[Search] [txt|pdfized|bibtex] [Tracker] [Email] [Diff1] [Diff2] [Nits]
Versions: 00 01 02                                                      
Network Working Group                                       K. Ishiguro
Internet Draft                                         IP Infusion Inc.
Expiration Date: September 2003                           V. Hallivuori
                                                             Tellabs Oy
                                                             March 2003



                    Use of Multiple Instance of OSPF
                for the PE/CE protocol in BGP/MPLS VPNs

                 draft-ishiguro-ppvpn-pe-ce-ospf-02.txt


Status of this Memo

   This document is an Internet-Draft and is in full conformance with
   all provisions of Section 10 of RFC2026.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as ``work in progress.''

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.


Abstract

   This document describes a simple way to use OSPF for Provider Edge
   (PE) router and Customer Edge (CE) router communication in BGP/MPLS
   VPNs [RFC2547BIS].  [VPN-BGP-OSPF] proposes a complicated way to
   achieve VPN route propagation as Type-3 LSAs.  This document
   describes the use of multiple instances of OSPF in conjunction with
   standard BGP/OSPF route redistribution mechanisms to maintain
   reachability information throughout VPNs.  With this mechanism, VPN
   routes are propagated as Type-5 LSAs.

1. Conventions used in this document



Ishiguro                 Expires September 2003                 [Page 1]

Internet Draft   draft-ishiguro-ppvpn-pe-ce-ospf-02.txt       March 2003


   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", MAY", AND "OPTIONAL" in this
   document are to be interpreted as described in RFC-2119 [ii].

2. Overview

   [RFC2547BIS] is widely used to provide VPN services to customers.  In
   [RFC2547BIS] architecture, a Customer Edge (CE) router can
   communicate with a Provider Edge (PE) router using any routing
   protocol.  Use of OSPF for PE and CE communication is a little bit
   complicated due to the nature of OSPF protocol.  OSPF has several
   types of routing information in the protocol.  OSPF Link State
   Advertisements (LSAs) are categorized into different types.
   [RFC2547BIS] uses BGP for PE to PE communication.  So when OSPF
   routes are exported and exchanged using BGP, some of OSPF information
   may be dropped.

   [VPN-BGP-OSPF] provides a way to propagate customer OSPF routes as
   type 3 LSAs (intra-area routes) to other CE routers.  To achieve this
   propagation, an additional mechanism is proposed for both OSPF and
   BGP.  These mechanisms are only needed when customers want to
   propagate OSPF routes as type 3 LSAs to other CE routers.  However,
   when customers do not require this propagation, the overall mechanism
   can be simplified.

   This document proposes a light-weight method of using OSPF for the PE
   and CE protocol.  In this mechanism, customer routes are exchanged as
   AS-External information in OSPF.

   The benefit of this mechanism:


     - Neither protocol changes nor additional features are required in
       OSPF and BGP.

     - Any OSPF area configuration can be used between PE and CE
       communication.

     - BGP does not carry any additional information over provider
       backbone.

     - Same mechanism can be used by other IGPs such as IS-IS.


   The drawback of this mechanism:






Ishiguro                 Expires September 2003                 [Page 2]

Internet Draft   draft-ishiguro-ppvpn-pe-ce-ospf-02.txt       March 2003


     - Configuration where two VPN sites are connected by two links:
       a VPN link and direct (backdoor) link.  Each site is in a
       different OSPF area and there is an OSPF adjascency over the
       backdoor link.

       In this case, backdoor link routes will be the primary routes.
       This is because intra-area routes are preferred over AS
       external routes.  If one wants the primary route to be the
       route via the VPN link, [VPN-BGP-OSPF] is needed.

     - OSPF routes are exchanged as AS-External information.  So the
       routes may be overlapped with real AS-External information


   This mechanism does not provide any OSPF LSAs transparency among cus-
   tomer VPN sites.  Because of the mechanism, VPN network reachability
   information can be exchanged with minimum effort .


3. Requirements

   A PE router MUST have the capability of running multiple instances of
   OSPF, where each OSPF instance can be associated with a particular
   VRF.

   Each OSPF instance MAY be bound to a specific VRF (1:1).  Other for-
   mation such as a single OSPF to multiple VRFs (1:n) or multiple OSPF
   to the same VRF (n:1) is left for futher study.

   A PE router MUST have the capability to redistribute OSPF and BGP
   routes to/from a particular VRF.  Import/export to/from particular
   VRFs to BGP is governed via Route Targets.

   There is no special requirement for CE router.


4. OSPF/VRF/BGP Redistribute Procedure

   PE router and CE router communicate by leveraging OSPF to exchange
   reachability information.  Any OSPF area configuration can be used
   between PE and CE.  Each VPN domain's OSPF route is distinguished by
   OSPF multiple instance.

   Each OSPF instance is bound to a specific VRF, so that OSPF routes
   are installed into the proper VRF.  The OSPF routes in VRF are
   exported to BGP governed via Route Targets configuration.

   A PE router exchanges VPN reachability information using



Ishiguro                 Expires September 2003                 [Page 3]

Internet Draft   draft-ishiguro-ppvpn-pe-ce-ospf-02.txt       March 2003


   [RFC2547BIS].  Other PE routers have the reachability information in
   VRF.  A PE router redistributes the routes from VRF to OSPF as Type-5
   LSA originated from redistributed route.

   Example Setup:


     - OSPF instance 100 is bound to VRF foo.

     - OSPF instance 200 is bound to VRF bar.

     - Each OSPF instance's route is installed into each VRF.

     - OSPF to BGP redistribute is done via VRF so that OSPF routes
       are imported to BGP with Route Targets configuration.

     - PE sends a BGP update to another PE router.

     - Another PE router installs the routes to particular VRF by Route
       Targets configuration.

     - BGP to OSPF redistribute is done via VRF.  OSPF has AS-External
       LSA of remote site network.



5. Security Considerations

   Security issues are not discussed in this memo.


6. Acknowledgements

   Thanks to Robert May and Eric Rosen for their comments.


7. Reference

   [RFC2547BIS]   Rosen, E., et. al., "BGP/MPLS VPNs",
                  <draft-ietf-ppvpn-rfc2547bis-03.txt>, October 2002.

   [VPN-BGP-OSPF] Rosen, E. et al., "OSPF as the PE/CE Protocol in
                  BGP/MPLS VPNs,"
                  <draft-rosen-vpns-ospf-bgp-mpls-06.txt>,
                  February 2003.


8. Author's Address



Ishiguro                 Expires September 2003                 [Page 4]

Internet Draft   draft-ishiguro-ppvpn-pe-ce-ospf-02.txt       March 2003


   Kunihiro Ishiguro
   IP Infusion Inc.
   111 W. St. John Street, Suite 910
   San Jose CA 95113
   e-mail: kunihiro@ipinfusion.com

   Ville Hallivuori
   Tellabs Oy
   Sinimaentie 6
   FIN-02630 Espoo, Finland
   e-mail: ville.hallivuori@tellabs.com








































Ishiguro                 Expires September 2003                 [Page 5]