MPLS Cheat sheet

Notes taken from MPLS, writups by Peter J. Welcher, the Cisco MPLS FAQ for beginners, - 9/28/2005 and MPLS Configuration on IOS Software by Umesh Lakshman.

Table of Contents

Labels are 'shimmed' between L3 & L2 to provide for quick switching through MPLS network.
Over PPP, Ethernet, 802.3, or ATM links
- PPP Header (Packet over SONET/SDH) - | PPP Header | Label | L2/L3 Packet |
- LAN MAC Label Header - | MAC Header | Label | L2/L3 Packet |
- ATM MPLS Cell Header (VPI & VCI together are Label) - | GFC | VPI | VCI | PTI | CLP | HEC | DATA |
Labels have local significance to each hop only. If a packet is found to have no label (only possible in an IP MPLS network, not Frame Relay or ATM), routing lookup is done, and possibly a new label is applied.
MPLS has it's own ethertype code. (unicast 0x8847, multicast 0x8848)
P routers - Provider core rtrs
C routers - Customer core rtrs
CE routers - Customer edge routers
PE routers - Provider edge routers. Maintain VPN routes for VPNs associated with the connected interfaces.
Existing routing protocols (OSPF, IS-IS, etc...) work in cloud. BGP usually between customer and provider routers.
Label Distribution Protocols (LDP) Establishes Label to Destination Network Mappings. Works in cloud. Distributs labels for prefixes advertised by unicast routing protocols. RFCs 3035 and 3036
Label changed at each switch/rtr in cloud. For every route, table has:
In Label | Address Prefix | Out Interface | Out Label

MPLS allows for VPNs, Traffic Engineering (TE), QoS, ATM over MPLS (AToM). Additionally, in decreases forwarding overhead on the core routers.

Acronyms

LSR - Label Switch Router.
Edge LSR - LSR connecting to non-LSR. Ingress is where packet comes in. Egress is where packet goes out.
FIB - Forwarding Information Base - Mirrors entire contents of IP routing table
LIB - Label Information Base - control plane - based in ingress port and label, egress port and label are determined. LSR can substitute outbound label for incoming and forward frame. Incoming Label is the label it comes in with. Outgoing label is the label it goes out with (for a downstream neighbor), local binding is a label that has local significance (i.e. goes through your LIB). Remote binding is something that has significance for the downstream router.
LFIB - Label Forwarding Information Base - data plane - contains local label to next-hop label mapping along with outgoing interface.
LSP - Label Switch Path
FEC - Forward Equivalency Class - all packets to which specific label is applied.
LDP - Label Distribution Protocol (uses TCP port 646) - Communication between LSRs to communicate and bind labels. Explicit routing (with a source or controller setting up a Traffic Engineering path), or CR-LDP (constraint based routing), RSVP-TE (extended RSVP driving and LDP). Cisco has their own TDP (Tag Distribution Protocol) - Uses TCP port 711.

Label Structure

 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 
|                  Label                | Exp |S|      TTL      |

Label: Label Value (Unstructured), 20 bits
Exp: Experimental Use, 3 bits; currently used as a Class of Service (CoS) field.
S: Bottom of Stack, 1 bit
TTL: Time to Live, 8 bits

Label Values

0 through 2^20 - 1.
0-15 reserved; 4-15 reserved for future use.
untagged - incoming MPLS packet is converted to IP packet, and forwarded to destination. Used in implementation of MPLS VPN.

0	IPv4 Explicit NULL Label (also known as aggregate?). Label indicates that label stack must be popped, and packet forwarding must be based on IPv4 header. Useful in keeping Exp bits safe until egress router. Used in MPLS based QoS.
1	Router Alert Label. When at top of label stack, packet delivered to local software module for processing. Actual packet forwarding determined by the label beneath it in the stack. If packet is forwarded further, Router Alert Label should be pushed back onto label stack before forwarding. Use of this label is analogous to use of "Router Alert Option" in IP packets (for example, ping with record route option
2	IPv6 Explicit NULL Label. Indicates that stack must be popped, and packet forwarding must be based on IPv6 header.
3	Implicit NULL Label. Indicates that LSR will pop top label from stack and forward rest of packet (labeled or unlabeled) through outgoing interface (per LIB). Value never appears in encapsulation, but needs to be specified in LDP, so value is reserved.

