Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1368
Views
5
Helpful
3
Replies

a separated OSPF process VRF can't learn the routes redistributed from BGP to another OSPF VRF and process

Go to solution
rock.zhang@fil.com
Level 1
Level 1

‎05-15-2020 07:11 PM

Hi, Experts,

 

i've encountered a issue of routing when we separate a router ASR 1001-X to multiple VRF and OSPF processes.

 

VRF 1: Blue, router ospf 1 vrf blue

VRF 2: red, router ospf 2 vrf red

a routes was redistributed from BGP to OSPF 2 under vrf red.

 

vrf red and vrf blue are both connecting to an external firewall in a same OSPF Area 0.

the issue we found, we redistributed static routes into OSPF 1 under VRF blue. though firewall, and then VRF Red can learn this route. but we redistributed BGP routes into OSPF 1 at the same way, either VRF red or VRF blue can not learn it.

but the firewall in between can learn all routes properly. it seems the router itself can't install the routes into routing table.

 

Would you please help on this case.

 

THanks and regards

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎05-16-2020 12:00 AM

Hello rock.zhang@fil.com ,

what you see is an expected behaviour as the router acting as a PE node checks the DN bit in the LSAs.

The DN down bit says that the LSA is originated from redistribution from MP BGP and it is a simple but effiicient routing loop avoidance tool.

To disable this checking you need a command in each router ospf process:

router ospf 10

capability vrf-lite

 

This command should make the router to skip the check of the DN bit.

In the past I had a customer where we used heavily the DN bit concept to avoid mixing routes of different VRFs via the CE nodes.

 

Hope to help

Giuseppe

View solution in original post

3 Replies 3

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎05-15-2020 07:18 PM - edited ‎05-15-2020 07:19 PM

Hi

 

I'm not sure I got you because you said it works from blue to red but it doesn't work at the same time.

The one working is ospf for GTR (Global Routing Table)?

Do you see the prefix in ospf database or nowhere at all? What the next hop of the route you're looking at? Do your VRFs knows the next hop?

You said firewall knows about these routes but the VRF attached aren't seeing them in their routing table. That's why I'm asking these questions.


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎05-16-2020 12:00 AM

Hello rock.zhang@fil.com ,

what you see is an expected behaviour as the router acting as a PE node checks the DN bit in the LSAs.

The DN down bit says that the LSA is originated from redistribution from MP BGP and it is a simple but effiicient routing loop avoidance tool.

To disable this checking you need a command in each router ospf process:

router ospf 10

capability vrf-lite

 

This command should make the router to skip the check of the DN bit.

In the past I had a customer where we used heavily the DN bit concept to avoid mixing routes of different VRFs via the CE nodes.

 

Hope to help

Giuseppe

Go to solution
rock.zhang@fil.com
Level 1
Level 1
In response to Giuseppe Larosa

‎05-16-2020 06:22 AM

Many thanks.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card