- The Urgent Need for Data Minimization Standards
- If ChatGPT produces AI-generated code for your app, who does it really belong to?
- The best iPhone power banks of 2024: Expert tested and reviewed
- The best NAS devices of 2024: Expert tested
- Four Ways to Harden Your Code Against Security Vulnerabilities and Weaknesses
OSPF VRF to OPSF Global Route leaking Examples from PE to PE
Hi Guys ,
I got stuck in a situation where we need to take the Routes from OSPF VRF process to OPSF global via MPLS backbone to reach other networks across MPLS. We used the below Solution.
Scenario.
Servers—->PE1—–>P—–>PE2—–>Servers
PE1—————————OSPF ————————-PE2
PE1————————iBGP/MPLS——————-PE2
OSPF Global in PE1——————–> OSPFGlobal in PE2 AND OSPF VRF in PE2
Below template used in PE2
OSPF VRF to OPSF Global Route leaking Examples from PE to PE
===========================================================
PE2 Side template
! // Adding the Static routes in the Global for pointing to the VRF BLUE , Vlan 106
!
ip route 10.16.26.0 255.255.255.0 Vlan106
ip route 10.16.4.20 255.255.255.252 Vlan106
ip route 10.16.22.0 255.255.255.0 Vlan106
ip route 10.16.23.0 255.255.255.0 Vlan106
ip route 10.16.24.0 255.255.255.0 Vlan106
ip route 10.16.25.0 255.255.255.0 Vlan106
ip route 10.16.26.0 255.255.255.0 Vlan106
!
// Injecting the Default Route in the VRF BLUE pointing to Next Hop which is PE1 L3 MPLS Enabled Interface
!
ip route vrf BLUE 0.0.0.0 0.0.0.0 port-channel 6 172.16.10.1 global
// Port Channel 6 is L3 between PE1 and PE2. Global Key word is used to route from VRF to Global Routing.
====================================
// Allowing only the VRF BLUE routes to be redistributed in the OSPF Global to reach via OPSF Global to network behind PE1
// Controlling the Routes via Prefix List to be advertised to other PEs
// Note: You can ignore the Prefix List/Route-map if you dont need to control the routes , as i have lot of routes and requires only specific to be advertised .
!
ip prefix-list BLUE-RED-Routes seq 10 permit 10.16.14.0/24
ip prefix-list BLUE-RED-Routes seq 15 permit 10.16.22.0/24
ip prefix-list BLUE-RED-Routes seq 20 permit 10.16.22.0/24
ip prefix-list BLUE-RED-Routes seq 25 permit 10.16.23.0/24
ip prefix-list BLUE-RED-Routes seq 30 permit 10.16.24.0/24
ip prefix-list BLUE-RED-Routes seq 40 permit 10.16.25.0/24
ip prefix-list BLUE-RED-Routes seq 50 permit 10.16.26.0/24
ip prefix-list BLUE-RED-Routes seq 60 permit 10.16.28.0/24
ip prefix-list BLUE-RED-Routes seq 70 permit 10.16.99.0/24
ip prefix-list BLUE-RED-Routes seq 80 permit 10.16.57.0/24
ip prefix-list BLUE-RED-Routes seq 90 permit 10.16.4.20/30
!
route-map RMP-BLUE-RED-Routes permit 10
match ip address prefix-list BLUE-RED-Routes
!
// Controlling Routes when redistributing static in the Global OSPF process to be Advertised to other Side of PEs //
!
router ospf 100
redistribute static subnets route-map RMP-BLUE-RED-Routes
!
Now your networks behind PE1 should be able to reach Network behind PE2.
================================