Refer to the Exhibit.
Referring to the exhibit, you have recently configured a Layer 3 VPN between Site 1, Site 2, and
Site 3. The CE2 device has all routes from Site 1 and Site 3. The CE3 device has all the routes
from Site 1 and Site 3. CE1 is not receiving any routes from either Site 2 or Site 3.
Which statement is correct?
PE2 must redistribute the routes into OSPF using a VRF export policy.
You must configure a sham link between all three sites.
OSPF is not a supported PE to CE routing protocol.
You must create an export policy on PE1 to redistribute the VPN routes into OSPF.
5 Comments on “Which statement is correct?”
answer – D
D should be the correct answer!
D is not a correct answer……
The setup is very simple:
CE1 — PE1 — PE2 — CE2
We have a l3VPN between CE1 und CE2, routes are exchanged and all routes from CE1 are seen by CE2 and vice versa. In this example CE-PE protocol is OSPF, but it could be any protocol i guess. We do have a sham-link setup between the PEs, so we do not need to redistribute the routes from BGP to OSPF on the PEs. Up to here eveything works fine.
We now want to give the customer/VRF access to the “internet” at PE1. PE1 has a full table in inet.0 so we configure a static default route on CE1 pointing to table inet.0
route 0.0.0.0/0 next-table inet.0;
When OSPF is used to connect PE and CE routers, all routing information learned from a VPN site is placed in the VPN routing and forwarding (VRF) instance associated with the incoming interface. The PE routers that attach to the VPN use the Border Gateway Protocol (BGP) to distribute VPN routes to each other. A CE router can then learn the routes to other sites in the VPN by peering with its attached PE router. The MPLS VPN superbackbone provides an additional level of routing hierarchy to interconnect the VPN sites running OSPF.
When OSPF routes are propagated over the MPLS VPN backbone, additional information about the prefix in the form of BGP extended communities (route type, domain ID extended communities) is appended to the BGP update. This community information is used by the receiving PE router to decide the type of link-state advertisement (LSA) to be generated when the BGP route is redistributed to the OSPF PE-CE process. In this way, internal OSPF routes that belong to the same VPN and are advertised over the VPN backbone are seen as interarea routes on the remote sites.
Using a Sham-Link to Correct OSPF Backdoor Routing
Although OSPF PE-CE connections assume that the only path between two client sites is across the MPLS VPN backbone, backdoor paths between VPN sites (shown in grey in the figure below) may exist. If these sites belong to the same OSPF area, the path over a backdoor link will always be selected because OSPF prefers intraarea paths to interarea paths. (PE routers advertise OSPF routes learned over the VPN backbone as interarea paths.) For this reason, OSPF backdoor links between VPN sites must be taken into account so that routing is performed based on policy.
The OSPF routes in the VRF forwarding table are OSPF IPv4 routes, but BGP/MPLS VPNs distribute VPN-IPv4 routes by means of MP-BGP. You must configure the VRF to redistribute the OSPF routes into MP-BGP. MP-BGP converts each imported OSPF route to a VPN-IPv4 route, applies export policy to the route, and then propagates the route to a remote PE site by means of the MPLS/VPN backbone. At the destination PE router, MP-BGP places each route in the appropriate VRF forwarding table based on the import policy for each VRF and the route target associated with the route.