Network Working Group K. Ishiguro Internet Draft IP Infusion Inc. Expiration Date: September 2003 V. Hallivuori Tellabs Oy March 2003 Use of Multiple Instance of OSPF for the PE/CE protocol in BGP/MPLS VPNs draft-ishiguro-ppvpn-pe-ce-ospf-02.txt Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as ``work in progress.'' The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. Abstract This document describes a simple way to use OSPF for Provider Edge (PE) router and Customer Edge (CE) router communication in BGP/MPLS VPNs [RFC2547BIS]. [VPN-BGP-OSPF] proposes a complicated way to achieve VPN route propagation as Type-3 LSAs. This document describes the use of multiple instances of OSPF in conjunction with standard BGP/OSPF route redistribution mechanisms to maintain reachability information throughout VPNs. With this mechanism, VPN routes are propagated as Type-5 LSAs. 1. Conventions used in this document Ishiguro Expires September 2003 [Page 1] Internet Draft draft-ishiguro-ppvpn-pe-ce-ospf-02.txt March 2003 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", MAY", AND "OPTIONAL" in this document are to be interpreted as described in RFC-2119 [ii]. 2. Overview [RFC2547BIS] is widely used to provide VPN services to customers. In [RFC2547BIS] architecture, a Customer Edge (CE) router can communicate with a Provider Edge (PE) router using any routing protocol. Use of OSPF for PE and CE communication is a little bit complicated due to the nature of OSPF protocol. OSPF has several types of routing information in the protocol. OSPF Link State Advertisements (LSAs) are categorized into different types. [RFC2547BIS] uses BGP for PE to PE communication. So when OSPF routes are exported and exchanged using BGP, some of OSPF information may be dropped. [VPN-BGP-OSPF] provides a way to propagate customer OSPF routes as type 3 LSAs (intra-area routes) to other CE routers. To achieve this propagation, an additional mechanism is proposed for both OSPF and BGP. These mechanisms are only needed when customers want to propagate OSPF routes as type 3 LSAs to other CE routers. However, when customers do not require this propagation, the overall mechanism can be simplified. This document proposes a light-weight method of using OSPF for the PE and CE protocol. In this mechanism, customer routes are exchanged as AS-External information in OSPF. The benefit of this mechanism: - Neither protocol changes nor additional features are required in OSPF and BGP. - Any OSPF area configuration can be used between PE and CE communication. - BGP does not carry any additional information over provider backbone. - Same mechanism can be used by other IGPs such as IS-IS. The drawback of this mechanism: Ishiguro Expires September 2003 [Page 2] Internet Draft draft-ishiguro-ppvpn-pe-ce-ospf-02.txt March 2003 - Configuration where two VPN sites are connected by two links: a VPN link and direct (backdoor) link. Each site is in a different OSPF area and there is an OSPF adjascency over the backdoor link. In this case, backdoor link routes will be the primary routes. This is because intra-area routes are preferred over AS external routes. If one wants the primary route to be the route via the VPN link, [VPN-BGP-OSPF] is needed. - OSPF routes are exchanged as AS-External information. So the routes may be overlapped with real AS-External information This mechanism does not provide any OSPF LSAs transparency among cus- tomer VPN sites. Because of the mechanism, VPN network reachability information can be exchanged with minimum effort . 3. Requirements A PE router MUST have the capability of running multiple instances of OSPF, where each OSPF instance can be associated with a particular VRF. Each OSPF instance MAY be bound to a specific VRF (1:1). Other for- mation such as a single OSPF to multiple VRFs (1:n) or multiple OSPF to the same VRF (n:1) is left for futher study. A PE router MUST have the capability to redistribute OSPF and BGP routes to/from a particular VRF. Import/export to/from particular VRFs to BGP is governed via Route Targets. There is no special requirement for CE router. 4. OSPF/VRF/BGP Redistribute Procedure PE router and CE router communicate by leveraging OSPF to exchange reachability information. Any OSPF area configuration can be used between PE and CE. Each VPN domain's OSPF route is distinguished by OSPF multiple instance. Each OSPF instance is bound to a specific VRF, so that OSPF routes are installed into the proper VRF. The OSPF routes in VRF are exported to BGP governed via Route Targets configuration. A PE router exchanges VPN reachability information using Ishiguro Expires September 2003 [Page 3] Internet Draft draft-ishiguro-ppvpn-pe-ce-ospf-02.txt March 2003 [RFC2547BIS]. Other PE routers have the reachability information in VRF. A PE router redistributes the routes from VRF to OSPF as Type-5 LSA originated from redistributed route. Example Setup: - OSPF instance 100 is bound to VRF foo. - OSPF instance 200 is bound to VRF bar. - Each OSPF instance's route is installed into each VRF. - OSPF to BGP redistribute is done via VRF so that OSPF routes are imported to BGP with Route Targets configuration. - PE sends a BGP update to another PE router. - Another PE router installs the routes to particular VRF by Route Targets configuration. - BGP to OSPF redistribute is done via VRF. OSPF has AS-External LSA of remote site network. 5. Security Considerations Security issues are not discussed in this memo. 6. Acknowledgements Thanks to Robert May and Eric Rosen for their comments. 7. Reference [RFC2547BIS] Rosen, E., et. al., "BGP/MPLS VPNs", , October 2002. [VPN-BGP-OSPF] Rosen, E. et al., "OSPF as the PE/CE Protocol in BGP/MPLS VPNs," , February 2003. 8. Author's Address Ishiguro Expires September 2003 [Page 4] Internet Draft draft-ishiguro-ppvpn-pe-ce-ospf-02.txt March 2003 Kunihiro Ishiguro IP Infusion Inc. 111 W. St. John Street, Suite 910 San Jose CA 95113 e-mail: kunihiro@ipinfusion.com Ville Hallivuori Tellabs Oy Sinimaentie 6 FIN-02630 Espoo, Finland e-mail: ville.hallivuori@tellabs.com Ishiguro Expires September 2003 [Page 5]