Tag value. A 32-bit value entered in decimal format. The default value is calculated based on the Border Gateway Protocol (BGP) autonomous system (AS) number of the Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) backbone. The four highest bits are set to 1101 according to RFC 1745. The lowest 16 bits map the BGP AS number of the MPLS VPN backbone. If a user specifies the tag-value , the value does not have to follow any particular format.
but based on the attached file in the previous email the domain-tag value for PE1 = 100 and PE2 = 200 is this correct ?
and if i configured the domain-tag is this will prevent the loop ?
based on the attached file if you do NOT configure the domain tag value manually you risk to have routing loops as the domain tags will be different (indeed it will be the BGP AS number) and no PEs will ignore the LSAs type 5 and 7 coming from the CEs which are advertising back to the core what was learnt from the other CE via the backdoor link.
If you configure the same domain-tag under the ospf process on the PE's you will avoid this type of routing loop.
Another way would exist FYI, that is tagging the routes redistributed from BGP to OSPF with a given value and then filter the prefixes having that tag when routes are redistributed back from OSPF to BGP.
Also note that the domain tag mechanism is not effective for LSAs type 3 (summary) for which the loop is prevented by the DN bit. Since the 2 CE's should preserve the DN bit there should not be any problem in that sense. If you have problems you need to verify whehter the CE's keep that DN bit set when they exchange Summary LSA between them.
Hope this clarifies,
I still have a loop although I configured the same domain-tag on both PEs and also I tried to manual filter the external and summary routes by set a tag value for the BGP routes that redistributed to the ospf and deny the tag routes when the ospf routes redistribute to bgp
as the attached file my problem ( for example on branch 1 with network 10.10.10.0/24 ) is the MPLS PE1 learned this network by OSPF and by E-MBGP and the PE1 router prefer the EBGP then to MPLS PE2 then to branch2 then to HQ then to PE1 then by EBGP to PE2 ............. then the packet entered in the loop
the only way that solved the problem by change the administrative distance of OSPF to lower value than EBGP with value 10 , do you think this solution is perfect or maybe I have a loop again if the ospf routes missed from the route table
your actual setup is more complicated compared to the one you initially depicted. Issues like yours are quite common if you have backdoor links spanning across multiple CE's in turn attached to multiple PE's.
I have the impression that you issue lies on sham-link ospf cost. Have you correctly configured it? From what you wrote PE1 prefers PE2 (the sham-link) for prefix 10.10.10.0/24 while it would make more sense if it would pick the Branch1-PE1 OSPF link.
Before changing the OSPF AD I would see if you could 'play' with the sham-link cost making sure it could be considered as a link with the same cost of all other ospf links including the backdoor links.
If it does not help I suggest you to go for a TAC case. On the forum it is too complicated going so deep on the troubleshooting. Likely a TAC engineer would be able to solve this out by connecting to your devices in a few minutes.
I think the ospf-sham-link not the issue because it's configured properly and i can see the ospf routes as intra-area routes on all the branches excepted the original redistribute from another protocol also I have the network loop when the sham-link not configure at all
The network contain multiple of vendors so the TAC can't support on this case, I will troubleshoot this issue until I have the solution
Thank you very much I relay appreciate your support
As per Cisco's official document:
"Even though the AD of the eBGP path (20) is lower than OSPF path (110), we do not install the eBGP learned route into the routing table. Since this prefix is in the routing table via OSPF and is being redistributed into BGP, the BGP table will have both paths and must use the Best Path Selection Algorithm. Routes redistributed into BGP are considered locally originated and get a default weight of 32768. The BGP learned prefix is assigned a weight of 0 by default. Since weight is the first BGP attribute that we compare on Cisco routers, the route with the higher weight is considered the best."
I am not sure if Juniper or other vendor use the same logic.
I hope it might help while discussing it with other vendors.
The other vendors not used the weight on route calculation, also the AD of EBGP for Juniper is 170 and the ospf 10 or 150 depend on the type of the ospf route, so in my case I just changed the AD for cisco routers and everything worked properly
but about your comment yes you are wright because already I changed the weight for the link between PE1 and PE2 to 65535 for another purposes which is better than the original route with 32768 and because the AD for bgp better than ospf the bgp insert in the routing table the prefix with next hope MPLS PE2 (with higher weight) , so to solve this problem I have changed the AD for OSPF to lower value
But depend on the previous attached topology why we have this loop although I have put the two ospf domain on two different As's with same domain-tag and also with same domain-ID ?