Configuration of VRF:
Create each VRF, RD, and RT, plus associating the customer-facing PE interfaces with the correct VRF:
VRF CUST-A, RD 1:111, RT 1:100
PE1
ip vrf CUST-A
rd 1:111
route-target export 1:100
route-target import 1:100
!
interface s1/0
ip vrf forwarding CUST-A
ip address 10.1.1.1 255.255.255.252
PE2
ip vrf CUST-A
rd 1:111
route-target export 1:100
route-target import 1:100
!
interface s1/0
ip vrf forwarding CUST-A
ip address 10.2.2.1 255.255.255.252
PE3
ip vrf CUST-A
rd 1:111
route-target export 1:100
route-target import 1:100
!
interface s1/0
ip vrf forwarding CUST-A
ip address 10.3.3.1 255.255.255.252
Configuring the IGP Between PE and CE routers using OSPF process-ID and area 1:
CE-A1:
router ospf 10
network 10.1.1.2 0.0.0.0 area 1
network 10.2.2.2 0.0.0.0 area 1
network 172.16.1.1 0.0.0.0 area 1
CE-A2:
router ospf 10
network 10.3.3.2 0.0.0.0 area 1
network 172.16.2.1 0.0.0.0 area 1
PE1:
router ospf 10 vrf CUST-A
network 10.1.1.1 0.0.0.0 area 1
PE2:
router ospf 10 vrf CUST-A
network 10.2.2.1 0.0.0.0 area 1
PE3:
router ospf 10 vrf CUST-A
network 10.3.3.1 0.0.0.0 area 1
Verify OSPF neighbor relationship:
PE1#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
172.16.1.1 0 FULL/ - 00:00:34 10.1.1.2 Serial1/0
PE1#
PE2#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
172.16.1.1 0 FULL/ - 00:00:39 10.2.2.2 Serial1/0
PE2#
PE3#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
172.16.2.1 0 FULL/ - 00:00:36 10.3.3.2 Serial1/0
PE3#
The show ip ospf command shown that the MPLS VPN backbone acts as a Super Backbone, therefore the PE routers act as an ABR, notice the lines "Connected to MPLS VPN Superbackbone" and "It is an area border router".
PE1#show ip ospf
Routing Process "ospf 10" with ID 10.1.1.1
Domain ID type 0x0005, value 0.0.0.10
Start time: 00:32:33.048, Time elapsed: 00:08:37.552
Supports only single TOS(TOS0) routes
Supports opaque LSA
Supports Link-local Signaling (LLS)
Supports area transit capability
Supports NSSA (compatible with RFC 3101)
Connected to MPLS VPN Superbackbone, VRF CUST-A
Event-log disabled
It is an area border router
Router is not originating router-LSAs with maximum metric
Initial SPF schedule delay 5000 msecs
Minimum hold time between two consecutive SPFs 10000 msecs
Maximum wait time between two consecutive SPFs 10000 msecs
Incremental-SPF disabled
Minimum LSA interval 5 secs
Minimum LSA arrival 1000 msecs
LSA group pacing timer 240 secs
Interface flood pacing timer 33 msecs
Retransmission pacing timer 66 msecs
Number of external LSA 0. Checksum Sum 0x000000
Number of opaque AS LSA 0. Checksum Sum 0x000000
Number of DCbitless external and opaque AS LSA 0
Number of DoNotAge external and opaque AS LSA 0
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Number of areas transit capable is 0
External flood list length 0
IETF NSF helper support enabled
Cisco NSF helper support enabled
Reference bandwidth unit is 100 mbps
Area 1
Number of interfaces in this area is 1
Area has no authentication
SPF algorithm last executed 00:07:16.788 ago
SPF algorithm executed 4 times
Area ranges are
Number of LSA 3. Checksum Sum 0x024383
Number of opaque link LSA 0. Checksum Sum 0x000000
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 0
PE1#
Verify the IP routes for VRF CUST-A:
PE1#show ip route vrf CUST-A ospf | beg Gate
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
O 10.2.2.0/30 [110/128] via 10.1.1.2, 00:10:31, Serial1/0
