{"id":88,"date":"2020-04-26T18:17:33","date_gmt":"2020-04-26T17:17:33","guid":{"rendered":"https:\/\/blog.thomarite.uk\/?p=88"},"modified":"2020-05-11T23:48:03","modified_gmt":"2020-05-11T22:48:03","slug":"gns3-pe-ce-ospf-down-bit-and-external-lsa","status":"publish","type":"post","link":"https:\/\/blog.thomarite.uk\/index.php\/2020\/04\/26\/gns3-pe-ce-ospf-down-bit-and-external-lsa\/","title":{"rendered":"GNS3: PE-CE OSPF, Down Bit and External LSA"},"content":{"rendered":"\n<p>This is a continuation of the other post abount installing and configuring a basic MPLS L3VPN network in GNS3.<\/p>\n\n\n\n<p>Normally, we always have a routing protocol running between the customer CPE and the provider PE. OSPF was very common  and I used to be give for granted the routing loop avoidance in a dual-home CPE, I knew the idea but never really hammered it in my head. Until a couple of months ago that I hit an issue during the migration of my employer MPLS network to a new vendor. The new vendor didnt implemented the <a href=\"https:\/\/tools.ietf.org\/html\/rfc4577#section-4.2.5.1\">OSPF Down bit<\/a>.  \/o\\<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">Summary: If an LSA arrives at a PE with the down bit set, that will never be redistributed into BGP. This prevents the route from leaking in from one PE back into another PE.<\/pre>\n\n\n\n<p>The RFC for using OSPF in PE-CE in MPLS VPNs is <a href=\"https:\/\/tools.ietf.org\/html\/rfc4577\">here<\/a>:<\/p>\n\n\n\n<p><strong>Note<\/strong>: Down-Bit is only used in LSA3!<\/p>\n\n\n\n<p>It was frustrating but it was a good excuse too because it pushed me (and I could justify) to move our PE-CE to BGP.<\/p>\n\n\n\n<p>In general I always read these blogs when I want to refresh my OSPF Down Bit. So all merits are for them:<\/p>\n\n\n\n<p><a href=\"http:\/\/dtdccie.blogspot.com\/2016\/03\/ospf-down-bit-set.html\">http:\/\/dtdccie.blogspot.com\/2016\/03\/ospf-down-bit-set.html<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/mellowd.co.uk\/ccie\/ospf-as-the-pe-ce-routing-protocols-deep-dive-part-1-of-2\/\">https:\/\/mellowd.co.uk\/ccie\/ospf-as-the-pe-ce-routing-protocols-deep-dive-part-1-of-2\/<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/mellowd.co.uk\/ccie\/ospf-as-the-pe-ce-routing-protocols-deep-dive-part-3-of-3-loop-prevention\/\">https:\/\/mellowd.co.uk\/ccie\/ospf-as-the-pe-ce-routing-protocols-deep-dive-part-3-of-3-loop-prevention\/<\/a><\/p>\n\n\n\n<p>So with this background, I built a GNS3 lab to show OSPF Down-Bit in action:<\/p>\n\n\n\n<p><a href=\"https:\/\/github.com\/thomarite\/mpls-down-bit\">https:\/\/github.com\/thomarite\/mpls-down-bit<\/a><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"874\" height=\"545\" src=\"https:\/\/blog.thomarite.uk\/wp-content\/uploads\/2020\/04\/mpls-l3vpn-ospf-down-bit.png\" alt=\"\" class=\"wp-image-89\" srcset=\"https:\/\/blog.thomarite.uk\/wp-content\/uploads\/2020\/04\/mpls-l3vpn-ospf-down-bit.png 874w, https:\/\/blog.thomarite.uk\/wp-content\/uploads\/2020\/04\/mpls-l3vpn-ospf-down-bit-300x187.png 300w, https:\/\/blog.thomarite.uk\/wp-content\/uploads\/2020\/04\/mpls-l3vpn-ospf-down-bit-768x479.png 768w\" sizes=\"auto, (max-width: 709px) 85vw, (max-width: 909px) 67vw, (max-width: 1362px) 62vw, 840px\" \/><\/figure>\n\n\n\n<p>The big picture is: CE (HQ, BRANCH) routers are running OSPF with the PE (SP1\/3\/4) routers. The PE routers redistribute these OSPF routes into BGP and then converts them to VPNv4 NLRI. These VPNv4 NLRI are advetised to other PE routers via BGP. The PE also converts these VPNv4 routes back into OSPF and then off to the CE router.<\/p>\n\n\n\n<p>Now in more detail, let&#8217;s see where we can have a routing loop:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>1) HQ sends a LSA1 to SP1 with Lo:172.16.10.1\/32 and the connected network to PE 172.16.100.0\/24<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\">HQ#show ip ospf database router internal self-originate \n\n            OSPF Router with ID (172.16.110.1) (Process ID 1)\n\n\t\tRouter Link States (Area 10)\n\n  Now in min table \n  Table index: 42 min 17 sec\n  LS age: 321\n  Options: (No TOS-capability, DC)\n  LS Type: Router Links\n  Link State ID: 172.16.110.1\n  Advertising Router: 172.16.110.1\n  LS Seq Number: 80000003\n  Checksum: 0x7247\n  Length: 48\n  AS Boundary Router\n  Number of Links: 2\n\n    Link connected to: a Stub Network\n     (Link ID) Network\/subnet number: 172.16.10.1\n     (Link Data) Network Mask: 255.255.255.255\n      Number of TOS metrics: 0\n       TOS 0 Metrics: 1\n          \n    Link connected to: a Transit Network\n     (Link ID) Designated Router address: 172.16.100.1\n     (Link Data) Router Interface address: 172.16.100.1\n      Number of TOS metrics: 0\n       TOS 0 Metrics: 1\n<\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>2) SP1 received the new OSPF route from HQ (172.16.10.1\/32) and it is redistributed into BGP so other PEs can receive it (SP3 and SP4) as a VPNv4. The connected 172.16.100.0\/24 is as well redistributed into BGP<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\">SP1#show ip ospf database router internal adv-router 172.16.110.1\n\n            OSPF Router with ID (10.0.1.1) (Process ID 1)\n\n            OSPF Router with ID (172.16.100.254) (Process ID 10)\n\n\t\tRouter Link States (Area 10)\n\n  Routing Bit Set on this LSA\n  Now in min table \n  Table index: 45 min 42 sec\n  LS age: 648\n  Options: (No TOS-capability, DC)\n  LS Type: Router Links\n  Link State ID: 172.16.110.1\n  Advertising Router: 172.16.110.1\n  LS Seq Number: 80000003\n  Checksum: 0x7247\n  Length: 48\n  AS Boundary Router\n  Number of Links: 2\n\n    Link connected to: a Stub Network\n     (Link ID) Network\/subnet number: 172.16.10.1\n     (Link Data) Network Mask: 255.255.255.255\n      Number of TOS metrics: 0\n       TOS 0 Metrics: 1\n\n    Link connected to: a Transit Network\n     (Link