"The PE2-AS1 router receives the external (O E1) OSPF route from CE2-Awith the OSPF down bit set and then redistributes it into MP-BGP"
The DN bit is set by default only on routers running OSPF in a VRF. Also From RFC4576:
When the PE receives, from a CE router, a type 3, 5, or 7 LSA with
the DN bit set, the information from that LSA MUST NOT be used during
the OSPF route calculation. As a result, the LSA is not translated
into a BGP route."
the feature described in RFC4576 mentioned by Laurent is a loop avoidance feature that can be useful in multi homed VRF sites like the one on the left of the picture.
CE1-A could propagate to PE3-AS1 a summary LSA generated by PE1-AS1, PE3-AS1 can ignore this LSA because it sees the DN bit set.
So CE routers accept LSA data structures with DN bit set but PE nodes do not.
PE nodes set DN bit on their own OSPF data structures to signal that the LSA has been rebuilt by PE node by using information received by other PE nodes in BGP VPNv4 address family and carried on extxcommunities.
This information is the key to avoid loops caused by unwanted re-injection of IP prefixes on OSPF and later in MP-BGP.
So the highlighted sentence is correct.
See this down bit as a marking that indicates data structures generated on the service provider side
The first sentence is wrong as noted by Laurent it should be:
PE2-AS1 accepts the LSA from CE2-A because down bit is not set
We see in the picture that the VRF site on the right of the picture is single homed so there is no chance of routing feedaback there.
There is a potential for routing feedback on VRF site1 and there is where the DN bit helps the two connected PE nodes.
1. Down bit is checked by the PE and CE routers(CE with VRF-Lite) if an advertisement is received over a VRF interface.
query: if a VRF enabled CE can check the DN-bit, does it also sets the DN-bits ????
2. as per following RFC extract and MPLS-VPN architecture: DN-bit is only significant when PE-CE link is in area 0...
When a PE/CE link is an area 0 link, the high-order bit of the LSAOptions field (previously unused) is used to distinguish type 3 LSAswhich report routes across the VPN backbone from other VPN sites. Werefer to this as the DN bit.
The DN bit is set in a type 3 LSA which is sent from a PE router to a CE router across an area 0 link.
When a PE router receives, from a CE router, a type 3 LSA with the DN bitset, the route is ignored. Without this mechanism, the type 3 LSA could be sent by a PE to a CE, flooded through a number of OSPFrouters, and then sent to another PE; this could cause a loop.This mechanism prevents such loops.
PEs do not expect to receive summary LSAs from the non-backbone area since they are the only ABRs for it. Therefore if the PE is receving any LSA from the backbone area it is certatinly originating from the other PE connnected to the same non-backbone area.
when PE/CE link is in area 0 :
PEs do expect summary LSAs from the CE routers since CE routers are the ABRs for areas connected behind them. Therefore to differentiate between LSAs originated from a CE and LSAa from another PE connected to the same non-backbone area, DN-bit is used.
Introduction: The "external-out enable" command is available for
configuration under the "router ospf process" in case of the IOS-XR
operating system. This command basically enables advertisement of
intra-area routes on the device as external routes in th...
IntroductionIn this article we'll discuss how to troubleshoot packet
loss in the asr9000 and specifically understanding the NP drop counters,
what they mean and what you can do to mitigate them. This document will
be an ongoing effort to improve troublesh...