172.16.0.0/24 is subnetted, 1 subnets
O 172.16.1.0 [110/65] via 10.1.1.2, 00:11:19, Serial1/0
PE1#
PE2#show ip route vrf CUST-A ospf | beg Gate
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
O 10.1.1.0/30 [110/128] via 10.2.2.2, 00:11:08, Serial1/0
172.16.0.0/24 is subnetted, 1 subnets
O 172.16.1.0 [110/65] via 10.2.2.2, 00:11:08, Serial1/0
PE2#
PE3#show ip route vrf CUST-A ospf | beg Gate
Gateway of last resort is not set
172.16.0.0/24 is subnetted, 1 subnets
O 172.16.2.0 [110/65] via 10.3.3.2, 00:11:18, Serial1/0
PE3#
Redistribution Between PE-CE routers (between OSPF and MP-BGP):
PE1(config)#router bgp 65000
PE1(config-router)#address-family ipv4 vrf CUST-A
PE1(config-router-af)#redistribute ospf 10
PE1(config)#router ospf 10 vrf CUST-A
PE1(config-router)#redistribute bgp 65000 subnets
PE2(config)#router bgp 65000
PE2(config-router)#address-family ipv4 vrf CUST-A
PE2(config-router-af)#redistribute ospf 10
PE2(config)#router ospf 10 vrf CUST-A
PE2(config-router)#redistribute bgp 65000 subnets
PE3(config)#router bgp 65000
PE3(config-router)#address-family ipv4 vrf CUST-A
PE3(config-router-af)#redistribute ospf 10
PE3(config)#router ospf 10 vrf CUST-A
PE3(config-router)#redistribute bgp 65000 subnets
Configuration MP-BGP Between PEs routers:
PE1(config)#router bgp 65000
PE1(config-router)#neighbor 3.3.3.3 remote-as 65000
PE1(config-router)#neighbor 3.3.3.3 update-source loop0
PE1(config-router)#address-family vpnv4
PE1(config-router-af)#neighbor 3.3.3.3 activate
PE1(config-router-af)#neighbor 3.3.3.3 send-community
PE2(config)#router bgp 65000
PE2(config-router)#neighbor 3.3.3.3 remote-as 65000
PE2(config-router)#neighbor 3.3.3.3 update-source loop0
PE2(config-router)#address-family vpnv4
PE2(config-router-af)#neighbor 3.3.3.3 activate
PE2(config-router-af)#neighbor 3.3.3.3 send-community
PE3(config)#router bgp 65000
PE3(config-router)#neighbor 1.1.1.1 remote-as 65000
PE3(config-router)#neighbor 1.1.1.1 update-source loop0
PE3(config-router)#address-family vpnv4
PE3(config-router-af)#neighbor 1.1.1.1 activate
PE3(config-router-af)#neighbor 1.1.1.1 send-community
PE3(config)#router bgp 65000
PE3(config-router)#neighbor 2.2.2.2 remote-as 65000
PE3(config-router)#neighbor 2.2.2.2 update-source loop0
PE3(config-router)#address-family vpnv4
PE3(config-router-af)#neighbor 2.2.2.2 activate
PE3(config-router-af)#neighbor 2.2.2.2 send-community
Verify the BGP neighbors:
PE1#show ip bgp summary
BGP router identifier 1.1.1.1, local AS number 65000
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
3.3.3.3 4 65000 11 9 1 0 0 00:01:37 0
PE1#
PE2#show ip bgp summary
BGP router identifier 2.2.2.2, local AS number 65000
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
3.3.3.3 4 65000 12 10 1 0 0 00:02:06 0
PE2#
PE3#show ip bgp summary
BGP router identifier 3.3.3.3, local AS number 65000
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
1.1.1.1 4 65000 11 13 1 0 0 00:02:54 0
2.2.2.2 4 65000 11 13 1 0 0 00:02:42 0
PE3#
Verify the per-RD BGP table. And we can see the overlapping subnets 172.16.1.1/32 and 172.16.2.1/32 are a part of the two customers’ address spaces:
PE1#show ip bgp vpnv4 all
BGP table version is 8, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:111 (default for vrf CUST-A)
*> 10.1.1.0/30 0.0.0.0 0 32768 ?
*> 10.2.2.0/30 10.1.1.2 128 32768 ?
*>i 10.3.3.0/30 3.3.3.3 0 100 0 ?
*> 172.16.1.0/24 10.1.1.2 65 32768 ?
*>i 172.16.2.0/24 3.3.3.3 65 100 0 ?
PE1#
PE2#show ip bgp vpnv4 all
BGP table version is 8, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:111 (default for vrf CUST-A)
*> 10.1.1.0/30 10.2.2.2 128 32768 ?
*> 10.2.2.0/30 0.0.0.0 0 32768 ?
*>i 10.3.3.0/30 3.3.3.3 0 100 0 ?
*> 172.16.1.0/24 10.2.2.2 65 32768 ?
*>i 172.16.2.0/24 3.3.3.3 65 100 0 ?
PE2#
PE3#show ip bgp vpnv4 all
BGP table version is 10, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:111 (default for vrf CUST-A)
* i 10.1.1.0/30 2.2.2.2 128 100 0 ?
*>i 1.1.1.1 0 100 0 ?
*>i 10.2.2.0/30 2.2.2.2 0 100 0 ?
* i 1.1.1.1 128 100 0 ?
*> 10.3.3.0/30 0.0.0.0 0 32768 ?
* i 172.16.1.0/24 2.2.2.2 65 100 0 ?
*>i 1.1.1.1 65 100 0 ?
*> 172.16.2.0/24 10.3.3.2 65 32768 ?
PE3#
Verify the the per-VRF routing tables of PEs routers, they receive both the BGP routes toward 172.16.1.1/32 and 172.16.2.1/32 for each VRF:
PE1#show ip route vrf CUST-A | beg Gate
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C 10.1.1.0/30 is directly connected, Serial1/0
L 10.1.1.1/32 is directly connected, Serial1/0
O 10.2.2.0/30 [110/128] via 10.1.1.2, 00:30:27, Serial1/0
B 10.3.3.0/30 [200/0] via 3.3.3.3, 00:09:21
172.16.0.0/24 is subnetted, 2 subnets
O 172.16.1.0 [110/65] via 10.1.1.2, 00:31:15, Serial1/0
B 172.16.2.0 [200/65] via 3.3.3.3, 00:09:21
PE1#
PE2#show ip route vrf CUST-A | beg Gate
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
O 10.1.1.0/30 [110/128] via 10.2.2.2, 00:31:21, Serial1/0
C 10.2.2.0/30 is directly connected, Serial1/0
L 10.2.2.1/32 is directly connected, Serial1/0
B 10.3.3.0/30 [200/0] via 3.3.3.3, 00:10:03
172.16.0.0/24 is subnetted, 2 subnets
O 172.16.1.0 [110/65] via 10.2.2.2, 00:31:21, Serial1/0
B 172.16.2.0 [200/65] via 3.3.3.3, 00:10:03
PE2#
PE3#show ip route vrf CUST-A | beg Gate
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
B 10.1.1.0/30 [200/0] via 1.1.1.1, 00:11:04
B 10.2.2.0/30 [200/0] via 2.2.2.2, 00:10:52
C 10.3.3.0/30 is directly connected, Serial1/0
L 10.3.3.1/32 is directly connected, Serial1/0
172.16.0.0/24 is subnetted, 2 subnets
B 172.16.1.0 [200/65] via 1.1.1.1, 00:11:04
O 172.16.2.0 [110/65] via 10.3.3.2, 00:31:47, Serial1/0
PE3#
CE-A1#show ip route OSPF | beg Gate
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
O IA 10.3.3.0/30 [110/65] via 10.2.2.1, 00:11:52, Serial1/1
[110/65] via 10.1.1.1, 00:12:04, Serial1/0
172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks
O IA 172.16.2.0/24 [110/129] via 10.2.2.1, 00:11:52, Serial1/1
[110/129] via 10.1.1.1, 00:12:04, Serial1/0
CE-A1#
CE-A2#show ip route OSPF | beg Gate
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
O IA 10.1.1.0/30 [110/65] via 10.3.3.1, 00:12:55, Serial1/0
O IA 10.2.2.0/30 [110/65] via 10.3.3.1, 00:12:42, Serial1/0
172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks
O IA 172.16.1.0/24 [110/129] via 10.3.3.1, 00:12:55, Serial1/0
CE-A2#
Verify the connectivity between the customers:
CE-A1#ping 172.16.2.1 sou 172.16.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.2.1, timeout is 2 seconds:
Packet sent with a source address of 172.16.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 100/168/268 ms
CE-A1#
Now let's see how the routes are learned and how the down bit, or downward plays an important role to avoid routing loop
1-CE-A2 advertises a Router LSA or Network LSA to PE3.
2-PE3 receives the intra-area route from CE-A2 and redistributes it into MP-BGP.
3-The PE1 and PE2 routers receive this route.
4-Let's focus on PE2, it redistributes the MP-BGP learned route from PE3 into OSPF as an LSA Type 3 (remember that MPLS backbone acts as an OSPF superbackbone and the PE routers sets the B-bit in its LSA Type 1 to tell to CE routers that it is an ABR)
5-The Summary LSA is propagated across the OSPF area and received by the other PE router, PE1 in this case, which is attached to the same OSPF area 1.
Because PE1 has the same route learned from two protocols (OSPF and MP-BGP), it needs to make a decision based on the administrative distance. Because the administrative distance of OSPF is better than the administrative distance of MP-iBGP, it selects the OSPF route. Therefore, PE3 redistributes the route OSPF back into the MP-BGP process, potentially causing in a routing loop.
The same potential routing loop is valid for the routes redistributed by PE2 to PE1 through OSPF domain.
OSPF down bit is that mechanism used to avoid the routing loop.
Let's see the LSDB of the PE1 router, it learns an LSA Type 3 from PE2 and creates its Summary LSA for the same prefix 172.16.2.0/24:
PE1#show ip ospf database
OSPF Router with ID (10.1.1.1) (Process ID 10)
Router Link States (Area 1)
Link ID ADV Router Age Seq# Checksum Link count
10.1.1.1 10.1.1.1 1391 0x80000002 0x00B5FB 2
10.2.2.1 10.2.2.1 1337 0x80000003 0x00CFD8 2
172.16.1.1 172.16.1.1 319 0x80000005 0x00C4A2 5
Summary Net Link States (Area 1)
Link ID ADV Router Age Seq# Checksum
10.3.3.0 10.1.1.1 1055 0x80000001 0x00C2DE
10.3.3.0 10.2.2.1 1044 0x80000001 0x00B3EB
172.16.2.0 10.1.1.1 1055 0x80000001 0x00832C
172.16.2.0 10.2.2.1 1044 0x80000001 0x007439
PE1#
When PE1 redistributes the route learned from PE3 router through MP-BGP into OSPF, it sets the down bit, or downward, on the the sammary LSA Type 3 of this route. So when PE2 receives this LSA Type 3, it doesn’t take it into account as shown by the show ip ospf database summary 172.16.2.0 command:
PE1#show ip ospf database summary 172.16.2.0
OSPF Router with ID (10.1.1.1) (Process ID 10)
Summary Net Link States (Area 1)
LS age: 1524
Options: (No TOS-capability, DC, Downward)
LS Type: Summary Links(Network)
Link State ID: 172.16.2.0 (summary Network Number)
Advertising Router: 10.1.1.1
LS Seq Number: 80000001
Checksum: 0x832C
Length: 28
Network Mask: /24
MTID: 0 Metric: 65
LS age: 1513
Options: (No TOS-capability, DC, Downward)
LS Type: Summary Links(Network)
Link State ID: 172.16.2.0 (summary Network Number)
Advertising Router: 10.2.2.1
LS Seq Number: 80000001
Checksum: 0x7439
Length: 28
Network Mask: /24
MTID: 0 Metric: 65
PE1#
CE-A1#show ip ospf database
OSPF Router with ID (172.16.1.1) (Process ID 10)
Router Link States (Area 1)
Link ID ADV Router Age Seq# Checksum Link count
10.1.1.1 10.1.1.1 105 0x80000003 0x00B3FC 2
10.2.2.1 10.2.2.1 1869 0x80000003 0x00CFD8 2
172.16.1.1 172.16.1.1 852 0x80000005 0x00C4A2 5
Summary Net Link States (Area 1)
Link ID ADV Router Age Seq# Checksum
10.3.3.0 10.1.1.1 1589 0x80000001 0x00C2DE
10.3.3.0 10.2.2.1 1577 0x80000001 0x00B3EB
172.16.2.0 10.1.1.1 1589 0x80000001 0x00832C
172.16.2.0 10.2.2.1 1577 0x80000001 0x007439
CE-A1#
CE-A1#show ip ospf database summary 172.16.2.0
OSPF Router with ID (172.16.1.1) (Process ID 10)
Summary Net Link States (Area 1)
Routing Bit Set on this LSA in topology Base with MTID 0
LS age: 1303
Options: (No TOS-capability, DC, Downward)
LS Type: Summary Links(Network)
Link State ID: 172.16.2.0 (summary Network Number)
Advertising Router: 10.1.1.1
LS Seq Number: 80000001
Checksum: 0x832C
Length: 28
Network Mask: /24
MTID: 0 Metric: 65
Routing Bit Set on this LSA in topology Base with MTID 0
LS age: 1291
Options: (No TOS-capability, DC, Downward)
LS Type: Summary Links(Network)
Link State ID: 172.16.2.0 (summary Network Number)
Advertising Router: 10.2.2.1
LS Seq Number: 80000001
Checksum: 0x7439
Length: 28
Network Mask: /24
MTID: 0 Metric: 65
CE-A1#
Below the output shows PE1 and PE2 distribute 172.16.2.0/24 prefix to CE-A1 using BGP. PE1 and PE2 have included all OSPF related BGP Extended communities. The A Hexa Number in OSPF Domain ID (A) is the actual process ID 10. The route-type is set as LSA Type-2 (intra-area) route. The Router ID is the router-id of PE router set for that VRF instance.
PE1#show bgp vpnv4 unicast vrf CUST-A 172.16.2.0
BGP routing table entry for 1:111:172.16.2.0/24, version 8
Paths: (1 available, best #1, table CUST-A)
Not advertised to any peer
Refresh Epoch 1
Local
3.3.3.3 (metric 2809856) from 3.3.3.3 (3.3.3.3)
Origin incomplete, metric 65, localpref 100, valid, internal, best
Extended Community: RT:1:100 OSPF DOMAIN ID:0x0005:0x0000000A0200
OSPF RT:0.0.0.1:2:0 OSPF ROUTER ID:10.3.3.1:0
mpls labels in/out nolabel/21
rx pathid: 0, tx pathid: 0x0
PE1#
PE2#show bgp vpnv4 unicast vrf CUST-A 172.16.2.0
BGP routing table entry for 1:111:172.16.2.0/24, version 8
Paths: (1 available, best #1, table CUST-A)
Not advertised to any peer
Refresh Epoch 1
Local
3.3.3.3 (metric 2809856) from 3.3.3.3 (3.3.3.3)
Origin incomplete, metric 65, localpref 100, valid, internal, best
Extended Community: RT:1:100 OSPF DOMAIN ID:0x0005:0x0000000A0200
OSPF RT:0.0.0.1:2:0 OSPF ROUTER ID:10.3.3.1:0
mpls labels in/out nolabel/21
rx pathid: 0, tx pathid: 0x0
PE2#
Since the Domain IDs on both PE routers match, PE1 and PE2 redistribute 172.16.2.0/24 prefix to CE-A1 router as inter-area route (Summary LSA).
Let's change the domain-ID manually on PE3:
PE3(config-router)#router ospf 10 vrf CUST-A
PE3(config-router)#domain-id ?
A.B.C.D OSPF domain ID in IP address format
null Null Domain-ID
type OSPF domain ID type in Hex format
PE3(config-router)#domain-id 3.3.3.3
PE3 router distributes 172.16.2.0 prefix with Domain ID 030303030200. PE1 and PE2 match that with their own Domain ID (kept as default here) before redistributing the prefix to CE-A1 router. Since the Domain IDs dont match, PE1 and PE2 advertise the prefix as an External LSA Type 5:
PE1#show bgp vpnv4 unicast vrf CUST-A 172.16.2.0
BGP routing table entry for 1:111:172.16.2.0/24, version 10
Paths: (1 available, best #1, table CUST-A)
Not advertised to any peer
Refresh Epoch 1
Local
3.3.3.3 (metric 2809856) from 3.3.3.3 (3.3.3.3)
Origin incomplete, metric 65, localpref 100, valid, internal, best
Extended Community: RT:1:100 OSPF DOMAIN ID:0x0005:0x030303030200
OSPF RT:0.0.0.1:2:0 OSPF ROUTER ID:10.3.3.1:0
mpls labels in/out nolabel/21
rx pathid: 0, tx pathid: 0x0
PE1#
We can see from the LSDB of the CE-A1 router that in the LSA Type 5 there is a new field checked to avoid loops. This is called the tag field:
CE-A1#show ip ospf database
OSPF Router with ID (172.16.1.1) (Process ID 10)
Router Link States (Area 1)
Link ID ADV Router Age Seq# Checksum Link count
10.1.1.1 10.1.1.1 510 0x80000003 0x00B3FC 2
10.2.2.1 10.2.2.1 262 0x80000004 0x00CDD9 2
172.16.1.1 172.16.1.1 1257 0x80000005 0x00C4A2 5
Type-5 AS External Link States
Link ID ADV Router Age Seq# Checksum Tag
10.3.3.0 10.1.1.1 39 0x80000001 0x00D28E 3489725928
10.3.3.0 10.2.2.1 39 0x80000001 0x00C39B 3489725928
172.16.2.0 10.1.1.1 39 0x80000001 0x0093DB 3489725928
172.16.2.0 10.2.2.1 39 0x80000001 0x0084E8 3489725928
CE-A1#
The RFC 4577 Section 4.2.5.1. The DN Bit says:
When a type 3 LSA is sent from a PE router to a CE router, the DN bit
[OSPF-DN] in the LSA Options field MUST be set. This is used to
ensure that if any CE router sends this type 3 LSA to a PE router,
the PE router will not redistribute it further.
When a PE router needs to distribute to a CE router a route that
comes from a site outside the latter's OSPF domain, the PE router
presents itself as an ASBR (Autonomous System Border Router), and
distributes the route in a type 5 LSA. The DN bit [OSPF-DN] MUST be
set in these LSAs to ensure that they will be ignored by any other PE
routers that receive them.
As a result the LSA Type 5 advertised by PE1 and PE2 sets the down bit and includes a new field which the Tag:
When a PE redistributes a route from MP-BGP into OSPF as LSA5 or LSA7, it adds a tag to the route (tag 3989725929 by default). So if another PE receives an LSA Type 5 with this tag, it doesn’t redistribute it back into MP-BGP:
CE-A1#show ip ospf database external 172.16.2.0
OSPF Router with ID (172.16.1.1) (Process ID 10)
Type-5 AS External Link States
Routing Bit Set on this LSA in topology Base with MTID 0
LS age: 815
Options: (No TOS-capability, DC, Downward)
LS Type: AS External Link
Link State ID: 172.16.2.0 (External Network Number )
Advertising Router: 10.1.1.1
LS Seq Number: 80000001
Checksum: 0x93DB
Length: 36
Network Mask: /24
Metric Type: 2 (Larger than any link state path)
MTID: 0
Metric: 65
Forward Address: 0.0.0.0
External Route Tag: 3489725928
Routing Bit Set on this LSA in topology Base with MTID 0
LS age: 815
Options: (No TOS-capability, DC, Downward)
LS Type: AS External Link
Link State ID: 172.16.2.0 (External Network Number )
Advertising Router: 10.2.2.1
LS Seq Number: 80000001
Checksum: 0x84E8
Length: 36
Network Mask: /24
Metric Type: 2 (Larger than any link state path)
MTID: 0
Metric: 65
Forward Address: 0.0.0.0
External Route Tag: 3489725928
CE-A1#
PE2#show ip ospf database
OSPF Router with ID (10.2.2.1) (Process ID 10)
Router Link States (Area 1)
Link ID ADV Router Age Seq# Checksum Link count
10.1.1.1 10.1.1.1 1755 0x80000003 0x00B3FC 2
10.2.2.1 10.2.2.1 1505 0x80000004 0x00CDD9 2
172.16.1.1 172.16.1.1 480 0x80000006 0x00C2A3 5
Type-5 AS External Link States
Link ID ADV Router Age Seq# Checksum Tag
10.3.3.0 10.1.1.1 1284 0x80000001 0x00D28E 3489725928
10.3.3.0 10.2.2.1 1282 0x80000001 0x00C39B 3489725928
172.16.2.0 10.1.1.1 1284 0x80000001 0x0093DB 3489725928
172.16.2.0 10.2.2.1 1282 0x80000001 0x0084E8 3489725928
PE2#
CE-A1#show ip route ospf | beg Gate
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
O E2 10.3.3.0/30 [110/1] via 10.2.2.1, 00:10:43, Serial1/1
[110/1] via 10.1.1.1, 00:10:43, Serial1/0
172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks
O E2 172.16.2.0/24 [110/65] via 10.2.2.1, 00:06:25, Serial1/1
[110/65] via 10.1.1.1, 00:06:25, Serial1/0
CE-A1#