cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7134
Views
4
Helpful
5
Replies

OSPF Domain Tag vs Downward Bit

KATTUBAVA E.S
Level 1
Level 1

Hi Experts,

I could see on lastest IOS and IOS XR images Down(DN) Bit is set for LSA-3,5 and 7 when Egress PE redistributing MP-iBGP into OSPF while using ospf as a PE-CE protocol. This help us to avoid possible routing loop. However what is the significant purpose of using Domain Tag for External routes (LSA 5 & 7) alone. Also this Domain Tag can be modified in egress PE or CE routers using a route map. 

While DN bit is helping us to avoid routing loops in all possible OSPF LSAs what is the use of Domain Tag again to prevent loops?

Thanks

-bava

1 Accepted Solution

Accepted Solutions

Domain Tag is a loop prevention mechanism, just like DN Bit. Older IOS and based on IETF original draft: LSA type 3 uses DN bit and LSA type 5 uses a Tag ( Cisco uses the name Domain Tag and the RFC uses the name Route Tag). The newer version of RFC (4577) incluses the use of DN bit for both LAS type 3 and type 5. So Domain Tag is just a backward compatibility with older IOS versions which doesn't use DN bit for LSA type 5. Another caveat of using Domain Tag that's can be rewrited using route-map or by changing Domain ID, if it's not changed accordingly it will cause negative results!

To sum up, based on the newer RFC version there's no need to use Domain Tag as DN bit is used for both LSA type 3 and 5.

References:

-https://tools.ietf.org/html/rfc4577#section-4.2.4

Best Regards

View solution in original post

5 Replies 5

Hi Bava,

If OSPF is used as CE-PE routing protocol, prefixes can be advertised as Intra Area, Inter-Area, or E2 External according to your Design.( Also it depends on default behavior of the platform :legacy IOS or XR)

By default Domain ID is using  OSPF Process ID unless you explicitly configure it.

DN bit is used to prevent loop if the route coming from PE to CE is again readvertised by the CE to another PE.

To manupulate DN bit without using vrf-lite capability command we can use:

-The same OSPF process ID on both CE-PE sites => in this case prefixes are installed as O IA

-Explicitly configure the same Domain ID => in this case prefixes are installed as O IA

-Using Sham Link feature => in this case prefixes are installed as O intra Area routes.

Hope I have succefully explain DN bit manipulations.

Best Regards

Thanks for your reply. However it didn't amswer my question. I wanted to know the real use of Domain Tag not Domain ID. Whats the use of Domain TAG as in newer IOS/IOS XR we can avoid possible routing for LSA5/7 using DownBit too.

The down-bit is only set for type 3 LSAs if I remember correctly. I notice you said it is set on external routes in the latest IOS image. Not sure what the change was about but since the default domain tag is the AS of the PE, if the AS numbers were different the external routes would be allowed to get redistributed which would not happen with the summary LSAs. I don't have enough experience with these designs to say what the pro/cons are though.

Domain Tag is a loop prevention mechanism, just like DN Bit. Older IOS and based on IETF original draft: LSA type 3 uses DN bit and LSA type 5 uses a Tag ( Cisco uses the name Domain Tag and the RFC uses the name Route Tag). The newer version of RFC (4577) incluses the use of DN bit for both LAS type 3 and type 5. So Domain Tag is just a backward compatibility with older IOS versions which doesn't use DN bit for LSA type 5. Another caveat of using Domain Tag that's can be rewrited using route-map or by changing Domain ID, if it's not changed accordingly it will cause negative results!

To sum up, based on the newer RFC version there's no need to use Domain Tag as DN bit is used for both LSA type 3 and 5.

References:

-https://tools.ietf.org/html/rfc4577#section-4.2.4

Best Regards

Gang Wu
Level 1
Level 1

Hi Experts,

Could you advise on which latest version of IOS XR images the Down(DN) Bit is not only set for LSA-3 but also set for LSA 5 and 7 when Egress PE redistributing MP-iBGP into OSPF while using ospf as a PE-CE protocol ?

I actually try to replicate the DN Bit set for LSA-5 by using iosxrv 5.1.3, 6.0.0 and 6.1.2 however all of them still just set the Domain Tag for External routes LSA5 without DN Bit... any difference between the iosxrv simulation and the real chassis ?

Appreciate if you can help on this.

Best Regards.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: