14.7 PE-CE Routing with OSPF


I'm stuck on 14.7 PE-CE routing with OSPF. The tasks is fine and all my verifications are what they should be until the very end where you verify end-to-end connectivity. I cannot get my traceroute/ping to work. The task ask us to create a Loopback on SW2 with IP of 172.16.8.8/24 and make sure R6 only sees a /16 summary. We use the same OSPF process ID at R5 and R6 but ensure SW1 and SW2 can reach each other. We are using OSPF as PE-CE for VPN_A sites. I setup the OSPF on R% and R6 with my bgp redistribuition. I set different domain-ids on R5 and R6. OSPF is setup on SW1 and SW2. My verification:

R5 and R6 are connected to the Superbackbone:

Rack1R6#sho ip ospf 100

 Routing Process "ospf 100" with ID 155.1.67.6

   Domain ID type 0x0005, value 0.0.0.6

 Start time: 00:00:07.444, Time elapsed: 1d00h

 Supports only single TOS(TOS0) routes

 Supports opaque LSA

 Supports Link-local Signaling (LLS)

 Supports area transit capability

 Connected to MPLS VPN Superbackbone, VRF VPN_A

 It is an area border and autonomous system boundary router

 Redistributing External Routes from,

    bgp 100, includes subnets in redistribution

 Router is not originating router-LSAs with maximum metric

 Initial SPF schedule delay 5000 msecs

 Minimum hold time between two consecutive SPFs 10000 msecs

 Maximum wait time between two consecutive SPFs 10000 msecs

 Incremental-SPF disabled

 Minimum LSA interval 5 secs

 Minimum LSA arrival 1000 msecs

 LSA group pacing timer 240 secs

 Interface flood pacing timer 33 msecs

 Retransmission pacing timer 66 msecs

 Number of external LSA 5. Checksum Sum 0x013766

 Number of opaque AS LSA 0. Checksum Sum 0x000000

 Number of DCbitless external and opaque AS LSA 0

 Number of DoNotAge external and opaque AS LSA 0

 Number of areas in this router is 1. 1 normal 0 stub 0 nssa

 Number of areas transit capable is 0

 External flood list length 0

 IETF NSF helper support enabled

 Cisco NSF helper support enabled

    Area 1

        Number of interfaces in this area is 1

        Area has no authentication

        SPF algorithm last executed 1d00h ago

        SPF algorithm executed 3 times

        Area ranges are

        Number of LSA 3. Checksum Sum 0x01CEFA

        Number of opaque link LSA 0. Checksum Sum 0x000000

        Number of DCbitless LSA 0

        Number of indication LSA 0

        Number of DoNotAge LSA 0

        Flood list length 0

 

Rack1R5#sh ip ospf 100

 Routing Process "ospf 100" with ID 172.16.5.5

   Domain ID type 0x0005, value 0.0.0.5

 Start time: 00:00:06.668, Time elapsed: 1d00h

 Supports only single TOS(TOS0) routes

 Supports opaque LSA

 Supports Link-local Signaling (LLS)

 Supports area transit capability

 Connected to MPLS VPN Superbackbone, VRF VPN_A

 It is an area border and autonomous system boundary router

 Redistributing External Routes from,

    bgp 100, includes subnets in redistribution

 Router is not originating router-LSAs with maximum metric

 Initial SPF schedule delay 5000 msecs

 Minimum hold time between two consecutive SPFs 10000 msecs

 Maximum wait time between two consecutive SPFs 10000 msecs

 Incremental-SPF disabled

 Minimum LSA interval 5 secs

 Minimum LSA arrival 1000 msecs

 LSA group pacing timer 240 secs

 Interface flood pacing timer 33 msecs

 Retransmission pacing timer 66 msecs

 Number of external LSA 4. Checksum Sum 0x013752

 Number of opaque AS LSA 0. Checksum Sum 0x000000

 Number of DCbitless external and opaque AS LSA 0

 Number of DoNotAge external and opaque AS LSA 0

 Number of areas in this router is 1. 1 normal 0 stub 0 nssa

 Number of areas transit capable is 0

 External flood list length 0

 IETF NSF helper support enabled

 Cisco NSF helper support enabled

    Area 1

        Number of interfaces in this area is 2 (1 loopback)

        Area has no authentication

        SPF algorithm last executed 1d00h ago

        SPF algorithm executed 3 times

        Area ranges are

        Number of LSA 3. Checksum Sum 0x0140CA

        Number of opaque link LSA 0. Checksum Sum 0x000000

        Number of DCbitless LSA 0

        Number of indication LSA 0

        Number of DoNotAge LSA 0

        Flood list length 0

SW1 is showing the /16 summary route to R6

Rack1SW1#sh ip route vrf VPN_A 172.16.8.8

Routing entry for 172.16.0.0/16

  Known via "ospf 1", distance 110, metric 2, type extern 2, forward metric 1

  Last update from 155.1.67.6 on Vlan67, 00:26:01 ago

  Routing Descriptor Blocks:

  * 155.1.67.6, from 155.1.67.6, 00:26:01 ago, via Vlan67

      Route metric is 2, traffic share count is 1

 

R6 sees the BGP /32 route.

 

Rack1R6#sh ip route vrf VPN_A 172.16.8.8

Routing entry for 172.16.8.8/32

  Known via "bgp 100", distance 200, metric 2, type internal

  Redistributing via ospf 100

  Last update from 150.1.5.5 23:12:26 ago

  Routing Descriptor Blocks:

  * 150.1.5.5 (Default-IP-Routing-Table), from 150.1.4.4, 23:12:26 ago

      Route metric is 2, traffic share count is 1

      AS Hops 0

 

R6 cef table shows the MPLS label 16 and VPN label 23 and the newxt hop of 155.1.146.4 and that tags originate from R5 (150.1.5.5)

 

Rack1R6#sh ip cef vrf VPN_A 172.16.8.8

172.16.8.8/32, version 24, epoch 0, cached adjacency 155.1.146.4

0 packets, 0 bytes

  tag information set

    local tag: VPN-route-head

    fast tag rewrite with Fa0/0.146, 155.1.146.4, tags imposed: {16 23}

  via 150.1.5.5, 0 dependencies, recursive

    next hop 155.1.146.4, FastEthernet0/0.146 via 150.1.5.5/32

    valid cached adjacency

    tag rewrite with Fa0/0.146, 155.1.146.4, tags imposed: {16 23}

 

R4s MPLS forwarding table shows the following for label 16

 

Rack1R4#sho mpls forwarding-table 150.1.5.5

Local  Outgoing    Prefix            Bytes tag  Outgoing   Next Hop

tag    tag or VC   or Tunnel Id      switched   interface

16     Untagged    150.1.5.5/32      0          Se0/1      point2point

       Untagged    150.1.5.5/32      0          Se0/0.1    point2point

 

This is where I get stuck. Packet captures and debug mpls packet show ICMP packets entering Fa0/1 on R4 but never leaving. Since the Outgoing tag for this shows Untagged does the router process the outgoing packet as routed?

 

MPLS debug:

Rack1R4#debug mpls packets

MPLS packet debugging is on

Rack1R4#

*Mar  1 00:38:36.359: MPLS: Fa0/1: recvd: CoS=0, TTL=254, Label(s)=16/23

Rack1R4#

 

Something between R4 and R5 isn't working but I can't see what it is.

Comments

  • The untagged entry in the forwardwing table is the problem.  It indicates that no lable will be forwarded. Is the OSPF  route to far end PE loopback a /32.  You may need to use the  ip ospf network point-to-point command. 

  • Just found this. Does fit your configuration.


  • That does look like what I am running into. I set my 172.16.8.8/24 Loopback on SW2 to ip ospf network point-to-point. I see the /24 OSPF route of R5 and I see the vpnv4 BGP route.

     

    Rack1SW2#sho ip ospf int lo101

    Loopback101 is up, line protocol is up

      Internet Address 172.16.8.8/24, Area 1

      Process ID 1, Router ID 172.16.8.8, Network Type POINT_TO_POINT, Cost: 1

      Transmit Delay is 1 sec, State POINT_TO_POINT

      Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5

        oob-resync timeout 40

      Supports Link-local Signaling (LLS)

      Cisco NSF helper support enabled

      IETF NSF helper support enabled

      Index 5/5, flood queue length 0

      Next 0x0(0)/0x0(0)

      Last flood scan length is 0, maximum is 0

      Last flood scan time is 0 msec, maximum is 0 msec

      Neighbor Count is 0, Adjacent neighbor count is 0

      Suppress hello for 0 neighbor(s)

     

    Rack1R5#sh bgp vpnv4 unicast vrf VPN_A 172.16.8.8

    BGP routing table entry for 100:1:172.16.8.0/24, version 64

    Paths: (1 available, best #1, table VPN_A)

      Advertised to update-groups:

            1

      Local

        155.1.58.8 from 0.0.0.0 (150.1.5.5)

          Origin incomplete, metric 2, localpref 100, weight 32768, valid, sourced, best

          Extended Community: RT:100:1 OSPF DOMAIN ID:0x0005:0x000000050200

            OSPF RT:0.0.0.1:2:0 OSPF ROUTER ID:172.16.5.5:0

          mpls labels in/out 27/nolabel

     

      I still think R5 isn't putting a label on the outbound advertisement to R4.

