Technical Documentation

Configuring an OSPF Domain ID for a Layer 3 VPN

This example illustrates how to configure an OSPF domain ID for a VPN by using OSPF as the routing protocol between the PE and CE routers. Routes from an OSPF domain need an OSPF domain ID when they are distributed in BGP as VPN-IPv4 routes in VPNs with multiple OSPF domains. In a VPN connecting multiple OSPF domains, the routes from one domain might overlap with the routes of another.

For more information about OSPF domain IDs and Layer 3 VPNs, see Configuring Routing Between PE and CE Routers in Layer 3 VPNs.

Figure 1 shows this example’s configuration topology. Only the configuration for Router PE1 is provided. The configuration for Router PE2 can be similar to the configuration for Router PE1. There are no special configuration requirements for the CE routers.

Figure 1: Example of a Configuration Using an OSPF Domain ID

Image g017193.gif

For configuration information, see the following sections:

Configuring Interfaces on Router PE1

You need to configure two interfaces for Router PE1—the so-0/0/0 interface for traffic to Router CE1 (San Francisco) and the so-0/0/1 interface for traffic to a P router in the service provider’s network.

Configure the interfaces for Router PE1:

[edit]interfaces {so-0/0/0 {unit 0 {family inet {address 10.19.1.2/30;}}}so-0/0/1 {unit 0 {family inet {address 10.19.2.1/30;}family mpls;}}}

Configuring Routing Options on Router PE1

At the [edit routing-options] hierarchy level, you need to configure the router-id and autonomous-system statements. The router-id statement identifies Router PE1.

Configure the routing options for Router PE1:

[edit]routing-options {router-id 10.255.14.216;autonomous-system 69;}

Configuring Protocols on Router PE1

On Router PE1, you need to configure MPLS, BGP, OSPF, and LDP at the
[edit protocols] hierarchy level:

[edit]protocols {mpls {interface so-0/0/1.0;}bgp {group San-Francisco-Chicago {type internal;preference 10;local-address 10.255.14.216;family inet-vpn {unicast;}neighbor 10.255.14.224;}}ospf {traffic-engineering;area 0.0.0.0 {interface so-0/0/1.0;}}ldp {interface so-0/0/1.0;}}

Configuring Policy Options on Router PE1

On Router PE1, you need to configure policies at the [edit policy-options] hierarchy level. These policies ensure that the CE routers in the Layer 3 VPN exchange routing information. In this example, Router CE1 in San Francisco exchanges routing information with Router CE2 in Chicago.

Configure the policy options on the PE1 router:

[edit]policy-options {policy-statement vpn-import-VPN-A {term term1 {from {protocol bgp;community import-target-VPN-A;}then accept;}term term2 {then reject;}}policy-statement vpn-export-VPN-A {term term1 {from protocol ospf;then {community add export-target-VPN-A;accept;}}term term2 {then reject;}}community export-target-VPN-A members [target:10.255.14.216:11domain-id:1.1.1.1:0];community import-target-VPN-A members target:10.255.14.224:31;}

Configuring the Routing Instance on Router PE1

You need to configure a Layer 3 VPN routing instance on Router PE1. To indicate that the routing instance is for a Layer 3 VPN, add the instance-type vrf statement at the [edit routing-instance routing-instance-name] hierarchy level.

The domain-id statement is configured at the [edit routing-instances routing-options protocols ospf] hierarchy level. As shown in Figure 1, the routing instance on Router PE2 must share the same domain ID as the corresponding routing instance on Router PE1 so that routes from Router CE1 to Router CE2 and vice versa are distributed as Type 3 LSAs. If you configure different OSPF domain IDs in the routing instances for Router PE1 and Router PE2, the routes from each CE router will be distributed as Type 5 LSAs.

Configure the routing instance on Router PE1:

[edit]routing-instances {VPN-A-San-Francisco-Chicago {instance-type vrf;interface so-0/0/0.0;route-distinguisher 10.255.14.216:11;vrf-import vpn-import-VPN-A;vrf-export vpn-export-VPN-A;routing-options {router-id 10.255.14.216;autonomous-system 69;}protocols {ospf {domain-id 1.1.1.1;export vpn-import-VPN-A;area 0.0.0.0 {interface so-0/0/0.0;}}}}}

Configuration Summary for Router PE1

Configure Interfaces

interfaces {so-0/0/0 {unit 0 {family inet {address 10.19.1.2/30;}}}so-0/0/1 {unit 0 {family inet {address 10.19.2.1/30;}family mpls;}}}

Configure Routing Options

routing-options {router-id 10.255.14.216;autonomous-system 69;}

Configure Protocols

protocols {mpls {interface so-0/0/0.0;}bgp {group San-Francisco-Chicago {type internal;preference 10;local-address 10.255.14.216;family inet-vpn {unicast;}neighbor 10.255.14.224;}}ospf {traffic-engineering;area 0.0.0.0 {interface so-0/0/1.0;}}ldp {interface so-0/0/1.0;}}

Configure VPN Policy

policy-options {policy-statement vpn-import-VPN-A {term term1 {from {protocol bgp;community import-target-VPN-A;}then accept;}term term2 {then reject;}}policy-statement vpn-export-VPN-A {term term1 {from protocol ospf;then {community add export-target-VPN-A;accept;}}term term2 {then reject;}}community export-target-VPN-B members [ target:10.255.14.216:11domain-id:1.1.1.1:0 ];community import-target-VPN-B members target:10.255.14.224:31;}

Routing Instance for Layer 3 VPN

routing-instances {VPN-A-San-Francisco-Chicago {instance-type vrf;interface so-0/0/0.0;route-distinguisher 10.255.14.216:11;vrf-import vpn-import-VPN-A;vrf-export vpn-export-VPN-A;routing-options {router-id 10.255.14.216;autonomous-system 69;}protocols {ospf {domain-id 1.1.1.1;export vpn-import-VPN-A;area 0.0.0.0 {interface so-0/0/0.0;}}}}}

Published: 2010-04-27