Manual:OSPF as PE-CE routing protocol

From MikroTik Wiki
Jump to navigation Jump to search

Software:

  • PE1 router is Cisco 7200
  • PE2 is MT and has RouterOS 3.23 with routing-test and mpls-test packages.
  • CE1 and CE2 have any RouterOS version.

Configuration with inter-area routing

Ospf-pe-ce.png

CE1

/ip address add address=10.1.1.1/24 interface=ether1
# static route to redistribute
/ip route add dst-address=10.10.1.0/24 gateway=x.x.x.x
/routing ospf instance set default redistribute-static=as-type-1 router-id=0.0.0.1
/routing ospf network add area=backbone network=1.1.1.0/24

CE2

/ip address add address=10.3.3.4/24 interface=ether1
# static route to redistribute
/ip route add dst-address=10.10.4.0/24 gateway=y.y.y.y
/routing ospf instance set default redistribute-static=as-type-1 router-id=0.0.0.4
/routing ospf network add area=backbone network=10.3.3.0/24

PE1 (Cisco)

ip vrf vrf1
 rd 1.1.1.1:111
 route-target export 1.1.1.1:111
 route-target import 1.1.1.1:111
 exit

interface Loopback0
 ip address 10.5.5.2 255.255.255.255

mpls ldp router-id Loopback0 force
mpls label protocol ldp

interface FastEthernet0/0
 ip vrf forwarding vrf1
 ip address 10.1.1.2 255.255.255.0

interface FastEthernet1/0
 ip address 10.2.2.2 255.255.255.0
 mpls ip

router ospf 1 vrf vrf1
 router-id 10.5.5.2
 network 10.1.1.0 0.0.0.255 area 0
 redistribute bgp 65000 subnets
 domain-id 0.0.0.1
 domain-tag 2222

router bgp 65000
 neighbor 10.5.5.3 remote-as 65000
 neighbor 10.5.5.3 update-source Loopback0
 address-family vpnv4
  neighbor 10.5.5.3 activate
  neighbor 10.5.5.3 send-community both
  exit-address-family
 address-family ipv4 vrf vrf1
  redistribute connected
  redistribute ospf 1 vrf vrf1 match internal external
  exit-address-family

ip route 10.5.5.3 255.255.255.255 10.2.2.3

PE2

/interface bridge add name=lobridge

/ip address
 add address=10.2.2.3/24 interface=ether1
 add address=10.3.3.3/24 interface=ether2
 add address=10.5.5.3/32 interface=lobridge

/ip route vrf add disabled=no export-route-targets=1.1.1.1:111 import-route-targets=1.1.1.1:111 \
    interfaces=ether2,vrf-lobridge route-distinguisher=1.1.1.1:111 routing-mark=vrf1
/ip route add dst-address=10.5.5.2/32 gateway=10.2.2.2

/routing bgp instance set default as=65000
/routing bgp instance vrf add instance=default routing-mark=vrf1 redistribute-connected=yes redistribute-ospf=yes
/routing bgp peer add instance=default remote-as=65000 remote-address=10.5.5.2 \
	 address-families=vpnv4 update-source=lobridge

/routing ospf instance redistribute-bgp=as-type-1 router-id=10.5.5.3 routing-table=vrf1 \
	 domain-id=0.0.0.1 domain-tag=3333
/routing ospf network add area=backbone network=10.3.3.0/24

/mpls ldp set enabled=yes transport-address=10.5.5.3
/mpls ldp interface add interface=ether1

Configuration with intra-area routing (including a sham link)

Ospf-pe-ce-sham-links.png

CE1 additional backlink

/ip address add address=10.7.7.1/24 interface=backlink
/routing ospf network add area=backbone network=10.7.7.0/24
/routing ospf interface add interface=backlink cost=1000 network-type=point-to-point

CE2 additional backlink

/ip address add address=10.7.7.4/24 interface=backlink
/routing ospf network add area=backbone network=10.7.7.0/24
/routing ospf interface add interface=backlink cost=1000 network-type=point-to-point

PE1 (Cisco) with a sham link

interface Loopback1
 ip vrf forwarding vrf1
 ip address 10.6.6.2 255.255.255.255

router ospf 1 vrf vrf1
 area 0 sham-link 10.6.6.2 10.6.6.3 cost 10

ip route 10.6.6.3 255.255.255.255 10.2.2.3

! all the rest of settings remain unchanged

PE2 with a sham-link

/interface bridge add name=vrf-lobridge

/ip address add address=10.6.6.3/32 interface=vrf-lobridge
# change the VRF to include vrf-lobridge interface
/ip route vrf add disabled=no export-route-targets=1.1.1.1:111 import-route-targets=1.1.1.1:111 \
    interfaces=ether2,vrf-lobridge route-distinguisher=1.1.1.1:111 routing-mark=vrf1
# configure the sham link
/routing ospf sham-link add area=backbone src-address=10.6.6.3 dst-address=10.6.6.2 
# add route to sham link's remote address
/ip route add dst-address=10.6.6.2 gateway=10.2.2.2