This is a continuation of the other post abount installing and configuring a basic MPLS L3VPN network in GNS3.
Normally, we always have a routing protocol running between the customer CPE and the provider PE. OSPF was very common and I used to be give for granted the routing loop avoidance in a dual-home CPE, I knew the idea but never really hammered it in my head. Until a couple of months ago that I hit an issue during the migration of my employer MPLS network to a new vendor. The new vendor didnt implemented the OSPF Down bit. /o\
Summary: If an LSA arrives at a PE with the down bit set, that will never be redistributed into BGP. This prevents the route from leaking in from one PE back into another PE.
The RFC for using OSPF in PE-CE in MPLS VPNs is here:
Note: Down-Bit is only used in LSA3!
It was frustrating but it was a good excuse too because it pushed me (and I could justify) to move our PE-CE to BGP.
In general I always read these blogs when I want to refresh my OSPF Down Bit. So all merits are for them:
http://dtdccie.blogspot.com/2016/03/ospf-down-bit-set.html
https://mellowd.co.uk/ccie/ospf-as-the-pe-ce-routing-protocols-deep-dive-part-1-of-2/
So with this background, I built a GNS3 lab to show OSPF Down-Bit in action:
https://github.com/thomarite/mpls-down-bit
The big picture is: CE (HQ, BRANCH) routers are running OSPF with the PE (SP1/3/4) routers. The PE routers redistribute these OSPF routes into BGP and then converts them to VPNv4 NLRI. These VPNv4 NLRI are advetised to other PE routers via BGP. The PE also converts these VPNv4 routes back into OSPF and then off to the CE router.
Now in more detail, let’s see where we can have a routing loop:
- 1) HQ sends a LSA1 to SP1 with Lo:172.16.10.1/32 and the connected network to PE 172.16.100.0/24
HQ#show ip ospf database router internal self-originate OSPF Router with ID (172.16.110.1) (Process ID 1) Router Link States (Area 10) Now in min table Table index: 42 min 17 sec LS age: 321 Options: (No TOS-capability, DC) LS Type: Router Links Link State ID: 172.16.110.1 Advertising Router: 172.16.110.1 LS Seq Number: 80000003 Checksum: 0x7247 Length: 48 AS Boundary Router Number of Links: 2 Link connected to: a Stub Network (Link ID) Network/subnet number: 172.16.10.1 (Link Data) Network Mask: 255.255.255.255 Number of TOS metrics: 0 TOS 0 Metrics: 1 Link connected to: a Transit Network (Link ID) Designated Router address: 172.16.100.1 (Link Data) Router Interface address: 172.16.100.1 Number of TOS metrics: 0 TOS 0 Metrics: 1
- 2) SP1 received the new OSPF route from HQ (172.16.10.1/32) and it is redistributed into BGP so other PEs can receive it (SP3 and SP4) as a VPNv4. The connected 172.16.100.0/24 is as well redistributed into BGP
SP1#show ip ospf database router internal adv-router 172.16.110.1 OSPF Router with ID (10.0.1.1) (Process ID 1) OSPF Router with ID (172.16.100.254) (Process ID 10) Router Link States (Area 10) Routing Bit Set on this LSA Now in min table Table index: 45 min 42 sec LS age: 648 Options: (No TOS-capability, DC) LS Type: Router Links Link State ID: 172.16.110.1 Advertising Router: 172.16.110.1 LS Seq Number: 80000003 Checksum: 0x7247 Length: 48 AS Boundary Router Number of Links: 2 Link connected to: a Stub Network (Link ID) Network/subnet number: 172.16.10.1 (Link Data) Network Mask: 255.255.255.255 Number of TOS metrics: 0 TOS 0 Metrics: 1 Link connected to: a Transit Network (Link ID) Designated Router address: 172.16.100.1 (Link Data) Router Interface address: 172.16.100.1 Number of TOS metrics: 0 TOS 0 Metrics: 1 SP1# SP1#show ip route vrf CUST-A Routing Table: CUST-A Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 172.16.0.0/16 is variably subnetted, 6 subnets, 2 masks B 172.16.200.0/24 [200/0] via 10.0.3.1, 00:41:47 B 172.16.201.0/24 [200/0] via 10.0.4.1, 00:41:47 B 172.16.20.1/32 [200/2] via 10.0.3.1, 00:41:47 O 172.16.10.1/32 [110/2] via 172.16.100.1, 00:43:58, FastEthernet0/0 O E1 172.16.110.1/32 [110/21] via 172.16.100.1, 00:43:58, FastEthernet0/0 C 172.16.100.0/24 is directly connected, FastEthernet0/0 SP1# SP1#show ip bgp vpnv4 all BGP table version is 14, local router ID is 10.0.1.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 100:1 (default for vrf CUST-A) *> 172.16.10.1/32 172.16.100.1 2 32768 ? * i172.16.20.1/32 10.0.4.1 2 100 0 ? *>i 10.0.3.1 2 100 0 ? *> 172.16.100.0/24 0.0.0.0 0 32768 ? *> 172.16.110.1/32 172.16.100.1 21 32768 ? * i172.16.200.0/24 10.0.4.1 2 100 0 ? *>i 10.0.3.1 0 100 0 ? *>i172.16.201.0/24 10.0.4.1 0 100 0 ? * i 10.0.3.1 2 100 0 ? SP1#
- It is important to notice how the VPNv4 for 172.16.10.1/32 is built in SP1. Based on the rfc section 4.2.6 “Handling LSAs from the CE” we see the following:
When a PE router receives, from a CE router, any LSA with the DN bit [OSPF-DN] set, the information from that LSA MUST NOT be used by the route calculation. If a Type 5 LSA is received from the CE, and if it has an OSPF route tag value equal to the VPN Route Tag (see Section 4.2.5.2), then the information from that LSA MUST NOT be used by the route calculation. Otherwise, the PE must examine the corresponding VRF.For every address prefix that was installed in the VRF by one of its associated OSPF instances, the PE must create a VPN-IPv4 route in BGP. Each such route will have some of the following Extended Communities attributes: – The OSPF Domain Identifier Extended Communities attribute. If the OSPF instance that installed the route has a non-NULL primary Domain Identifier, this MUST be present; if that OSPF instance has only a NULL Domain Identifier, it MAY be omitted. This attribute is encoded with a two-byte type field, and its type is 0005, 0105, or 0205. For backward compatibility, the type 8005 MAY be used as well and is treated as if it were 0005. If the OSPF instance has a NULL Domain Identifier, and the OSPF Domain Identifier Extended Communities attribute is present, then the attribute’s value field must be all zeroes, and its type field may be any of 0005, 0105, 0205, or 8005. – OSPF Route Type Extended Communities Attribute. This attribute MUST be present. It is encoded with a two-byte type field, and its type is 0306. To ensure backward compatibility, the type 8000 SHOULD be accepted as well and treated as if it were type 0306. The remaining six bytes of the Attribute are encoded as follows: Area Number – Route Type – Options
So the very first paragraph is our answer when we reach SP3 (when dealing with a LSA3) and there is no loop. And the second paragrah is our answer when delaling with a LS5 and avoid a loop (more of this later). So this is our VPNv4 for 172.16.10.1/32
SP1# SP1#show ip bgp vpnv4 rd 100:1 172.16.10.1/32 BGP routing table entry for 100:1:172.16.10.1/32, version 5 Paths: (1 available, best #1, table CUST-A) Advertised to update-groups: 2 Local 172.16.100.1 from 0.0.0.0 (10.0.1.1) Origin incomplete, metric 2, localpref 100, weight 32768, valid, sourced, best Extended Community: RT:1:100 OSPF DOMAIN ID:0x0005:0x0000000A0200 OSPF RT:0.0.0.10:2:0 OSPF ROUTER ID:172.16.100.254:0 mpls labels in/out 21/nolabel SP1#
So the extended communities generated from being a OSPF prefix are OSPF DOMAIN ID, OSPF Route Type (RT) and OSPF ROUTER ID.
I haven’t configured “ospf domain ID” in any router so Cisco IOS is generating one for itself (although it should be NULL) in OSPF DOMAIN ID.
For OSPF RT, we have are 10 (0.0.0.10) and LSA2 (although it should be LSA1). ROUTER ID is the expected one.
- 3) SP2 is just a P router so it is transparent here. Doesnt know anything about BGP, VPNv4, etc. It just does LDP and IGP.
SP2#show ip bgp summary % BGP not active SP2#show ip route ospf 10.0.0.0/8 is variably subnetted, 7 subnets, 2 masks O 10.0.3.1/32 [110/2] via 10.0.23.1, 00:45:04, GigabitEthernet2/0 O 10.0.1.1/32 [110/2] via 10.0.12.1, 00:44:54, GigabitEthernet1/0 O 10.0.4.1/32 [110/3] via 10.0.23.1, 00:44:54, GigabitEthernet2/0 O 10.0.34.0/24 [110/2] via 10.0.23.1, 00:44:54, GigabitEthernet2/0 SP2#
- 4) SP3 received the new VPNv4, it is redistributed from BGP to OSPF as a LSA3 (The MPLS backbone is a super OSPF area 0). If we pay attention to the details of the LSA3 (Summary) from HQ prefix 172.16.10.1/32 “show ip ospf database summary 172.16.10.1” we can see two details. First, the two LSA are one from SP3 (advert router 172.16.200.254) and the other from SP4 (advert router 172.16.201.254). Second, both show “Downward” in the options field. As stated earlier, this is directed by the rfc for any PE sending a LSA3. So, if iBGP has AD of 200 and OSPF has AD of 110. How come we have installed the BGP prefix in the routing table for 172.16.10.1/32 instead of the OSPF prefix coming from SP4. As per the standard mentioned earlier, if a PE router receives an OSPF prefix with the down bit enabled (“Downward”), the PE router ignores that prefix. The “Downward” bit is saying the prefix is coming from another PE in the same area so if you accept it, you will trigger a routing loop. Keep in mind that SP4 is doing the same thing as we see below in the commands for SP3. If SP3 accepts the OSPF prefix from SP4 for reaching 172.16.10.1/32 (HQ), SP4 is doing the same thing, accepting the SP3 prefix for reaching 172.16.10.1/32 (HQ). So SP3 would send traffic to SP4, and SP4 would return it back to SP3. When both SP3/SP4 learn the OSPF prefix from each other, they will stop redistributing the BGP prefix (that is coming from SP1/HQ) into OSPF so we reach a point where there is no more LSA3 for 172.16.10.1! and the process starts again. As well SP3/4 will redistribute the OPSF prefix learned from the other SP into BGP. So we are back to the intial stage, SP3/SP4 only have the BGP prefix for 172.16.10.1 (from SP2 or SP3/4), as it is the best route, it is redistributed to OSPF, and you know what happens next.
