[c-nsp] Conflicting OSPF router-ids in separate VRFs

Wed, 04 Mar 2009 22:31:20 -0800

I'm trying to get multiple OSPF instances to work in separate VRFs with all OSPF instances using the same router-id. We're offering a VPN tunnel service to access offsite bit-for-bit data copy services in our Data Center. The tunnel of choice is a GRE tunnel with IPSec protection. The GRE tunnel interface is inside a unique VRF per customer. The IP subnet used in each VRF for this product offering is identical, as is the interface IPs on the tunnel interfaces. This makes the config templates as simple as possible since all sites are essentially identical from our perspective.
I have OSPF configured inside the VRF in question. This is the first of the production GRE tunnels we've turned up for this product offering. Tunnel2999 is my beta tunnel and Tunnel3013 is the production tunnel: 

Neighbor ID     Pri   State           Dead Time   Address         Interface
%OSPF: Router process 3013 is not running, please configure a router-id
192.168.100.1     0   FULL/  -        00:00:38    10.125.124.2    Tunnel2999



The problem I'm running into is that OSPF will not run on the production 
tunnel because it's IP conflicts with the IP in my beta tunnel in a 
separate VRF.  When I try to configure OSPF in the production VRF with 
the interface IP of the tunnel I get an error:


7613-1(config-router)#router-id 10.125.124.1
OSPF: router-id 10.125.124.1 in use by ospf process 2999

router ospf 2999 vrf dc-gre-test
 ignore lsa mospf
 ispf
 log-adjacency-changes
 redistribute bgp 65001 subnets
 passive-interface default
 no passive-interface Tunnel2999
 network 10.125.124.0 0.0.0.3 area 0
 network 10.125.125.0 0.0.0.255 area 0


router ospf 3013 vrf dc-customer-vrf
 ignore lsa mospf
 ispf
 log-adjacency-changes
 redistribute bgp 65001 subnets
 passive-interface default
 no passive-interface Tunnel3013
 network 10.125.124.0 0.0.0.3 area 0
 network 10.125.125.0 0.0.0.255 area 0



Is there some magic trick to making OSPF on a 7600 running SRB1 be truly 
 VRF-aware?  OSPF instances in separate VRFs shouldn't IP conflict with 
router-ids in other VRFs.  If they did then what's the point of VRF 
separation?  Any thoughts before I call TAC?


Thanks
 Justin
_______________________________________________
cisco-nsp mailing list  [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/






















					Reply via email to