OSPF Loop prevention mechanism for PE/CE routing protocol in MPLS VPN

OSPF Loop prevention mechanism for PE/CE routing protocol in MPLS VPN

If a route sent from a PE router to a CE router could then be received by another PE router from one of its own CE router, there are chances of routing loops. This situation is possible when a "backdoor link" connects two CE routers connected to two different PE routers.

To prevent this, the PE sets the DN bit in any LSA that it sends to the CE router. If the PE router receives any LSA with DN bit set, it ignores the LSA.

1) DN bit:

When a PE router sends a Type-3 LSA to a CE router, the DN bit in LSA Options field must be set. Now if the CE router sends the Type-3 LSA to other PE router(s), the PE router will not redistribute it further.

When a PE router needs to distribute a route to a CE router which comes from the outside of CE router's OSPF domain, the PE router presents itself as an ASBR and distributes the route in Type-5 LSA. The DN bit must be set in the LSA.

The Options field is present in all LSAs. The Options field is 1-byte long as follows-

2) Route Tags (Domain Tags):

In some implementations (where DN bit is not set), Domain Tags (named by Cisco) are used to ensure Type-5 LSAs generated by a PE router will be ignored by other PE routers that may receive it.

The value of Domain tag is configurable and arbitrary if not set. Hence must be distinct from other OSPF tags.

a) If the ASN of the VPN backbone is 16-bits long (IANA assigned 16-bits ASN numbers before 1970), then the default value should be automatically computed tag based on the ASN.

First bit is set to 1 when the Domain tag is set Automatically. 0 if the Domain Tag is configured manually.

c-bit is for Completeness. It is set to 1 when the ORIGIN of the route is either IGP or EGP.

pl (2 bits) are for Path Length. This field is set depending on the length of the PATH that the protocol could have carried when importing the reachability information into the OSPF routing domain. Here it is set to 01.

ArbitraryTag (12 bits) defaults to 0.

AutonomousSystem (16-bits) indicating the AS number corresponding to the set of reachable destinations, 0 if the set of reachable destinations is to be considered as part of Local AS.

b) If the ASN of the VPN backbone is 32-bits long (defined in x.y format where x=0-65535 and y=0-65535), then the default value should be manually configured.

The Domain tag can be configured manually from OSPF router configuration mode using domain-tag <value> command and it must be distinct.

Further reading:

1) RFC 4577: OSPF as PE/CE routing protocol in MPLS VPN http://www.faqs.org/ftp/rfc/pdf/rfc4577.txt.pdf

2) RFC 1745: BGP4 for IP-OSPF interaction http://www.faqs.org/ftp/rfc/pdf/rfc1745.txt.pdf