks behind it through the link C (note that the provider's IGP protocol runs over the link C but not in the VRF Cust). Also note that the VRF Cust does not change, only the global routing table changes with respect how to reach the PE-1.

So you do not need to run any static routing in this topology. The BGP sessions will stay up and the individual VRFs will remain stable.

There are ways to disable the special checks in the OSPF to also accept and process the LSAs with the Down bit set, however, it is not really needed here.

If there is anything unclear you are welcome to ask further.

Best regards,

Peter

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
Loading.
shivlu jain Sun, 10/04/2009 - 22:11

In case of multi homed scenarios, the sites might receive the MPLS VPN routes from One PE router and send back to another PE router because CE routes are always preferred over MP-iBGP routes because of its AD number.

But in your scenario, lets assume A or E link is down, In that case the advertisements will be forwarded by PE-2 to RR and RR will forwards to its respective clients. Once it's done PE3 knows that the update is coming via PE-1.

regards

shivlu jain

http://shivlu.blogspot.com

Correct Answer
Peter Paluch Sun, 10/04/2009 - 22:13

Hello Saiven,

A good question! Notice that you are trying to run the customer's IGP protocol (the OSPF) between provider's edge routers. However, this is not the way it is usually done. All your PE routers run their own IGP protocol (the provider's IGP) and have a BGP peering with a route reflector. Even if B/D or A/E links go down, these BGP peerings should stay up and it is up to the provider's IGP protocol to resolve the reachability issues between the PE routers. In your particular case, if, say, A/E links go down, the provider's IGP protocol will make sure that the PE-2 can reach the P and networks behind it through the link C (note that the provider's IGP protocol runs over the link C but not in the VRF Cust). Also note that the VRF Cust does not change, only the global routing table changes with respect how to reach the PE-1.

So you do not need to run any static routing in this topology. The BGP sessions will stay up and the individual VRFs will remain stable.

There are ways to disable the special checks in the OSPF to also accept and process the LSAs with the Down bit set, however, it is not really needed here.

If there is anything unclear you are welcome to ask further.

Best regards,

Peter

saiiven07 Mon, 10/05/2009 - 08:51

Hi Peter and shivlu.

I'd like to thank you both for taking your time to post your responses to my question.

Peter, I absolutely agree with you. After thinking about this for a while, I've come to the same conclusion that the simplest way to deal with this problem is to start running some IGP protocol (OSPF in my case) between PE-2 and PE-3 in the global routing table. I decided against using the "capability vrf-lite" command to disable the PE-OSPF checks because it can create a possible routing loop, which is the last thing I want to create. Peter, thank you one more time for such a detailed explanation, I really appreciate it.

Actions

This Discussion