Penultimate Hop Popping

Penultimate Hop Popping is performed when the router upstream to the edge LSR removes the top label in the label stack and forwards only the resulting packet. This is signaled by the downstream edge LSR during label distribution. Downstream edge LSR distributes an implicit-null (POP) label to the upstream router which signals to pop the top label and for the resulting labeled or IP packet. Saves a single look up on edge routers.

LDP/TDP/(CDP?)

what's distributed is label, IP prefix, mask - type, length, value (TLV) format
four categories

Discovery messages - announce and maintain LSR's presence in the network
Session messages - establish upkeep and tear down sessions between LSRs
Advertisement messages - advertise label mappings to FECs
Notification messages - signal errors

can be distributed in:

Ordered LSP control mode - wait for downstream neighbor to send you label before you send to upstream rtr - usually used in cell-based nets
Independent LSP control mode - just send label to upstream rtr - don't wait - usually used in frame-based nets

label distribution types

unsolicited label distribution - advertise labels for all prefixes in IGP to neighbors - don't use on ATM switches (can overwhelm tables)
DoD label distribution (Downstream On Demand)- LSR asks downstream neighbor for label. When request get's (recursively) repeated to LER, the bindings than flow back upstream.

Label Retention Modes

liberal - keep label even if neighbors are not yet next hops - default for Cisco?
conservative - if label no currently useful, discard

QoS

Label determines LSRs outbound interface and label via LIB, but precedence or EXP field is used to determine queuing treatment. Cisco only has 4 queues by default(?).

Traffic Engineering

Use unidirectional tunnels to shift traffic off one path and onto another. Can be static or Automatic.

VPNs

network implemented using shared net infrastructure but so as to provide security and privacy of a private leased line network.

8 byte Route Distinguisher prefaces IP address (i.e. 23:10.1.1.0 means IP address 10.1.1.0 in VPN 23)
MBGP propagates routing info between peer routers.
Route distinguisher 0 and VPN 0 can be regarded as the curent Internet.
Extended communities (8 byte version of BGP 2 byte communities) is way to get between customers (VPNs).

Ethertypes for MPLS

MPLS Control Packet (MPLSCP) for PPP	0x8281
PPP Unicast	0x0281
PPP Multicast	0x0283
LAN Unicast	0x8847
Lan Multicast	0x8848

Cisco config and statements

Global MPLS Config
mpls ip                       (global or interface level)
mpls label protocol ldp|tdp   (ldp is standardized)
                              (global or interface level)
mpls ldp router-id loopback 0 (ties to loopback 0)

int <interface>            
 ip addr <ipaddr>
 mpls ip                      (possibly need this)
 tag-switching ip             (alternate form of mpls ip - don't need both)
 
Interface-Level MPLS Config
interface ethernet 0
 mpls ip
 mpls mtu <sizeInBytes>      (should be IP MTU +(4 * max num of labels))
 ip route-cache cef               (if not running on intrfc)

Cell-Mode Interface Config
int atm 3/0
 no ip address
 no atm ilmi-keepalive
int atm 3/0.1 mpls
 ip address <ipaddr> <netmask>
 mpls ip
 mpls ldp address-message
mpls ldp atm contro|vcmerge

assign lp router id
mpls ldp router-id loopback 0

Configuring LDP Params
mpls ldp discovery hello holdtime <seconds>
mpls ldp discovery hello interval <seconds>

Configuring CEF
ip cef [distributed]        (distr only on dist platfrms - 12000 or 7500, not 7200)
sh ip interface <interface> (to show that CEF is enable)
sh ip cef summary           (show stats, whether running in distributed mode)

Configuring OSPF
router ospf 100
 network 10.10.10.0 0.0.0.255 area 0

General Show Commands
sh mpls interfaces
sh mpls ldp discovery        Verify status of LDP discovery process
sh mpls ldp neighbor

sh mpls forwarding <ipaddr> detail
                             (label stack info)
sh ip cef <ipaddr> internal  (IP to IP, IP to MPLS)
                             (if entry indicates tags imposed - it's mpls)
                             (shows mpls or routing path frame/cell will take)
show running-config interface <intrfc> | include cef

sh mpls forwarding-table     (MPLS to MPLS, MPLS to IP)
sh mpls ip bindings <addr>   (shows LIB (label info base - populated by LDP or TDP))
                             (only next hop rtrs make it from LIB to fwd table)
show mpls ldp bindings
sh mpls ldp discovery        (shows if hellos are being sent and received)
sh mpls ldp neighbor
sh mpls ldp parameters
sh mpls interfaces [detail]

MPLS VPN Routing

CE router only has to do IPv4 updates, data, and have a routing protocol or static/default route to exchange IPv4 routing information with connected PE router
PE router needs to be able to isolate customer traffic, provide label switching, tag/route across core network
P routers label switch
multiprotocol BGP is configured between PE routers to carry customer routes.

VRF - Virtual Routing and Forwarding

multiple logical dedicated routers for each customer connected into the provider network
VRF-specific CEF 14 table
Routing protocol contexts are part of a specific VPN
IP routing table for VRF
routing contextswere designed to support isolated copies of the same VPN PE-CE routing protocols. can be separate processes, as in OSPF, or as multiple instances of the same routing protocol, (BGP, RIP)

Route Distinguisher, Route Targets, MP-BGP, VPNv4, and Address Families

Route Distinguisher (RD) is a 64 bit unique identifier that is prepended to the 32 bit customer prefix or route learned from the CE router.
- Makes a unique 96 bit address that can be transported between PE routers in the MPLS domain.
- 64 bit RD + 32 bit customer prefix, is called a VPN version 4 (VPNv4) address.
VPNv4 addresses are exchanged between PE routers, in addition to IPv4 addresses.
Format of on RD can be a BGP AS number, or an IPv4 address format

	|    Route Distinguisher (8 bytes)     | IPv4 Address (4 bytes)|
	| AS num  (4 bytes) | VPN ID (4 bytes) |
	| IP addr (4 bytes) | VPN ID (4 bytes) |

Multiprotocol BGP (MP-BGP) is used for exchanging VPNv4 routes between PE routers. Also can carry other addr families. Also responsible for assignment of VPN label. Scalability is primary reason for choice of BGP as protocol to carry customer routing information
The PE router must run an IGP (e.g. OSPFv2 or ISIS) that provides NLRI (Network Layer Reachability Information, e.g. /25, 204.149.16.128) information for the iBGP if PE routers are in the same AS.

Route Targets (RTs) are additional identifiers used in MPLS VPN domain that identified the VPN membership of the routes learned from a particular site. Same format as RDs.

The export route target is used in identification of VPN membership and is associated to each VRF. This export route target is appended to a customer prefix when it is converted to a VPNv4 prefix by the PE router and propagated in MP-BGP updates.
The import route target is associated with each VRF and identifies the VPNv4 routes to be imported into the VRF for the specific customer.

other BGP extended community attributes such as site of origin (SoO) can also be applied to the MP-iBGP update prior to propagation. The SoO attribute is used to identify the specific site from which the PE learns the route, and prevention of routing loops.

MPLS VPN in which all customer VPN sites can speak to all other customer VPN sites is called an intranet VPN
MPLS VPN where part of customers domain is accessible by other customers VPN sites is called an extranet VPN. variants could implement a network management VPN, as well as central services VPN, and Internet access VPN.

RFC 2283 added multiprotocol extensions for BGP4 including multiprotocol reachable NLRI (MP_REACH_NLRI), and Multiprotocol Unreachable (MP_UNREACH_NLRI). These attributes are optional and non-transitive

An address family is a defined network layer protocol.
Packets from CE to PE are always propagated as IPv4 packets.

Basic MPLS forwarding and VRF configuration on PE routers

Enable CEF (previously defined)
Configure IGP routing protocol on PE router (previously defined)
defining VPN VRF

Configure VRF Instance
ip vrf vrf-name

Configure Route Distinguisher
 rd route-distinguisher 
 
Define Import/Export Route Policy
 route-target {import | export | both} route-target-ext-community
 
Associate VRF to interface
interface <interface>
 ip vrf forwarding vrf-name

ip vrf CompanyA
 rd 1:100
 route-target export 1:100
 route-target import 1:100

interface Serial1/0
 description PE-CE link
 ip vrf forwarding CompanyA
 ip address 10.16.0.1 255.255.255.0
!
interface Loopback1
 ip vrf forwarding CompanyA
 ip address 10.16.100.1 255.255.255.255
 
show ip vrf
show ip vrf interfaces

Configuration of BGP PE-PE Routing on PE Routers

!PE1 Router:
router bgp 1
 no synchronization !Don't synchronize iBGP with IGP
 neighbor 10.106.10.102 remote-as 1
 ! Loopback interface is source of BGP messages and updates 
 neighbor 10.106.10.102 update-source Loopback0
 no auto-summary
!
address-family vpnv4
 neighbor 10.106.10.102 activate
 !Extended communities needed to enable BGP routes with RT propagation
 neighbor 10.106.10.102 send-community extended
 exit-address-family
!
address-family ipv4 vrf CompanyA
 redistribute connected !Connected interfaces/subnets
 no auto-summary
 no synchronization
 exit-address-family

!PE2 Router:
router bgp 1
 no synchronization
 bgp log-neighbor-changes
 neighbor 10.106.10.101 remote-as 1
 !Loopback interface is source of BGP messages and updates 
 neighbor 10.106.10.101 update-source Loopback0
 no auto-summary
!
address-family vpnv4
 neighbor 10.106.10.101 activate
 neighbor 10.106.10.101 send-community extended
 exit-address-family
!
address-family ipv4 vrf CompanyA
 redistribute connected
 no auto-summary
 no synchronization
 exit-address-family

show ip bgp vpnv4 * summary
show IP bgp vpnv4 all
show ip bgp summary
show ip bgp neighbor ip-address

Configuration of P Router

mpls ldp router-id loopback0
!
interface Serial0/0
 ip address 10.106.10.2 255.255.255.252
 mpls ip
!
interface Serial1/0
 ip address 10.106.10.5 255.255.255.252
 mpls ip
!
interface loopback0
 ip address 10.106.10.200 255.255.255.255
!
router ospf 1
 network 10.0.0.0 0.255.255.255 area 0
!

Verification

!PE
show mpls forwarding-table vrf CompanyA 10.16.100.1
show ip cef vrf CompanyA 10.16.100.1 detail
show ip cef 10.106.10.101 detail

!P
show mpls forwarding-table 10.106.10.101

Outbound Route Filters (ORF)

Filter only what you need for that customers connected to that PE
Automatically happens except for route-reflector
ORF works in conjunction with BGP route-refresh capability (enabled by default)

!PE1
ip prefix-list PE1 seq 5 permit 192.168.1.0/24 le 32
ip prefix-list PE1 seq 10 den y 0.0.0.0/0 le 32

router bgp 1
 neighbor 10.10.10.2 remote-as 1
 address-family vpnv4
  neighbor 10.10.10.2 activate
  neighbor 10.10.10.2 send-community extended
  neighbor 10.10.10.2 capability orf prefix-list both
  neighbor 10.10.10.2 prefix-list PE1 in
  exit-address-family

!PE2 
router bgp 1
 neighbor 10.10.10.1 remote-as 1
 address-family vpnv4
  neighbor 10.10.10.1 activate
  neighbor 10.10.10.1 send-community extended
  neighbor 10.10.10.1 capability orf prefix-list receive
  exit-address-family

