Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

OSPF Down bit

1. as per my understanding about the OSPF downbit, this bit is set by the receiving PE router that redistributes the route from MP-iBGP to OSPF.

just read the following from MPLS-Fundamentals:

"The PE2-AS1 router receives the external (O E1) OSPF route from CE2-A with the OSPF down bit set and then redistributes it into MP-BGP"

downbit.JPG

as per my understanding the above statement may be right, because of following ospf rule:

"If an ABR receives a summary LSA from a non-backbone area, it should ignore the summary if it has connectivity to area "

                    since as per above figure CE2-A is an ABR (since connected to area-0).

but here comes another query:

"The PE will propagate summary LSAs received from the CE into the OSPF-MPLS/VPN backbone only if the down-bit is not set."


how will the PE accept a route whose down-bit is set ????????????

5 REPLIES
Cisco Employee

Re: OSPF Down bit

Hi,

The following statement is wrong:

"The PE2-AS1 router receives the external (O E1) OSPF route from CE2-A with the OSPF down bit set and then redistributes it into MP-BGP"

The DN bit is set by default only on routers running OSPF in a VRF. Also From RFC4576:

"

When the PE receives, from a CE router, a type 3, 5, or 7 LSA with
   the DN bit set, the information from that LSA MUST NOT be used during
   the OSPF route calculation.  As a result, the LSA is not translated
   into a BGP route."

HTH

Laurent.

Hall of Fame Super Silver

Re: OSPF Down bit

Hello Mukarram,

the feature described in RFC4576 mentioned by Laurent is a loop avoidance feature that can be useful in multi homed VRF sites like the one on the left of the picture.

CE1-A could propagate to PE3-AS1 a summary LSA generated by PE1-AS1, PE3-AS1 can ignore this LSA because it sees the DN bit set.

So CE routers accept LSA data structures with DN bit set but PE nodes do not.

PE nodes set DN bit on their own OSPF data structures to signal that the LSA has been rebuilt by PE node by using information received by other PE nodes in BGP VPNv4 address family and carried on extxcommunities.

This information is the key to avoid loops caused by unwanted re-injection of IP prefixes on OSPF and later in MP-BGP.

So the highlighted sentence is correct.

See this down bit as a marking that indicates data structures generated on the service provider side

The first sentence is wrong as noted by Laurent it should be:

PE2-AS1 accepts the LSA from CE2-A because down bit is not set

We see in the picture that the VRF site on the right of the picture is single homed so there is no chance of routing feedaback there.

There is a potential for routing feedback on VRF site1 and there is where the DN bit helps the two connected PE nodes.

Hope to help

Giuseppe

Re: OSPF Down bit

dear both, thank for your help..

1. Down bit is checked by the PE and CE routers(CE with VRF-Lite)  if an advertisement is received over a VRF interface.

     query: if a VRF enabled CE can check the DN-bit, does it also sets the DN-bits ????

2.     as per following RFC extract and MPLS-VPN architecture: DN-bit is only significant when PE-CE link is in area 0...

     When a PE/CE link is an area 0 link, the high-order bit of the LSA  Options field (previously unused) is used to distinguish type 3 LSAs    which report      routes across the VPN backbone from other VPN sites. We  refer to this as the DN bit.

    

The DN bit is set in a type 3 LSA which is sent from a PE router to a CE router across an area 0 link.

When a PE router receives, from a CE router, a type 3 LSA with the DN bit  set, the route is ignored. Without this mechanism, the type 3 LSA could be sent by a PE to a CE, flooded through a number of OSPF    routers, and then sent to another PE; this could cause a loop.  This mechanism prevents such loops.

Pasted from <http://tools.ietf.org/html/draft-rosen-vpns-ospf-bgp-mpls-00>

MPLS-VPN architecture:

  • The down-bit is necessary only if customer CE routers      have connectivity to each other within

area 0 and also have attachment to other non-backbone areas.

  • This is because of the rule in OSPF      that states:

If an ABR receives a summary LSA from a non-backbone area, it should ignore the summary if it has connectivity to area 0.

               in other situations: the down bit may not be necessary, but IOS implementation will set DN-bit for LSAs generated by PE.

query: why dont we need down-bit if PE-CE link is in a non-backbone area??????

Hall of Fame Super Silver

Re: OSPF Down bit

Hello Mukarram,

>> query: why dont we need down-bit if PE-CE link is in a non-backbone  area??????

because if a router in this case the PE,

>> If an ABR receives a summary LSA from a non-backbone area, it should  ignore the summary if it has connectivity to area 0.

so if PE-CE link is in non zero area the PE router will not accept any summary LSA describing IP prefixes coming from other non zero areas

The PE has always a connection to area 0 that is the MPLS superbackbone area.

This link is emulated and allows for a given VRF to see an OSPF area 0 between involved PE routers (PE nodes serving that VPN)

so in this specific case another built-in mechanism allows for the discard of the potentially dangerous summary LSA received by a PE node on a VRF access link not in area 0

My understanding is that CE routers do not check the DN bit and they simply propagate  the LSA data structure with no change.

so a CE node (= running OSPF in global routing table) will not set the DN bit.

Hope to help

Giuseppe

Re: OSPF Down bit

hi guislar,

this makes sense

to further support the reasoning I guess,


when PE/CE link is in non-backbone area :

PEs do not expect to receive summary LSAs from the non-backbone area since they are the only ABRs for it.                                                             Therefore if the PE is receving any LSA from the backbone area it is certatinly originating from the other PE connnected to the same non-backbone area.


when PE/CE link is in area 0 :

PEs do expect summary LSAs from the CE routers since CE routers are the ABRs for areas connected behind them.                                            Therefore to differentiate between LSAs originated from a CE and LSAa from another PE connected to the same non-backbone area, DN-bit is used.

11525
Views
0
Helpful
5
Replies