     

    Rack1R5#sh ip bgp vpnv4 vrf VPN_A labels

       Network          Next Hop      In label/Out label

    Route Distinguisher: 100:1 (VPN_A)

       150.1.8.8/32     155.1.58.8      18/nolabel

       155.1.8.0/24     155.1.58.8      19/nolabel

       155.1.58.0/24    0.0.0.0         20/aggregate(VPN_A)

       155.1.67.0/24    150.1.6.6       nolabel/20

       155.1.108.0/24   155.1.58.8      21/nolabel

       172.16.0.0       150.1.6.6       nolabel/25

       172.16.5.0/24    0.0.0.0         22/aggregate(VPN_A)

       172.16.7.7/32    150.1.6.6       nolabel/21

       172.16.8.0/24    155.1.58.8      27/nolabel

       192.168.6.0      150.1.6.6       nolabel/23


  • The PE loopback is the issue. Customer traffice from the near end PE is routed towards the far en PE. The PE loopback has to be a /32 and so does the route to it.

  • In this case R6 and R5 are the PE right? Loopback0 on both are /32 addresses. I added the ip ospf network point-to-point command. The OSPF routes to each loopback are /32 routes.


    Rack1R6#sh ip route 150.1.5.5

    Routing entry for 150.1.5.5/32

      Known via "ospf 1", distance 110, metric 66, type intra area

      Last update from 155.1.146.4 on FastEthernet0/0.146, 00:17:14 ago

      Routing Descriptor Blocks:

      * 155.1.146.4, from 150.1.5.5, 00:17:14 ago, via FastEthernet0/0.146

          Route metric is 66, traffic share count is 1



    Rack1R5#sh ip route 150.1.6.6

    Routing entry for 150.1.6.6/32

      Known via "ospf 1", distance 110, metric 66, type intra area

      Last update from 155.1.45.4 on Serial0/1, 00:18:35 ago

      Routing Descriptor Blocks:

      * 155.1.45.4, from 150.1.6.6, 00:18:35 ago, via Serial0/1

          Route metric is 66, traffic share count is 1

        155.1.0.4, from 150.1.6.6, 00:18:35 ago, via Serial0/0

          Route metric is 66, traffic share count is 1


    I still see untagged on R4



    Rack1R4#sho mpls forwarding-table 150.1.5.5

    Local  Outgoing    Prefix            Bytes tag  Outgoing   Next Hop

    tag    tag or VC   or Tunnel Id      switched   interface

    16     Untagged    150.1.5.5/32      0          Se0/1      point2point

           Untagged    150.1.5.5/32      0          Se0/0.1    point2point



    Thanks for the help on this. I can't seem to wrap my head around it for some reason.



  • Did you implement any kind of label filtering. 

     

    Can up post the output of the following commands.  I have included sample output from a different lab. Run the commands on the two PE routers and the RR

     

     

    Rack6R4#sho mpls int

    Interface              IP            Tunnel   Operational

    FastEthernet0/1        Yes (ldp)     No       Yes

    Serial0/0/0            Yes (ldp)     No       Yes

    Rack6R4#sho mpls ldp ne

        Peer LDP Ident: 150.6.5.5:0; Local LDP Ident 150.6.4.4:0

            TCP connection: 150.6.5.5.31067 - 150.6.4.4.646

            State: Oper; Msgs sent/rcvd: 2844/2849; Downstream

            Up time: 1d17h

            LDP discovery sources:

              Serial0/0/0, Src IP addr: 183.6.0.5

            Addresses bound to peer LDP Ident:

              183.6.0.5       150.6.5.5       100.0.0.5       183.6.45.5

    Rack6R4#show mpls bin

    Rack6R4#show mpls ld

    Rack6R4#show mpls ldp b

    Rack6R4#show mpls ldp bin

    Rack6R4#show mpls ldp bindings

      tib entry: 100.0.0.0/24, rev 220

            local binding:  tag: imp-null

      tib entry: 150.6.1.0/24, rev 203

            local binding:  tag: 34

            remote binding: tsr: 150.6.5.5:0, tag: 34

      tib entry: 150.6.2.0/24, rev 204

            local binding:  tag: 35

            remote binding: tsr: 150.6.5.5:0, tag: 35

      tib entry: 150.6.3.3/32, rev 205

            local binding:  tag: 33

            remote binding: tsr: 150.6.5.5:0, tag: 33

      tib entry: 150.6.4.4/32, rev 206

            local binding:  tag: imp-null

            remote binding: tsr: 150.6.5.5:0, tag: 32

      tib entry: 150.6.5.5/32, rev 207

            local binding:  tag: 32

            remote binding: tsr: 150.6.5.5:0, tag: imp-null

      tib entry: 183.6.0.0/24, rev 184

            local binding:  tag: imp-null

      tib entry: 183.6.45.0/24, rev 221

            local binding:  tag: 37

      tib entry: 183.6.46.0/24, rev 190

            local binding:  tag: imp-null

      tib entry: 183.6.123.0/24, rev 193

            local binding:  tag: 28

    Rack6R4#show mpls for

    Rack6R4#show mpls forwarding-table

    Local  Outgoing    Prefix            Bytes tag  Outgoing   Next Hop

    tag    tag or VC   or Tunnel Id      switched   interface

    28     Untagged    183.6.123.0/24    0          Se0/0/0    183.6.0.3

    32     Pop tag     150.6.5.5/32      105088     Se0/0/0    183.6.0.5

    33     Untagged    150.6.3.3/32      0          Se0/0/0    183.6.0.3

    34     Untagged    150.6.1.0/24      0          Se0/0/0    183.6.0.3

    35     Untagged    150.6.2.0/24      0          Se0/0/0    183.6.0.3

    37     Untagged    183.6.45.0/24     0          Se0/0/0    183.6.0.5

    Rack6R4#

     

  • Give me a moment while I wipe the egg off my face....ok ready now.

    Per task 14.3 I set up label filtering to only apply labels to the 150.1.0.0/16 networks. On R5 I configured no mpls ldp advertise-labels and then mpls ldp advertise-labels for 1. However, I forgot to define ACL 1. Once I did that lo and behold I see the prefix marked with Pop tag now on R4.


    Rack1R4#sho mpls forwarding-table 

    Local  Outgoing    Prefix            Bytes tag  Outgoing   Next Hop    

    tag    tag or VC   or Tunnel Id      switched   interface              

    16     Pop tag     150.1.5.5/32      0          Se0/1      point2point  

           Pop tag     150.1.5.5/32      540        Se0/0.1    point2point  

    17     Aggregate   204.12.1.0/24[V]  0    

    Thanks for taking the time to help me out on this one. MPLS is fairly new to me still (from the provider perspective anyways) so I'm taking it slow.                            

  • No problem. The loopback issue was a real one in any
    event.  The ATC videos on MPLS are very
    good. Really worth a look if you have not done so. Also one of the TS labs in
    volume 4 has a good section on TS steps to follow for MPLS VPN's.

     

    Ricky

     

     

     

  • Robot/All

    I'm still trying to understand why we havent configured ospf as vrf aware in sw2 ??sw2 is CE why haven't we configured ospf as router ospf 1 vrf VPN_A ?? Any idea. Also on R6 why are we learning ospf route type as '2', It should be 5 right ?? since its external area route(sw2 connected to R5 PE and remote PE R6 should learn it as type 5 since we configured different domain ID) ??? can you enligten me on this

    SW2 : router ospf 1
    network 0.0.0.0 255.255.255.255 area 1

     

    Rack1R6#show bgp vpnv4 unicast vrf VPN_A 172.16.8.8
    BGP routing table entry for 100:1:172.16.8.8/32, version 236
    Paths: (1 available, best #1, table VPN_A)
    Not advertised to any peer
    Local
    150.1.5.5 (metric 66) from 150.1.4.4 (150.1.4.4)
    Origin incomplete, metric 2, localpref 100, valid, internal, best
    Extended Community: RT:100:1 OSPF DOMAIN ID:0x0005:0x000000050200
    OSPF RT:0.0.0.1:2:0
    OSPF ROUTER ID:172.16.5.5:0
    Originator: 150.1.5.5, Cluster list: 150.1.4.4
    mpls labels in/out nolabel/25

Sign In or Register to comment.