Exam 300-410 topic 1 question 108 discussion

Notice that three of the answers involve configuring the PE router also. Since the engineer configured the company's router he presumably works for the company and not the ISP so the engineer would not have access to the PE router(s)

capability vrf-lite command should be enabled: - only on the CE router - only when you have VRFs on your CE router

the config as is it wrong. the interface is in the vrf, but the ospf process is not so it would be in the default vrf. also , the config indicates home office and site A, a customer would has access to these but not PE routers.

In addition to Jon's very good explanation, it is also noteworthy to mention that on Cisco routers, if an OSPF process is run in a VRF then it automatically and unconditionally considers itself to be an ABR - it believes to be connected to a so-called MPLS Superbackbone (even though there may be no BGP/MPLS configured on the router at all). This may pose problems if such a router is actually a part of a network that uses multiple areas. Consider the following scenario: R1 (VRF) --- Link in Area 1 --- R2 --- Link in Area 0 --- R3 Here, R2 is obviously an ABR because it has two links, one in Area 0, the other in Area 1. R1 is, by all means, an internal router in Area 1. However, because R1 runs the link toward R2, and OSPF over this link, in a VRF, R1 considers itself to also be an ABR toward the MPLS Superbackbone.

The PE router is something you typically don't have access to if you work on the customer side. So the options involving configuring the PE router can be discarded simply based on that premise. The reason why we run into issues in this scenario is that if vrf-lite is enabled on a CE router, it will behave as if it is part of the MPLS network (even though it isn't). As a result, it will start checking the DN bit and discard LSAs with it set. The PE router sets the DN bit in order to prevent loops in the MPLS network. By enabling VRF-Lite, the Cisco router ignores the DN bit and will therefore not discard the packets. This is done on the CE routers.

D is correct

This capability needs to be enabled on the CE router, this command prevent to set to 0 the DN bit, this bit is a ospf loop prevention mechanism in mpls enviroment because if you have traverse the mpls network you should not traverse the mpls again so there is something wrong this is the logic of this check. The vrf lite capability is activated only in the ospf process of the CE router.

D is right

https://community.cisco.com/t5/routing/where-to-configure-the-quot-capability-vrf-lite-quot-on-ce-or-pe/td-p/2812305

the answer corret is D: https://forum.networklessons.com/t/when-and-where-to-use-capability-vrf-lite/14877

Answer: A Explanation In this case both Head Office and Site A routers run VRF (and OSPF) although they are CE routers. So we must configure “capability vrf-lite” on them too. For your information, the capability vrf-lite command disables the DN-bit (down bit) and domain-tag checks in OSPF. Since the CE router acts as the PE router in VRF-lite, these checks should be disabled, because the PE routers advertise VPN routes with DN-bit set to the CE routers. If the CE routers receive routes with DN-bit set, it will discard them. Hence, the checks should be disabled.

Ref: Solved: Where to configure the "capability vrf lite", on CE or PE? - Cisco Community Post by Jon Marshall “The DN bit is a check that, usually, PE routers use to check whether to install certain types of LSAs into a VRF and is used as a loop prevention method. If your CE router is not running VRFs but using OSPF to connect to the PE router then you do not need that command anywhere. If however you configure VRFs on your CE router then it now uses the same checks as the PE routers because it believes it is directly connected to the MPLS network in the way the PE is, even though it isn't. And then you would need to use that command on your CE router. So, put simply, you only need to use that command if your CE router is using "VRF-Lite" and OSPF is in use between the CE and PE routers. …”

Answer is D

The given answer is correct D

The given answer is correct https://community.cisco.com/t5/routing/where-to-configure-the-quot-capability-vrf-lite-quot-on-ce-or-pe/td-p/2812305

A is the answer, I think.