Loop prevention: Down Bit and Domain Tag

When CE-PE protocol is OSPF, we use “down bit” and “domain tag” to prevent routing loop to occur.

When CE-PE protocol is ISIS, we use “up/down” bit for loop prevention. This bit is the higher order bit in the default TLV 128 and 130. When a L1L2 router advertise a Level-2 prefix in the level-1 LSP, up/down bit is set.

When CE-PE protocol is non-link state protocol like EIGRP/BGP, Site of Origin (SoO) is used to uniquely identity a customer prefix and to avoid loop.

Down Bit;

• When a PE router(say PE1)  re-advertise an OSPF prefix from MP-BGP to CE router(say CE1) and if it Lype-3,  Down bit “DN” in options field is set. Though RFC, says DN bit might be set for type-3,5, or 7 LSA, only for type-3 LSA, DN bit is set.
• This Down bit is preserved when propagating within customer site. If this prefix is advertised by a CE router to another PE router(say PE2), on seeing the down bit set on type-3,5 or 7 LSAs, it will not include the prefix in SPF calculation. But still resides in OSPF database of the VRF and aging mechanism takes place.
• Hence, PE2 has the prefix as learned via iBGP and not via OSPF, though OSPF(110) AD is lesser than iBGP(200)

Below is the output of type-3 LSA from ospf database.

R6#show ip ospf database summary 100.100.100.100

OSPF Router with ID (6.6.6.6) (Process ID 1)

Summary Net Link States (Area 0)

Routing Bit Set on this LSA

LS age: 60

Options: (No TOS-capability, DC, Downward)  <<< implies DN bit set

LS Type: Summary Links(Network)

Link State ID: 100.100.100.100 (summary Network Number)

Advertising Router: 13.1.2.1

LS Seq Number: 80000001

Checksum: 0x7A9D

Length: 28

Network Mask: /32

TOS: 0  Metric: 2

R6#

when this summary LSA is advertised to PE2, following message would appear in “debug ip ospf spf”

: OSPF: Start processing Summary LSA 100.100.100.100, mask 255.255.255.255, adv 13.1.2.1, age 423, seq 0x80000001 (Area 0) type 3

: OSPF: Downward bit set/Non-backbone LSA

Domain Tag:

• As the “down bit” is set only for Type-3 LSAs, we use “domain tag” to prevent routing loop for external LSAs.
• when a PE router redistribute an external Type-5/7 LSAs into OSPF, it adds an “external route tag” field.
R6#show ip ospf database external 22.22.22.22

OSPF Router with ID (6.6.6.6) (Process ID 1)

Type-5 AS External Link States

Routing Bit Set on this LSA

LS age: 1035

Options: (No TOS-capability, DC)

LS Type: AS External Link

Link State ID: 22.22.22.22 (External Network Number )

Advertising Router: 13.1.2.1

LS Seq Number: 80000001

Checksum: 0xACB8

Length: 36

Network Mask: /32

Metric Type: 2 (Larger than any link state path)

TOS: 0

Metric: 20

Forward Address: 0.0.0.0

External Route Tag: 3489660929

R6#

• External route tag is a 32-bit value. By default, according to RFC 1745, first 4 bits are set to 1101 and the last 16 bits are set to BGP AS number.
• so, for the above example, converting to 3489660929 binary 11010000000000000000000000000001. AS number is 1. when again this external router is advertised by a CE back to another PE router, on comparing this external tag value the PE router ignores the update.
• Following log message would appear in “debug ip ospf spf” on receving above external prefix.

: OSPF: Ignoring Type 5 External LSA 22.22.22.22, mask 255.255.255.255, adv 13.1.2.1 Tag equals to VPN Tag

• we can manually set this tag using “domain tag” CLI under OSPF configuration mode on PE router.

R5(config-router)#domain-tag 1200

R6#show ip ospf database external

R6#show ip ospf database external

OSPF Router with ID (6.6.6.6) (Process ID 1)

Type-5 AS External Link States

Routing Bit Set on this LSA

LS age: 131

Options: (No TOS-capability, DC)

LS Type: AS External Link

Link State ID: 22.22.22.22 (External Network Number )

Advertising Router: 13.1.2.1

LS Seq Number: 80000001

Checksum: 0xF73

Length: 36

Network Mask: /32

Metric Type: 2 (Larger than any link state path)

TOS: 0

Metric: 20

Forward Address: 0.0.0.0

External Route Tag: 1200

HTH,

venkat