SP3#show ip bgp vpnv4 all BGP table version is 13, local router ID is 10.0.3.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 100:1 (default for vrf CUST-A) *>i172.16.10.1/32 10.0.1.1 2 100 0 ? * i172.16.20.1/32 10.0.4.1 2 100 0 ? *> 172.16.200.1 2 32768 ? *>i172.16.100.0/24 10.0.1.1 0 100 0 ? *>i172.16.110.1/32 10.0.1.1 21 100 0 ? * i172.16.200.0/24 10.0.4.1 2 100 0 ? *> 0.0.0.0 0 32768 ? * i172.16.201.0/24 10.0.4.1 0 100 0 ? *> 172.16.200.1 2 32768 ? SP3# SP3# SP3#show ip route vrf CUST-A Routing Table: CUST-A Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 172.16.0.0/16 is variably subnetted, 6 subnets, 2 masks C 172.16.200.0/24 is directly connected, FastEthernet0/0 O 172.16.201.0/24 [110/2] via 172.16.200.1, 00:45:46, FastEthernet0/0 O 172.16.20.1/32 [110/2] via 172.16.200.1, 00:45:46, FastEthernet0/0 B 172.16.10.1/32 [200/2] via 10.0.1.1, 00:43:35 B 172.16.110.1/32 [200/21] via 10.0.1.1, 00:43:35 B 172.16.100.0/24 [200/0] via 10.0.1.1, 00:43:35 SP3# SP3#show ip ospf database OSPF Router with ID (10.0.3.1) (Process ID 1) Router Link States (Area 0) Link ID ADV Router Age Seq# Checksum Link count 10.0.1.1 10.0.1.1 1076 0x80000003 0x00D9F2 2 10.0.2.1 10.0.2.1 1132 0x80000004 0x00D79A 3 10.0.3.1 10.0.3.1 1105 0x80000004 0x0083C1 3 10.0.4.1 10.0.4.1 1095 0x80000003 0x00D0C5 2 Net Link States (Area 0) Link ID ADV Router Age Seq# Checksum 10.0.12.2 10.0.2.1 1132 0x80000002 0x00FFFA 10.0.23.1 10.0.3.1 1105 0x80000002 0x009F4E 10.0.34.2 10.0.4.1 1095 0x80000002 0x002BB3 OSPF Router with ID (172.16.200.254) (Process ID 10) Router Link States (Area 10) Link ID ADV Router Age Seq# Checksum Link count 172.16.20.1 172.16.20.1 1105 0x80000004 0x00750C 3 172.16.200.254 172.16.200.254 1116 0x80000003 0x0059C2 1 172.16.201.254 172.16.201.254 1121 0x80000003 0x005DBA 1 Net Link States (Area 10) Link ID ADV Router Age Seq# Checksum 172.16.200.254 172.16.200.254 1116 0x80000002 0x00F4E4 172.16.201.254 172.16.201.254 1121 0x80000002 0x00EBEA Summary Net Link States (Area 10) Link ID ADV Router Age Seq# Checksum 172.16.10.1 172.16.200.254 1116 0x80000002 0x000C61 172.16.10.1 172.16.201.254 1121 0x80000002 0x000567 172.16.100.0 172.16.200.254 1116 0x80000002 0x002AEA 172.16.100.0 172.16.201.254 1121 0x80000002 0x0023F0 Type-5 AS External Link States Link ID ADV Router Age Seq# Checksum Tag 172.16.110.1 172.16.200.254 1116 0x80000002 0x005FD9 3489661028 172.16.110.1 172.16.201.254 1121 0x80000002 0x0058DF 3489661028 SP3# SP3# SP3# SP3#show ip ospf database summary 172.16.10.1 OSPF Router with ID (10.0.3.1) (Process ID 1) OSPF Router with ID (172.16.200.254) (Process ID 10) Summary Net Link States (Area 10) LS age: 1127 Options: (No TOS-capability, DC, Downward) LS Type: Summary Links(Network) Link State ID: 172.16.10.1 (summary Network Number) Advertising Router: 172.16.200.254 LS Seq Number: 80000002 Checksum: 0xC61 Length: 28 Network Mask: /32 TOS: 0 Metric: 2 LS age: 1132 Options: (No TOS-capability, DC, Downward) LS Type: Summary Links(Network) Link State ID: 172.16.10.1 (summary Network Number) Advertising Router: 172.16.201.254 LS Seq Number: 80000002 Checksum: 0x567 Length: 28 Network Mask: /32 TOS: 0 Metric: 2 SP3#
Like we did in SP1, let’s see how SP3 deals with the VPNv4 for 172.16.10.1/32.
Based on th rfc “4.2.8” VPNv4 Routes received via BGP, we need to check “4.2.8.1 External Routes” (LSA5/7) and “4.2.8.2 Summary Routes” (LSA3) and the VPNv4 received:
SP3#show ip bgp vpnv4 rd 100:1 172.16.10.1/32 BGP routing table entry for 100:1:172.16.10.1/32, version 8 Paths: (1 available, best #1, table CUST-A) Not advertised to any peer Local 10.0.1.1 (metric 3) from 10.0.1.1 (10.0.1.1) Origin incomplete, metric 2, localpref 100, valid, internal, best Extended Community: RT:1:100 OSPF DOMAIN ID:0x0005:0x0000000A0200 OSPF RT:0.0.0.10:2:0 OSPF ROUTER ID:172.16.100.254:0 mpls labels in/out nolabel/21 SP3#
The DOMAIN ID has to match as we haven’t defined it. OSPF RT, is telling that is coming from OSPF area 10 and non-external. So SP3 can generate a LSA3 for 172.16.10.1/32 as we have OSPF area 10 defined too.
- 5) From SP4 perspective. Same view as SP3. SP4 ignores LSA3 with Down-bit.
SP4#show ip bgp vpnv4 all BGP table version is 13, local router ID is 10.0.4.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 100:1 (default for vrf CUST-A) *>i172.16.10.1/32 10.0.1.1 2 100 0 ? * i172.16.20.1/32 10.0.3.1 2 100 0 ? *> 172.16.201.1 2 32768 ? *>i172.16.100.0/24 10.0.1.1 0 100 0 ? *>i172.16.110.1/32 10.0.1.1 21 100 0 ? * i172.16.200.0/24 10.0.3.1 0 100 0 ? *> 172.16.201.1 2 32768 ? * i172.16.201.0/24 10.0.3.1 2 100 0 ? *> 0.0.0.0 0 32768 ? SP4# SP4# SP4#show ip ospf database summary 172.16.10.1 OSPF Router with ID (10.0.4.1) (Process ID 1) OSPF Router with ID (172.16.201.254) (Process ID 10) Summary Net Link States (Area 10) LS age: 1489 Options: (No TOS-capability, DC, Downward) LS Type: Summary Links(Network) Link State ID: 172.16.10.1 (summary Network Number) Advertising Router: 172.16.200.254 LS Seq Number: 80000003 Checksum: 0xA62 Length: 28 Network Mask: /32 TOS: 0 Metric: 2 LS age: 1475 Options: (No TOS-capability, DC, Downward) LS Type: Summary Links(Network) Link State ID: 172.16.10.1 (summary Network Number) Advertising Router: 172.16.201.254 LS Seq Number: 80000003 Checksum: 0x368 Length: 28 Network Mask: /32 TOS: 0 Metric: 2 SP4# SP4#show ip route vrf CUST-A Routing Table: CUST-A Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 172.16.0.0/16 is variably subnetted, 6 subnets, 2 masks O 172.16.200.0/24 [110/2] via 172.16.201.1, 01:31:12, FastEthernet3/0 C 172.16.201.0/24 is directly connected, FastEthernet3/0 O 172.16.20.1/32 [110/2] via 172.16.201.1, 01:31:12, FastEthernet3/0 B 172.16.10.1/32 [200/2] via 10.0.1.1, 01:28:57 B 172.16.110.1/32 [200/21] via 10.0.1.1, 01:28:57 B 172.16.100.0/24 [200/0] via 10.0.1.1, 01:28:57 SP4#
- 6) And Finally, BRANCH. It can see the prefix 172.16.10.1/32 (HQ) via two paths as we would expect. And without routing loops (the routes has been installed for over 1h 30minutes). BRANCH doesnt react to the Down-Bit so it accepts the LSA3 from SP2/3 and install the OSPF prefix.
