The down bit is only used in Type-3 LSAs. If the router has a VRF-aware OSPF process and a Type-3 LSA is received with the down bit, the LSA will continue to be flooded, but it will not be installed in the routing table. This prevents a Type-3 LSA from being redistributed from VPNv4 into OSPF, and then back from OSPF into VPNv4. You don't have to configure anything to set the down bit, it is required per the standard to be automatically set anytime a Type-3 LSA is originated from VPNv4 BGP into OSPF on the PE. "capability vrf-lite" says that these routes can be installed in the routing table even if they have the down bit. This should be set on any device (typically the CE) that has a VRF-aware OSPF process, but is not redistributing into VPNv4 BGP.
For Type-5 LSAs, the BGP AS is automatically encoded in the route tag value as the domain-tag. This prevents a Type-5 LSA from being redistributed from VPNv4 into OSPF, and then back from OSPF into VPNv4.
For more info see http://tools.ietf.org/html/rfc4577#section-4.2.5
HTH,
Brian McGahan, CCIE #8593 (R&S/SP/Security)
bmcgahan_at_INE.com
Internetwork Expert, Inc.
http://www.INE.com
-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of ALL From_NJ
Sent: Tuesday, March 08, 2011 11:22 PM
To: dia.aliou_at_gmail.com
Cc: Malik Nouman Ahmad; Cisco certification
Subject: Re: Capability vrf-lite
Hey team,
Nice email thread. To make sure I understand, do please let me know if I
have this right.
A CE or OSPF routing domain has multiple VRFs. These routes have been
advertised the to the PE. Since these come from another VRF previously,
they have the DN bit set for type 3, 5, and 7.
The PE would normally drop these since it believes there is a loop ... but
this feature tells the PE to not drop these and allow these LSAs. So this
needs to be configured only on the PE? That is a little confusing to me.
Is this correct?
This link is good:
http://www.cisco.com/en/US/docs/ios/12_0st/12_0st21/feature/guide/ospfvrfl.html
Towards the end of this link it has the justification for this feature.
Do please let me know if I understand this right. From the lab perspective,
I would imagine having a PE to CE ospf link, and somewhere in the OSPF
domain, there is a multiVRF scenario and redistribution into the OSPF domain
is occurring.
I appreciate your respond in advance! Have a good night,
Andrew
.
On Tue, Mar 8, 2011 at 4:27 AM, dia.aliou_at_gmail.com <dia.aliou_at_gmail.com>wrote:
> Hi Malick,
>
> Summary LSAs generated from the routes redistributed from BGP have special
> down-bit set in LSA headers. This is used to prevent routing loops. If the
> other PE receive a route with the down-bit set on an interface that belong
> to a vrf it drops this LSA.
> If your CE is configured with multiple vrf in this situation you need to
> disable the loop prevention capability using "capability vrf-lite" under
> ospf process.
>
> HTH,
>
> Aliou
>
> On 7 March 2011 23:49, Malik Nouman Ahmad <djmalik_at_gmail.com> wrote:
>
> > Hi,
> >
> > I am trying to understand the concept of "capability vrf-lite" but
> couldn't
> > simply get it. I was reading on the internet and everywhere they are
> > talking
> > about DOWN bit and stuff
> >
> > Can anybody explain why is it needed? Suppose we have CE1-PE1-PE2-CE2
> > connectivity with PE-CE protocol as OSPF with same process-ID and MP-iBGP
> > in
> > the core. Technically speaking if process-IDs are same then domain-IDs
> are
> > equal, therefore intra-area and inter-area routes should appear as
> > inter-area routes on the remote CE, while external routes will show up as
> > external on the other side.
> >
> > So again, where and why this feature is required?
> >
> > Thanks,
> > Malik
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
-- Andrew Lee Lissitz all.from.nj_at_gmail.com Blogs and organic groups at http://www.ccie.netReceived on Tue Mar 08 2011 - 23:47:14 ART
This archive was generated by hypermail 2.2.0 : Fri Apr 01 2011 - 06:35:41 ART