[j-nsp] OSPF inside VRF - Cisco Juniper Interoperability

David Ball davidtball at gmail.com
Tue Aug 26 23:04:27 EDT 2008


   I used OSPF sham-links to rid myself of a seemingly similar LSA
Type 5 issue in the VRF I created for a customer, as follows.  My PEs
and Ps were all T-series, while both CEs were Cisco 3750s.

http://www.juniper.net/techpubs/software/junos/junos91/swconfig-vpns/configuringospf-sham-links.html#id-10983860

> show configuration routing-instances blah
instance-type vrf;
interface lo0.27;
interface ge-7/3/0.0;
route-distinguisher 1.7.1.1:27;
vrf-target target:25983:27;
vrf-table-label;
protocols {
    ospf {
        sham-link local 10.1.0.1;
        area 0.0.0.0 {
            authentication-type md5; ## Warning: 'authentication-type'
is deprecated
// These are the remote PEs that connect to various CEs
            sham-link-remote 10.5.0.1;
            sham-link-remote 10.22.0.1;
            sham-link-remote 10.34.0.1;
            sham-link-remote 10.43.0.1;
            interface ge-7/3/0.0 {
                metric 10;
                authentication {
                    md5 1 key "blahhhhhh"; ## SECRET-DATA
                }
            }
        }
    }
}

    HTH,

David

2008/8/26 Masood Ahmad Shah <masood at nexlinx.net.pk>:
> If Cisco to Cisco works fine than problem seems in interpreting domain id.
> If the OSPF domain ID for the destination PE differs from the originating
> PE, MP-BGP redistributes the route into OSPF as an OSPF type 5 external
> route. There is another to preserve OSPF routes across the MPLS VPN "OSPF
> route type extended community attribute", You can try this too.
>
> Regards,
> Masood
>
> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net
> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Junaid
> Sent: Wednesday, August 27, 2008 12:44 AM
> To: Juniper Puck
> Subject: [j-nsp] OSPF inside VRF - Cisco Juniper Interoperability
>
> Hi,
>
> I am caught up in what seems to be a Juniper Cisco interoperability
> issue. I am running OSPF with customer inside VRF. Topology is
> something like the following:
>
> CE1 ---[Area 0]--- PE1 ---- P1 --- P2 --- PE2 ---[Area 6]--- CE2
>
> The two P routers are acting as route reflectors.
>
> CE1, CE2 and PE1 are Cisco devices while rest are Juniper M-series
> routers. The problem I am facing is that CE1 routes received at CE2a
> are Inter-area which is what is required (no redistribution into OSPF
> is done on CE1 and CE2). However, CE2 routes received by CE1 are Type
> 5 (E1). The documentation states that inorder to preserve the route
> types, domain IDs should be same on both PE routers. I have set domain
> ID to be 1.1.1.1:512, this was done on cisco via the command:
> "domain-id type 0105 value 010101010200" and on juniper as: "domain-id
> 1.1.1.1:512" in the OSPF configuration inside the VRF. Also on Juniper
> the domain-id was added into the ospf routes when redistributing them
> into MBGP.
>
> The problem seems to be with the Cisco PE1 router that can't seem to
> interpret the route-type attribute generated by Juniper:
>
> PE1#sh ip bgp vpnv4 all 10.254.20.254
> BGP routing table entry for 1:103:10.254.20.254/32, version 550
> Paths: (1 available, best #1, table VPN_OSPF)
>  Not advertised to any peer
>  Local
>    <PE2_Loopback_IP> (metric 4) from <P1_Loopback_IP> (<P1_Loopback_IP>)
>      Origin IGP, metric 2, localpref 100, valid, internal, best
>      Extended Community: RT:1:103 OSPF DOMAIN
> ID:0x0105:0x010101010200 0x306:0:393472
>
> 10.254.20.254/32 is advertised by CE2 (assigned on one of its loopback
> interfaces). Now the domain ID is fine but it seems that Cisco is
> unable to interpret the route-type attribute. 393472 translates to
> 60100 where 6 is the area ID, 01 says that it is type 1 LSA and and
> last two bytes are options are not used in this case. Upon receiving
> this route via MBPG, PE1 injects a type 5 LSA towards CE1 (confirmed
> on CE1 by enabling debugging) where it should inject have injected
> type 3:
>
> OSPF: Ack Type 5, LSID 10.254.20.254, Adv rtr 10.254.1.1, age 5, seq
> 0x80000001
>
>
> If I replace the Juniper PE2 with a Cisco then on PE1 seems to
> interpret the route-type attribute correctly and inject type 3 LSA
> towards CE1 and CE1 receive the routes as inter-area:
>
> PE1#sh ip bgp vpnv4 all 10.254.20.254
> BGP routing table entry for 1:103:10.254.20.254/32, version 676
> Paths: (1 available, best #1, table VPN_OSPF)
>  Not advertised to any peer
>  Local
>    <PE2_Loopback_IP> (metric 2) from <P1_Loopback_IP> (<P1_Loopback_IP>)
>      Origin incomplete, metric 11112, localpref 100, valid, internal, best
>      Extended Community: RT:1:103 OSPF DOMAIN
> ID:0x0005:0x010101010200 OSPF RT:0.0.0.6:2:0 OSPF ROUTER
> ID:10.254.2.1:512
>
>
> Debug output:
>
> OSPF: Ack Type 3, LSID 10.254.20.254, Adv rtr 10.254.1.1, age 1, seq
> 0x80000001
>
> Any idea what is causing this behavior? Any solution? Will appreciate any
> help.
>
> (The problem involves both Juniper and Cisco routers but I am posting
> it here as I believe most guys here are have worked on both
> platforms.)
>
>
> Regards,
> Junaid
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>


More information about the juniper-nsp mailing list