[c-nsp] Conflicting OSPF router-ids in separate VRFs

Justin Shore justin at justinshore.com
Thu Mar 5 01:27:22 EST 2009 

I'm trying to get multiple OSPF instances to work in separate VRFs with 
all OSPF instances using the same router-id.  We're offering a VPN 
tunnel service to access offsite bit-for-bit data copy services in our 
Data Center.  The tunnel of choice is a GRE tunnel with IPSec 
protection.  The GRE tunnel interface is inside a unique VRF per 
customer.  The IP subnet used in each VRF for this product offering is 
identical, as is the interface IPs on the tunnel interfaces.  This makes 
the config templates as simple as possible since all sites are 
essentially identical from our perspective.

I have OSPF configured inside the VRF in question.  This is the first of 
the production GRE tunnels we've turned up for this product offering. 
Tunnel2999 is my beta tunnel and Tunnel3013 is the production tunnel:

Neighbor ID     Pri   State           Dead Time   Address         Interface
%OSPF: Router process 3013 is not running, please configure a router-id
192.168.100.1     0   FULL/  -        00:00:38    10.125.124.2    Tunnel2999


The problem I'm running into is that OSPF will not run on the production 
tunnel because it's IP conflicts with the IP in my beta tunnel in a 
separate VRF.  When I try to configure OSPF in the production VRF with 
the interface IP of the tunnel I get an error:

7613-1(config-router)#router-id 10.125.124.1
OSPF: router-id 10.125.124.1 in use by ospf process 2999

router ospf 2999 vrf dc-gre-test
  ignore lsa mospf
  ispf
  log-adjacency-changes
  redistribute bgp 65001 subnets
  passive-interface default
  no passive-interface Tunnel2999
  network 10.125.124.0 0.0.0.3 area 0
  network 10.125.125.0 0.0.0.255 area 0


router ospf 3013 vrf dc-customer-vrf
  ignore lsa mospf
  ispf
  log-adjacency-changes
  redistribute bgp 65001 subnets
  passive-interface default
  no passive-interface Tunnel3013
  network 10.125.124.0 0.0.0.3 area 0
  network 10.125.125.0 0.0.0.255 area 0


Is there some magic trick to making OSPF on a 7600 running SRB1 be truly 
  VRF-aware?  OSPF instances in separate VRFs shouldn't IP conflict with 
router-ids in other VRFs.  If they did then what's the point of VRF 
separation?  Any thoughts before I call TAC?

Thanks
  Justin

More information about the cisco-nsp mailing list