cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4494
Views
5
Helpful
8
Replies

MPLS VPN - Down Bit - Routing Bit

Mavrick25
Level 1
Level 1

Hello Everyone,

Just want to know if I got this right...

In terms of OSPF

Can we say, that when a PE router receives MP-BGP update destined for a OSPF area it redistributes these routes into the OSPF Area

with the down bit set which when received by the routers in the OSPF area, the routers in the OSPF area notice that the down bit was set and increment the routing bit, isolating them from inserting those routes into the LSDB and as a result do not pass these routes there neighbors??

am I on the right track??

PR

8 Replies 8

Peter Paluch
Cisco Employee
Cisco Employee

Hi,

The routing bit you are talking about is not actually recorded in LSA Options field, rather it seems to be an internal flag used by Cisco OSPF implementation. Some more details can be found here:

https://supportforums.cisco.com/thread/185847

It is not related to the DN bit, either.

Regarding the DN-bit (also known as Down bit), it is set on all LSA-3, LSA-5 and LSA-7 generated by the PE and advertised to CE. The DN-bit is not interesting for CE or C routers at all. It is again used by a PE router (possibly if the customer is multihomed and uses multiple PEs) to avoid redistributing information from other locations of the same VPN back into BGP. All LSAs having the DN bit set are ignored during the SPF run on an PE router.

I understand this may be a difficult topic - please ask further!

Best regards,

Peter

Peter,

Thanks for you reply...

I really think I'm starting to put the pieces together..

From what I understood, the the interpretation or better yet the application of the down bit and the routing bit depends a lot on the network topology..

The first picture I attached called "CE-superbackbone-CE" is has a simple PE to CE connection, nothing fancy and I'm under the impression down bit doesn't matter... Is this correct??

The second picture I attached called "DoublePE-CE" is a situation where a PE router receives an MP-BGP update, redistributes it into the area as an Inter Area summary route which is then seen by the second PE router who selects it as a valid path because of the preferred OSPF admin distance and redistributes it back into MP-BGP creating probable routing loop. 

Here is where the DN-Bit or down bit comes into play, because after reading your post I came to the conclusion that the down bit would be set by the PE router redistributing the route into the area, none of the CE or C routers care about it, but once it's seen by the other PE router it knows not to redistribute it into MP-BGP update... is this correct??

The Third Picture I attached called "routing bit" is a situation I don't understand..  I'm under the impression that when you have a PE acting as a ABR for 2 different area's, instead of having the DN-bit used to stop "routing loops" or better yet the re-redistribution of those routes into MP-BGP and having the PE's do all the work, your asking the CE or C routers to recognize the Down-bit and clear the routing bit, asking them to recognize the route locally but don't advertise them to your neighbors??? is this correct??

Mav

Hello,

Where did you actually learned about the routing bit in the first place? I am sorry but I have some troubles understanding where does that bit come from. The OSPF RFC 2328 nor the RFC 4576 that discusses using OSPF as a PE/CE protocol do not talk about any routing bit. Is it possible that this is some kind of misunderstanding? There is a Route Tag used in this context - did you perhaps mean that one?

The first picture I attached called "CE-superbackbone-CE" is has a 
simple PE to CE connection, nothing fancy and I'm under the impression 
down bit doesn't matter... Is this correct??

Yes, absolutely correct. The down bit will be set by the PE in Area 2 but it is not processed in any way by the CE/C routers.

The second picture I attached called "DoublePE-CE" is a situation where a PE router receives an MP-BGP update, redistributes it into the area as an Inter Area summary route which is then seen by the second PE router who selects it as a valid path because of the preferred OSPF admin distance and redistributes it back into MP-BGP creating probable routing loop. 

Here is where the DN-Bit or down bit comes into play, because after reading your post I came to the conclusion that the down bit would be set by the PE router redistributing the route into the area, none of the CE or C routers care about it, but once it's seen by the other PE router it knows not to redistribute it into MP-BGP update... is this correct??

Yes, absolutely correct.In fact, there is more to it - not only will the other PE router not redistribute the routes back to MP-BGP but it will not even process the LSAs having the down bit set during its route calculation. In essence, the other PE router will not try to reach the remote VPN destinations through the local customer's OSPF domain. In other words, an outage in provider's backbone will not be healed through the customer's network.

The Third Picture I attached called "routing bit" is a situation I don't
 understand..  I'm under the impression that when you have a PE acting 
as a ABR for 2 different area's, instead of having the DN-bit used to 
stop "routing loops" or better yet the re-redistribution of those routes
 into MP-BGP and having the PE's do all the work, your asking the CE or C
 routers to recognize the Down-bit and clear the routing bit, asking 
them to recognize the route locally but don't advertise them to your 
neighbors??? is this correct??

