Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
392
Views
2
Helpful
4
Replies

Down bit not being set

Go to solution
steven.crutchley
Level 3
Level 3

‎10-14-2024 11:32 AM

Hi everyone,

I have the following network:

stevencrutchley_0-1728930716773.png

 



Loopback0, 10.1.1.1/32 on CE1 gets advertised over eBGP to PE1 in VRF A.
This gets advertised to reflector over VPNv4 and reflected to PE2 and PE3.

PE2 and PE3 are both set to redistribute BGP into OSPF. 

I would expect to see an external Type 5 LSA for 10.1.1.1 redistributed by both PE2 and PE3 with the down bit set. This should prevent PE2 and PE3 redistributing back into BGP.

But this isn't working. I'm getting routing loops. 

Upon inspection I can see that the Type 5 LSA does not have the down bit set. 

Is this because the route did not come from an OSPF domain to start with? E.g. it came from an eBGP peering with PE1 and CE1?
Or is there another reason why the down bit would not be set?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Harold Ritter
Spotlight
Spotlight

‎10-14-2024 01:12 PM

Hi @steven.crutchley ,

You would indeed need to run ospf as a PE CE protocol between PE1 and CE1 for the automatic loop prevention to take place on PE2 and PE3.

Just as a precision, the down bit would be used only for OSPF LSA type 3. For OSPF LSA type 5, the VPN route tag would be used instead. This is mentioned in RFC4577.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

View solution in original post

4 Replies 4

Go to solution
Harold Ritter
Spotlight
Spotlight

‎10-14-2024 01:12 PM

Hi @steven.crutchley ,

You would indeed need to run ospf as a PE CE protocol between PE1 and CE1 for the automatic loop prevention to take place on PE2 and PE3.

Just as a precision, the down bit would be used only for OSPF LSA type 3. For OSPF LSA type 5, the VPN route tag would be used instead. This is mentioned in RFC4577.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Go to solution
steven.crutchley
Level 3
Level 3
In response to Harold Ritter

‎10-14-2024 01:59 PM

Ah yes! Sorry. Of course. The down-bit does not apply to Type 3 LSAs.

But in my above scenario, how would I stop either PE2 or PE3 from seeing OSPF as the best path to 10.1.1.1/32?

Tagging can obviously be used to prevent the redistribution back into BGP. But if, for example, PE2 advertises its LSA Type 5 first. PE3 then sees two possible paths to get to the 10.1.1.1/32:

  • One via OSPF (AD 110)
  • One via iBGP (AD 200)

OSPF will win. PE2 will still use BGP but PE3 will go via the CE2/CE3 site.

0 Helpful

Go to solution
Harold Ritter
Spotlight
Spotlight
In response to steven.crutchley

‎10-14-2024 02:21 PM

Hi @steven.crutchley ,

> The down-bit does not apply to Type 3 LSAs.

I think you meant down bit does not apply to type 5 LSA.

The way to fix the issue in this specific scenario would be to set the administrative distance higher for the OSPF external routes.

Running the same PE CE routing protocol for all of the sites would really be the recommended approach though. This would take care of PE2 or PE3 taking the OSPF route instead of the BGP route to get to CE1.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Go to solution
steven.crutchley
Level 3
Level 3
In response to Harold Ritter

‎10-15-2024 01:03 AM

Yes, sorry, that was a typo. Meant to say that down bit does not apply to Type 5s.

Ok that solution makes sense. I was starting to think I'd need to deal with distribute-lists or something similar. 

Thanks for the help.

0 Helpful
Customers Also Viewed These Support Documents