Blog Archives

Trouble Shooting OSPF Adjacency Problems (3)

In today’s post we are going to resume our discussion about the reason that could lead to OSPF adjacency problems, and we’ll look into the below reasons:

  • Mismatched hello and dead interval values.
  • Mismatched MTU settings.

We’ll work on the same topology as below.

capture2

Read the rest of this entry

Advertisements

Trouble Shooting OSPF Adjacency Problems (2)

In the last post we’ve discussed some of the reasons that could lead to OSPF adjacency problems, in today’s post we are going to look at the below reasons and we shall continue the rest of the reasons in a subsequent post.

  • Mismatched interface types.
  • OSPF priority is set to 0 on both sides.
  • Mismatched area IDs or mismatched area types.

We’ll continue to work on the same topology as below.

capture2

Read the rest of this entry

Trouble Shooting OSPF Adjacency Problems (1)

In this topic we are going to discuss some of the reasons that affect the OSPF adjacency between two peers and how to trouble shoot these issues in Junos.

First we will list the possible reasons for OSPF adjacency issues and we’ll discuss it in detail in subsequent paragraphs.

Possible Causes of OSPF Adjacency Issues:

  • Duplicate RIDs.
  • Mismatched subnet masks, or incorrect IP addressing.
  • Authentication mismatches.
  • Mismatched interface types.
  • OSPF priority is set to 0 on both sides.
  • Mismatched area IDs or mismatched area types.
  • Mismatched hello and dead interval values.
  • Mismatched MTU settings.

Read the rest of this entry

L2 And L3 VPN over Ethernet Ring

In this post we are going to discuss how can we setup L2VPN and L3VPN over an Ethernet ring network, this is very challenging actually, knowing the fact that we need to achieve redundancy for both our edge network and to our customer.

As illustrated below, we have our MX104 PE router connected to the ring network that’s connected to MSAN cabins (Access Layer) through 2 Gigabit interfaces in order to achieve redundancy over the network.

1

The 1st challenge to take is how to setup L3VPN.

In our situaion we can’t use a logical unit of one of the main Gigs as this will not achieve the needed redundancy for the customer as there’s one Gig that will be up and the other will be down in order to prevent loops. So  the right solution would be to use Integrated Routing & Bridging interfaces (IRB) and assign it to the same bridge domain as the logical units of the main Gigs.

root@R02J> show interfaces descriptions | match Cust-A
ge-0/0/1.700  up     up    VPN: Cust-A –> Main Gig the customer is working on right now
ge-0/1/1.700   up    down VPN: Cust-A –> Backup Gig for the same customer
irb.700             up     up       VPN: Cust-A –>Layer 3 IRB interface for this customer (like an SVI interface on a Cisco Switches)

Read the rest of this entry

OSPF Domain-ID || Domain-Tag

OSPF Domain ID

When OSPF is used as the routing protocol on a provider edge to customer edge (PE-CE) link in a multiprotocol label switching (MPLS) VPN. PE routers mark OSPF routes with the domain attribute derived from the OSPF process number to indicate whether the route originated within the same OSPF domain or from outside it.

Importance of Domain-ID

In MPLS-VPN network ISP cloud is treated as a super backbone area, and PEs are considered as ABRs or ASBRs depending on the domain-id value, then routes redistributed to CEs would be OSPF inter- area routes or would be OSPF external routes.

Why would we care to have OIA or E or O routes in our OSPF database?

The answer is simply that OSPF prefers intra-area routes then inter-area routes and finally external routes to be installed in routing table. And we don’t want to come in to the case that routes are leaked from a back door in then being redistributed to the ISP cloud creating a loop in the network and disrupting traffic.

So if we had a different processes on our PEs then so we have to explicitly configure the domain-id value under the OSPF process.

OSPF loop prevention in PE-CE routing

  • DN bit

o    When a type 3 LSA is sent from a PE router to a CE router, the DN bit [OSPF-DN] in the LSA Options field MUST be set. This is used to ensure that if any CE router sends this type 3 LSA to a PE router, the PE router will not redistribute it further.

  • Domain-Tag

o   PE routers originate Type 5 LSAs reporting the extra-domain routes as AS-external routes. Each such Type 5 LSA MUST contain an OSPF route tag. This tag identifies the route as having come from a PE router. The VPN Route Tag MUST be used to ensure that a Type 5 LSA originated by a PE router is not redistributed through the OSPF area to another PE router.

Read the rest of this entry