Network Working Group Eric C. Rosen Internet Draft Peter Psenak Expiration Date: July 2002 Cisco Systems, Inc. Padma Pillay-Esnault Juniper Networks, Inc. January 2002 OSPF Area 0 PE/CE Links in BGP/MPLS VPNs draft-rosen-ppvpn-ospf2547-area0-00.txt Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. Abstract [VPN] describes a method of providing a VPN service. That method allows a variety of different protocols to be used as the routing protocol between the Customer Edge (CE) router and the Provider Edge (PE) router. [OSPF-VPN} specifies the procedures which must be implemented within the Provider's network when the PE/CE routing protocol is OSPF [OSPF], and the PE/CE link is not an area 0 link. This document specifies the additional, optional, procedures that must be implemented to support the case in which the PE/CE link is an area 0 link. Rosen, et al. [Page 1] Internet Draft draft-rosen-ppvpn-ospf2547-area0-00.txt January 2002 Table of Contents 1 Specification of Requirements ........................ 2 2 Introduction ......................................... 2 3 The VPN Backbone and Area 0 .......................... 3 4 VPN-IP Routes Received via BGP ....................... 3 5 Handling LSAs from the CE ............................ 4 6 Sham Links ........................................... 4 7 Acknowledgments ...................................... 4 8 Authors' Address ..................................... 4 9 Bibliography ......................................... 5 1. Specification of Requirements The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119. 2. Introduction [VPN] describes a method of providing a VPN service. That method allows a variety of different protocols to be used as the routing protocol between the Customer Edge (CE) router and the Provider Edge (PE) router. [OSPF-VPN} specifies the procedures which must be implemented within the Provider's network when the PE/CE routing protocol is OSPF [OSPF], and the PE/CE link is not an area 0 link. This document specifies the additional, optional, procedures that must be implemented to support the case in which the PE/CE link is an area 0 link. Whereas the procedures of [OSPF-VPN] do not require any modifications to the OSPF protocol itself, the procedures specified herein do require a small OSPF protocol modification. The procedures specified herein are optional, and are additional to the procedures specified in [OSPF-VPN]. CE routers, connected to PE routers of the VPN service, may themselves function as OSPF backbone (area 0) routers. An OSPF backbone may even consist of several "segments" which are interconnected themselves only via the VPN service. In such a scenario, full intercommunication between sites connected to different segments of the OSPF backbone should still be possible. Rosen, et al. [Page 2] Internet Draft draft-rosen-ppvpn-ospf2547-area0-00.txt January 2002 3. The VPN Backbone and Area 0 As specified in [OSPF-VPN], every PE attached to a particular OSPF network MUST be an OSPF area 0 router. If the OSPF domain has any area 0 routers (other than the PE routers), then at least one of those MUST be a CE router, and MUST have an area 0 link to at least one PE router. This adjacency MAY be via an OSPF virtual link. This is necessary to ensure that inter-area routes and AS-external routes can be leaked between the PE routers and the non-PE OSPF backbone. Two sites which are not in the same OSPF area will see the VPN backbone as being an integral part of the OSPF backbone. However, if there are area 0 routers which are NOT PE routers, then the VPN backbone actually functions as a sort of higher level backbone, providing a third level of hierarchy above area 0. This allows, e.g., a legacy OSPF backbone to become disconnected during a period of transition to a VPN, as long as the various segments of the OSPF backbone all attach to the VPN backbone. As specified in [OSPF-VPN], VPN-IP routes received by a PE via BGP may cause the PE to send type 3 LSAs to a CE router. These type 3 LSAs may eventually be redistributed by another CE router to another PE router. If the link between the latter CE and the latter PE is not in area 0, then ordinary OSPF procedures cause those LSAs to be ignored, as in this case the PE is an ABR and an ABR does not forward type 3 LSAs that come from within a non-zero area. Once we allow PE/CE links to be within area 0, it is possible that one PE will turn a BGP-distributed VPN-IP route into a type 3 LSA, and another PE will turn that type 3 LSA back into a BGP-distributed VPN-IP route. If this is allowed, routing loops may form. A procedure is therefore defined in this document which prevents this from happening. 4. VPN-IP Routes Received via BGP [OSPF-VPN] specifies various conditions under which the receipt of VPN-IP routes via BGP causes a PE to send a type 3 LSA to a CE. When a type 3 LSA is sent over an area 0 link from a PE router to a CE router, the high-order bit of the LSA Options field (previously unused) MUST be set. We refer to this bit as the DN bit. On PE/CE links which are not in area 0, the DN bit MAY be set. In all other respects, the procedures from [OSPF-VPN] section 4.2.4 are followed. Rosen, et al. [Page 3] Internet Draft draft-rosen-ppvpn-ospf2547-area0-00.txt January 2002 5. Handling LSAs from the CE When a PE router receives, from a CE router, a type 3 LSA with the DN bit set, the LSA is ignored. In all other respects, the procedures from [OSPF-VPN} section 4.2.2 are followed. 6. Sham Links Sham links may be created within area 0. 7. Acknowledgments Significant contributions to this work have been made by Derek Yeung and Yakov Rekhter. Thanks to Ross Callon and Ajay Singhal for their comments. 8. Authors' Address Eric C. Rosen Cisco Systems, Inc. 250 Apollo Drive Chelmsford, MA, 01824 E-mail: erosen@cisco.com Peter Psenak Parc Pegasus, De Kleetlaan 6A 1831 Diegem Belgium E-mail: ppsenak@cisco.com Rosen, et al. [Page 4] Internet Draft draft-rosen-ppvpn-ospf2547-area0-00.txt January 2002 Padma Pillay-Esnault Juniper Networks 1194 N. Mathilda Avenue Sunnyvale, CA 94089 E-mail: padma@juniper.net 9. Bibliography [EXT] "BGP Extended Communities Attribute", draft-ietf-idr-bgp-ext- communities-02.txt>, Sangli, S., Tappan, D., Rekhter, Y., October 2001. [OSPF] "OSPF Version 2", RFC 2328, Moy, J., April 1998. [VPN] "BGP/MPLS VPNs", draft-ietf-ppvpn-rfc2547bis-00.txt, Rosen, E., et. al., July 2001. [OSPF-VPN] "OSPF as the PE/CE Protocol in BGP/MPLS VPNs", draft- rosen-vpns-ospf-bgp-mpls-04.txt, Rosen, E., et. all., January 2002. Rosen, et al. [Page 5]