Network Working Group Eric C. Rosen
Internet Draft Peter Psenak
Expiration Date: August 2003 Cisco Systems, Inc.
Padma Pillay-Esnault
Juniper Networks, Inc.
February 2003
OSPF Area 0 PE/CE Links in BGP/MPLS VPNs
draft-rosen-ppvpn-ospf2547-area0-02.txt
Status of this Memo
This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that other
groups may also distribute working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
Abstract
[VPN] describes a method of providing a VPN service. That method
allows a variety of different protocols to be used as the routing
protocol between the Customer Edge (CE) router and the Provider Edge
(PE) router. [OSPF-VPN} specifies the procedures which must be
implemented within the Provider's network when the PE/CE routing
protocol is OSPF [OSPF], and the PE/CE link is not an area 0 link.
This document specifies the additional, optional, procedures that
must be implemented to support the case in which the PE/CE link is an
area 0 link.
Rosen, et al. [Page 1]
Internet Draft draft-rosen-ppvpn-ospf2547-area0-02.txt February 2003
Table of Contents
1 Specification of Requirements ........................ 2
2 Introduction ......................................... 2
3 The VPN Backbone and Area 0 .......................... 3
4 VPN-IP Routes Received via BGP ....................... 3
5 Handling LSAs from the CE ............................ 4
6 Sham Links ........................................... 4
7 Acknowledgments ...................................... 4
8 Authors' Address ..................................... 4
9 Normative References ................................. 5
1. Specification of Requirements
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119.
2. Introduction
[VPN] describes a method of providing a VPN service. That method
allows a variety of different protocols to be used as the routing
protocol between the Customer Edge (CE) router and the Provider Edge
(PE) router. [OSPF-VPN} specifies the procedures which must be
implemented within the Provider's network when the PE/CE routing
protocol is OSPF [OSPF], and the PE/CE link is not an area 0 link.
This document specifies the additional, optional, procedures that
must be implemented to support the case in which the PE/CE link is an
area 0 link. Whereas the procedures of [OSPF-VPN] do not require any
modifications to the OSPF protocol itself, the procedures specified
herein do require a small OSPF protocol modification.
The procedures specified herein are optional, and are additional to
the procedures specified in [OSPF-VPN].
CE routers, connected to PE routers of the VPN service, may
themselves function as OSPF backbone (area 0) routers. An OSPF
backbone may even consist of several "segments" which are
interconnected themselves only via the VPN service. In such a
scenario, full intercommunication between sites connected to
different segments of the OSPF backbone should still be possible.
Rosen, et al. [Page 2]
Internet Draft draft-rosen-ppvpn-ospf2547-area0-02.txt February 2003
3. The VPN Backbone and Area 0
As specified in [OSPF-VPN], every PE attached to a particular OSPF
network MUST be an OSPF area 0 router.
If the OSPF domain has any area 0 routers (other than the PE
routers), then at least one of those MUST be a CE router, and MUST
have an area 0 link to at least one PE router. This adjacency MAY be
via an OSPF virtual link. This is necessary to ensure that inter-area
routes and AS-external routes can be leaked between the PE routers
and the non-PE OSPF backbone.
Two sites which are not in the same OSPF area will see the VPN
backbone as being an integral part of the OSPF backbone. However, if
there are area 0 routers which are NOT PE routers, then the VPN
backbone actually functions as a sort of higher level backbone,
providing a third level of hierarchy above area 0. This allows,
e.g., a legacy OSPF backbone to become disconnected during a period
of transition to a VPN, as long as the various segments of the OSPF
backbone all attach to the VPN backbone.
As specified in [OSPF-VPN], VPN-IP routes received by a PE via BGP
may cause the PE to send type 3 LSAs to a CE router. These type 3
LSAs may eventually be redistributed by another CE router to another
PE router. If the link between the latter CE and the latter PE is
not in area 0, then ordinary OSPF procedures cause those LSAs to be
ignored, as in this case the PE is an ABR and an ABR does not forward
type 3 LSAs that come from within a non-zero area. Once we allow
PE/CE links to be within area 0, it is possible that one PE will turn
a BGP-distributed VPN-IP route into a type 3 LSA, and another PE will
turn that type 3 LSA back into a BGP-distributed VPN-IP route. If
this is allowed, routing loops may form. A procedure is therefore
defined in this document which prevents this from happening.
4. VPN-IP Routes Received via BGP
[OSPF-VPN] specifies various conditions under which the receipt of
VPN-IP routes via BGP causes a PE to send a type 3 LSA to a CE.
When a type 3 LSA is sent over an area 0 link from a PE router to a
CE router, the high-order bit of the LSA Options field (previously
unused) MUST be set. We refer to this bit as the DN bit. On PE/CE
links which are not in area 0, the DN bit MAY be set.
In all other respects, the procedures from [OSPF-VPN] section 4.2.4
are followed.
Rosen, et al. [Page 3]
Internet Draft draft-rosen-ppvpn-ospf2547-area0-02.txt February 2003
5. Handling LSAs from the CE
When a PE router receives, from a CE router, a type 3 LSA with the DN
bit set, the information from that LSA is not used by the SPF
computation.
In all other respects, the procedures from [OSPF-VPN} section 4.2.2
are followed.
6. Sham Links
Sham links may be created within area 0.
7. Acknowledgments
Significant contributions to this work have been made by Derek Yeung
and Yakov Rekhter.
Thanks to Ross Callon and Ajay Singhal for their comments.
8. Authors' Address
Eric C. Rosen
Cisco Systems, Inc.
250 Apollo Drive
Chelmsford, MA, 01824
E-mail: erosen@cisco.com
Peter Psenak
Parc Pegasus,
De Kleetlaan 6A
1831 Diegem
Belgium
E-mail: ppsenak@cisco.com
Rosen, et al. [Page 4]
Internet Draft draft-rosen-ppvpn-ospf2547-area0-02.txt February 2003
Padma Pillay-Esnault
Juniper Networks
1194 N. Mathilda Avenue
Sunnyvale, CA 94089
E-mail: padma@juniper.net
9. Normative References
[EXT] "BGP Extended Communities Attribute", draft-ietf-idr-bgp-ext-
communities-05.txt>, Sangli, S., Tappan, D., Rekhter, Y., May 2002
[OSPF] "OSPF Version 2", RFC 2328, Moy, J., April 1998.
[VPN] "BGP/MPLS VPNs", draft-ietf-ppvpn-rfc2547bis-03.txt, Rosen, E.,
et. al., October 2002.
[OSPF-VPN] "OSPF as the PE/CE Protocol in BGP/MPLS VPNs", draft-
rosen-vpns-ospf-bgp-mpls-06.txt, Rosen, E., et. all., February 2003
Rosen, et al. [Page 5]