BRANCH#show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 172.16.0.0/16 is variably subnetted, 6 subnets, 2 masks C 172.16.200.0/24 is directly connected, FastEthernet0/0 C 172.16.201.0/24 is directly connected, FastEthernet3/0 C 172.16.20.0/24 is directly connected, Loopback0 O IA 172.16.10.1/32 [110/3] via 172.16.201.254, 01:30:38, FastEthernet3/0 [110/3] via 172.16.200.254, 01:30:39, FastEthernet0/0 O E1 172.16.110.1/32 [110/22] via 172.16.201.254, 01:30:34, FastEthernet3/0 [110/22] via 172.16.200.254, 01:30:34, FastEthernet0/0 O IA 172.16.100.0/24 [110/2] via 172.16.201.254, 01:30:38, FastEthernet3/0 [110/2] via 172.16.200.254, 01:30:39, FastEthernet0/0 BRANCH# BRANCH# BRANCH# BRANCH#show ip ospf database summary 172.16.10.1 OSPF Router with ID (172.16.20.1) (Process ID 1) Summary Net Link States (Area 10) Routing Bit Set on this LSA LS age: 1599 Options: (No TOS-capability, DC, Downward) LS Type: Summary Links(Network) Link State ID: 172.16.10.1 (summary Network Number) Advertising Router: 172.16.200.254 LS Seq Number: 80000003 Checksum: 0xA62 Length: 28 Network Mask: /32 TOS: 0 Metric: 2 Routing Bit Set on this LSA LS age: 1587 Options: (No TOS-capability, DC, Downward) LS Type: Summary Links(Network) Link State ID: 172.16.10.1 (summary Network Number) Advertising Router: 172.16.201.254 LS Seq Number: 80000003 Checksum: 0x368 Length: 28 Network Mask: /32 TOS: 0 Metric: 2 BRANCH#
So, we have seen the Down-bit in action for LSA3. But what about the external LSA: LSA5 and LSA7? How we avoid routing loops for them?
In this case, we have the “tag” field. This is explained in the rfc too.
- 1) In the same scenario, we have HQ router advertising 172.16.110.1/32 as LSA5 External.
HQ# HQ#show ip interface brief Interface IP-Address OK? Method Status Protocol FastEthernet0/0 172.16.100.1 YES NVRAM up up GigabitEthernet1/0 unassigned YES NVRAM administratively down down GigabitEthernet2/0 unassigned YES NVRAM administratively down down FastEthernet3/0 unassigned YES NVRAM administratively down down FastEthernet3/1 unassigned YES NVRAM administratively down down Loopback0 172.16.10.1 YES NVRAM up up Loopback1 172.16.110.1 YES NVRAM up up HQ# HQ# HQ# HQ#show ip ospf database OSPF Router with ID (172.16.110.1) (Process ID 1) Router Link States (Area 10) Link ID ADV Router Age Seq# Checksum Link count 172.16.100.254 172.16.100.254 1270 0x80000005 0x00D7D1 1 172.16.110.1 172.16.110.1 1272 0x80000005 0x006E49 2 Net Link States (Area 10) Link ID ADV Router Age Seq# Checksum 172.16.100.1 172.16.110.1 1272 0x80000004 0x007824 Summary Net Link States (Area 10) Link ID ADV Router Age Seq# Checksum 172.16.20.1 172.16.100.254 1270 0x80000004 0x00586D 172.16.200.0 172.16.100.254 1270 0x80000004 0x00947E 172.16.201.0 172.16.100.254 1270 0x80000004 0x008988 Type-5 AS External Link States Link ID ADV Router Age Seq# Checksum Tag 172.16.110.1 172.16.110.1 1272 0x80000004 0x007253 0 HQ# HQ# HQ#show ip ospf database external OSPF Router with ID (172.16.110.1) (Process ID 1) Type-5 AS External Link States LS age: 1276 Options: (No TOS-capability, DC) LS Type: AS External Link Link State ID: 172.16.110.1 (External Network Number ) Advertising Router: 172.16.110.1 LS Seq Number: 80000004 Checksum: 0x7253 Length: 36 Network Mask: /32 Metric Type: 1 (Comparable directly to link state metric) TOS: 0 Metric: 20 Forward Address: 0.0.0.0 External Route Tag: 0 HQ#
- 2) SP1 sees 172.16.110.1/32 as OSPF E1. And redistribute it into BGP and creates a VPNv4
SP1# SP1#show ip route vrf CUST-A Routing Table: CUST-A Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 172.16.0.0/16 is variably subnetted, 6 subnets, 2 masks B 172.16.200.0/24 [200/0] via 10.0.3.1, 02:00:18 B 172.16.201.0/24 [200/0] via 10.0.4.1, 02:00:18 B 172.16.20.1/32 [200/2] via 10.0.3.1, 02:00:18 O 172.16.10.1/32 [110/2] via 172.16.100.1, 02:02:29, FastEthernet0/0 O E1 172.16.110.1/32 [110/21] via 172.16.100.1, 02:02:29, FastEthernet0/0 C 172.16.100.0/24 is directly connected, FastEthernet0/0 SP1# SP1# SP1# SP1#show ip ospf database OSPF Router with ID (10.0.1.1) (Process ID 1) Router Link States (Area 0) Link ID ADV Router Age Seq# Checksum Link count 10.0.1.1 10.0.1.1 1303 0x80000005 0x00D5F4 2 10.0.2.1 10.0.2.1 1350 0x80000006 0x00D39C 3 10.0.3.1 10.0.3.1 1554 0x80000006 0x007FC3 3 10.0.4.1 10.0.4.1 1352 0x80000005 0x00CCC7 2 Net Link States (Area 0) Link ID ADV Router Age Seq# Checksum 10.0.12.2 10.0.2.1 1350 0x80000004 0x00FBFC 10.0.23.1 10.0.3.1 1554 0x80000004 0x009B50 10.0.34.2 10.0.4.1 1352 0x80000004 0x0027B5 OSPF Router with ID (172.16.100.254) (Process ID 10) Router Link States (Area 10) Link ID ADV Router Age Seq# Checksum Link count 172.16.100.254 172.16.100.254 1400 0x80000005 0x00D7D1 1 172.16.110.1 172.16.110.1 1405 0x80000005 0x006E49 2 Net Link States (Area 10) Link ID ADV Router Age Seq# Checksum 172.16.100.1 172.16.110.1 1405 0x80000004 0x007824 Summary Net Link States (Area 10) Link ID ADV Router Age Seq# Checksum 172.16.20.1 172.16.100.254 1400 0x80000004 0x00586D 172.16.200.0 172.16.100.254 1400 0x80000004 0x00947E 172.16.201.0 172.16.100.254 1400 0x80000004 0x008988 Type-5 AS External Link States Link ID ADV Router Age Seq# Checksum Tag 172.16.110.1 172.16.110.1 1405 0x80000004 0x007253 0 SP1# SP1# SP1# SP1#show ip ospf database external OSPF Router with ID (10.0.1.1) (Process ID 1) OSPF Router with ID (172.16.100.254) (Process ID 10) Type-5 AS External Link States Routing Bit Set on this LSA LS age: 1409 Options: (No TOS-capability, DC) LS Type: AS External Link Link State ID: 172.16.110.1 (External Network Number ) Advertising Router: 172.16.110.1 LS Seq Number: 80000004 Checksum: 0x7253 Length: 36 Network Mask: /32 Metric Type: 1 (Comparable directly to link state metric) TOS: 0 Metric: 20 Forward Address: 0.0.0.0 External Route Tag: 0 SP1# SP1#show ip bgp vpnv4 all BGP table version is 14, local router ID is 10.0.1.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 100:1 (default for vrf CUST-A) *> 172.16.10.1/32 172.16.100.1 2 32768 ? * i172.16.20.1/32 10.0.4.1 2 100 0 ? *>i 10.0.3.1 2 100 0 ? *> 172.16.100.0/24 0.0.0.0 0 32768 ? *> 172.16.110.1/32 172.16.100.1 21 32768 ? * i172.16.200.0/24 10.0.4.1 2 100 0 ? *>i 10.0.3.1 0 100 0 ? *>i172.16.201.0/24 10.0.4.1 0 100 0 ? * i 10.0.3.1 2 100 0 ? SP1# SP1#show ip bgp vpnv4 rd 100:1 172.16.110.1/32 BGP routing table entry for 100:1:172.16.110.1/32, version 7 Paths: (1 available, best #1, table CUST-A) Advertised to update-groups: 2 Local 172.16.100.1 from 0.0.0.0 (10.0.1.1) Origin incomplete, metric 21, localpref 100, weight 32768, valid, sourced, best Extended Community: RT:1:100 OSPF DOMAIN ID:0x0005:0x0000000A0200 OSPF RT:0.0.0.0:5:0 OSPF ROUTER ID:172.16.100.254:0 mpls labels in/out 23/nolabel SP1#
- 3) Again SP2, is transparent.
- 4) SP3 receives the VPNv4 for 172.16.110.1/32 from SP1. Installs it into BGP and then redistribute to OSPF. If we compare the ospf database output of SP1 with SP3. We see that SP3 has a different value for “tag” in 172.16.110.1/32. So that tags is created by SP3 when redistributing the BGP prefix to OSPF (based on the extended communities in the VPNv4 prefix). As per the rfc, the tag is generated based on the ASN (100). As are all our SPs are in the same ASN, the tag will be the same in all of PE generating the LSA from the VPNv4.
SP3#show ip bgp vpnv4 all BGP table version is 13, local router ID is 10.0.3.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 100:1 (default for vrf CUST-A) *>i172.16.10.1/32 10.0.1.1 2 100 0 ? * i172.16.20.1/32 10.0.4.1 2 100 0 ? *> 172.16.200.1 2 32768 ? *>i172.16.100.0/24 10.0.1.1 0 100 0 ? *>i172.16.110.1/32 10.0.1.1 21 100 0 ? * i172.16.200.0/24 10.0.4.1 2 100 0 ? *> 0.0.0.0 0 32768 ? * i172.16.201.0/24 10.0.4.1 0 100 0 ? *> 172.16.200.1 2 32768 ? SP3# SP3# SP3#show ip route vrf CUST-A Routing Table: CUST-A Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 172.16.0.0/16 is variably subnetted, 6 subnets, 2 masks C 172.16.200.0/24 is directly connected, FastEthernet0/0 O 172.16.201.0/24 [110/2] via 172.16.200.1, 02:06:43, FastEthernet0/0 O 172.16.20.1/32 [110/2] via 172.16.200.1, 02:06:43, FastEthernet0/0 B 172.16.10.1/32 [200/2] via 10.0.1.1, 02:04:33 B 172.16.110.1/32 [200/21] via 10.0.1.1, 02:04:33 B 172.16.100.0/24 [200/0] via 10.0.1.1, 02:04:33 SP3# SP3# SP3#show ip ospf database OSPF Router with ID (10.0.3.1) (Process ID 1) Router Link States (Area 0) Link ID ADV Router Age Seq# Checksum Link count 10.0.1.1 10.0.1.1 1556 0x80000005 0x00D5F4 2 10.0.2.1 10.0.2.1 1602 0x80000006 0x00D39C 3 10.0.3.1 10.0.3.1 1804 0x80000006 0x007FC3 3 10.0.4.1 10.0.4.1 1602 0x80000005 0x00CCC7 2 Net Link States (Area 0) Link ID ADV Router Age Seq# Checksum 10.0.12.2 10.0.2.1 1602 0x80000004 0x00FBFC 10.0.23.1 10.0.3.1 1804 0x80000004 0x009B50 10.0.34.2 10.0.4.1 1602 0x80000004 0x0027B5 OSPF Router with ID (172.16.200.254) (Process ID 10) Router Link States (Area 10) Link ID ADV Router Age Seq# Checksum Link count 172.16.20.1 172.16.20.1 1640 0x80000006 0x00710E 3 172.16.200.254 172.16.200.254 1625 0x80000005 0x0055C4 1 172.16.201.254 172.16.201.254 1626 0x80000005 0x0059BC 1 Net Link States (Area 10) Link ID ADV Router Age Seq# Checksum 172.16.200.254 172.16.200.254 1625 0x80000004 0x00F0E6 172.16.201.254 172.16.201.254 1626 0x80000004 0x00E7EC Summary Net Link States (Area 10) Link ID ADV Router Age Seq# Checksum 172.16.10.1 172.16.200.254 1625 0x80000004 0x000863 172.16.10.1 172.16.201.254 1626 0x80000004 0x000169 172.16.100.0 172.16.200.254 1625 0x80000004 0x0026EC 172.16.100.0 172.16.201.254 1626 0x80000004 0x001FF2 Type-5 AS External Link States Link ID ADV Router Age Seq# Checksum Tag 172.16.110.1 172.16.200.254 1625 0x80000004 0x005BDB 3489661028 172.16.110.1 172.16.201.254 1626 0x80000004 0x0054E1 3489661028 SP3#
- 5) So let’s see with details the VPNv4 prefix for 172.16.10.1/32 (OSPF LSA3) and 172.16.110.1/32 (OSPF LSA5). Both originated by HQ.
SP3#show ip bgp vpnv4 rd 100:1 172.16.10.1/32 BGP routing table entry for 100:1:172.16.10.1/32, version 8 Paths: (1 available, best #1, table CUST-A) Not advertised to any peer Local 10.0.1.1 (metric 3) from 10.0.1.1 (10.0.1.1) Origin incomplete, metric 2, localpref 100, valid, internal, best Extended Community: RT:1:100 OSPF DOMAIN ID:0x0005:0x0000000A0200 OSPF RT:0.0.0.10:2:0 OSPF ROUTER ID:172.16.100.254:0 mpls labels in/out nolabel/21 SP3# SP3#show ip bgp vpnv4 rd 100:1 172.16.110.1/32 BGP routing table entry for 100:1:172.16.110.1/32, version 11 Paths: (1 available, best #1, table CUST-A) Not advertised to any peer Local 10.0.1.1 (metric 3) from 10.0.1.1 (10.0.1.1) Origin incomplete, metric 21, localpref 100, valid, internal, best Extended Community: RT:1:100 OSPF DOMAIN ID:0x0005:0x0000000A0200 OSPF RT:0.0.0.0:5:0 OSPF ROUTER ID:172.16.100.254:0 mpls labels in/out nolabel/23 SP3#
- 6) So SP3, based on the Extended communities, knows the VPNv4 prefix 172.16.110.1/32 was an OSPF LSA5 and it creates a tag. Keep in mind that SP4 is doing exactly the same thing as SP3:
