OSPF down bit and domain tag
Both the OSPF down bit and domain tag are modifications in OSPF which are used as loop prevention mechanisms. Why are there two mechanisms you ask. This is because type 5 LSAs do not contain the options field in the header. The options field is where the down bit is set. In LSA type 5 an external route tag is used to identify routes which have been redistributed from BGP into OSPF.
The external route tag value is a 32-bit value. The four highest bits are set to 1101 according to RFC 1745. The lowest 16 bits map to the BGP autonomous system (AS) number of the MPLS VPN backbone. you can set the VPN tag value manually within ospf using the command domain-tag <tag>.
To demonstrate both the down-bit and external route-tag consider the topology below. We will as part of the excersise change the external tag and see if we can induce a routing loop.
You can watch the video below, or alternativly you can download it and watch it on you iPod or iPhone.
I made this one in a bit of a hurry, so would appreciate some feedback.
Nice presentation of a relatively obscure topic.
There are a few more things I will post when I get time about the OSPF down bit and domain tag. ie when using vrf-lite the router thinks it is a PE and as such checks incoming ospf packets for the OSPF down bit or domain tag. If either are present then the router drops the packets. To get out of this situation you have to instruct the router that it is not a PE using the command “capability vrf-lite” under the PE. these two checks are then turned off.
I’ll post a video to clarify when I get a chance.
Zarar
good one : )
regards
shivlu jain
Very nicely done.
Who said Type 5 LSAs do not contain options field in the header. It does have a 8 bit field.
Good write-up. As a note, you can also (instead of using capability vrf-lite) reset the domain-tag to NULL and things will work as well.
Thanks for sharing the tip with us Scott.
Scott, I take it you meant set the domain-id to NULL.
base on your implementation above, and then use the “capability vrf-lite” command, you’ll see that “O E2″ routes(100.100.100.1) will turn back into “B” and I can explain reason why.