ID) Designated Router address: 172.16.100.1\n     (Link Data) Router Interface address: 172.16.100.1\n      Number of TOS metrics: 0\n       TOS 0 Metrics: 1\n\n\nSP1# \nSP1#show ip route vrf CUST-A\n\nRouting Table: CUST-A\nCodes: C - connected, S - static, R - RIP, M - mobile, B - BGP\n       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area \n       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2\n       E1 - OSPF external type 1, E2 - OSPF external type 2\n       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2\n       ia - IS-IS inter area, * - candidate default, U - per-user static route\n       o - ODR, P - periodic downloaded static route\n\nGateway of last resort is not set\n\n     172.16.0.0\/16 is variably subnetted, 6 subnets, 2 masks\nB       172.16.200.0\/24 [200\/0] via 10.0.3.1, 00:41:47\nB       172.16.201.0\/24 [200\/0] via 10.0.4.1, 00:41:47\nB       172.16.20.1\/32 [200\/2] via 10.0.3.1, 00:41:47\nO       172.16.10.1\/32 [110\/2] via 172.16.100.1, 00:43:58, FastEthernet0\/0\nO E1    172.16.110.1\/32 [110\/21] via 172.16.100.1, 00:43:58, FastEthernet0\/0\nC       172.16.100.0\/24 is directly connected, FastEthernet0\/0\nSP1#\nSP1#show ip bgp vpnv4 all \nBGP table version is 14, local router ID is 10.0.1.1\nStatus codes: s suppressed, d damped, h history, * valid, > best, i - internal,\n              r RIB-failure, S Stale\nOrigin codes: i - IGP, e - EGP, ? - incomplete\n\n   Network          Next Hop            Metric LocPrf Weight Path\nRoute Distinguisher: 100:1 (default for vrf CUST-A)\n*> 172.16.10.1\/32   172.16.100.1             2         32768 ?\n* i172.16.20.1\/32   10.0.4.1                 2    100      0 ?\n*>i                 10.0.3.1                 2    100      0 ?\n*> 172.16.100.0\/24  0.0.0.0                  0         32768 ?\n*> 172.16.110.1\/32  172.16.100.1            21         32768 ?\n* i172.16.200.0\/24  10.0.4.1                 2    100      0 ?\n*>i                 10.0.3.1                 0    100      0 ?\n*>i172.16.201.0\/24  10.0.4.1                 0    100      0 ?\n* i                 10.0.3.1                 2    100      0 ?\nSP1#\n\n<\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>It is important to notice how the VPNv4 for 172.16.10.1\/32 is built in SP1. Based on the <a href=\"https:\/\/tools.ietf.org\/html\/rfc4577#section-4.2.6\">rfc<\/a> section 4.2.6 &#8220;Handling LSAs from the CE&#8221;  we see the following:<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\">When a PE router receives, from a CE router, any LSA with the DN bit [<a href=\"https:\/\/tools.ietf.org\/html\/rfc4577#ref-OSPF-DN\">OSPF-DN<\/a>] set, the information from that LSA MUST NOT be used by the route calculation. If a Type 5 LSA is received from the CE, and if it has an OSPF route tag value equal to the VPN Route Tag (see <a href=\"https:\/\/tools.ietf.org\/html\/rfc4577#section-4.2.5.2\">Section 4.2.5.2<\/a>), then the information from that LSA MUST NOT be used by the route calculation.\n\nOtherwise, the PE must examine the corresponding VRF.For every address prefix that was installed in the VRF by one of its associated OSPF instances, the PE must create a VPN-IPv4 route in BGP. Each such route will have some of the following Extended Communities attributes:\n\n\u2013 The OSPF Domain Identifier Extended Communities attribute. If the OSPF instance that installed the route has a non-NULL primary Domain Identifier, this MUST be present; if that OSPF instance has only a NULL Domain Identifier, it MAY be omitted. This attribute is encoded with a two-byte type field, and its type is 0005, 0105, or 0205. For backward compatibility, the type 8005 MAY be used as well and is treated as if it were 0005. If the OSPF instance has a NULL Domain Identifier, and the OSPF Domain Identifier Extended Communities attribute is present, then the attribute\u2019s value field must be all zeroes, and its type field may be any of 0005, 0105, 0205, or 8005.\n\n\u2013 OSPF Route Type Extended Communities Attribute. This attribute MUST be present. It is encoded with a two-byte type field, and its type is 0306. To ensure backward compatibility, the type 8000 SHOULD be accepted as well and treated as if it were type 0306. The remaining six bytes of the Attribute are encoded as follows:\n\n     Area Number \u2013 Route Type \u2013 Options<\/pre>\n\n\n\n<p>So the very first paragraph is our answer when we reach SP3 (when dealing with a LSA3) and there is no loop. And the second paragrah is  our answer when delaling with a LS5 and avoid a loop (more of this later). So this is our VPNv4 for 172.16.10.1\/32<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">SP1#\nSP1#show ip bgp vpnv4 rd 100:1 172.16.10.1\/32 \nBGP routing table entry for 100:1:172.16.10.1\/32, version 5\nPaths: (1 available, best #1, table CUST-A)\n  Advertised to update-groups:\n        2\n  Local\n    172.16.100.1 from 0.0.0.0 (10.0.1.1)\n      Origin incomplete, metric 2, localpref 100, weight 32768, valid, sourced, best\n      Extended Community: RT:1:100 OSPF DOMAIN ID:0x0005:0x0000000A0200 \n        OSPF RT:0.0.0.10:2:0 OSPF ROUTER ID:172.16.100.254:0\n      mpls labels in\/out 21\/nolabel\nSP1#\n<\/pre>\n\n\n\n<p>So the extended communities generated from being a OSPF prefix are OSPF DOMAIN ID, OSPF Route Type (RT) and OSPF ROUTER ID.<\/p>\n\n\n\n<p>I haven&#8217;t configured &#8220;ospf domain ID&#8221; in any router so Cisco IOS is generating one for itself (although it should be NULL) in OSPF DOMAIN ID.<\/p>\n\n\n\n<p>For OSPF RT, we have are 10 (0.0.0.10) and LSA2 (although it should be LSA1). ROUTER ID is the expected one.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>3) SP2 is just a P router so it is transparent here. Doesnt know anything about BGP, VPNv4, etc. It just does LDP and IGP.<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\">SP2#show ip bgp summary \n% BGP not active\n\nSP2#show ip route ospf \n     10.0.0.0\/8 is variably subnetted, 7 subnets, 2 masks\nO       10.0.3.1\/32 [110\/2] via 10.0.23.1, 00:45:04, GigabitEthernet2\/0\nO       10.0.1.1\/32 [110\/2] via 10.0.12.1, 00:44:54, GigabitEthernet1\/0\nO       10.0.4.1\/32 [110\/3] via 10.0.23.1, 00:44:54, GigabitEthernet2\/0\nO       10.0.34.0\/24 [110\/2] via 10.0.23.1, 00:44:54, GigabitEthernet2\/0\nSP2#\n<\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>4) SP3 received the new VPNv4, it is redistributed from BGP to OSPF as a LSA3 (The MPLS backbone is a super OSPF area 0). If we pay attention to the details of the LSA3 (Summary) from HQ prefix 172.16.10.1\/32 &#8220;<em>show ip ospf database summary 172.16.10.1<\/em>&#8221; we can see two details. First, the two LSA are one from SP3 (advert router 172.16.200.254) and the other from SP4 (advert router 172.16.201.254). Second, both show &#8220;<em>Downward<\/em>&#8221; in the options field. As stated earlier, this is directed by the <a href=\"https:\/\/tools.ietf.org\/html\/rfc4577#section-4.2.5.1\">rfc<\/a> for any PE sending a LSA3. So, if iBGP has AD of 200 and OSPF has AD of 110. How come we have installed the BGP prefix in the routing table for 172.16.10.1\/32 instead of the OSPF prefix coming from SP4. As per the standard mentioned earlier, if a PE router receives an OSPF prefix with the down bit enabled (&#8220;Downward&#8221;), the PE router ignores that prefix.  The &#8220;Downward&#8221; bit is saying the prefix is coming from another PE in the same area so if you accept it, you will trigger a routing loop. Keep in mind that SP4 is doing the same thing as we see below in the commands for SP3. If SP3 accepts the OSPF prefix from SP4 for reaching 172.16.10.1\/32 (HQ), SP4 is doing the same thing, accepting the SP3 prefix for reaching 172.16.10.1\/32 (HQ).  So SP3 would send traffic to SP4, and SP4 would return it back to SP3. When both SP3\/SP4 learn the OSPF prefix from each other, they will stop redistributing the BGP prefix (that is coming from SP1\/HQ) into OSPF so we reach a point where there is no more LSA3 for 172.16.10.1! and the process starts again. As well SP3\/4 will redistribute the OPSF prefix learned from the other SP into BGP. So we are back to the intial stage, SP3\/SP4 only have the BGP prefix for 172.16.10.1 (from SP2 or SP3\/4), as it is the best route, it is redistributed to OSPF, and you know what happens next.<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\">SP3#show ip bgp vpnv4 all \nBGP table version is 13, local router ID is 10.0.3.1\nStatus codes: s suppressed, d damped, h history, * valid, > best, i - internal,\n              r RIB-failure, S Stale\nOrigin codes: i - IGP, e - EGP, ? - incomplete\n\n   Network          Next Hop            Metric LocPrf Weight Path\nRoute Distinguisher: 100:1 (default for vrf CUST-A)\n*>i172.16.10.1\/32   10.0.1.1                 2    100      0 ?\n* i172.16.20.1\/32   10.0.4.1                 2    100      0 ?\n*>                  172.16.200.1             2         32768 ?\n*>i172.16.100.0\/24  10.0.1.1                 0    100      0 ?\n*>i172.16.110.1\/32  10.0.1.1                21    100      0 ?\n* i172.16.200.0\/24  10.0.4.1                 2    100      0 ?\n*>                  0.0.0.0                  0         32768 ?\n* i172.16.201.0\/24  10.0.4.1                 0    100      0 ?\n*>                  172.16.200.1             2         32768 ?\nSP3#\nSP3#\nSP3#show ip route vrf CUST-A\n\nRouting Table: CUST-A\nCodes: C - connected, S - static, R - RIP, M - mobile, B - BGP\n       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area \n       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2\n       E1 - OSPF external type 1, E2 - OSPF external type 2\n       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2\n       ia - IS-IS inter area, * - candidate default, U - per-user static route\n       o - ODR, P - periodic downloaded static route\n\nGateway of last resort is not set\n\n     172.16.0.0\/16 is variably subnetted, 6 subnets, 2 masks\nC       172.16.200.0\/24 is directly connected, FastEthernet0\/0\nO       172.16.201.0\/24 [110\/2] via 172.16.200.1, 00:45:46, FastEthernet0\/0\nO       172.16.20.1\/32 [110\/2] via 172.16.200.1, 00:45:46, FastEthernet0\/0\nB       172.16.10.1\/32 [200\/2] via 10.0.1.1, 00:43:35\nB       172.16.110.1\/32 [200\/21] via 10.0.1.1, 00:43:35\nB       172.16.100.0\/24 [200\/0] via 10.0.1.1, 00:43:35\nSP3#\nSP3#show ip ospf database         \n\n            OSPF Router with ID (10.0.3.1) (Process ID 1)\n\n\t\tRouter Link States (Area 0)\n\nLink ID         ADV Router      Age         Seq#       Checksum Link count\n10.0.1.1        10.0.1.1        1076        0x80000003 0x00D9F2 2\n10.0.2.1        10.0.2.1        1132        0x80000004 0x00D79A 3\n10.0.3.1        10.0.3.1        1105        0x80000004 0x0083C1 3\n10.0.4.1        10.0.4.1        1095        0x80000003 0x00D0C5 2\n\n\t\tNet Link States (Area 0)\n\nLink ID         ADV Router      Age         Seq#       Checksum\n10.0.12.2       10.0.2.1        1132        0x80000002 0x00FFFA\n10.0.23.1       10.0.3.1        1105        0x80000002 0x009F4E\n10.0.34.2       10.0.4.1        1095        0x80000002 0x002BB3\n\n            OSPF Router with ID (172.16.200.254) (Process ID 10)\n\n\t\tRouter Link States (Area 10)\n\nLink ID         ADV Router      Age         Seq#       Checksum Link count\n172.16.20.1     172.16.20.1     1105        0x80000004 0x00750C 3\n172.16.200.254  172.16.200.254  1116        0x80000003 0x0059C2 1\n172.16.201.254  172.16.201.254  1121        0x80000003 0x005DBA 1\n\n\t\tNet Link States (Area 10)\n\nLink ID         ADV Router      Age         Seq#       Checksum\n172.16.200.254  172.16.200.254  1116        0x80000002 0x00F4E4\n172.16.201.254  172.16.201.254  1121        0x80000002 0x00EBEA\n\n\t\tSummary Net Link States (Area 10)\n\nLink ID         ADV Router      Age         Seq#       Checksum\n172.16.10.1     172.16.200.254  1116        0x80000002 0x000C61\n172.16.10.1     172.16.201.254  1121        0x80000002 0x000567\n172.16.100.0    172.16.200.254  1116        0x80000002 0x002AEA\n172.16.100.0    172.16.201.254  1121        0x80000002 0x0023F0\n\n\t\tType-5 AS External Link States\n\nLink ID         ADV Router      Age         Seq#       Checksum Tag\n172.16.110.1    172.16.200.254  1116        0x80000002 0x005FD9 3489661028\n172.16.110.1    172.16.201.254  1121        0x80000002 0x0058DF 3489661028\nSP3#  \nSP3#\nSP3#\nSP3#show ip ospf database  summary 172.16.10.1\n\n            OSPF Router with ID (10.0.3.1) (Process ID 1)\n\n            OSPF Router with ID (172.16.200.254) (Process ID 10)\n\n\t\tSummary Net Link States (Area 10)\n\n  LS age: 1127\n  Options: (No TOS-capability, DC, Downward)\n  LS Type: Summary Links(Network)\n  Link State ID: 172.16.10.1 (summary Network Number)\n  Advertising Router: 172.16.200.254\n  LS Seq Number: 80000002\n  Checksum: 0xC61\n  Length: 28\n  Network Mask: \/32\n\tTOS: 0 \tMetric: 2 \n\n  LS age: 1132\n  Options: (No TOS-capability, DC, Downward)\n  LS Type: Summary Links(Network)\n  Link State ID: 172.16.10.1 (summary Network Number)\n  Advertising Router: 172.16.201.254\n  LS Seq Number: 80000002\n  Checksum: 0x567\n  Length: 28\n  Network Mask: \/32\n\tTOS: 0 \tMetric: 2 \n\nSP3# \n<\/pre>\n\n\n\n<p>Like we did in SP1, let&#8217;s see how SP3 deals with the VPNv4 for 172.16.10.1\/32.  <\/p>\n\n\n\n<p>Based on th <a href=\"https:\/\/tools.ietf.org\/html\/rfc4577#section-4.2.8\">rfc<\/a> &#8220;4.2.8&#8221; VPNv4 Routes received via BGP, we need to check &#8220;4.2.8.1 External Routes&#8221; (LSA5\/7) and &#8220;4.2.8.2 Summary Routes&#8221; (LSA3) and the VPNv4 received:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">SP3#show ip bgp vpnv4 rd 100:1 172.16.10.1\/32 \nBGP routing table entry for 100:1:172.16.10.1\/32, version 8\nPaths: (1 available, best #1, table CUST-A)\n  Not advertised to any peer\n  Local\n    10.0.1.1 (metric 3) from 10.0.1.1 (10.0.1.1)\n      Origin incomplete, metric 2, localpref 100, valid, internal, best\n      Extended Community: RT:1:100 OSPF DOMAIN ID:0x0005:0x0000000A0200 \n        OSPF RT:0.0.0.10:2:0 OSPF ROUTER ID:172.16.100.254:0\n      mpls labels in\/out nolabel\/21\nSP3#\n<\/pre>\n\n\n\n<p>The DOMAIN ID has to match as we haven&#8217;t defined it. OSPF RT, is telling that is coming from OSPF area 10 and non-external. So SP3 can generate a LSA3 for 172.16.10.1\/32 as we have OSPF area 10 defined too.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>5) From SP4 perspective. Same view as SP3. SP4 ignores LSA3 with Down-bit.<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\">SP4#show ip bgp vpnv4 all \nBGP table version is 13, local router ID is 10.0.4.1\nStatus codes: s suppressed, d damped, h history, * valid, > best, i - internal,\n              r RIB-failure, S Stale\nOrigin codes: i - IGP, e - EGP, ? - incomplete\n\n   Network          Next Hop            Metric LocPrf Weight Path\nRoute Distinguisher: 100:1 (default for vrf CUST-A)\n*>i172.16.10.1\/32   10.0.1.1                 2    100      0 ?\n* i172.16.20.1\/32   10.0.3.1                 2    100      0 ?\n*>                  172.16.201.1             2         32768 ?\n*>i172.16.100.0\/24  10.0.1.1                 0    100      0 ?\n*>i172.16.110.1\/32  10.0.1.1                21    100      0 ?\n* i172.16.200.0\/24  10.0.3.1                 0    100      0 ?\n*>                  172.16.201.1             2         32768 ?\n* i172.16.201.0\/24  10.0.3.1                 2    100      0 ?\n*>                  0.0.0.0                  0         32768 ?\nSP4#\nSP4#\nSP4#show ip ospf database summary 172.16.10.1\n\n            OSPF Router with ID (10.0.4.1) (Process ID 1)\n\n            OSPF Router with ID (172.16.201.254) (Process ID 10)\n\n\t\tSummary Net Link States (Area 10)\n\n  LS age: 1489\n  Options: (No TOS-capability, DC, Downward)\n  LS Type: Summary Links(Network)\n  Link State ID: 172.16.10.1 (summary Network Number)\n  Advertising Router: 172.16.200.254\n  LS Seq Number: 80000003\n  Checksum: 0xA62\n  Length: 28\n  Network Mask: \/32\n\tTOS: 0 \tMetric: 2 \n\n  LS age: 1475\n  Options: (No TOS-capability, DC, Downward)\n  LS Type: Summary Links(Network)\n  Link State ID: 172.16.10.1 (summary Network Number)\n  Advertising Router: 172.16.201.254\n  LS Seq Number: 80000003\n  Checksum: 0x368\n  Length: 28\n  Network Mask: \/32\n\tTOS: 0 \tMetric: 2 \n\nSP4#  \nSP4#show ip route vrf CUST-A\n\nRouting Table: CUST-A\nCodes: C - connected, S - static, R - RIP, M - mobile, B - BGP\n       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area \n       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2\n       E1 - OSPF external type 1, E2 - OSPF external type 2\n       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2\n       ia - IS-IS inter area, * - candidate default, U - per-user static route\n       o - ODR, P - periodic downloaded static route\n\nGateway of last resort is not set\n\n     172.16.0.0\/16 is variably subnetted, 6 subnets, 2 masks\nO       172.16.200.0\/24 [110\/2] via 172.16.201.1, 01:31:12, FastEthernet3\/0\nC       172.16.201.0\/24 is directly connected, FastEthernet3\/0\nO       172.16.20.1\/32 [110\/2] via 172.16.201.1, 01:31:12, FastEthernet3\/0\nB       172.16.10.1\/32 [200\/2] via 10.0.1.1, 01:28:57\nB       172.16.110.1\/32 [200\/21] via 10.0.1.1, 01:28:57\nB       172.16.100.0\/24 [200\/0] via 10.0.1.1, 01:28:57\nSP4#\n<\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>6) And Finally, BRANCH. It can see the prefix 172.16.10.1\/32 (HQ) via two paths as we would expect. And without routing loops (the routes has been installed for over 1h 30minutes). BRANCH doesnt react to the Down-Bit so it accepts the LSA3 from SP2\/3 and install the OSPF prefix.<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\">BRANCH#show ip route                 \nCodes: C - connected, S - static, R - RIP, M - mobile, B - BGP\n       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area \n       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2\n       E1 - OSPF external type 1, E2 - OSPF external type 2\n       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2\n       ia - IS-IS inter area, * - candidate default, U - per-user static route\n       o - ODR, P - periodic downloaded static route\n\nGateway of last resort is not set\n\n     172.16.0.0\/16 is variably subnetted, 6 subnets, 2 masks\nC       172.16.200.0\/24 is directly connected, FastEthernet0\/0\nC       172.16.201.0\/24 is directly connected, FastEthernet3\/0\nC       172.16.20.0\/24 is directly connected, Loopback0\nO IA    172.16.10.1\/32 [110\/3] via 172.16.201.254, 01:30:38, FastEthernet3\/0\n                       [110\/3] via 172.16.200.254, 01:30:39, FastEthernet0\/0\nO E1    172.16.110.1\/32 [110\/22] via 172.16.201.254, 01:30:34, FastEthernet3\/0\n                        [110\/22] via 172.16.200.254, 01:30:34, FastEthernet0\/0\nO IA    172.16.100.0\/24 [110\/2] via 172.16.201.254, 01:30:38, FastEthernet3\/0\n                        [110\/2] via 172.16.200.254, 01:30:39, FastEthernet0\/0\nBRANCH#\nBRANCH#\nBRANCH#\nBRANCH#show ip ospf database summary 172.16.10.1\n\n            OSPF Router with ID (172.16.20.1) (Process ID 1)\n\n\t\tSummary Net Link States (Area 10)\n\n  Routing Bit Set on this LSA\n  LS age: 1599\n  Options: (No TOS-capability, DC, Downward)\n  LS Type: Summary Links(Network)\n  Link State ID: 172.16.10.1 (summary Network Number)\n  Advertising Router: 172.16.200.254\n  LS Seq Number: 80000003\n  Checksum: 0xA62\n  Length: 28\n  Network Mask: \/32\n\tTOS: 0 \tMetric: 2 \n\n  Routing Bit Set on this LSA\n  LS age: 1587\n  Options: (No TOS-capability, DC, Downward)\n  LS Type: Summary Links(Network)\n  Link State ID: 172.16.10.1 (summary Network Number)\n  Advertising Router: 172.16.201.254\n  LS Seq Number: 80000003\n  Checksum: 0x368\n  Length: 28\n  Network Mask: \/32\n\tTOS: 0 \tMetric: 2 \n\nBRANCH#  \n<\/pre>\n\n\n\n<p>So, we have seen the Down-bit in action for LSA3. But what about the external LSA: LSA5 and LSA7?  How we avoid routing loops for them? <\/p>\n\n\n\n<p>In this case, we have the &#8220;tag&#8221; field. This is explained in the <a href=\"https:\/\/tools.ietf.org\/html\/rfc4577#section-4.2.5.2\">rfc<\/a> too.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>1) In the same scenario, we have HQ router advertising 172.16.110.1\/32 as LSA5 External.<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\">HQ#\nHQ#show ip interface brief \nInterface                  IP-Address      OK? Method Status                Protocol\nFastEthernet0\/0            172.16.100.1    YES NVRAM  up                    up      \nGigabitEthernet1\/0         unassigned      YES NVRAM  administratively down down    \nGigabitEthernet2\/0         unassigned      YES NVRAM  administratively down down    \nFastEthernet3\/0            unassigned      YES NVRAM  administratively down down    \nFastEthernet3\/1            unassigned      YES NVRAM  administratively down down    \nLoopback0                  172.16.10.1     YES NVRAM  up                    up      \nLoopback1                  172.16.110.1    YES NVRAM  up                    up      \nHQ#\nHQ#\nHQ#\nHQ#show ip ospf database          \n\n            OSPF Router with ID (172.16.110.1) (Process ID 1)\n\n\t\tRouter Link States (Area 10)\n\nLink ID         ADV Router      Age         Seq#       Checksum Link count\n172.16.100.254  172.16.100.254  1270        0x80000005 0x00D7D1 1\n172.16.110.1    172.16.110.1    1272        0x80000005 0x006E49 2\n\n\t\tNet Link States (Area 10)\n\nLink ID         ADV Router      Age         Seq#       Checksum\n172.16.100.1    172.16.110.1    1272        0x80000004 0x007824\n\n\t\tSummary Net Link States (Area 10)\n\nLink ID         ADV Router      Age         Seq#       Checksum\n172.16.20.1     172.16.100.254  1270        0x80000004 0x00586D\n172.16.200.0    172.16.100.254  1270        0x80000004 0x00947E\n172.16.201.0    172.16.100.254  1270        0x80000004 0x008988\n\n\t\tType-5 AS External Link States\n\nLink ID         ADV Router      Age         Seq#       Checksum Tag\n172.16.110.1    172.16.110.1    1272        0x80000004 0x007253 0\nHQ# \nHQ#\nHQ#show ip ospf database external \n\n            OSPF Router with ID (172.16.110.1) (Process ID 1)\n\n\t\tType-5 AS External Link States\n\n  LS age: 1276\n  Options: (No TOS-capability, DC)\n  LS Type: AS External Link\n  Link State ID: 172.16.110.1 (External Network Number )\n  Advertising Router: 172.16.110.1\n  LS Seq Number: 80000004\n  Checksum: 0x7253\n  Length: 36\n  Network Mask: \/32\n\tMetric Type: 1 (Comparable directly to link state metric)\n\tTOS: 0 \n\tMetric: 20 \n\tForward Address: 0.0.0.0\n\tExternal Route Tag: 0\n\nHQ#\n<\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>2) SP1 sees 172.16.110.1\/32 as OSPF E1. And redistribute it into BGP and creates a VPNv4<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\">SP1#\nSP1#show ip route vrf CUST-A       \n\nRouting Table: CUST-A\nCodes: C - connected, S - static, R - RIP, M - mobile, B - BGP\n       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area \n       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2\n       E1 - OSPF external type 1, E2 - OSPF external type 2\n       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2\n       ia - IS-IS inter area, * - candidate default, U - per-user static route\n       o - ODR, P - periodic downloaded static route\n\nGateway of last resort is not set\n\n     172.16.0.0\/16 is variably subnetted, 6 subnets, 2 masks\nB       172.16.200.0\/24 [200\/0] via 10.0.3.1, 02:00:18\nB       172.16.201.0\/24 [200\/0] via 10.0.4.1, 02:00:18\nB       172.16.20.1\/32 [200\/2] via 10.0.3.1, 02:00:18\nO       172.16.10.1\/32 [110\/2] via 172.16.100.1, 02:02:29, FastEthernet0\/0\nO