What is the purpose of an OSPF route tag

7

OSPF route tags are used in only Virtual Private Network (VPN) scenarios to prevent Type 5 link-state advertisement (LSA) loops in Customer Edge (CE) dual-homing networks.

When OSPF detects that the route tag of a Type 5 LSA is the same as a route tag on the Provider Edge (PE) router, this route is ignored.

When a CE router is connected to two PEs, PE1 sends the Type 5 LSA generated based on the redistributed Border Gateway Protocol (BGP) route. The CE then forwards this LSA to PE 2. Because an OSPF route has a higher priority than a BGP route to the CE, PE 2 replaces the BGP route with the OSPF route. Thus, a routing loop occurs. With a route tag configured, when the PE detects that the route tag of the LSA is the same as that of its route tag, the PE ignores the LSA, thereby avoiding routing loops.

The default route tag is calculated based on the AS numbers in the BGP. If BGP is not configured, the default value of route tag is 0.

Other related questions:
What is the purpose of a tag in an ASE-LSA and NSSA-LSA
In OSPF VPN multiple instances, a link-state advertisement (LSA) tag is used to prevent routing loops between PEs. In OSPF public network instances, the tag field does not prevent routing loops but is used to set the filtering conditions of routing policies. The rules of setting the tags of ASE-LSAs and NSSA-LSAs are as follows: In OSPF multiple instances, the route tag is set through the route-tag command. In OSPF public networks, the route tag is set through the default tag command. In either of the preceding two cases, you can run the import-route tag command to set the tag.

Why configure OSPF route tag on S series switches
For S series switches supporting OSPF, the OSPF router tag is applied to VPNs and prevents loops of Type 5 LSAs in CE dual-homing networking. If the tag of a received Type 5 LSA is the same as the router tag of OSPF on a PE, the PE neglects this LSA when calculating routes. When a CE is connected to two PEs, PE1 generates a Type 5 LSA based on the imported BGP route and sends the LSA to the CE, and the CE forwards the LSA to PE2. The OSPF route takes precedence over the BGP route, so PE2 replaces the BGP route with the OSPF route. As a result, a loop occurs. If the route tag is configured on a PE, when the PE receives an LSA with the same route tag as its own route tag, it neglects this LSA, avoiding loops. By default, the route tag is calculated using the BGP AS number. If BGP is not configured, the route tag is 0. In OSPF public network instances, router tags cannot be used to prevent loops but can be used as a filtering condition in a policy. When setting the router tag of ASE-LSAs and NSSA-LSAs, not the following: The route-tag command is used in the OSPF multi-instance scenario. The default tag command is used in the OSPF public network instance scenario. The import-route tag command can be used in either of the preceding scenarios.

What is the purpose of setting the DN bit in an OSPF LSA
If a Provider Edge (PE) device advertises Type-3, 5, and 7 link-state advertisements (LSAs) to Customer Edge (CE) devices through area 0, the optional high-order bit of these LSAs must be set and called the DN bit. If these LSAs are advertised through an area other than area 0, the DN bit can be set or not set. The DN bit is used to prevent routing loops. A PE ignores any LSA whose DN bit is set. This prevents a routing loop caused when a PE learns from the CE the LSA generated by another PE in CE dual-homing scenarios. PE sets the DN-bit of Type 3, 5, and 7 LSAs and checks the DN-bit of Type 3, 5, and 7 LSAs.

What is the purpose of a domain ID
OSPF domain ID is used in Virtual Private Network (VPN) scenarios. When the domain ID carried by the packet received from the peer is the same as the local one, Type 3 link-state advertisements (LSAs) are generated for Type 1, 2, and 3 LSAs, and Type 5 and 7 LSAs are generated for Type 5 and 7 LSAs (depending on area type). When the Domain ID is the different from the local one, Type 5 or 7 LSAs (depending on area type) are generated for Type 1, 2, and 3 LSAs, and Type 5 and 7 LSAs are generated for Type 5 and 7 LSAs (depending on area type). Before sending routes to a remote CE switch, a PE switch sends Type-3 LSAs or Type-5 LSAs to the CE based on domain ID. If local domain IDs are the same as or compatible with remote domain IDs in BGP routes, the PE advertises Type 3 routes. If local domain IDs are different from or incompatible with remote domain IDs in BGP routes, the PE advertises Type 5 routes.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top