cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2319
Views
0
Helpful
4
Replies

Problem with OSPF in PE-CE

drojasug33
Level 1
Level 1

Hello,

Im trying to setup a simple one PE two CE, mpls vpn network. Im using an example from a document called Configuring MPLS Layer 3 VPN. The problem is that the example provided is for one CE, I'm having trouble when adding the second CE. My problem is that the route to the other CE wont show up. So I cant make ping from one CE to the other. I think the problem is in the ospf configuration. I've tried using different ospf proccess id and area, but the route wont show up. First I tried just changing ospf process, then I tried changing the area. Neither of both worked. Im providing my last configuration files. Thanks in advance for your help.

PE
---------
ip vrf vpn1

rd 100:1

route-target export 100:1

route-target import 100:1

!
ip vrf vpn2

rd 100:1

route-target export 100:1

route-target import 100:1

!

ip cef

mpls ldp router-id Loopback0 force

mpls label protocol ldp

!

interface Loopback0

ip address 10.0.0.1 255.255.255.255

!

interface f0/0

ip vrf forwarding vpn1

ip address 34.0.0.2 255.0.0.0

no cdp enable
no shu

!
interface f1/0

ip vrf forwarding vpn2

ip address 30.0.0.2 255.0.0.0

no cdp enable
no shu

!

router ospf 1000 vrf vpn1

log-adjacency-changes

redistribute bgp 100 metric-type 1 subnets

network 10.0.0.13 0.0.0.0 area 10000

network 34.0.0.0 0.255.255.255 area 10000

!
router ospf 1001 vrf vpn2

log-adjacency-changes

redistribute bgp 100 metric-type 1 subnets

network 10.0.0.13 0.0.0.0 area 10001

network 34.0.0.0 0.255.255.255 area 10001

!

router bgp 100

no synchronization

bgp log-neighbor changes

neighbor 10.0.0.3 remote-as 100

neighbor 10.0.0.3 update-source Loopback0

no auto-summary

!      

address-family vpnv4

neighbor 10.0.0.3 activate

neighbor 10.0.0.3 send-community extended

bgp scan-time import 5

exit-address-family

!      

address-family ipv4 vrf vpn1

redistribute connected

redistribute ospf 1000 match internal external 1 external 2

no auto-summary

no synchronization

exit-address-family

!

address-family ipv4 vrf vpn2

redistribute connected

redistribute ospf 1001 match internal external 1 external 2

no auto-summary

no synchronization

exit-address-family

end

CE1
----------------

ip cef

mpls ldp router-id Loopback0 force

mpls label protocol ldp

!

interface Loopback0

ip address 10.0.0.9 255.255.255.255

!

interface f0/0

ip address 34.0.0.1 255.0.0.0

no cdp enable

no shu

!

router ospf 1000

log-adjacency-changes

auto-cost reference-bandwidth 1000

redistribute connected subnets

network 34.0.0.0 0.255.255.255 area 1000

network 10.0.0.0 0.0.0.0 area 1000

end


CE2
-------------------
ip cef

mpls ldp router-id Loopback0 force

mpls label protocol ldp

!

interface Loopback0

ip address 10.0.0.8 255.255.255.255

!

interface f0/0

ip address 30.0.0.1 255.0.0.0

no cdp enable

no shu

!

router ospf 1001

log-adjacency-changes

auto-cost reference-bandwidth 1000

redistribute connected subnets

network 30.0.0.0 0.255.255.255 area 1001

network 10.0.0.0 0.0.0.0 area 1001

end

1 Accepted Solution

Accepted Solutions

Olivier ARRIGHI
Level 1
Level 1

Hi

you might want to use different rd per vrf : rd 100:1 for vpn1 et rd 100:2 for vpn2, while keeping the route targets as they currently are.

Also,check you network command in ospf for vpn2 : it shoud be network 30.0.0.0 0.255.255.255 area 10001.

what is this 10.0.0.13 network that is announced in both ospf for vpn1 and vpn2?

And the areas between CEs and PE do not match : area 10000 for 34/8 on PE and area 1000 for 34/8 on CE. Same issue for CE2

On the CEs the entry network 10.0.0.0 0.0.0.0 area 1000 means nothing as this interface does not exist : should be network 10.0.0.9 0.0.0.0 area 1000 if you want to inject the loopback in OSPF. same issue on CE2

See u

View solution in original post

4 Replies 4

Olivier ARRIGHI
Level 1
Level 1

Hi

you might want to use different rd per vrf : rd 100:1 for vpn1 et rd 100:2 for vpn2, while keeping the route targets as they currently are.

Also,check you network command in ospf for vpn2 : it shoud be network 30.0.0.0 0.255.255.255 area 10001.

what is this 10.0.0.13 network that is announced in both ospf for vpn1 and vpn2?

And the areas between CEs and PE do not match : area 10000 for 34/8 on PE and area 1000 for 34/8 on CE. Same issue for CE2

On the CEs the entry network 10.0.0.0 0.0.0.0 area 1000 means nothing as this interface does not exist : should be network 10.0.0.9 0.0.0.0 area 1000 if you want to inject the loopback in OSPF. same issue on CE2

See u

Not sure..

might be because of ORF..

try playing around with SOO and ORF...

mile.ljepojevic
Level 1
Level 1

I would suggest you to change RD... RD are usualy different for different VRFs, leave RT as they are, and we can continue troubleshooting from there...

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Drojasug33,

RD cannot be equal in two different VRFs defined on same PE node, the real router doesn't accept it so you have to use two different RDs

see my test on a real IOS device:

router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
router(config)#ip vrf prova1
router(config-vrf)#rd 8234:10
router(config-vrf)#route
router(config-vrf)#route-target both 8234:10
router(config-vrf)#
router(config-vrf)#exit
routerconfig)#ip vrf prova2
router(config-vrf)#rd 8234:10
% "rd" 8234:10 already in use by VRF prova1
router(config-vrf)#

or you have mistyped the configuration or you are using an emulation software that didn't advise you of this.

Hope to help

Giuseppe

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: