cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1758
Views
0
Helpful
10
Replies

domain-tag in inter-as mpls

belalcciejo
Level 1
Level 1

What is the value of the domain-tag if we have two PEs in different AS umbers (inter-as mpls ) and  if we configured the domain-tag value is this should solve the loop problem as the attached file

10 Replies 10

rsimoni
Cisco Employee
Cisco Employee

domain-tag

Tag value. A 32-bit value entered in decimal format. The default value is calculated based on the Border Gateway Protocol (BGP) autonomous system (AS) number of the Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) backbone. The four highest bits are set to 1101 according to RFC 1745. The lowest 16 bits map the BGP AS number of the MPLS VPN backbone. If a user specifies the tag-value , the value does not have to follow any particular format.

http://www.cisco.com/en/US/docs/ios/12_3/iproute/command/reference/ip2_c1g.html#wp1062902

regards,

Riccardo

Hi Riccardo,

but based on the attached file in the previous email the domain-tag value for PE1 = 100 and PE2 = 200  is this correct  ?

and if i configured the domain-tag is this will prevent the loop ?

Thanks

Hi Bilal,

based on the attached file if you do NOT configure the domain tag value manually you risk to have routing loops as the domain tags will be different (indeed it will be the BGP AS number) and no PEs will ignore the LSAs type 5 and 7 coming from the CEs which are advertising back to the core what was learnt from the other CE via the backdoor link.

If you configure the same domain-tag under the ospf process on the PE's you will avoid this type of routing loop.

Another way would exist FYI, that is tagging the routes redistributed from BGP to OSPF with a given value and then filter the prefixes having that tag when routes are redistributed back from OSPF to BGP.

Also note that the domain tag mechanism is not effective for LSAs type 3 (summary) for which the loop is prevented by the DN bit. Since the 2 CE's should preserve the DN bit there should not be any problem in that sense. If you have problems you need to verify whehter the CE's keep that DN bit set when they exchange Summary LSA between them.

Hope this clarifies,

Riccardo

Hi Riccardo,

Thank you very much for support, I will try this tomorrow on real traffic and feed you back

Regards,

Bilal

Hi Riccardo,

I still have a loop although I configured the same domain-tag on both PEs and also I tried to manual filter the external and summary routes by set a tag value for the BGP routes that redistributed to the ospf and deny the tag routes when the ospf routes redistribute to bgp

as the attached file my problem ( for example on branch 1 with network 10.10.10.0/24 ) is the MPLS PE1 learned this network by OSPF and by E-MBGP and the PE1 router prefer the EBGP then to MPLS PE2 then to branch2 then to HQ then to PE1 then by EBGP to PE2 ............. then the packet entered in the loop

the only way that solved the problem by change the administrative distance of OSPF to lower value than EBGP with value 10 ,  do you think  this solution is perfect or maybe I have a loop again if the ospf routes missed from the route table

Thanks

Hi Bilal,

your actual setup is more complicated compared to the one you initially depicted. Issues like yours are quite common if you have backdoor links spanning across multiple CE's in turn attached to multiple PE's.

I have the impression that you issue lies on sham-link ospf cost. Have you correctly configured it? From what you wrote PE1 prefers PE2 (the sham-link) for prefix 10.10.10.0/24 while it would make more sense if it would pick the Branch1-PE1 OSPF link.

Before changing the OSPF AD I would see if you could 'play' with the sham-link cost making sure it could be considered as a link with the same cost of all other ospf links including the backdoor links.

If it does not help I suggest you to go for a TAC case. On the forum it is too complicated going so deep on the troubleshooting. Likely a TAC engineer would be able to solve this out by connecting to your devices in a few minutes.

regards,

Riccardo

Hi Riccardo,

I think the ospf-sham-link not the issue because it's configured properly and i can see the ospf routes  as intra-area routes on all the branches  excepted the original redistribute  from another protocol also I have  the network  loop when the sham-link not  configure at all

The network contain multiple of vendors so the TAC can't support on this case, I will troubleshoot this issue until I have the solution

Thank you very much I relay appreciate your support

you're welcome

good luck with your troubleshooting

R

Hi Belal,

As per Cisco's official document:

https://supportforums.cisco.com/docs/DOC-5748

"Even though the AD of the eBGP path (20) is lower than OSPF path (110), we do not install the eBGP learned route into the routing table. Since this prefix is in the routing table via OSPF and is being redistributed into BGP, the BGP table will have both paths and must use the Best Path Selection Algorithm. Routes redistributed into BGP are considered locally originated and get a default weight of 32768. The BGP learned prefix is assigned a weight of 0 by default. Since weight is the first BGP attribute that we compare on Cisco routers, the route with the higher weight is considered the best."

I am not sure if Juniper or other vendor use the same logic.

I hope it might help while discussing it with other vendors.

Hi Yasir,

The other vendors not used the weight on route calculation, also  the AD of EBGP for Juniper is 170 and the ospf 10 or 150 depend on the  type of the ospf route, so in my case I just changed the AD for cisco  routers and everything worked properly

but about your comment yes  you are wright because already I changed the weight for the link  between PE1 and PE2 to 65535 for another purposes which is better than  the original route with 32768 and because the AD for bgp better than  ospf the bgp insert in the routing table the prefix with next hope MPLS  PE2 (with higher weight) , so to solve this problem I have changed the  AD for OSPF to  lower value

But depend on the previous attached  topology why we have this loop although I have put the two  ospf domain  on two different As's with same domain-tag and also with  same domain-ID  ?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: