OSPF to BGP ROUTE DISTRIBUTION WITH ROUTE-TAGS

While working with a customer, I came across an interesting issue that I thought is worth sharing. The customer is having Firewall in LAN, with which CPE router is having OSPF peering. Usng 32-bit dotted notations on Firewalls, the customer was tagging the OSPF prefixes with tag-value of 172.19.0.1
Even though, the BGP configurations for OSPF to BGP redistribution was correct and verified several times, these OSPF prefixes did not appear in the BGP table, and hence were not advertised across the WAN.

A little bit of digging led to RFC 1403 that describes BGP-OSPF interaction.

If the first bit of the 32 bit route-tag (known as "a" or automatic bit) is set to 0, then the remaining 31 bits signify the local Info, meaning that the tag has been configured manually by the network administrator. If the "a" bit is 0, then the OSPF routes can be redistributed into BGP, without any further consideration.

However, if the "a" or the automatic bit is set, then the following sub-fields apply:-

"c" OR Completeness bit (1 bit) ---> 2nd bit, indicates the completeness of information.The Completeness characteristic bit is set when the source of the incoming route is known precisely, for instance, from an IGP within the local autonomous system or EGP at one of the autonomous system's boundaries

"pl" OR PathLength bits (2 bits) ----> 3rd and 4th bits signifying the path length.The PathLength characteristic sub-field is set depending on the length of the AS_PATH that the protocol could have carried when importing the route into the OSPF routing domain. The length bits will indicate whether the AS_PATH attribute for the length is zero, one, or greater than one

Arbitrary Tag (12 bits) -----> 5th - 16th bits, signifies arbitrary tag value

Autonomous System (16 bits) -----> 17th - 32nd bits signifies the AS number of the route. It is 0, if the route is considered to be part of the local AS.

"a" bit set indicates that the Completeness and PathLength bits have been generated automatically by the router. Routes imported from an IGP have AS_PATH length of 0 while that imported from EGP have AS_PATH length of 1. Routes from BGP and other routing protocols that support complete path information, will indicate a path greater than 1. The OSPF tag is not wide enough to carry path information about routes that have path-length ("pl") > 1, and hence must not be exported from OSPF into BGP.

Now, for the customer's routes tagged as 172.19.0.1 , the "a" bit was set, and the "pl" bits were "10" (>1)

The details were seen below on the CPE router. With Tag Path Length > 1, the route wasn't imported into BGP

Routing entry for 172.39.20.0/24
Known via "ospf 1", distance 110, metric 20
Tag Path Length >= 1, AS 1, 3091, type extern 2, forward metric 200 <<<<<<<<<<
.
.
Route tag 172.19.0.1

show ip bgp 172.39.20.0/24
% Network not in table

When the tag was changed to 72.19.0.1, so that the "a" bit was unset, the other bits only signified a local tag, and the route was imported into bgp

Routing entry for 172.39.20.0/24
Known via "ospf 1", distance 110, metric 20
Tag 72.19.0.1, type extern 2, forward metric 200
.
.
Route tag 72.19.0.1

show ip bgp 172.39.20.0/24
BGP routing table entry for 172.39.20.0/32, version 30
Paths: (1 available, best #1, table default)

With the "a" bit set, and "pl" bits (<1), e.g. in route tag of 141.19.0.1, the route redistribution was still possible

Routing entry for 172.39.20.0/24
Known via "ospf 1", distance 110, metric 20
Tag Path Length == 0, AS 1, 3347, type extern 2, forward metric 200 <<<<<<<<<<<<<
.
.
Route tag 141.19.0.1

show ip bgp 172.39.20.0/24
BGP routing table entry for 172.39.20.0/32, version 30
Paths: (1 available, best #1, table default)



More details of the RFC and other possible combinations can be found at :- https://tools.ietf.org/html/rfc1403