E1    172.16.110.1\/32 [110\/21] via 172.16.100.1, 02:02:29, FastEthernet0\/0\nC       172.16.100.0\/24 is directly connected, FastEthernet0\/0\nSP1#\nSP1#\nSP1#       \nSP1#show ip ospf database \n\n            OSPF Router with ID (10.0.1.1) (Process ID 1)\n\n\t\tRouter Link States (Area 0)\n\nLink ID         ADV Router      Age         Seq#       Checksum Link count\n10.0.1.1        10.0.1.1        1303        0x80000005 0x00D5F4 2\n10.0.2.1        10.0.2.1        1350        0x80000006 0x00D39C 3\n10.0.3.1        10.0.3.1        1554        0x80000006 0x007FC3 3\n10.0.4.1        10.0.4.1        1352        0x80000005 0x00CCC7 2\n\n\t\tNet Link States (Area 0)\n\nLink ID         ADV Router      Age         Seq#       Checksum\n10.0.12.2       10.0.2.1        1350        0x80000004 0x00FBFC\n10.0.23.1       10.0.3.1        1554        0x80000004 0x009B50\n10.0.34.2       10.0.4.1        1352        0x80000004 0x0027B5\n\n            OSPF Router with ID (172.16.100.254) (Process ID 10)\n\n\t\tRouter Link States (Area 10)\n\nLink ID         ADV Router      Age         Seq#       Checksum Link count\n172.16.100.254  172.16.100.254  1400        0x80000005 0x00D7D1 1\n172.16.110.1    172.16.110.1    1405        0x80000005 0x006E49 2\n\n\t\tNet Link States (Area 10)\n\nLink ID         ADV Router      Age         Seq#       Checksum\n172.16.100.1    172.16.110.1    1405        0x80000004 0x007824\n\n\t\tSummary Net Link States (Area 10)\n\nLink ID         ADV Router      Age         Seq#       Checksum\n172.16.20.1     172.16.100.254  1400        0x80000004 0x00586D\n172.16.200.0    172.16.100.254  1400        0x80000004 0x00947E\n172.16.201.0    172.16.100.254  1400        0x80000004 0x008988\n\n\t\tType-5 AS External Link States\n\nLink ID         ADV Router      Age         Seq#       Checksum Tag\n172.16.110.1    172.16.110.1    1405        0x80000004 0x007253 0\nSP1#  \nSP1#\nSP1#\nSP1#show ip ospf database external \n\n            OSPF Router with ID (10.0.1.1) (Process ID 1)\n\n            OSPF Router with ID (172.16.100.254) (Process ID 10)\n\n\t\tType-5 AS External Link States\n\n  Routing Bit Set on this LSA\n  LS age: 1409\n  Options: (No TOS-capability, DC)\n  LS Type: AS External Link\n  Link State ID: 172.16.110.1 (External Network Number )\n  Advertising Router: 172.16.110.1\n  LS Seq Number: 80000004\n  Checksum: 0x7253\n  Length: 36\n  Network Mask: \/32\n\tMetric Type: 1 (Comparable directly to link state metric)\n\tTOS: 0 \n\tMetric: 20 \n\tForward Address: 0.0.0.0\n\tExternal Route Tag: 0\n\nSP1#\nSP1#show ip bgp vpnv4 all \nBGP table version is 14, local router ID is 10.0.1.1\nStatus codes: s suppressed, d damped, h history, * valid, > best, i - internal,\n              r RIB-failure, S Stale\nOrigin codes: i - IGP, e - EGP, ? - incomplete\n\n   Network          Next Hop            Metric LocPrf Weight Path\nRoute Distinguisher: 100:1 (default for vrf CUST-A)\n*> 172.16.10.1\/32   172.16.100.1             2         32768 ?\n* i172.16.20.1\/32   10.0.4.1                 2    100      0 ?\n*>i                 10.0.3.1                 2    100      0 ?\n*> 172.16.100.0\/24  0.0.0.0                  0         32768 ?\n*> 172.16.110.1\/32  172.16.100.1            21         32768 ?\n* i172.16.200.0\/24  10.0.4.1                 2    100      0 ?\n*>i                 10.0.3.1                 0    100      0 ?\n*>i172.16.201.0\/24  10.0.4.1                 0    100      0 ?\n* i                 10.0.3.1                 2    100      0 ?\nSP1#\nSP1#show ip bgp vpnv4 rd 100:1 172.16.110.1\/32                   \nBGP routing table entry for 100:1:172.16.110.1\/32, version 7\nPaths: (1 available, best #1, table CUST-A)\n  Advertised to update-groups:\n        2\n  Local\n    172.16.100.1 from 0.0.0.0 (10.0.1.1)\n      Origin incomplete, metric 21, localpref 100, weight 32768, valid, sourced, best\n      Extended Community: RT:1:100 OSPF DOMAIN ID:0x0005:0x0000000A0200 \n        OSPF RT:0.0.0.0:5:0 OSPF ROUTER ID:172.16.100.254:0\n      mpls labels in\/out 23\/nolabel\nSP1#\n\n\n<\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>3) Again SP2, is transparent.<\/li><\/ul>\n\n\n\n<ul class=\"wp-block-list\"><li>4) SP3 receives the VPNv4 for 172.16.110.1\/32 from SP1. Installs it into BGP and then redistribute to OSPF. If we compare the ospf database output of SP1 with SP3. We see that SP3 has a different value for &#8220;tag&#8221; in 172.16.110.1\/32. So that tags is created by SP3 when redistributing the BGP prefix to OSPF (based on the extended communities in the VPNv4 prefix). As per the <a href=\"https:\/\/tools.ietf.org\/html\/rfc4577#section-4.2.5.2\">rfc<\/a>, the tag is generated based on the ASN (100). As are all our SPs are in the same ASN, the tag will be the same in all of PE generating the LSA from the VPNv4. <\/li><\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\">SP3#show ip bgp vpnv4  all \nBGP table version is 13, local router ID is 10.0.3.1\nStatus codes: s suppressed, d damped, h history, * valid, > best, i - internal,\n              r RIB-failure, S Stale\nOrigin codes: i - IGP, e - EGP, ? - incomplete\n\n   Network          Next Hop            Metric LocPrf Weight Path\nRoute Distinguisher: 100:1 (default for vrf CUST-A)\n*>i172.16.10.1\/32   10.0.1.1                 2    100      0 ?\n* i172.16.20.1\/32   10.0.4.1                 2    100      0 ?\n*>                  172.16.200.1             2         32768 ?\n*>i172.16.100.0\/24  10.0.1.1                 0    100      0 ?\n*>i172.16.110.1\/32  10.0.1.1                21    100      0 ?\n* i172.16.200.0\/24  10.0.4.1                 2    100      0 ?\n*>                  0.0.0.0                  0         32768 ?\n* i172.16.201.0\/24  10.0.4.1                 0    100      0 ?\n*>                  172.16.200.1             2         32768 ?\nSP3#\nSP3#\nSP3#show ip route vrf CUST-A \n\nRouting Table: CUST-A\nCodes: C - connected, S - static, R - RIP, M - mobile, B - BGP\n       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area \n       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2\n       E1 - OSPF external type 1, E2 - OSPF external type 2\n       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2\n       ia - IS-IS inter area, * - candidate default, U - per-user static route\n       o - ODR, P - periodic downloaded static route\n\nGateway of last resort is not set\n\n     172.16.0.0\/16 is variably subnetted, 6 subnets, 2 masks\nC       172.16.200.0\/24 is directly connected, FastEthernet0\/0\nO       172.16.201.0\/24 [110\/2] via 172.16.200.1, 02:06:43, FastEthernet0\/0\nO       172.16.20.1\/32 [110\/2] via 172.16.200.1, 02:06:43, FastEthernet0\/0\nB       172.16.10.1\/32 [200\/2] via 10.0.1.1, 02:04:33\nB       172.16.110.1\/32 [200\/21] via 10.0.1.1, 02:04:33\nB       172.16.100.0\/24 [200\/0] via 10.0.1.1, 02:04:33\nSP3#\nSP3#\nSP3#show ip ospf database \n\n            OSPF Router with ID (10.0.3.1) (Process ID 1)\n\n\t\tRouter Link States (Area 0)\n\nLink ID         ADV Router      Age         Seq#       Checksum Link count\n10.0.1.1        10.0.1.1        1556        0x80000005 0x00D5F4 2\n10.0.2.1        10.0.2.1        1602        0x80000006 0x00D39C 3\n10.0.3.1        10.0.3.1        1804        0x80000006 0x007FC3 3\n10.0.4.1        10.0.4.1        1602        0x80000005 0x00CCC7 2\n\n\t\tNet Link States (Area 0)\n\nLink ID         ADV Router      Age         Seq#       Checksum\n10.0.12.2       10.0.2.1        1602        0x80000004 0x00FBFC\n10.0.23.1       10.0.3.1        1804        0x80000004 0x009B50\n10.0.34.2       10.0.4.1        1602        0x80000004 0x0027B5\n\n            OSPF Router with ID (172.16.200.254) (Process ID 10)\n\n\t\tRouter Link States (Area 10)\n\nLink ID         ADV Router      Age         Seq#       Checksum Link count\n172.16.20.1     172.16.20.1     1640        0x80000006 0x00710E 3\n172.16.200.254  172.16.200.254  1625        0x80000005 0x0055C4 1\n172.16.201.254  172.16.201.254  1626        0x80000005 0x0059BC 1\n\n\t\tNet Link States (Area 10)\n\nLink ID         ADV Router      Age         Seq#       Checksum\n172.16.200.254  172.16.200.254  1625        0x80000004 0x00F0E6\n172.16.201.254  172.16.201.254  1626        0x80000004 0x00E7EC\n\n\t\tSummary Net Link States (Area 10)\n\nLink ID         ADV Router      Age         Seq#       Checksum\n172.16.10.1     172.16.200.254  1625        0x80000004 0x000863\n172.16.10.1     172.16.201.254  1626        0x80000004 0x000169\n172.16.100.0    172.16.200.254  1625        0x80000004 0x0026EC\n172.16.100.0    172.16.201.254  1626        0x80000004 0x001FF2\n\n\t\tType-5 AS External Link States\n\nLink ID         ADV Router      Age         Seq#       Checksum Tag\n172.16.110.1    172.16.200.254  1625        0x80000004 0x005BDB 3489661028\n172.16.110.1    172.16.201.254  1626        0x80000004 0x0054E1 3489661028\nSP3#  \n<\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>5) So let&#8217;s see with details the VPNv4 prefix for 172.16.10.1\/32 (OSPF LSA3) and 172.16.110.1\/32 (OSPF LSA5). Both originated by HQ.<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\">SP3#show ip bgp vpnv4 rd 100:1 172.16.10.1\/32 \nBGP routing table entry for 100:1:172.16.10.1\/32, version 8\nPaths: (1 available, best #1, table CUST-A)\n  Not advertised to any peer\n  Local\n    10.0.1.1 (metric 3) from 10.0.1.1 (10.0.1.1)\n      Origin incomplete, metric 2, localpref 100, valid, internal, best\n      Extended Community: RT:1:100 OSPF DOMAIN ID:0x0005:0x0000000A0200 \n        OSPF RT:0.0.0.10:2:0 OSPF ROUTER ID:172.16.100.254:0\n      mpls labels in\/out nolabel\/21\nSP3#\nSP3#show ip bgp vpnv4 rd 100:1 172.16.110.1\/32\nBGP routing table entry for 100:1:172.16.110.1\/32, version 11\nPaths: (1 available, best #1, table CUST-A)\n  Not advertised to any peer\n  Local\n    10.0.1.1 (metric 3) from 10.0.1.1 (10.0.1.1)\n      Origin incomplete, metric 21, localpref 100, valid, internal, best\n      Extended Community: RT:1:100 OSPF DOMAIN ID:0x0005:0x0000000A0200 \n        OSPF RT:0.0.0.0:5:0 OSPF ROUTER ID:172.16.100.254:0\n      mpls labels in\/out nolabel\/23\nSP3#\n<\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>6) So SP3, based on the Extended communities, knows the VPNv4 prefix 172.16.110.1\/32 was an OSPF LSA5 and it creates a tag. Keep in mind that SP4 is doing exactly the same thing as SP3:<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\">SP4#\nSP4#show ip route vrf CUST-A                   \n\nRouting Table: CUST-A\nCodes: C - connected, S - static, R - RIP, M - mobile, B - BGP\n       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area \n       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2\n       E1 - OSPF external type 1, E2 - OSPF external type 2\n       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2\n       ia - IS-IS inter area, * - candidate default, U - per-user static route\n       o - ODR, P - periodic downloaded static route\n\nGateway of last resort is not set\n\n     172.16.0.0\/16 is variably subnetted, 6 subnets, 2 masks\nO       172.16.200.0\/24 [110\/2] via 172.16.201.1, 02:18:34, FastEthernet3\/0\nC       172.16.201.0\/24 is directly connected, FastEthernet3\/0\nO       172.16.20.1\/32 [110\/2] via 172.16.201.1, 02:18:34, FastEthernet3\/0\nB       172.16.10.1\/32 [200\/2] via 10.0.1.1, 02:16:19\nB       172.16.110.1\/32 [200\/21] via 10.0.1.1, 02:16:19\nB       172.16.100.0\/24 [200\/0] via 10.0.1.1, 02:16:19\nSP4#\nSP4#\nSP4#\nSP4#show ip ospf database   \n\n            OSPF Router with ID (10.0.4.1) (Process ID 1)\n\n\t\tRouter Link States (Area 0)\n\nLink ID         ADV Router      Age         Seq#       Checksum Link count\n10.0.1.1        10.0.1.1        253         0x80000006 0x00D3F5 2\n10.0.2.1        10.0.2.1        310         0x80000007 0x00D19D 3\n10.0.3.1        10.0.3.1        504         0x80000007 0x007DC4 