show ip bgp neighbor 10.10.10.1

PE-CE Routing Protocol-Static and RIP

Static PE-CE Routing Overview, Configuration, and Verification

!pe1
ip cef
ip vrf VRF-STATIC
 rd 1:100
 route-target both 1:100
mpls label protocol ldp
mpls ldp router-id Loopback0
!
interface Loopback0
 ip address 10.10.10.101 255.255.255.255
!
 interface FastEthernet0/0
 ip vrf forwarding VRF-STATIC
 ip address 172.16.1.1 255.255.255.252
!
interface ATM2/0
 no ip address
 no atm ilmi-keepalive
!
interface ATM2/0.1 mpls
description Connection to P1-AS1
ip address 10.10.10.1 255.255.255.252
mpls ip
!
router ospf 1
network 10.0.0.0 0.255.255.255 area 0
ip route vrf VRF-Static 172.16.10.0 255.255.255.0 172.16.1.2

router bgp 1
no synchronization
neighbor 10.10.10.102 remote-as 1
neighbor 10.10.10.102 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 10.10.10.102 activate
neighbor 10.10.10.102 send-community extended
no auto-summary
exit-address-family
!
address-family ipv4 vrf VRF-STATIC
redistribute static
redistribute connected
no auto-summary
no synchronization
exit-address-family
!
ip classless
ip route vrf VRF-STATIC 172.16.10.0 255.255.255.0 172.16.1.2
!pe2
ip cef
!
ip vrf VRF-STATIC
 rd 1:100
 route-target export 1:100
 route-target import 1:100
!
mpls label protocol ldp
mpls ldp router-id Loopback0
!
interface Loopback0
 ip address 10.10.10.102 255.255.255.255
!
interface Ethernet1/0
 description connected to CE2-A
 ip vrf forwarding VRF-STATIC
 ip address 172.16.2.1 255.255.255.252
!
interface ATM2/0
 no ip address
!
interface ATM2/0.1 mpls
 description connected to P2-AS1
 ip address 10.10.10.10 255.255.255.252
 mpls ip
!
router ospf 100
 network 10.10.0.0 0.0.255.255 area 0
!
router bgp 1
 no synchronization
 neighbor 10.10.10.101 remote-as 1
 neighbor 10.10.10.101 update-source Loopback0
 no auto-summary
 !
 address-family vpnv4
 neighbor 10.10.10.101 activate
 neighbor 10.10.10.101 send-community extended
 no auto-summary
 exit-address-family
!
 address-family ipv4 vrf VRF-STATIC
 no auto-summary
 no synchronization
 redistribute static
 network 172.16.2.0 mask 255.255.255.252
 exit-address-family
!
ip classless
ip route vrf VRF-STATIC 172.16.20.0 255.255.255.0 172.16.2.2
!hostname CE1
!
interface Loopback0
 ip address 172.16.10.1 255.255.255.0
!
interface FastEthernet0/0
 description connected to PE1
 ip address 172.16.1.2 255.255.255.252
!
ip route 0.0.0.0 0.0.0.0 172.16.1.1
!hostname CE2
!
interface Loopback0
 ip address 172.16.20.1 255.255.255.0
!
interface Ethernet0/0
 description connected to PE2
 ip address 172.16.2.2 255.255.255.255.252
!
ip route 0.0.0.0 0.0.0.0 172.16.2.1

(on PE1 or PE1)
(check the BGP VPNv4 routing tables n PE1, and PE2)
show ip bgp vpnv4 vrf VRF-STATICS

(verify VRF routing table on PE1 and PE2)
show ip route vrf VRF-STATIC

(verify end-to-end connectivity)
(on CE1: #ping 172.17.20.1)

RIPv2 PE-CE Routing Overview, Configuration, and Verification

!hostname CE1
!
interface Loopback0
 ip address 172.16.10.1 255.255.255.0
!
interface FastEthernet0/0
 description connected to PE1-AS1
 ip address 172.16.1.2 255.255.255.252
!
router rip
 version 2
 network 172.16.0.0
 no auto-summary
!hostname PE1
!
ip cef
!
ip vrf VRF-RIP
 rd 1:100
 route-target both 1:100
!
mpls label protocol ldp
mpls tdp router-id Loopback0
!
interface Loopback0
 ip address 10.10.10.101 255.255.255.255
!
interface FastEthernet0/0
 description connected to CE1-A
 ip vrf forwarding VRF-RIP
 ip address 172.16.1.1 255.255.255.252
!
interface ATM2/0
 no ip address
 no atm ilmi-keepalive
!
interface ATM2/0.1 mpls
 description Connection to A1
 ip address 10.10.10.1 255.255.255.252
 mpls ip
!
router ospf 1
network 10.0.0.0 0.255.255.255 area 0
!
router rip
 version 2
 !
 address-family ipv4 vrf VRF-RIP
 version 2
 redistribute bgp 1 metric transparent
 network 172.16.0.0
 no auto-summary
 exit-address-family
!
router bgp 1
 no synchronization
 bgp log-neighbor-changes
 neighbor 10.10.10.102 remote-as 1
 neighbor 10.10.10.102 update-source Loopback0
 no auto-summary
 !
 address-family vpnv4
 neighbor 10.10.10.102 activate
 neighbor 10.10.10.102 send-community extended
 no auto-summary
 exit-address-family
 !
 address-family ipv4 vrf VRF-RIP
 redistribute rip
 no auto-summary
 no synchronization
 exit-address-family

Verify BGP VPNv4 routing table on PE1 and PE2
```
show ip bgp vpnv4 vrf VRF-RIP
```
Verify VRF routing table on PE1 and PE2
```
show ip route vrf VRF-RIP
```
Verify end-to-end connectivity between CE1 and CE2
```
ping 172.16.20.1 source 172.16.10.1
```

PE-CE Routing Protocol-OSPF

traditional OSPF networks have an area 0 in the middle. MPLS VPN puts the MPLS VPN-enabled provider backbone in the middle.
OSPF-BGP route redistribution happens at PE1 and PE2
MP-iBGP is used between PE1 and PE2
MPLS introduces the concept of on OSPF/MPLS superbackbone. PE1 and PE2 connects the customer domains to the superbackbone. They appear as an OSPF ABR to CE1 and CE2
There are no OSPF adjacencies or flooding in the MPLS VPN superbackbone for customer sites connected to the superbackbone, except when using OSPF sham-links.
BGP extended attributes are carried for OSPF route type, OSPF router ID, and OSPF domain ID.

OSPF Route Type Community Attribute

|--------|--------|--------|--------|--------|--------|--------|--------|
| Type = 0x0306 or|             Router ID             |  LSA   |  OSPF  |
|      0x8000     |                                   |  Type  | Options|
|-----2 Bytes-----+--------|-----4 Bytes-----|--------|-1-Byte-|-1-Byte-|

OSPF Route Type

value	route type
1 or 2	For Intra-Area Routes (Type 1 or Type 2 LSA)
3	summary route or LSA type 3
5	external routes or type 5 LSA. Area number is 0.
7	NSSA routes
129	for sham link endpoint addresses

OSPF Router ID - IDs router ID of PE in relevant VRF instance of OSPF. Not part of provider's address space, and is unique in OSPF network.

|--------|--------|--------|--------|--------|--------|--------|--------|
| Type = 0x107 or |             Router ID             |     Unused      |
|      0x8001     |                                   |                 |
|-----2 Bytes-----+--------|-----4 Bytes-----|--------|------2 Bytes----|

OSPF Domain ID - IDs domain of specific OSPF prefix in MPLS VPN backbone. By default equal to val of OSPF proc ID. All routing between OSPF domains is via Type 5 LSAs. If Domain IDs are different rout e is translated to external Type 2 (LSA Type 5).

|--------|--------|--------|--------|--------|--------|--------|--------|
| Type = 0x105 or |                 |              Unused               |
|0x205 or 0x8005  |                 |                                   |  
|   or 0x8000     |                 |                                   |
|-----2 Bytes-----+----2 Bytes------|--------|-----4 Bytes-----|--------|

check for OSPF route type, OSPF router ID, and OSPF domain ID.

show ip bgp vpnv4 all <ipsubnet>

routing loops can occur in the MPLS VPN env when CE routers are dual-homed to service prov net.
Use OSPF down bit to prevent routing loop when redistributing between BGP and OSPF.
when second router connected to Customer area sees summary route with down bit set, it does not redistribute route back into MP-BGP
The routing loops introduced by route redistribution between OSPF domains can be solved with the help of the tag field, using standard BGP-OSPF redistribution rules. A non-OSPF route is redistributed as an external OSPF route by a PE router. By default, the tag field is set to the BGP-AS number. The redistributed route is propagated across the OSPF domain without the down bit but with the tag field set. When the route is redistributed into another OSPF domain, the tag field is propagated. Another PE router receives the external OSPF route and filters the route based on the tag field. The tag field matches the AS number so the route is not redistributed into MP-BGP.

OSPF PE, P, and CE

hostname PE1-AS1
!
ip cef
!
ip vrf Cust_A
 rd 1:100
 route-target export 1:100
 route-target import 1:100
!
ip vrf Cust_B
 rd 1:200
 route-target export 1:200
 route-target import 1:200
!
interface Loopback0
 ip address 10.10.10.101 255.255.255.255
!
interface Loopback101
 description OSPF Router ID for VRF Cust_A
 ip vrf forwarding Cust_A
 ip address 172.16.101.1 255.255.255.255
!
interface Loopback201
 description OSPF Router ID for VRF Cust_B
 ip vrf forwarding Cust_B
 ip address 192.168.201.1 255.255.255.255
!
interface Serial0/0
 description connected to P1-AS1
 ip address 10.10.10.1 255.255.255.252
 mpls ip
!
interface Serial1/0
 description connected to CE1-A
 ip vrf forwarding Cust_A
 ip address 172.16.1.1 255.255.255.252
!
interface Serial2/0
 description connected to CE1-B
 ip vrf forwarding Cust_B
 ip address 192.168.1.1 255.255.255.252
!
router ospf 101 vrf Cust_A
 router-id 172.16.101.1
 redistribute bgp 1 subnets
 network 172.16.0.0 0.0.255.255 area 0
!
router ospf 201 vrf Cust_B
 router-id 192.168.201.1
 redistribute bgp 1 subnets
 network 192.168.0.0 0.0.255.255 area 1
 !Add domain ID if customer OSPF process ID is different on CE routers
 !e.g. domain ID 192.168.201.1
!
router ospf 1
 router-id 10.10.10.101
 network 10.0.0.0 0.255.255.255 area 0
!
router bgp 1
 no synchronization
 neighbor 10.10.10.102 remote-as 1
 neighbor 10.10.10.102 update-source Loopback0
 no auto-summary
 !
 address-family vpnv4
 neighbor 10.10.10.102 activate
 neighbor 10.10.10.102 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf Cust_B
 redistribute ospf 201 vrf Cust_B match internal external 1 external 2
 no auto-summary
 no synchronization
 exit-address-family
 !
 address-family ipv4 vrf Cust_A
 redistribute ospf 101 vrf Cust_A match internal external 1 external 2
 no auto-summary
 no synchronization
 exit-address-family

hostname P1-AS1
!
interface Loopback0
 ip address 10.10.10.200 255.255.255.255
!
interface Serial0/0
 description connected to PE1-AS1
 ip address 10.10.10.2 255.255.255.252
 mpls ip
!
interface Serial1/0
 description connected to PE2-AS1
 ip address 10.10.10.6 255.255.255.252
 mpls ip
!
router ospf 1
 log-adjacency-changes
 network 10.0.0.0 0.255.255.255 area 0

hostname CE1-A
!
interface Ethernet0/0
 description VPN-A Site 1 network
 ip address 172.16.10.1 255.255.255.0
!
interface Serial1/0
 description connected to PE1-AS1
 ip address 172.16.1.2 255.255.255.252
!
router ospf 101
 network 172.16.1.0 0.0.0.255 area 0
 network 172.16.10.0 0.0.0.255 area 1

Verify OSPF PE-CE Routing

Verify OSPF neighbor adjacency
show ip ospf neighbor
Verify route propagation for customer on PE
show ip route vrf Cust_A ospf 101
show ip bgp vpn vrf Cust_A
show ip bgp vpnv4 all <network>
show ip bgp vpnv4 all | begin <network>
show ip bgp vpnv4 vrf Cust_A
show ip route vrf Cust_B ospf <Process ID>
Verify route propagation for customer on CE
show ip route ospf

Page 168