Network Working Group K. Ishiguro Internet Draft IP Infusion Inc. Expiration Date: February 2003 V. Hallivuori Tellabs Oy August 2002 Use of Multiple Instance of OSPF for the PE/CE protocol in BGP/MPLS VPNs draft-ishiguro-ppvpn-pe-ce-ospf-00.txt Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as ``work in progress.'' The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. Abstract This document describes a simple way to use OSPF for Provider Edge (PE) router and Customer Edge (CE) router communication in BGP/MPLS VPNs [RFC2547BIS]. [VPN-BGP-OSPF] propose a complicated way to achieve VPN routes propagation as Type-3 LSA. This document describes the use of multiple instances of OSPF in conjunction with standard BGP/OSPF route redistribution mechanisms to maintain reachability information throughout VPNs. VPN routes are propagated as Type-5 LSA in this mechanism. 1. Conventions used in this document Ishiguro Expires February 2003 [Page 1] Internet Draft draft-ishiguro-ppvpn-pe-ce-ospf-00.txt August 2002 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", MAY", AND "OPTIONAL" in this document are to be interpreted as described in RFC-2119 [ii]. 2. Overview [RFC2547BIS] is widely used to provide VPN services to customers. In [RFC2547BIS] architecture, Customer Edge (CE) router can communicate with Provide Edge (PE) router using any routing protocol. Use of OSPF for PE and CE communication is a little bit complicated due to the nature of OSPF protocol. OSPF has several types of routing information in the protocol. OSPF Link State Advertisements (LSAs) are categorized into different types. [RFC2547BIS] use BGP for PE to PE commutation. So when OSPF routes are exported and exchanged using BGP, some of OSPF information may be dropped. [VPN-BGP-OSPF] provides a way to propagate customer OSPF routes as type 3 LSAs (Inter-are routes) to other CE routers. For propagation, additional mechanism is proposed for both OSPF and BGP. These mechanisms are only needed when customers want to propagate OSPF routes as type 3 LSAs to other CE router. So if customers do not require the propagation, overall mechanism can be simple. This document proposes a light weight way to use OSPF for PE and CE communication. In this mechanism, customer routes are exchanged as AS-External information in OSPF. The benefit of this mechanism: - No protocols changes or additional features are required in OSPF and BGP. - Any OSPF area configuration can be used between PE and CE communication. - BGP does not carry any additional information over provider backbone. - Same mechanism can be used by other IGPs such as IS-IS. The drawback of this mechanism: - OSPF routes are exchanged as AS-External information. So the routes may be overlapped with real AS-External information. Ishiguro Expires February 2003 [Page 2] Internet Draft draft-ishiguro-ppvpn-pe-ce-ospf-00.txt August 2002 This mechanism does not provide any OSPF LSAs transparency among cus- tomer VPN sites. Because of the mechanism with minimum effort, VPN network reachability information ca be exchanged. 3. Requirements A PE router MUST have a capability of running multiple instances of OSPF, where each OSPF instance can be associated with a particular VRF. Each OSPF instance MAY be bound to a specific VRF (1:1). Multiple OSPF instances MAY be bound to the same VRF (n:1). A single OSPF instance SHALL NOT be bound to multiple VRFs (1:n). A PE router MUST have capability of redistribute OSPF and BGP routes to/from a particular VRF. Import/export to/from particular VRFs to BGP is governed via Route Targets. There is no special requirement for CE router. 4. OSPF/VRF/BGP Redistribute Procedure PE router and CE router communicate each other by leveraging OSPF to exchange reachability information. Any OSPF area configuration can be used between PE and CE. Each VPN domain's OSPF route is distin- guished by OSPF multiple instance. Each OSPF instance is bound to specific VRF so that OSPF routes are installed into proper VRF. The OSPF routes in VRF are exported to BGP governed via Route Targets configuration. PE router exchanges VPN reachability information using [RFC2547BIS]. Other PE router has the reachability information in VRF. PE router redistributes the routes from VRF to OSPF as Type-5 LSA originated from redistributed route. Example Setup: Ishiguro Expires February 2003 [Page 3] Internet Draft draft-ishiguro-ppvpn-pe-ce-ospf-00.txt August 2002 - OSPF instance 100 is bound to VRF foo - OSPF instance 200 is bound to VRF bar. - Each OSPF instance's route is installed into each VRF. - OSPF to BGP redistribute is done via VRF so that OSPF routes are imported to BGP with Route Targets configuration. - PE send BGP update to other PE router. - PE router install the routes to particular VRF by Route Targets configuration. - BGP to OSPF redistribute is done via VRF. OSPF has AS-External LSA of remote site network. 5. Security Considerations Security issues are not discussed in this memo. 6. Acknowledgements Thanks to Robert May for comments. 7. Reference [RFC2547BIS] Rosen, E., et. al., "BGP/MPLS VPNs", , July 2002. [VPN-BGP-OSPF] Rosen, E. et al., "OSPF as the PE/CE Protocol in BGP/MPLS VPNs," , July 2002. 8. Author's Address Kunihiro Ishiguro IP Infusion Inc. 111 W. St. John Street, Suite 910 San Jose CA 95113 e-mail: kunihiro@ipinfusion.com Ville Hallivuori Tellabs Oy Sinimaentie 6 Ishiguro Expires February 2003 [Page 4] Internet Draft draft-ishiguro-ppvpn-pe-ce-ospf-00.txt August 2002 FIN-02630 Espoo, Finland e-mail: ville.hallivuori@tellabs.com Ishiguro Expires February 2003 [Page 5]