Hub-And-Spoke Layer 3 Vpns And Ospf Domain Ids - Juniper ACX1000 Configuration Manual
Junos os; acx series universal access router
Hide thumbs
Also See for ACX1000:
- User manual (216 pages) ,
- Hardware manual (204 pages) ,
- Quick start manual (27 pages)
Table of Contents
Advertisement
Copyright © 2017, Juniper Networks, Inc.
You can include this statement at the following hierarchy levels:
[edit routing-instances routing-instance-name protocols ospf]
[edit logical-systems logical-system-name routing-instances routing-instance-name
protocols ospf]
The range is 1 through 4,294,967,295 (2
set the same value for all PE routers in the VPN.
For an example of this type of configuration, see Configuring an OSPF Domain ID for a
Layer 3 VPN.
Hub-and-Spoke Layer 3 VPNs and OSPF Domain IDs
The default behavior of an OSPF domain ID causes some problems for hub-and-spoke
Layer 3 VPNs configured with OSPF between the hub PE router and the hub CE router
when the routes are not aggregated. A hub-and-spoke configuration has a hub PE router
with direct links to a hub CE router. The hub PE router receives Layer 3 BGP updates from
the other remote spoke PE routers, and these are imported into the spoke routing instance.
From the spoke routing instance, the OSPF LSAs are originated and sent to the hub CE
router.
The hub CE router typically aggregates these routes, and then sends these newly
originated LSAs back to the hub PE router. The hub PE router exports the BGP updates
to the remote spoke PE routers containing the aggregated prefixes. However, if there are
nonaggregated Type 3 summary LSAs or external LSAs, two issues arise with regard to
how the hub PE router originates and sends LSAs to the hub CE router, and how the hub
PE router processes LSAs received from the hub CE router:
By default, all LSAs originated by the hub PE router in the spoke routing instance have
the DN bit set. Also, all externally originated LSAs have the VPN route tag set. These
settings help prevent routing loops. For Type 3 summary LSAs, routing loops are not
a concern because the hub CE router, as an area border router (ABR), reoriginates the
LSAs with the DN bit clear and sends them back to the hub PE router. However, the
hub CE router does not reoriginate external LSAs, because they have an AS flooding
scope.
You can originate the external LSAs (before sending them to the hub CE router) with
the DN bit clear and the VPN route tag set to 0 by altering the hub PE router's routing
instance configuration. To clear the DN bit and set the VPN route tag to zero on external
LSAs originated by a PE router, configure 0 for the
[edit routing-instances routing-instance-name protocols ospf]
include this configuration in the routing instance on the hub PE router facing the hub
CE router where the LSAs are sent. When the hub CE router receives external LSAs
from the hub PE router and then forwards them back to the hub PE router, the hub PE
router can use the LSAs in its OSPF route calculation.
When LSAs flooded by the hub CE router arrive at the hub PE router's routing instance,
the hub PE router, acting as an ABR, does not consider these LSAs in its OSPF route
calculations, even though the LSAs do not have the DN bits set and the external LSAs
Chapter 26: Configuring Layer 3 VPNs
32
– 1). If you set VPN tags manually, you must
domain-vpn-tag
hierarchy level. You should
statement at the
837
- Quick Links:
- Interfaces
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