SP4# SP4#show ip route vrf CUST-A Routing Table: CUST-A Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 172.16.0.0/16 is variably subnetted, 6 subnets, 2 masks O 172.16.200.0/24 [110/2] via 172.16.201.1, 02:18:34, FastEthernet3/0 C 172.16.201.0/24 is directly connected, FastEthernet3/0 O 172.16.20.1/32 [110/2] via 172.16.201.1, 02:18:34, FastEthernet3/0 B 172.16.10.1/32 [200/2] via 10.0.1.1, 02:16:19 B 172.16.110.1/32 [200/21] via 10.0.1.1, 02:16:19 B 172.16.100.0/24 [200/0] via 10.0.1.1, 02:16:19 SP4# SP4# SP4# SP4#show ip ospf database OSPF Router with ID (10.0.4.1) (Process ID 1) Router Link States (Area 0) Link ID ADV Router Age Seq# Checksum Link count 10.0.1.1 10.0.1.1 253 0x80000006 0x00D3F5 2 10.0.2.1 10.0.2.1 310 0x80000007 0x00D19D 3 10.0.3.1 10.0.3.1 504 0x80000007 0x007DC4 3 10.0.4.1 10.0.4.1 301 0x80000006 0x00CAC8 2 Net Link States (Area 0) Link ID ADV Router Age Seq# Checksum 10.0.12.2 10.0.2.1 310 0x80000005 0x00F9FD 10.0.23.1 10.0.3.1 504 0x80000005 0x009951 10.0.34.2 10.0.4.1 301 0x80000005 0x0025B6 OSPF Router with ID (172.16.201.254) (Process ID 10) Router Link States (Area 10) Link ID ADV Router Age Seq# Checksum Link count 172.16.20.1 172.16.20.1 315 0x80000007 0x006F0F 3 172.16.200.254 172.16.200.254 347 0x80000006 0x0053C5 1 172.16.201.254 172.16.201.254 315 0x80000006 0x0057BD 1 Net Link States (Area 10) Link ID ADV Router Age Seq# Checksum 172.16.200.254 172.16.200.254 347 0x80000005 0x00EEE7 172.16.201.254 172.16.201.254 315 0x80000005 0x00E5ED Summary Net Link States (Area 10) Link ID ADV Router Age Seq# Checksum 172.16.10.1 172.16.200.254 347 0x80000005 0x000664 172.16.10.1 172.16.201.254 315 0x80000005 0x00FE6A 172.16.100.0 172.16.200.254 347 0x80000005 0x0024ED 172.16.100.0 172.16.201.254 315 0x80000005 0x001DF3 Type-5 AS External Link States Link ID ADV Router Age Seq# Checksum Tag 172.16.110.1 172.16.200.254 347 0x80000005 0x0059DC 3489661028 172.16.110.1 172.16.201.254 315 0x80000005 0x0052E2 3489661028 SP4# SP4# SP4# SP4#show ip ospf database external 172.16.110.1 OSPF Router with ID (10.0.4.1) (Process ID 1) OSPF Router with ID (172.16.201.254) (Process ID 10) Type-5 AS External Link States LS age: 350 Options: (No TOS-capability, DC) LS Type: AS External Link Link State ID: 172.16.110.1 (External Network Number ) Advertising Router: 172.16.200.254 LS Seq Number: 80000005 Checksum: 0x59DC Length: 36 Network Mask: /32 Metric Type: 1 (Comparable directly to link state metric) TOS: 0 Metric: 21 Forward Address: 0.0.0.0 External Route Tag: 3489661028 LS age: 319 Options: (No TOS-capability, DC) LS Type: AS External Link Link State ID: 172.16.110.1 (External Network Number ) Advertising Router: 172.16.201.254 LS Seq Number: 80000005 Checksum: 0x52E2 Length: 36 Network Mask: /32 Metric Type: 1 (Comparable directly to link state metric) TOS: 0 Metric: 21 Forward Address: 0.0.0.0 External Route Tag: 3489661028 SP4# SP4# SP4# SP4#show ip bgp vpnv4 rd 100:1 172.16.10.1/32 BGP routing table entry for 100:1:172.16.10.1/32, version 8 Paths: (1 available, best #1, table CUST-A) Not advertised to any peer Local 10.0.1.1 (metric 4) from 10.0.1.1 (10.0.1.1) Origin incomplete, metric 2, localpref 100, valid, internal, best Extended Community: RT:1:100 OSPF DOMAIN ID:0x0005:0x0000000A0200 OSPF RT:0.0.0.10:2:0 OSPF ROUTER ID:172.16.100.254:0 mpls labels in/out nolabel/21 SP4# SP4# SP4#show ip bgp vpnv4 rd 100:1 172.16.110.1/32 BGP routing table entry for 100:1:172.16.110.1/32, version 11 Paths: (1 available, best #1, table CUST-A) Not advertised to any peer Local 10.0.1.1 (metric 4) from 10.0.1.1 (10.0.1.1) Origin incomplete, metric 21, localpref 100, valid, internal, best Extended Community: RT:1:100 OSPF DOMAIN ID:0x0005:0x0000000A0200 OSPF RT:0.0.0.0:5:0 OSPF ROUTER ID:172.16.100.254:0 mpls labels in/out nolabel/23 SP4#
- 7) As you can see, SP3 and SP4 are generating the same “tag” 3489661028 for the LSA5 172.16.110.1/32 (because they are in the same ASN 100). So as the receiving LSA for the other SP in the same Area 10 has the same tag, SP3/SP4 ignore the LSA. And again, the BGP prefix is installed in the routing table instead of the OSPF AD110 172.16.110.1/32 and we dont have a routing loop.