Can anyone explain OSPF Capability vrf-lite?

I ran into this in one of the Mocks, and am still having a hard time understanding exactly what it does. I know it enables, or disables certain checks that take place throughout a vrf topology, but what exactly is it doing?

I've referenced this article from the DocCD, but it's still unclear: http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_ospf/command/ospf-a1.html#wp2582896905

Comments

  • When a router running OSPF is configured with VRF-Lite it "believes" it is connected to the OSPF super backbone or MPLS core.  This can result in an issue when you have a device configured with OSPF and VRF's that is connected to an MPLS core but it is not actually part of the core network i.e. it is part of the customer network or the CE device.  Becuase it thinks it is part of the core it will not install any type 3 LSA's that have the "down bit" set.

     

    The down bit is used as loop prevention for OSPF when it is configured as the PE to CE protocol.  Any Type 3 LSA (OSPF summary routes) that has the down bit set will not be used in the SPF calculation and will not be advertised into the BGP MPLS core as it is considered to have looped i.e. it was sent to the site from a different PE.  So you would typically see this in a multihomed site, a site that is connected to two or more PE devices.

     

    So back to our CE device that is running OSPF and VRF Lite - because this device thinks it is part of the MPLS core it uses the same loop prevention and will not install Type 3 LSA's that have the down bit set which means any Type 3's we are recieving from the MPLS core are not installed.  As this device is not actually part of the MPLS core you would configure "capability vrf-lite" to disable this feature and now the device can install and use the Type 3 LSA's that were learnt from the provider MPLS network.

     

    Also if this device happened to be an OSPF border router it would set the down bit on any summaries that it was generating which would prevent the MPLS core from being able to accept and advertise these prefixes on.  "capability vrf-lite" would fix this issue also.

     

    Nick

  • Good explanation. Thanks for that. Realistically what type of environment would this be used in? I mean, why would a customer ever want to learn Provider routes other than a default maybe?

  • Good explanation. Thanks for that. Realistically what type of environment would this be used in? I mean, why would a customer ever want to learn Provider routes other than a default maybe?

    It depends on what kind of scenario you are working on. One major reason could be if you are running a single router as an internet edge & the CE for the MPLS provider, it could have routing confusion because of two different default routes that have been pointed to different gateways. Sometimes, you might have low end series products that would not be able to support larger routing table. In that particular case you might need default route option but it would have chances of routing loop in the absence of more specific network of the remote end. So, it's totally dependant to the scenario where you would have option to use any of them.

     

    Good luck!

  • Good explanation. Thanks for that. Realistically what type of environment would this be used in? I mean, why would a customer ever want to learn Provider routes other than a default maybe?

     

    When we talk about Provider in this instance we are not talking about Internet and Internet routes we are talking about private IP/VPN WANs that connect multple sites for a customer.  If the routing protocol that is used between the providers MPLS network and the customer is OSPF then the down bit is set by the provider to prevent Type 3 summaries looping back into the MPLS network.  If the customer is using OSPF internally and they have some device running VRF Lite for whatever reason (like Hari said maybe a device is running both an Internet connection and a WAN connection and you have configured VRF Lite to keep the routing tables seperate) then this is where you would expect a problem unless you configure 'capability vrf-lite'

     

    Nick

  • Ok, thank you for your explanations guys. There is still some confusion on my end, but I will see if I can do some more research on this.

Sign In or Register to comment.