Sunday, June 23, 2013

BGP redistribution to OSPF automatic route Tagging

When redistributing from plain BGP to OSPF, Cisco IOS tends to Tag that external route with the AS of the Best Route in BGP table. This mechanism is heavily in MPLS PE-CE networks as a loop prevention mechanism, though this post is about plain IP network which is just analysis of how it's done

Here's the Lab topology I decided to test out that feature:



Now let's see the subnet between R4 and R11 in the  BGP table of R2

R2#show ip bgp 10.4.11.0
BGP routing table entry for 10.4.11.0/24, version 4
Paths: (2 available, best #2, table default)
  Advertised to update-groups:
     1
  300
    10.2.11.11 from 10.2.11.11 (11.11.11.11)
      Origin incomplete, metric 0, localpref 100, valid, external
  200
    10.2.4.4 from 10.2.4.4 (4.4.4.4)
      Origin incomplete, metric 0, localpref 100, valid, external, best

It seems that R2 prefers the prefix coming from R4 in AS 200 because of the lowest originator-id. 

Now let's redistribute BGP into OSPF on R2

router ospf 1
 log-adjacency-changes
 redistribute bgp 100 subnets
R2 is now considered an ASBR to OSPF process 1, now we should see the prefix 10.4.11.0/24 tagged with AS-200 automatically

R2#show ip ospf database external 10.4.11.0
            OSPF Router with ID (2.2.2.2) (Process ID 1)
                Type-5 AS External Link States
  LS age: 47
  Options: (No TOS-capability, DC)
  LS Type: AS External Link
  Link State ID: 10.4.11.0 (External Network Number )
  Advertising Router: 2.2.2.2
  LS Seq Number: 80000002
  Checksum: 0xDCEB
  Length: 36
  Network Mask: /24
        Metric Type: 2 (Larger than any link state path)
        MTID: 0
        Metric: 1
        Forward Address: 0.0.0.0
        External Route Tag: 200
Now let's simulate that the neighborship between R2 and R4 is down, R2 should see one route to 10.4.11.0/24 through R11 and select that as the best, eventually the route should be tagged to the AS of R11 which is 300

 R2#show run | s router bgp
router bgp 100
 no synchronization
 bgp log-neighbor-changes
 neighbor 10.2.4.4 remote-as 200
 neighbor 10.2.4.4 shutdown
 neighbor 10.2.11.11 remote-as 300
R2#show ip bgp 10.4.11.0
BGP routing table entry for 10.4.11.0/24, version 18
Paths: (1 available, best #1, table default)
  Not advertised to any peer
  300
    10.2.11.11 from 10.2.11.11 (11.11.11.11)
      Origin incomplete, metric 0, localpref 100, valid, external, best
Now that R2 can only one path to 10.4.11.0/24 through R11, let's see how that prefix looks like in the OSPF database

R2#show ip ospf database external 10.4.11.0

            OSPF Router with ID (2.2.2.2) (Process ID 1)

                Type-5 AS External Link States

  LS age: 168
  Options: (No TOS-capability, DC)
  LS Type: AS External Link
  Link State ID: 10.4.11.0 (External Network Number )
  Advertising Router: 2.2.2.2
  LS Seq Number: 80000003
  Checksum: 0xE87A
  Length: 36
  Network Mask: /24
        Metric Type: 2 (Larger than any link state path)
        MTID: 0
        Metric: 1
        Forward Address: 0.0.0.0
        External Route Tag: 300

This technique is used in what is called a Domain-Tag. As previously mention at the beginning of the post, to prevent loops between PE and CE routers.

I'll write a more detailed post on OSPF as a PE CE protocol and how the route tagging is used.