Category: MPLS L3 VPN

OSPF as PE-CE routing protocol in Mpls

  1. What feature we can use to prevent routing loop for dual home CE?
    1. PE set “down bit” for LSA type 3 and reject LSA type 3 from CE with “down bit” set
  2. What feature we can use to keep external route as LSA type 5 or type 7 for network with dual OSPF processes when using MPLS L3VPN as inter-site connection?
    1. Configure domain-ID on PE. PE with same domain-ID advertises LSA 1/2/3 as LSA3 to CE. PE with difference domain-ID advertises all LSA as LSA type 5
  3. What feature we can use to prefer MPLS Backbone link over intra area backdoor link?
    1. Run “OSPF Sham-link” between PEs.

Inter-Service Provider MPLS

  1. the scenario is a customer with two sites: A and B. Site A is connected to SP1, Site B is connected to SP2. These sites need to run IPv6 between them through the two SP. The SP Core is running IPv4 MPLS only
  2. In order for SP1 PEs to understand how to send packets to SP2 PEs, both SPs need to know each other PE loopback IPv4 addresses, and its MPLS label. This can be archived using MP-eBGP between the SPs via ASBR.
  3. In order for the PEs at both SPs to know the IPv6 prefixes, they can exchange IPv6VPN prefix with label via their Router-Reflector (RR) using MP-eBGP


BGP was originally designed to carry IPv4 prefixes only. We needed a scalable protocol that can carry other prefixes i.e. IPv6, VPNIPv4, VPNIPv6, etc, and thus Multiprotocol extension for BGP (MP-BGP) was developed (RFC2858).

MP-BGP define two new BGP attributes:

  1. Multiprotocol Reachable NLRI
  2. Multiprotocol Unreachable NLRI

Each NLRI hold:

  1. Address Family Identifier (AFI)
  2. Subsequent Address Family (SAFI)

MP-BGP is used in MPLS L3 VPN to distribute VPN labels and VPNIPv4 prefixes


OSPF Sham Link

OSPF Sham Link is essentially a virtual link between two PE across a MPLS network.

Normally OSPF prefixes retributed from PE to CE is categorized as inter-area prefixes if the advertising and receiving CEs have the same OSPF process ID. If the two CEs have a backdoor link as backup link, and they are on the same area, the backup link will be the preferred link for communication between these two sites, because intra-area route is always preferred over inter-area route.

OSPF Sham Link allows Ingress and Egress PEs establish OSPF neighbor, and thus the prefixes from the PE will be intra-area instead of inter-area. Once the prefixes from the MPLS is intra-area, we will be able to manipulate link cost, including the sham link cost to make the MPLS as the preferred link instead of the backdoor backup link.

Even though both PEs have been direct OSPF session, redistribution between MP-BGP and OSPF are still required because MP-BGP is used to distribute the VPN labels for each VPNIPv4 prefix. VPN labels are required to forward the MPLS packets. Without the VPNv4 routes in the MP-BGP, VPN labels will not be built. Even the routes are in OSPF, when the Ingress PE received the packet, it will not know what VPN label to push on the packet.

External links:

Two Labels on MPLS L3 VPN

The top label defines the LSP to get to the Egress PE. This label is swapped from hop by hop until it reached the Egress PE.

The bottom label defines which interface to forward the packet at the Egress PE. This label remains unchanged from Ingress PE to Egress PE.


Site-Of-Origin (SOO) is simply a 32-bit identifier that identifies that original site that advertised the prefix. It is used to prevent routing loop in MPLS L3 VPN, when two sites have more than one path between them.

Normally BGP uses AS-PATH to prevent routing loop. If the receiving router received a prefix with its own ASN on the prefix’s AS-PATH, the router would drop the prefix. However because AS-OVERRIDE feature is often used in MPLS L3 VPN PE to allow the customer to use the same ASN on all sites, the AS-PATH loop detection mechanism is broken. Thus a SP will normally configure SOO when they chose to use AS-OVERRIDE for a customer.

SOO is also supported on RIP, EIGRP. The SOO is simply advertised with a prefix as a 32-bit tag.

SOO is not supported and not needed in OSPF because OSPF uses DOWN BIT for MPLS L3 VPN loop prevention.

It is unclear whether IS-IS supports SOO.

External Links:

Petr Lapukhov’s Understanding EIGRP SoO and BGP Cost Community

BGP as-override

BGP as-override is a feature on PE. Its purpose is to allow customer to use the same ASN on all CE.

eBGP normally drops prefixes when its ASN is in the prefix’s as-path. In order to allow customer to use the same ASN on all CEs, we can configure as-override on the PE.

The purpose for the eBGP to drop prefixes when its ASN is in the as-path is to avoid loop. In order to use allow customer to use the same ASN and still has the ability to avoid loop, we can use SOO.