MPLS VPN PE-CE OSPF Global Default Route

In an MPLS VPN PE-CE network, some customers might require Internet access. One way to achieve this is by routing your traffic from the VRF to the global routing table and back. Another way to provide Internet access is to advertise a default route within a VRF, as we did in the MPLS VPN PE-CE OSPF default route lesson.

I’ll explain how to “leak” traffic from a VRF to the global routing table in this lesson. We’ll configure necessary static routes in the VRF and global routing table and advertise required routes through OSPF.

Let’s get started!

Configuration

Here is the topology we’ll use:

Mpls Vpn Pe Ce Ospf Default Route Global Topology

The topology is the same as the one I use in the MPLS VPN PE-CE OSPF lesson but I added a GW router that is connected to the “Internet”. The 66.66.66.66/32 address on the GW router simulates a server on the Internet.

  • Configurations
  • CE1
  • CE2
  • GW
  • P
  • PE1
  • PE2

Want to take a look for yourself? Here you will find the startup configuration of each device.

OSPF between P and GW

First, we’ll configure OSPF on the GW and P routers. I advertise a loopback interface on the GW router which we need later as the next-hop address for a static route:

GW(config)#router ospf 1
GW(config-router)#network 6.6.6.6 0.0.0.0 area 0
GW(config-router)#network 192.168.36.0 0.0.0.255 area 0
P(config)#router ospf 1
P(config-router)#network 192.168.36.0 0.0.0.255 area 0

From VRF to Global

Let’s focus on getting traffic from the VRF to the global routing table. We can do this by configuring a static route on the PE routers and adding the global parameter. This tells the router that the next hop is in the global routing table, not in the VRF:

PE1 & PE2
(config)#ip route vrf CUSTOMER 0.0.0.0 0.0.0.0 6.6.6.6 global

The static route is now on the PE routers but we also need it on the CE routers. Let’s configure OSPF to advertise a default route in the VRF:

PE1 & PE2
(config)#router ospf 2 vrf CUSTOMER
(config-router)#default-information originate

OSPF will only advertise a default route when the PE routers have a default route in their routing tables. Thanks to this default route, the CE routers now know to reach unknown destinations.

The static default route on PE1 and PE2 will always be in the global routing table as long as 6.6.6.6 is reachable, even when there is no Internet access. This also means the CE routers receive the default route through OSPF. It’s not a bad idea to combine the static default route with IP SLA to ensure that it will be withdrawn when there is no Internet connectivity. Otherwise, you might forward traffic that is dropped by the GW router.

From Global to VRF

Our CE routers can make it to the GW router, but we also have to think about the return traffic. The GW router somehow needs to know how it can reach 1.1.1.1 (CE1) or 5.5.5.5 (CE2). The traffic is routed in the global routing table, so we need something there.

To achieve this, I will add a static route in the global routing table on the PE routers which points to the CE routers. I will redistribute these static routes into OSPF so that the GW and P routers know how to reach these networks.

If you use public IP addresses in your VRFs, you’ll need BGP so that you can advertise these prefixes to other ASes. I’m using OSPF because our P router is not configured for BGP.

PE1

The static route that points to the VRF must point to an interface and if it’s a multi-access interface, we also have to include the next-hop IP address. This static route is in the global routing table but the next-hop IP address is in the VRF. Normally, this static route would be invalid but with MPLS VPN, this is a valid configuration. Here’s the static route: