Feb 7 2009
OSPF down bit and domain tag
Both the OSPF down bit and domain tag are modifications in OSPF which are used as loop prevention mechanisms. Why are there two mechanisms you ask. This is because type 5 LSAs do not contain the options field in the header. The options field is where the down bit is set. In LSA type 5 an external route tag is used to identify routes which have been redistributed from BGP into OSPF.
The external route tag value is a 32-bit value. The four highest bits are set to 1101 according to RFC 1745. The lowest 16 bits map to the BGP autonomous system (AS) number of the MPLS VPN backbone. you can set the VPN tag value manually within ospf using the command domain-tag <tag>.
To demonstrate both the down-bit and external route-tag consider the topology below. We will as part of the excersise change the external tag and see if we can induce a routing loop.
You can watch the video below, or alternativly you can download it and watch it on you iPod or iPhone.
I made this one in a bit of a hurry, so would appreciate some feedback.
Feb 25, 2009 @ 22:33:48
Nice presentation of a relatively obscure topic.
Feb 26, 2009 @ 05:42:36
There are a few more things I will post when I get time about the OSPF down bit and domain tag. ie when using vrf-lite the router thinks it is a PE and as such checks incoming ospf packets for the OSPF down bit or domain tag. If either are present then the router drops the packets. To get out of this situation you have to instruct the router that it is not a PE using the command “capability vrf-lite” under the PE. these two checks are then turned off.
I’ll post a video to clarify when I get a chance.
Zarar
Mar 24, 2009 @ 17:37:13
good one : )
regards
shivlu jain
Sep 08, 2009 @ 04:45:50
Very nicely done.
Sep 10, 2009 @ 09:45:47
Who said Type 5 LSAs do not contain options field in the header. It does have a 8 bit field.
Nov 16, 2009 @ 14:47:23
Good write-up. As a note, you can also (instead of using capability vrf-lite) reset the domain-tag to NULL and things will work as well.
Nov 19, 2009 @ 17:33:19
Thanks for sharing the tip with us Scott.
Nov 21, 2009 @ 15:25:31
Scott, I take it you meant set the domain-id to NULL.
Dec 09, 2009 @ 19:20:58
base on your implementation above, and then use the “capability vrf-lite” command, you’ll see that “O E2″ routes(100.100.100.1) will turn back into “B” and I can explain reason why.
Mar 15, 2010 @ 19:21:49
Nice explanation,Zarar. If possible, please explain the remaining field of “OSPF Domain ID” in the output of “show ip bgp vpnv4 all ” .. Only one hex represents OSPF process ID (here,1) . what about other fields.
Mar 27, 2010 @ 03:32:28
In which show command or debu command we can see PE router attaching Down bit or domain tag for the redistributed routes
Mar 27, 2010 @ 03:47:01
Thanks i just saw video…
Good Work
No volume
Aug 03, 2010 @ 15:41:43
yes very nice presentation