[c-nsp] Conflicting OSPF router-ids in separate VRFs
Justin Shore
justin at justinshore.com
Thu Mar 5 01:27:22 EST 2009
I'm trying to get multiple OSPF instances to work in separate VRFs with
all OSPF instances using the same router-id. We're offering a VPN
tunnel service to access offsite bit-for-bit data copy services in our
Data Center. The tunnel of choice is a GRE tunnel with IPSec
protection. The GRE tunnel interface is inside a unique VRF per
customer. The IP subnet used in each VRF for this product offering is
identical, as is the interface IPs on the tunnel interfaces. This makes
the config templates as simple as possible since all sites are
essentially identical from our perspective.
I have OSPF configured inside the VRF in question. This is the first of
the production GRE tunnels we've turned up for this product offering.
Tunnel2999 is my beta tunnel and Tunnel3013 is the production tunnel:
Neighbor ID Pri State Dead Time Address Interface
%OSPF: Router process 3013 is not running, please configure a router-id
192.168.100.1 0 FULL/ - 00:00:38 10.125.124.2 Tunnel2999
The problem I'm running into is that OSPF will not run on the production
tunnel because it's IP conflicts with the IP in my beta tunnel in a
separate VRF. When I try to configure OSPF in the production VRF with
the interface IP of the tunnel I get an error:
7613-1(config-router)#router-id 10.125.124.1
OSPF: router-id 10.125.124.1 in use by ospf process 2999
router ospf 2999 vrf dc-gre-test
ignore lsa mospf
ispf
log-adjacency-changes
redistribute bgp 65001 subnets
passive-interface default
no passive-interface Tunnel2999
network 10.125.124.0 0.0.0.3 area 0
network 10.125.125.0 0.0.0.255 area 0
router ospf 3013 vrf dc-customer-vrf
ignore lsa mospf
ispf
log-adjacency-changes
redistribute bgp 65001 subnets
passive-interface default
no passive-interface Tunnel3013
network 10.125.124.0 0.0.0.3 area 0
network 10.125.125.0 0.0.0.255 area 0
Is there some magic trick to making OSPF on a 7600 running SRB1 be truly
VRF-aware? OSPF instances in separate VRFs shouldn't IP conflict with
router-ids in other VRFs. If they did then what's the point of VRF
separation? Any thoughts before I call TAC?
Thanks
Justin
More information about the cisco-nsp
mailing list