05-09-2006 12:28 PM
Dear All,
I have several MPLS VPN sites running OSPF between the CE and PE routers. All the CE routers are in area 0 and configured with the same process ID.
On some of the sites, I am having to re-distribute non-OSPF routes.
These non-OSPF routes appear as LSA Type 5 in the OSPF database as expected.
OSPF doesn't seems to support down bit for LSA Type 5, which is part of the option field in the OSPF header.
The redistributed routes get propagated across the OSPF domain causing routing loops.
I am thinking of tagging all non-OSPF redistributed routes to solve this problem.
Does anyone have any suggestion or know any alternate option ?
I would really appreciate any input or advise on this.
Regards,
Zahid
05-09-2006 05:05 PM
The routing loops introduced by route redistribution between OSPF domains can be solved with the help of the tag field, using standard BGP-OSPF redistribution rules. A non-OSPF route is redistributed as an external OSPF route by a PE router. By default, the tag field is set to the BGP-AS number. The redistributed route is propagated across the OSPF domain without the down bit but with the tag field set. When the route is redistributed into another OSPF domain, the tag field is propagated. Another PE router receives the external OSPF route and filters the route based on the tag field. The tag field matches the AS number so the route is not redistributed into MP-BGP.
05-10-2006 08:29 AM
Hi,
Many thanks for your reply.
Where would you suggest to apply the tag, on the CE or the PE ?
Also should the tag value be the same as the AS number used on the PE router ?
Regards,
Zahid
05-09-2006 09:51 PM
HI,
1)PE routers set the down (DN) bit on all OSPF summary LSAs originating from area 0. PE routers are designated as area 0 by default because of the OSPF domain ID. When a PE router receives a summary LSA with the DN bit set, the LSA is not used in the OSPF calculation. This is done to prevent routing loops.
2)PE routers generating external LSAs learned from BGP updates set the vpn-route-tag field to a value derived from the PE router's AS number and an arbitrary tag. When a PE router receives an external LSA with a vpn-route-tag field that matches its own vpn-route-tag field, the LSA is not used in the OSPF calculation. This is done to prevent routing loops
I m sure that your SP will be carrying our both of above processes and CE will act with normal behavior and no modification is required
Hope this helps
Anand
05-10-2006 04:54 AM
Hello,
there are only three options I see for you:
1) a PE should apply a TAG to LSA type 5 created from a MP-BGP update. The tag is related to the AS number of the PE and everything should be done automatically. A sample LSA should look like this:
-------------------- CE OSPF database --------------
OSPF Router with ID (82.82.82.82) (Process ID 10)
Type-5 AS External Link States
Routing Bit Set on this LSA
LS age: 4
Options: (No TOS-capability, DC)
LS Type: AS External Link
Link State ID: 10.1.22.0 (External Network Number )
Advertising Router: 10.1.82.1
LS Seq Number: 80000001
Checksum: 0x38C9
Length: 36
Network Mask: /30
Metric Type: 2 (Larger than any link state path)
TOS: 0
Metric: 1
Forward Address: 0.0.0.0
External Route Tag: 3489661028
! External Route tag 3489661028 = 0xD0000064 = 0xD0000000 + 0x64
! 0x64 = 100 = AS number of the MPLS PE!
!
! So: External Route tag = 0xD0000000 + (AS number PE)
Once you use this tag when doing redistribution a PE will not distribute the LSA5.
The strange thing is, this does NOT happen according to your description. Could you please post a "show ip ospf database external" and a "show bgp vpnv4 unicast all X.X.X.X" for an external network causing the routing problems?
2) you could use your own TAG and setup filters to avoid rooting loops.
3) You could try to use SOO (site-of-origin) to avoid routing loops. The config could look like this:
interface Serial0/0/0
description connected to CE
ip vrf forwarding Cust1
ip address 10.1.1.1 255.255.255.252
ip vrf sitemap SOOforCE
route-map SOOforCE permit 10
set extcommunity soo 65000:123
!use a different SOO for every SITE
Also make sure the usage of SOO is supported for OSPF in your hardware/IOS combination.
Regards, Martin
05-10-2006 09:01 AM
Hi Martin,
Many thanks for your reply.
I don't think the tag is getting set on either the CE or the PE for the external route.
If I am to set the tag manually, where would I set
the tag on the CE or the PE ? Also should the vlaue of the tag correspond to the AS number used on the PE ?
This is the output from both the CE and PE:
CE#sh ip ospf database external 192.168.1.0
OSPF Router with ID (10.1.1.2) (Process ID 140)
Type-5 AS External Link States
LS age: 1747
Options: (No TOS-capability, DC)
LS Type: AS External Link
Link State ID: 192.168.1.0 (External Network Number )
Advertising Router: 10.1.1.2
LS Seq Number: 80000739
Checksum: 0xB745
Length: 36
Network Mask: /24
Metric Type: 2 (Larger than any link state path)
TOS: 0
Metric: 20
Forward Address: 10.1.1.5
External Route Tag: 0
PE#sh ip bgp vpnv4 vrf MCI 192.168.1.0
BGP routing table entry for 2029:140:192.168.1.0/24, version 34071
Paths: (3 available, best #1, table MCI)
Advertised to update-groups:
1
Local
192.168.113.10 (via MCI) from 0.0.0.0 (200.169.35.69)
Origin incomplete, metric 20, localpref 100, weight 32768, valid, sourced, best
Extended Community: RT:2029:140 OSPF DOMAIN ID:0x0005:0x0000008C0200
OSPF RT:0.0.0.0:5:1 OSPF ROUTER ID:192.168.113.157:1281
mpls labels in/out 249/nolabel
Local
200.169.35.91 (metric 30) from 192.168.1.6 (192.168.1.6)
Origin incomplete, metric 50, localpref 200, valid, internal
Extended Community: RT:2029:140 OSPF DOMAIN ID:0x0005:0x0000008C0200
OSPF RT:0.0.0.0:5:1 OSPF ROUTER ID:192.168.113.153:1281
Originator: 200.169.35.91, Cluster list: 0.0.0.100
mpls labels in/out 249/170
Local
200.169.35.91 (metric 30) from 192.168.1.5 (192.168.1.5)
Origin incomplete, metric 50, localpref 200, valid, internal
Extended Community: RT:2029:140 OSPF DOMAIN ID:0x0005:0x0000008C0200
OSPF RT:0.0.0.0:5:1 OSPF ROUTER ID:192.168.113.153:1281
Originator: 200.169.35.91, Cluster list: 0.0.0.100
mpls labels in/out 249/170
Regards,
Zahid
05-11-2006 04:40 AM
Hello,
the tag should be set on the PE according the following rule:
------snip-----
Forward Address: 0.0.0.0
External Route Tag: 3489661028
! External Route tag 3489661028 = 0xD0000064 = 0xD0000000 + 0x64
! 0x64 = 100 = AS number of the MPLS PE!
!
==>! So: External Route tag = 0xD0000000 + (AS number PE) <==
Hope this helps! Please rate all posts.
Regards, Martin
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: