cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1962
Views
5
Helpful
33
Replies

Redistribution (BGP and OSPF)

mailaglady2
Level 1
Level 1

Hi I am trying to setup vrf's but I need to get my network to function properly first, so I have 4 routers and I am running bgp between R2&R3, OSPF between R1&R2 and R3&R4. Router R3 and R4 can ping all the routers on my network but R4 and R1 can only ping their directly connected routers. I have redistributed OSPF into BGP and vice versa on R4&R3 as below.

R1--R2--R3--R4

R2

router ospf 1

log-adjacency-changes

redistribute bgp 100 metric 2 subnets

network 4.4.4.4 0.0.0.0 area 0

network 165.148.122.0 0.0.0.255 area 0

!

router bgp 100

no synchronization

bgp log-neighbor-changes

network 4.4.4.4 mask 255.255.255.255

network 165.148.120.0 mask 255.255.255.252

redistribute ospf 1 metric 2

neighbor 165.148.120.1 remote-as 100

no auto-summary

!

R3

router ospf 1

log-adjacency-changes

redistribute bgp 100 metric 2 subnets

network 1.1.1.1 0.0.0.0 area 0

network 165.148.121.0 0.0.0.3 area 0

!

router bgp 100

no synchronization

bgp log-neighbor-changes

network 1.1.1.1 mask 255.255.255.255

network 165.148.120.0 mask 255.255.255.252

redistribute ospf 1 metric 2

neighbor 165.148.120.2 remote-as 100

no auto-summary

!

What must I do for router 1&4 to be able to ping all other routers. Is it good practice for me to advertise all other networks in OSPF for router R2&R3?

33 Replies 33

now I can configure address-families, my other problem is I have configured bgp on my ce routers(R1&R4). and R1 neighbor is R4 on BGP and vice versa. vpnv4 is configured between the two PE router's(R2&R3).

Do I need to configure adress-families between R1&R2 and between R3&R4? is there another simple understandable method of creating multiple vpn

Lawrence,

You do not need to configure a BGP session between R1 and R4. You rather need to run a BGP session between R1 and R2 and another one between R3 and R4. These session would be in the VRF context (address-family ipv4 vrf xxx).

Regards

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

You need to advertise routes to the PE routers from both R1 and R4. You can choose any routing protool like ospf/ eigrp or BGP.

Best option would be to use BGP between the CE and the PE.

If you have followed the configurations i have posted then you can create multiple VPNs over the MPLS.. All you need to do is to create multiple VRFs in the PE routers and have subinterfaces towards the CE routers (each subinterface being part of a different vrf)

Narayan

on the configs that you sent didn't you forget the neighbor statements on the PE's pointing towards the ce's?

there is communication between the PE and CE, I thought they will see each other from the address-family config that is on the PE's where the neighbor is specified.

right now only the PE's can see each other.

I am not sure whether u r using the same configs as i supplied

These are BGP configs between CE and PE

CE - R0

router bgp 2

no synchronization

bgp log-neighbor-changes

network 100.100.100.0 mask 255.255.255.0

redistribute connected

neighbor 172.16.100.1 remote-as 1

no auto-summary

PE1 - R1

address-family ipv4 vrf abc

redistribute connected

neighbor 172.16.100.2 remote-as 2

neighbor 172.16.100.2 activate

neighbor 172.16.100.2 as-override

no auto-summary

no synchronization

exit-address-family

HTH

Narayan

on the PE1 under the router bgp 1, shouldn't there be a neighbor statement?

e.g

router bgp 1

neighbor 172.16.100.2 remote-as 2

Nope... it will have only the BGP session to the PE

The CE-PE BGP sessions shud be under the address-family

Narayan

i used all your configs besides the ip addressing..

PE1

!

ip vrf VPN1:Mpho

rd 2:101

route-target export 2:101

route-target import 2:101

!

!

interface ATM1/0.100 point-to-point

ip address 165.148.122.2 255.255.255.252

ip ospf network broadcast

no atm enable-ilmi-trap

pvc 1/100

encapsulation aal5snap

!

