[c-nsp] unlabelled OSPF sham links

David Freedman david.freedman at uk.clara.net
Mon Jan 10 09:46:17 EST 2011 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Collective,

Am hitting a problem whereby I'm trying to form a sham link (and hence
OSPF adjacency) between two routers which ultimately exchange packets in
an unlabelled fashion.

Am trying to replicate, in a lab, an OSPF "Super Backbone" (as Cisco
call it) between CE routers (as I dont want the scaling issues of
running an SPF protocol such as OSPF on the PE routers)

This is achieved by exchanging extended communities between the CE and
PE such that the domain IDs are propagated between CE routers from their
vrf BGP adjacencies with the PE routers.

I must say, the first disappointment was that I couldn't find a way to
inject the OSPF extended communities whilst running the OSPF process in
the global table (i.e not inside a VRF) and there appeared to be no way
of achieving this without placing both the OSPF process (and BGP
adjacencies to the PE) within a VRF-lite VRF on the CE.

Once I got this up and running, I formed the sham link between dedicated
loopback endpoints only present in the BGP and the sham link formed, but
the OSPF area 0 adjacency failed to form because the OSPF HELLO message
arrived on the remote PE<->CE interface (since it was unicast/targeted)
and that interface was not running OSPF, so the HELLO was discarded.

Once placing this WAN interface in active OSPF, the check failed yet
again due to subnet mismatch (as it would) since the WAN links do not
share the same subnet/mask (and they wouldn't in a production network)

I understand there are a number of ways of getting around this,
including making the WAN interfaces unnumbered (which I don't want to do
as it causes management issues for us) or creating a labelled path
between the CE routers (as this is additional configuration to
maintain), or even a GRE tunnel (shudder).

I can see the way this should work in a classical sense , when the PE
routers are running VRF OSPF that the HELLO arrives labelled (and hence
not from an interface) and thus the check is bypassed.

I can't seem to find a way to override this check for the sham link
endpoints and wonder why such a knob does not exist.

Can anybody point me in the right direction here? the goal of this
exercise is to produce a setup which does not involve runing OSPF on the
PE routers!

For reference, here is my setup:

LDP, P-OSPF, MP-BGP
      V
[PE1]----[PE2]
 |        |<-- P-VRF
 |==sham==|
 |||     ||| <-C-VRF
[CE1]---[CE2]
      ^
C-OSPF Backdoor

Thanks in advance,


- --

David Freedman
Group Network Engineering

david.freedman at uk.clara.net
Tel +44 (0) 20 7685 8000

Claranet Group
21 Southampton Row
London - WC1B 5HA - UK
http://www.claranet.com

Company Registration: 3152737 - Place of registration: England

All the information contained within this electronic message from
Claranet Ltd is covered by the disclaimer at
http://www.claranet.co.uk/disclaimer
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk0rG7kACgkQtFWeqpgEZrK9ugCcD2r7uKJwozBy5/2XQQIObLj/
PfYAoM8ymJQC6Yj1nBTUIXfcFR7ztuS4
=h4Wx
-----END PGP SIGNATURE-----

More information about the cisco-nsp mailing list