Loop prevention: Down Bit and Domain Tag

When CE-PE protocol is OSPF, we use “down bit” and “domain tag” to prevent routing loop to occur.

When CE-PE protocol is ISIS, we use “up/down” bit for loop prevention. This bit is the higher order bit in the default TLV 128 and 130. When a L1L2 router advertise a Level-2 prefix in the level-1 LSP, up/down bit is set.

When CE-PE protocol is non-link state protocol like EIGRP/BGP, Site of Origin (SoO) is used to uniquely identity a customer prefix and to avoid loop.

Down Bit;

  • When a PE router(say PE1)  re-advertise an OSPF prefix from MP-BGP to CE router(say CE1) and if it Lype-3,  Down bit “DN” in options field is set. Though RFC, says DN bit might be set for type-3,5, or 7 LSA, only for type-3 LSA, DN bit is set.
  • This Down bit is preserved when propagating within customer site. If this prefix is advertised by a CE router to another PE router(say PE2), on seeing the down bit set on type-3,5 or 7 LSAs, it will not include the prefix in SPF calculation. But still resides in OSPF database of the VRF and aging mechanism takes place.
  • Hence, PE2 has the prefix as learned via iBGP and not via OSPF, though OSPF(110) AD is lesser than iBGP(200)
Below is the output of type-3 LSA from ospf database.

R6#show ip ospf database summary 100.100.100.100
OSPF Router with ID (6.6.6.6) (Process ID 1)
Summary Net Link States (Area 0)
Routing Bit Set on this LSA
LS age: 60
Options: (No TOS-capability, DC, Downward)  <<< implies DN bit set
LS Type: Summary Links(Network)
Link State ID: 100.100.100.100 (summary Network Number)
Advertising Router: 13.1.2.1
LS Seq Number: 80000001
Checksum: 0x7A9D
Length: 28
Network Mask: /32
TOS: 0  Metric: 2
R6#

when this summary LSA is advertised to PE2, following message would appear in “debug ip ospf spf”

: OSPF: Start processing Summary LSA 100.100.100.100, mask 255.255.255.255, adv 13.1.2.1, age 423, seq 0x80000001 (Area 0) type 3
: OSPF: Downward bit set/Non-backbone LSA

Domain Tag:

  • As the “down bit” is set only for Type-3 LSAs, we use “domain tag” to prevent routing loop for external LSAs.
  • when a PE router redistribute an external Type-5/7 LSAs into OSPF, it adds an “external route tag” field.
  • R6#show ip ospf database external 22.22.22.22
    OSPF Router with ID (6.6.6.6) (Process ID 1)
    Type-5 AS External Link States
    Routing Bit Set on this LSA
    LS age: 1035
    Options: (No TOS-capability, DC)
    LS Type: AS External Link
    Link State ID: 22.22.22.22 (External Network Number )
    Advertising Router: 13.1.2.1
    LS Seq Number: 80000001
    Checksum: 0xACB8
    Length: 36
    Network Mask: /32
    Metric Type: 2 (Larger than any link state path)
    TOS: 0
    Metric: 20
    Forward Address: 0.0.0.0
    External Route Tag: 3489660929
    R6#

  • External route tag is a 32-bit value. By default, according to RFC 1745, first 4 bits are set to 1101 and the last 16 bits are set to BGP AS number.
  • so, for the above example, converting to 3489660929 binary 11010000000000000000000000000001. AS number is 1. when again this external router is advertised by a CE back to another PE router, on comparing this external tag value the PE router ignores the update.
  • Following log message would appear in “debug ip ospf spf” on receving above external prefix.

: OSPF: Ignoring Type 5 External LSA 22.22.22.22, mask 255.255.255.255, adv 13.1.2.1 Tag equals to VPN Tag

  • we can manually set this tag using “domain tag” CLI under OSPF configuration mode on PE router.

R5(config-router)#domain-tag 1200

R6#show ip ospf database external

R6#show ip ospf database external

OSPF Router with ID (6.6.6.6) (Process ID 1)

Type-5 AS External Link States

Routing Bit Set on this LSA
LS age: 131
Options: (No TOS-capability, DC)
LS Type: AS External Link
Link State ID: 22.22.22.22 (External Network Number )
Advertising Router: 13.1.2.1
LS Seq Number: 80000001
Checksum: 0xF73
Length: 36
Network Mask: /32
Metric Type: 2 (Larger than any link state path)
TOS: 0
Metric: 20
Forward Address: 0.0.0.0
External Route Tag: 1200

HTH,
venkat
Advertisements
This entry was posted in mpls and tagged , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s