!

interface ATM1/0.200 point-to-point

ip vrf forwarding VPN1:Mpho

ip address 10.0.0.2 255.255.255.252

no atm enable-ilmi-trap

pvc 1/200

encapsulation aal5snap

!

!

router ospf 1

log-adjacency-changes

network 4.4.4.4 0.0.0.0 area 0

network 165.148.120.0 0.0.0.3 area 0

network 165.148.122.0 0.0.0.3 area 0

!

router bgp 200

no synchronization

bgp log-neighbor-changes

network 4.4.4.4 mask 255.255.255.255

redistribute connected

neighbor 1.1.1.1 remote-as 200

neighbor 1.1.1.1 update-source Loopback0

no auto-summary

!

address-family vpnv4

neighbor 1.1.1.1 activate

neighbor 1.1.1.1 send-community both

exit-address-family

!

!

address-family ipv4 vrf VPN1:Mpho

no auto-summary

no synchronization

exit-address-family

!

CE1

ip vrf VPN1:Mpho:Aggr

rd 2:2002

route-target export 2:2002

route-target import 2:2002

!

!

interface ATM3/0.100 point-to-point

ip address 165.148.122.1 255.255.255.252

ip ospf network broadcast

pvc 1/100

encapsulation aal5snap

!

!

interface ATM3/0.200 point-to-point

ip vrf forwarding VPN1:Mpho:Aggr

ip address 10.0.0.1 255.255.255.252

pvc 1/200

encapsulation aal5snap

!

!

!

router ospf 1

log-adjacency-changes

network 2.2.2.2 0.0.0.0 area 0

network 165.148.122.0 0.0.0.3 area 0

!

router bgp 100

no synchronization

bgp log-neighbor-changes

network 2.2.2.2 mask 255.255.255.255

redistribute connected

neighbor 165.148.122.2 remote-as 200

no auto-summary

!

Hello Lawrence,

just a moment

for the Ce router the BGP session needs to be in the global routing unless it is a multi VRF CE

if it is a multi VRF CE the neighbor sessions have to be configured on both devices under address-family ipv4 vrf-name

what decides what to here is the table where the link between the two stay:

VPN1:Mpho on Pe side

VPN1:Mpho:Aggr on CE side

the neighbor are 10.0.0.2 for PE and 10.0.0.1 on the CE side

Hope to help

Giuseppe

right now I only need to get a single vrf up and running so at this stage it's not a multi vrf. I am going to take an hour nap, I will be back in an hour..

I have removed the other sub interface with that 10.x.x.x ip. I only left the sub-int with 165. ip add. my worry is i think I have done everything correctly but just when I apply the ip vrf on that sub-inter, she dont like it and she drops. both ce's.

I still can't get it right.. I tried all the methods but I truly don't know what is it that I am doing wrong...

I need to know this if they say "if BGP is the routing protocol" and "if bgp is not the routing protocol" how do you differentiate between the two in my case?

if you need to refer here is the url where I got this statements.. http://www.cisco.com/en/US/docs/ios/12_2sb/feature/guide/vrflitsb.html

Hello Lawrence,

with multi VRF CE you use a dedicated link in VRF between the multi VRF CE and the PE.

A multi VRF CE has a subset of PE features and functionalities: actually it allows to define VRFs to associate interfaces to different VRFs and to run routing protocols in the VRF -aware version.

With a dedicated link a VRF defined on the PE is put in communication with a VRF defined on the CE and VRF segregation is extended to a shared CE (shared by different customers)

What is the protocol you are going to use on the link PE-CE ?

if it is BGP you need to follow the EBGP PE-CE model on both sides:

actually the CE will be a neighbor in VRF PE_VRF

router bgp 100

address-family ipv4 vrf PE_VRF

neigh 165.1.1.2 remote-as 65000

neigh 165.1.1.2 activate

neigh 165.1.1.2 send-community

red conn

red static

the link must be associated to VRF PE_VRF on the PE

int atm x/y/z.m

ip vrf forwarding PE_VRF

ip address 165.1.1.1 255.255.255.252

on the CE as a mirror the PE is seen as a CE:

ip vrf CE_VRF

rd 65000:100

int atm x/y/z.m

ip vrf forward CE_VRF

ip address 165.1.1.2 255.255.255.252

router bgp 65000

address-family ipv4 vrf CE_VRF

red conn

red static

neigh 165.1.1.1 remote-as 100

neigh 165.1.1.1 activate

neigh 165.1.1.1 send-community

I would suggest you to start from a normal CE without any VRF defined on it and then you can move to this

As a third step you can try to use OSPF as the PE-CE protocol in multi-VRF context but this comes later

clean up all the config from ospf commands and other options

Very important note:

when you associate an interface to a VRF its ip address is removed and you need to retype it, even if you want to keep the same address it had in global routing table

Hope to help

Giuseppe

I want a ce to be a customer at this stage, then I will run multi vrf at a later stage no vrf configuration on the ce at this stage. I will attach my configs on one side meaning from PE to CE on one end. Please see if you can spot any mistake or problem. the ip address 1.1.1.1 is for R3(PE)

The only problem is once I configure IP vrf forwading on the interface towards the ce(ATM1/0.100) the bgp drops on that link and the ce is not pingable until I remove that command.

R2(PE)

!

interface Loopback0

ip address 4.4.4.4 255.255.255.255

!

interface ATM1/0.100 point-to-point

ip address 165.148.122.2 255.255.255.252

no atm enable-ilmi-trap

mpls bgp forwarding

pvc 1/100

encapsulation aal5snap

!

!

interface ATM3/0.100 point-to-point

ip address 165.148.120.2 255.255.255.252

no atm enable-ilmi-trap

mpls label protocol ldp

mpls ip

pvc 1/100

encapsulation aal5snap

!

!

router ospf 1

log-adjacency-changes

network 4.4.4.4 0.0.0.0 area 0

network 165.148.120.0 0.0.0.3 area 0

!

router bgp 1000

no bgp default ipv4-unicast

bgp log-neighbor-changes

neighbor 1.1.1.1 remote-as 1000

neighbor 1.1.1.1 update-source Loopback0

neighbor 165.148.122.1 remote-as 6500

!

address-family ipv4

redistribute ospf 1

neighbor 1.1.1.1 activate

neighbor 165.148.122.1 activate

no auto-summary

no synchronization

network 4.4.4.4 mask 255.255.255.255

exit-address-family

!

address-family vpnv4

neighbor 1.1.1.1 activate

neighbor 1.1.1.1 send-community extended

exit-address-family

!

address-family ipv4 vrf VPN1:Mpho

redistribute connected

neighbor 165.148.122.1 remote-as 6500

neighbor 165.148.122.1 activate

neighbor 165.148.122.1 send-community

no auto-summary

no synchronization

exit-address-family

!

R1(CE)

interface Loopback0

ip address 2.2.2.2 255.255.255.255

!

interface ATM3/0.100 point-to-point

ip address 165.148.122.1 255.255.255.252

pvc 1/100

encapsulation aal5snap

!

router bgp 6500

no synchronization

bgp log-neighbor-changes

network 2.2.2.2 mask 255.255.255.255

redistribute connected

neighbor 165.148.122.2 remote-as 1000

no auto-summary

!

Lawrence,

You don't need "mpls bgp forwarding" on ATM1/0.100 but you absolutely need the "ip vrf forwarding " command. The BGP session that is going down when you enter the "ip vrf forwarding" on the sub-interface is the BGP ipv4 session. This session should be removed.

router bgp 1000

address-family ipv4

no neighbor 165.148.122.1 activate

If you want to see the bgp session to the PE, do a "show ip bgp v a summ".

You say that the PE is not pingable, did you try ping vrf 165.148.122.1?

Regards

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

no the CE is not pingable., and remember there is no vrf configured on the CE...

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: