I’ve seen the same question in several blogs, so today I will try to turn this subject inside-out.
Let’s focus on the following scenario:
The following sequence takes place, which can lead to a potential routing loop:
- R2 sends an LSA1 or LSA2 to PE1
- PE1 receives the intra-area OSPF route from R2 and redistributes it into MP-BGP.
- The receiving PE router, let’s say PE2, redistributes the MP-BGP route into OSPF as an LSA3 (remember that MPLS backbone acts as an OSPF superbackbone)
- LSA3 is propagated across the OSPF area and received by the other PE router, PE3 in our diagram, which is attached to the same OSPF area 1.
- Because PE3 has the same route learned by two protocols (OSPF and MP-BGP), it has to make a decision based on the administrative distance. Because the administrative distance of OSPF is better than the administrative distance of MP-iBGP, it selects the OSPF route. Therefore, PE3 redistributes the route OSPF back into the MP-BGP process, potentially resulting in a routing loop.
This is why it’s completely necessary to have a mechanism to break the loop, and OSPF down bit is that mechanism.
The down bit is a bit located in the LSA Header, and its function is to avoid loops in MPLS-VPN environments when using OSPF as PE-CE protocol.
When PE2 redistributes the MP-BGP route into OSPF, it sets up the down bit, or downward, on the LSA3. So when PE3 receives that LSA3, it doesn’t take it into account.
R1#sh ip ospf datab
OSPF Router with ID (1.1.1.1) (Process ID 100)
Router Link States (Area 1)
Link ID ADV Router Age Seq# Checksum Link count
1.1.1.1 1.1.1.1 690 0x8000000D 0x007847 5
103.103.103.3 103.103.103.3 879 0x80000009 0x006DEE 2
200.200.200.2 200.200.200.2 1040 0x8000000A 0x00789F 2
Summary Net Link States (Area 1)
Link ID ADV Router Age Seq# Checksum
2.2.2.2 103.103.103.3 108 0x80000001 0x00F583
2.2.2.2 200.200.200.2 108 0x80000001 0x00DA7B
10.10.22.0 103.103.103.3 98 0x80000001 0x005AFD
10.10.22.0 200.200.200.2 98 0x80000001 0x003FF5
R1#
R1#sh ip ospf databa summ 2.2.2.2
OSPF Router with ID (1.1.1.1) (Process ID 100)
Summary Net Link States (Area 1)
Routing Bit Set on this LSA in topology Base with MTID 0
LS age: 133
Options: (No TOS-capability, DC, Downward)
LS Type: Summary Links(Network)
Link State ID: 2.2.2.2 (summary Network Number)
Advertising Router: 103.103.103.3
...
Routing Bit Set on this LSA in topology Base with MTID 0
LS age: 133
Options: (No TOS-capability, DC, Downward)
LS Type: Summary Links(Network)
Link State ID: 2.2.2.2 (summary Network Number)
Advertising Router: 200.200.200.2
R1#
PE3#sh ip ospf 100 databa
OSPF Router with ID (103.103.103.3) (Process ID 100)
Router Link States (Area 1)
Link ID ADV Router Age Seq# Checksum Link count
1.1.1.1 1.1.1.1 649 0x8000000D 0x007847 5
103.103.103.3 103.103.103.3 836 0x80000009 0x006DEE 2
200.200.200.2 200.200.200.2 1000 0x8000000A 0x00789F 2
Summary Net Link States (Area 1)
Link ID ADV Router Age Seq# Checksum
2.2.2.2 103.103.103.3 65 0x80000001 0x00F583
2.2.2.2 200.200.200.2 67 0x80000001 0x00DA7B
10.10.22.0 103.103.103.3 55 0x80000001 0x005AFD
10.10.22.0 200.200.200.2 57 0x80000001 0x003FF5
PE3#
PE3#sh ip ospf databa summ 2.2.2.2
OSPF Router with ID (103.103.103.3) (Process ID 100)
Summary Net Link States (Area 1)
LS age: 146
Options: (No TOS-capability, DC, Downward)
LS Type: Summary Links(Network)
Link State ID: 2.2.2.2 (summary Network Number)
Advertising Router: 103.103.103.3
...
LS age: 148
Options: (No TOS-capability, DC, Downward)
LS Type: Summary Links(Network)
Link State ID: 2.2.2.2 (summary Network Number)
Advertising Router: 200.200.200.2
...
PE3#
This down bit is present only in the LSA3. LSA5 and LSA7 doesnt have this bit in its headers.
Let’s check this statement making PE2 and PE3 redistribute the route as LSA5. In order to do that, I will change the ospf-domain in PE1:
PE1#conf term PE1(config)#router ospf 100 PE1(config-router)#domain-id 1.1.1.1 PE1(config-router)#end PE1#
R1#sh ip ospf data
OSPF Router with ID (1.1.1.1) (Process ID 100)
Router Link States (Area 1)
Link ID ADV Router Age Seq# Checksum Link count
1.1.1.1 1.1.1.1 898 0x8000000D 0x007847 5
103.103.103.3 103.103.103.3 1087 0x80000009 0x006DEE 2
200.200.200.2 200.200.200.2 1249 0x8000000A 0x00789F 2
Type-5 AS External Link States
Link ID ADV Router Age Seq# Checksum Tag
2.2.2.2 103.103.103.3 56 0x80000001 0x009F19 3489725929
2.2.2.2 200.200.200.2 56 0x80000001 0x008411 3489725929
10.10.22.0 103.103.103.3 66 0x80000001 0x000493 3489725929
10.10.22.0 200.200.200.2 66 0x80000001 0x00E88B 3489725929
R1#
R1#sh ip ospf databa extern 2.2.2.2
OSPF Router with ID (1.1.1.1) (Process ID 100)
Type-5 AS External Link States
Routing Bit Set on this LSA in topology Base with MTID 0
LS age: 64
Options: (No TOS-capability, DC)
LS Type: AS External Link
Link State ID: 2.2.2.2 (External Network Number )
Advertising Router: 103.103.103.3
...
Routing Bit Set on this LSA in topology Base with MTID 0
LS age: 64
Options: (No TOS-capability, DC)
LS Type: AS External Link
Link State ID: 2.2.2.2 (External Network Number )
Advertising Router: 200.200.200.2
...
R1#
PE3#sh ip ospf 100 datab
OSPF Router with ID (103.103.103.3) (Process ID 100)
Router Link States (Area 1)
Link ID ADV Router Age Seq# Checksum Link count
1.1.1.1 1.1.1.1 851 0x8000000D 0x007847 5
103.103.103.3 103.103.103.3 1038 0x80000009 0x006DEE 2
200.200.200.2 200.200.200.2 1202 0x8000000A 0x00789F 2
Type-5 AS External Link States
Link ID ADV Router Age Seq# Checksum Tag
2.2.2.2 103.103.103.3 7 0x80000001 0x009F19 3489725929
2.2.2.2 200.200.200.2 9 0x80000001 0x008411 3489725929
10.10.22.0 103.103.103.3 17 0x80000001 0x000493 3489725929
10.10.22.0 200.200.200.2 19 0x80000001 0x00E88B 3489725929
PE3#
PE3#sh ip ospf 100 databa extern 2.2.2.2
OSPF Router with ID (103.103.103.3) (Process ID 100)
Type-5 AS External Link States
LS age: 30
Options: (No TOS-capability, DC)
LS Type: AS External Link
Link State ID: 2.2.2.2 (External Network Number )
Advertising Router: 103.103.103.3
...
LS age: 32
Options: (No TOS-capability, DC)
LS Type: AS External Link
Link State ID: 2.2.2.2 (External Network Number )
Advertising Router: 200.200.200.2
...
PE3#
In order to check if LSA7 has this bit, I change the area type and redistribution in PE2 and PE3:
PE2(config)#router ospf 100 PE2(config-router)#redis bgp 65001 sub nssa-only PE2(config-router)#area 1 nssa PE2(config-router)#end PE2#
PE3(config)#router ospf 100 PE3(config-router)#redis bgp 65001 sub nssa-only PE3(config-router)#area 1 nssa PE3(config-router)#end PE3#
R1#sh ip ospf databa
OSPF Router with ID (1.1.1.1) (Process ID 100)
Router Link States (Area 1)
Link ID ADV Router Age Seq# Checksum Link count
1.1.1.1 1.1.1.1 75 0x80000010 0x00189E 5
103.103.103.3 103.103.103.3 80 0x8000000B 0x000F45 2
200.200.200.2 200.200.200.2 80 0x8000000C 0x001AF5 2
Type-7 AS External Link States (Area 1)
Link ID ADV Router Age Seq# Checksum Tag
2.2.2.2 103.103.103.3 10 0x80000001 0x003E54 3489725929
2.2.2.2 200.200.200.2 10 0x80000001 0x000869 3489725929
10.10.22.0 103.103.103.3 223 0x80000002 0x00A0CF 3489725929
10.10.22.0 200.200.200.2 190 0x80000001 0x006CE3 3489725929
R1#
R1#sh ip ospf datab nssa-external 2.2.2.2
OSPF Router with ID (1.1.1.1) (Process ID 100)
Type-7 AS External Link States (Area 1)
Routing Bit Set on this LSA in topology Base with MTID 0
LS age: 28
Options: (No TOS-capability, No Type 7/5 translation, DC)
LS Type: AS External Link
Link State ID: 2.2.2.2 (External Network Number )
Advertising Router: 103.103.103.3
...
Routing Bit Set on this LSA in topology Base with MTID 0
LS age: 28
Options: (No TOS-capability, No Type 7/5 translation, DC)
LS Type: AS External Link
Link State ID: 2.2.2.2 (External Network Number )
Advertising Router: 200.200.200.2
...
R1#
The down bit helps prevent routing loops between MP-BGP and OSPF when LSA3 are used, but not when external routes are announced.
So then, how are routing loops avoided when external routes are present? Well, with LSA5 and LSA7 there is a new field checked to avoid loops. This is called the tag field:
PE3#sh ip ospf 100 datab
OSPF Router with ID (103.103.103.3) (Process ID 100)
Router Link States (Area 1)
Link ID ADV Router Age Seq# Checksum Link count
1.1.1.1 1.1.1.1 834 0x80000010 0x00189E 5
103.103.103.3 103.103.103.3 837 0x8000000B 0x000F45 2
200.200.200.2 200.200.200.2 839 0x8000000C 0x001AF5 2
Type-7 AS External Link States (Area 1)
Link ID ADV Router Age Seq# Checksum Tag
2.2.2.2 103.103.103.3 19 0x80000001 0x003E54 3489725929
2.2.2.2 200.200.200.2 11 0x80000004 0x00026C 3489725929
10.10.22.0 103.103.103.3 19 0x80000001 0x00A2CE 3489725929
10.10.22.0 200.200.200.2 11 0x80000004 0x0066E6 3489725929
When a PE redistributes a route from MP-BGP into OSPF as LSA5 or LSA7, it adds a tag to the route (tag 3989725929 by default). So if another PE receives an LSA5 or LSA7 with this tag, it doesn’t redistribute it back into MP-BGP: Of course, we may change the value of the tag to any other value. This is done when configuring the redistribution under ospf process:
PE2#conf term PE2(config)#router ospf 100 PE2(config-router)# redistribute bgp 65001 subnets tag 100 PE2(config-router)#end PE2#
I hope it’s a little bit clearer now 