Frankly, I do not understand what you mean in this example. Let me just put down some basic facts and please ask further. A PE router can be an ABR for an arbitrary number of areas - there is no limit, except, of course, system resources. The down bit is of no meaning to CE/C routers. Requiring the CE routers to understand this down bit and not advertise the LSAs back to PEs is meaningless - there is no indication in OSPF whether a router acts as a PE router.

Can you perhaps elaborate further on this third example?

Best regards,

Peter

Peter,

Thank you again for your reply, we are getting close just need to get past this "routing bit" dilemma.

Ok, so let's concentrate on the graph I attached just now, it's called "routing loop 1".

The routing bit phenomenon all began last week when I as at GKI, I attended the official Cisco Implementing Cisco MPLS VPN course and when discussing redistribution into an OSPF area the Down Bit (DN-Bit) and the Routing Bit came up.

The routing bit became a discussion when discussing the problems that could occur when a PE router is an ABR for two area's just like in the picture I attached, from what I understood this was how the graph was explained to me... (Please let me know if you can't see the picture I attached)

So...

Step 1...

The PE router attached to Area 1 redistributes the OSPF routes into MP-BGP which is then received by the other PE router attached to Area 2.

Step 2..

The PE router attached to Area 2 redistributes these routes as a Inter Area Summary route with the DN-Bit set, which when these routes are flooded into Area 1, it is then seen by the other PE router, which notices that the DN-BIT is set and doesn't redistribute these routes into MP-BGP, but does however consider the route as a valid path to that network...

The problem arrives when a packet from "Another site" is destined for the network that belongs to area 1 but the PE router sees that network in Area 2 because of the OSPF admin distance, so what happens is that the PE router attached to "Another Area" routes the packet into Area 2 instead of bypassing area 2 and going directly to Area 1..

The routing bit is used to tweek the way the PE routers behave..

I found this article that I think could help us get a better understanding what I am trying to say..

http://anetworkerblog.com/2009/08/29/downbit/

I really appreciate your patience, but I'm starting to think that the DN-Bit is used to prevent routing loops, while the routing bit is used to prevent un-optimal path selection when dealing wiyh PE's in multiple area's..

I mean I could be wrong, maybe I'm causing more problems for myself...

Please refer to the link and let me know what you think.. Thanks

Mav

Hi Mav,

Okay, I see now what you mean by the "routing bit"

The "routing bit" is actually somewhat of a misnomer, especially when mentioning it along with the down bit. The down bit is a true bit in the Options bit-mapped field present in LSA headers. However, the routing bit is not present in LSAs at all. It is only an internal flag given to LSAs by specifically Cisco's implementation of OSPF and, according to Harold's thread I have referenced earlier, it is used to indicate whether the LSA is usable for SPF calculations.

The article you have referenced at anetworkblog.com is somewhat clumsy when it starts talking about the "routing bit". Let me explain plainly what it is for, and then try to relate that to the article to see for yourself.

It is expected from PE routers to ignore LSAs having the DN bit set to prevent the routing loops from occuring, just as you have described. If the PE routers are running Cisco IOS then they obviously perform this "ignoring" by considering these LSAs unusable for SPF calculation by internally marking then with the "routing bit" unset - but remember, this is only an internal flag, does not get propagated anywhere and it is specific only for Cisco (essentially, if you wrote a program in C language, you would decide on certain internal variables to be used - the "routing flag" is just that, an internal variable).

There are, however, situations when even the CE router needs to run its OSPF in a VRF. Usually, this is not done - a CE router in an MPLS VPN environment does not need nor use VRFs but there may actually be needs to split the CE into virtual routers and run the OSPF towards PE in a VRF. However, the CE router running OSPF in a VRF considers itself to be also in a provider-edge position (because OSPF running in a VRF is most often done only on provider edge routers), and therefore, it would ignore all LSAs sent by the PE with the down bit set, in effect ignoring all routes learned from other locations of the same VPN. Certainly, this is not what you want because here, the attempt to prevent routing loops resulted in total discarding of all routes from beyond the PE. The CE here incorrectly behaves in a provider-edge-fashion which is not appropriate. Therefore, we have to force the CE to accept the LSAs with the down bit set, and that can be done using the OSPF level command capability vrf-lite. This command allows using these LSAs again, and in particular Cisco IOS implementation, this is performed by setting the internal "route bit" flag, thereby allowing them to be used during the SPF.

So much for the "routing bit".

Best regards,

Peter

Peter,

I think I got it...

The reason you don't see the routing bit on any of the RFC's is because the routing bit is an Cisco OSPF extension..

All the routes that originated in the MP-BGP backbone need to be selected as the best path, which the DN-Bit does a good job of in the first 2 examples I provided earlier..

In the third example the DN-bit doesn't do a good job because you could have a customer Area selected as the best path to a network that originated in the MP-BGP backbone, so Cisco implemented the routing bit to avoid Customer AS accidentally acting as a Transit Area for networks originating in the MP-BGP backbone..