3\n10.0.4.1        10.0.4.1        301         0x80000006 0x00CAC8 2\n\n\t\tNet Link States (Area 0)\n\nLink ID         ADV Router      Age         Seq#       Checksum\n10.0.12.2       10.0.2.1        310         0x80000005 0x00F9FD\n10.0.23.1       10.0.3.1        504         0x80000005 0x009951\n10.0.34.2       10.0.4.1        301         0x80000005 0x0025B6\n\n            OSPF Router with ID (172.16.201.254) (Process ID 10)\n\n\t\tRouter Link States (Area 10)\n\nLink ID         ADV Router      Age         Seq#       Checksum Link count\n172.16.20.1     172.16.20.1     315         0x80000007 0x006F0F 3\n172.16.200.254  172.16.200.254  347         0x80000006 0x0053C5 1\n172.16.201.254  172.16.201.254  315         0x80000006 0x0057BD 1\n\n\t\tNet Link States (Area 10)\n\nLink ID         ADV Router      Age         Seq#       Checksum\n172.16.200.254  172.16.200.254  347         0x80000005 0x00EEE7\n172.16.201.254  172.16.201.254  315         0x80000005 0x00E5ED\n\n\t\tSummary Net Link States (Area 10)\n\nLink ID         ADV Router      Age         Seq#       Checksum\n172.16.10.1     172.16.200.254  347         0x80000005 0x000664\n172.16.10.1     172.16.201.254  315         0x80000005 0x00FE6A\n172.16.100.0    172.16.200.254  347         0x80000005 0x0024ED\n172.16.100.0    172.16.201.254  315         0x80000005 0x001DF3\n\n\t\tType-5 AS External Link States\n\nLink ID         ADV Router      Age         Seq#       Checksum Tag\n172.16.110.1    172.16.200.254  347         0x80000005 0x0059DC 3489661028\n172.16.110.1    172.16.201.254  315         0x80000005 0x0052E2 3489661028\nSP4#   \nSP4#\nSP4#\nSP4#show ip ospf database external 172.16.110.1\n\n            OSPF Router with ID (10.0.4.1) (Process ID 1)\n\n            OSPF Router with ID (172.16.201.254) (Process ID 10)\n\n\t\tType-5 AS External Link States\n\n  LS age: 350\n  Options: (No TOS-capability, DC)\n  LS Type: AS External Link\n  Link State ID: 172.16.110.1 (External Network Number )\n  Advertising Router: 172.16.200.254\n  LS Seq Number: 80000005\n  Checksum: 0x59DC\n  Length: 36\n  Network Mask: \/32\n\tMetric Type: 1 (Comparable directly to link state metric)\n\tTOS: 0 \n\tMetric: 21 \n\tForward Address: 0.0.0.0\n\tExternal Route Tag: 3489661028\n\n  LS age: 319\n  Options: (No TOS-capability, DC)\n  LS Type: AS External Link\n  Link State ID: 172.16.110.1 (External Network Number )\n  Advertising Router: 172.16.201.254\n  LS Seq Number: 80000005\n  Checksum: 0x52E2\n  Length: 36\n  Network Mask: \/32\n\tMetric Type: 1 (Comparable directly to link state metric)\n\tTOS: 0 \n\tMetric: 21 \n\tForward Address: 0.0.0.0\n\tExternal Route Tag: 3489661028\n\nSP4#   \nSP4#\nSP4#\nSP4#show ip bgp vpnv4 rd 100:1 172.16.10.1\/32\nBGP routing table entry for 100:1:172.16.10.1\/32, version 8\nPaths: (1 available, best #1, table CUST-A)\n  Not advertised to any peer\n  Local\n    10.0.1.1 (metric 4) from 10.0.1.1 (10.0.1.1)\n      Origin incomplete, metric 2, localpref 100, valid, internal, best\n      Extended Community: RT:1:100 OSPF DOMAIN ID:0x0005:0x0000000A0200 \n        OSPF RT:0.0.0.10:2:0 OSPF ROUTER ID:172.16.100.254:0\n      mpls labels in\/out nolabel\/21\nSP4#\nSP4#\nSP4#show ip bgp vpnv4 rd 100:1 172.16.110.1\/32\nBGP routing table entry for 100:1:172.16.110.1\/32, version 11\nPaths: (1 available, best #1, table CUST-A)\n  Not advertised to any peer\n  Local\n    10.0.1.1 (metric 4) from 10.0.1.1 (10.0.1.1)\n      Origin incomplete, metric 21, localpref 100, valid, internal, best\n      Extended Community: RT:1:100 OSPF DOMAIN ID:0x0005:0x0000000A0200 \n        OSPF RT:0.0.0.0:5:0 OSPF ROUTER ID:172.16.100.254:0\n      mpls labels in\/out nolabel\/23\nSP4#\n<\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>7) As you can see, SP3 and SP4 are generating the same &#8220;tag&#8221; <strong><em>3489661028<\/em><\/strong>  for the LSA5 172.16.110.1\/32 (because they are in the same ASN 100). So as the receiving LSA for the other SP in the same Area 10 has the same tag, SP3\/SP4 ignore the LSA.  And again, the BGP prefix is installed in the routing table instead of the OSPF AD110 172.16.110.1\/32 and we dont have a routing loop.<\/li><\/ul>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>This is a continuation of the other post abount installing and configuring a basic MPLS L3VPN network in GNS3. Normally, we always have a routing protocol running between the customer CPE and the provider PE. OSPF was very common and I used to be give for granted the routing loop avoidance in a dual-home CPE, &hellip; <a href=\"https:\/\/blog.thomarite.uk\/index.php\/2020\/04\/26\/gns3-pe-ce-ospf-down-bit-and-external-lsa\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;GNS3: PE-CE OSPF, Down Bit and External LSA&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[],"class_list":["post-88","post","type-post","status-publish","format-standard","hentry","category-networks"],"_links":{"self":[{"href":"https:\/\/blog.thomarite.uk\/index.php\/wp-json\/wp\/v2\/posts\/88","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.thomarite.uk\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.thomarite.uk\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.thomarite.uk\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.thomarite.uk\/index.php\/wp-json\/wp\/v2\/comments?post=88"}],"version-history":[{"count":7,"href":"https:\/\/blog.thomarite.uk\/index.php\/wp-json\/wp\/v2\/posts\/88\/revisions"}],"predecessor-version":[{"id":134,"href":"https:\/\/blog.thomarite.uk\/index.php\/wp-json\/wp\/v2\/posts\/88\/revisions\/134"}],"wp:attachment":[{"href":"https:\/\/blog.thomarite.uk\/index.php\/wp-json\/wp\/v2\/media?parent=88"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.thomarite.uk\/index.php\/wp-json\/wp\/v2\/categories?post=88"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.thomarite.uk\/index.php\/wp-json\/wp\/v2\/tags?post=88"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}