-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Collective,
Am hitting a problem whereby I'm trying to form a sham link (and hence OSPF adjacency) between two routers which ultimately exchange packets in an unlabelled fashion. Am trying to replicate, in a lab, an OSPF "Super Backbone" (as Cisco call it) between CE routers (as I dont want the scaling issues of running an SPF protocol such as OSPF on the PE routers) This is achieved by exchanging extended communities between the CE and PE such that the domain IDs are propagated between CE routers from their vrf BGP adjacencies with the PE routers. I must say, the first disappointment was that I couldn't find a way to inject the OSPF extended communities whilst running the OSPF process in the global table (i.e not inside a VRF) and there appeared to be no way of achieving this without placing both the OSPF process (and BGP adjacencies to the PE) within a VRF-lite VRF on the CE. Once I got this up and running, I formed the sham link between dedicated loopback endpoints only present in the BGP and the sham link formed, but the OSPF area 0 adjacency failed to form because the OSPF HELLO message arrived on the remote PE<->CE interface (since it was unicast/targeted) and that interface was not running OSPF, so the HELLO was discarded. Once placing this WAN interface in active OSPF, the check failed yet again due to subnet mismatch (as it would) since the WAN links do not share the same subnet/mask (and they wouldn't in a production network) I understand there are a number of ways of getting around this, including making the WAN interfaces unnumbered (which I don't want to do as it causes management issues for us) or creating a labelled path between the CE routers (as this is additional configuration to maintain), or even a GRE tunnel (shudder). I can see the way this should work in a classical sense , when the PE routers are running VRF OSPF that the HELLO arrives labelled (and hence not from an interface) and thus the check is bypassed. I can't seem to find a way to override this check for the sham link endpoints and wonder why such a knob does not exist. Can anybody point me in the right direction here? the goal of this exercise is to produce a setup which does not involve runing OSPF on the PE routers! For reference, here is my setup: LDP, P-OSPF, MP-BGP V [PE1]----[PE2] | |<-- P-VRF |==sham==| ||| ||| <-C-VRF [CE1]---[CE2] ^ C-OSPF Backdoor Thanks in advance, - -- David Freedman Group Network Engineering david.freed...@uk.clara.net Tel +44 (0) 20 7685 8000 Claranet Group 21 Southampton Row London - WC1B 5HA - UK http://www.claranet.com Company Registration: 3152737 - Place of registration: England All the information contained within this electronic message from Claranet Ltd is covered by the disclaimer at http://www.claranet.co.uk/disclaimer -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk0rG7kACgkQtFWeqpgEZrK9ugCcD2r7uKJwozBy5/2XQQIObLj/ PfYAoM8ymJQC6Yj1nBTUIXfcFR7ztuS4 =h4Wx -----END PGP SIGNATURE----- _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/