When dealing with a scenario like in the third example and I repeat only in the third example...

The PE routers need to change there path selection process, to do this they need to ignore the down bit...

This were the down bit comes into play

The cisco router clears the routing bit marking it basically as a route that originated from the MP-BGP backbone..

What does this do?

Well, when the PE routers calculate there LSDB it's considered as best, but because the routing bit was cleared it's NOT inserted into the Official RIB table.. meaning that the routes are redistributed into the Area, but once a packet is received by a PE router destined for a network that originated in the backbone, it will consider the MP-BGP route instead of the OSPF one..

Let's recap...

A PE router receives an MP-BGP update, the PE router marks all the those routes that originated in the MP-BGP backbone by clearing the routing bit before redistributing the routes into the OSPF area via the LSA update, the routing bit is not included in the LSA update to other routers in the area, it's locally significant...

Once another PE router attached to the same area receives the LSA update it notices that for that particular network the routing bit was cleared because that PE should also be receiving the MP-BGP updates, and not selecting it as the best path to the network originally originated from the MP-BGP backbone..

What happens is, that when a packet from "Another Site" arrives to that PE router, it looks up the MP-BGP route instead of the OSPF route because the OSPF route had been marked with by clearing routing bit..

Wow, I really hope I got this right... or I could just be making my life more difficult..

Mav

Hi Mav,

I am afraid you are making things more complicated than they are.

The reason you don't see the routing bit on any of the RFC's is because the routing bit is an Cisco OSPF extension..

I would not call it an extension. The routing bit is simply an internal variable that is exposed to the user. Compare these two little C-language programs:

#include

int main (void)

{

  int i = 2+3;

  printf ("The sum is %d\n", i);

  return 0;

}

and

#include

int main(void)

{

  printf ("The sum is %d\n", 2+3);

  return 0;

}

Both programs do the same - they compute and print the sum of 2+3. However, the first program uses an auxiliary variable i to store the intermediate result while the second program refers to a literal value directly. You could call the variable i a proprietary extension of the basic algorithm but in fact it is just an implementation issue - an internal matter of how the algorithm has been implemented, not a proprietary extension. You have to distinguish between an extension and an implementation detail. An extension enhances the algorithm or protocol. An implementation detail does not enhance the protocol in any way, rather it is a way (one of many) of making the algorithm or protocol do its work. The same goes for the "routing bit". It is only an internal variable of Cisco's OSPF implementation and it neither extends nor modifies the OSPF working. It is only a way how to quickly declare which LSAs shall not be used when computing the routing table.

I would say - forget about the "routing bit" altogether Have you actually read and understood the thread about the routing bit I have referenced in my first reply?

Cisco implemented the routing bit to avoid Customer AS accidentally 
acting as a Transit Area for networks originating in the MP-BGP 
backbone..

No. I believe that Cisco implemented the "routing bit" as a part of their OSPF algorithm to flag LSAs as usable or unusable, without any regard to VPNs, DN-bit or any other application.

When dealing with a scenario like in the third example and I repeat only in the third example...

The PE routers need to change there path selection process, to do this they need to ignore the down bit...

I have troubles understanding your third scenario. Can you describe the routing loop being created in this scenario step-by-step? In any case, the PE routers need to change their path selection process by observing the DN-bit, not by ignoring it as you suggest.

The cisco router clears the routing bit marking it basically as a route that originated from the MP-BGP backbone..

No. If the "routing bit" is cleared then the router indicates that for the shortest-path algorithm in OSPF, the LSA shall be ignored as if it was not even present in the LSDB.

Well, when the PE routers calculate there LSDB it's considered as best, 
but because the routing bit was cleared it's NOT inserted into the 
Official RIB table..

No. An LSA with "routing bit" cleared is considered unusable for shortest-path calculation so it will be skipped as if it was not even present in the LSDB.

the routing bit is not included in the LSA update to other routers in the area, it's locally significant...

Once another PE router attached to the same area receives the LSA update it notices that for that particular network the routing bit was cleared

You are actually contradicting yourself here. How can another PE notice that the "routing bit" was cleared when this bit is locally significant and not transmitted anywhere as you have yourself stated?

I say - calm down and try to reevaluate this entire principle once again but totally forget about the so-called "routing bit". The bit is not relevant to the MPLS VPN issue or any other issue in OSPF. In any moment, the notion of the "routing bit" can be fully replaced by a set of checks

  • whether the originator of a particular LSA is topologically reachable
  • whether the LSA contents are sane
  • whether it is allowed to use the LSA in shortest path calculations for a particular purpose

I cannot stress this enough - the "routing bit" is obviously confusing you terribly. Forget about it - it does not make any difference to the operation of OSPF in PE/CE environment whatsoever.

Best regards,

Peter

How to prevent the customer sites from acting as transit parts of the MPLS VPN network? What do you suggest?

Review Cisco Networking for a $25 gift card