The dn-bit-check disable command disables OSPF from checking the DN bit in LSAs.
The undo dn-bit-check disable command enables OSPF to check the DN bit in LSAs.
The dn-bit-check disable command disables OSPFv3 from checking the DN bit in LSAs.
The undo dn-bit-check disable command enables OSPFv3 to check the DN bit in LSAs.
By default, OSPF is enabled to check the DN bit in LSAs.
By default, OSPFv3 is enabled to check the DN bit in LSAs.
| Parameter | Description | Value |
|---|---|---|
| ase |
Indicates that the DN bit in ASE LSAs is not checked. |
- |
| nssa |
Indicates that the DN bit in NSSA LSAs is not checked. |
- |
| summary |
Indicates that the DN bit in summary LSAs is not checked. |
- |
| router-id router-id |
Specifies the ID of a device on which the DN bit in summary LSAs is checked. |
The value is in dotted decimal notation. |
Usage Scenario
In the VPN option A scenario, the local PE imports BGP routes to generate LSAs and advertise the generated LSAs to the peer PE. According to standard protocols, setting of the DN bit is restricted. The peer PE may fail to calculate a route. In this situation, you need to use the dn-bit-check disable command to disable OSPF from checking the DN bit in LSAs.
To prevent routing loops, the OSPF multi-instance process uses a bit as a flag. The bit is called DN bit. In a VPN Option A scenario, the local ASBR (ASBR1) imports BGP routes to generate LSAs, advertises the LSAs to the peer ASBR (ASBR2), and exchange OSPFv3 routes with ASBR2. According to the standard protocol, ASBR2 cannot calculate the BGP routes imported by ASBR1 due to the DN bit check mechanism, causing traffic loss. To disable ASBR2 from checking the DN bit in LSAs, run the dn-bit-check disable command. OSPFv3 multi-instance processes use a bit flag called the DN bit to prevent routing loops.Prerequisites
Configuration Impact
After the dn-bit-check disable command is run, routing loops may occur. If the parameter ase or nssa is specified, the DN bit in ASE LSAs or NSSA LSAs is not checked. You can use the route-tag command to set the same tag value to prevent routing loops. Therefore, run the dn-bit-check disable command only in the scenario specified in Usage Scenario.
After the dn-bit-check disable command is run to disable OSPFv3 from checking the DN bit in LSAs, routing loops may occur. If ase or nssa is configured, you can set the same VPN route tag for imported VPN routes using the route-tag command in the OSPFv3 view to prevent routing loops. You are advised to run the dn-bit-check disable command only in VPN Option A scenarios.Precautions
When a PE is connected to an MCE, the MCE does not check the DN bit by default.
The dn-bit-check disable command can be configured only for private OSPF processes. The configuration of this command takes effect only on PEs. The dn-bit-set disable command disables OSPF from checking the DN bit in LSAs on the local PE. The dn-bit-check disable command can be run only in OSPFv3 VPN processes and takes effect only on PEs. When a PE is connected to an MCE, the MCE does not check the DN bit in LSAs by default.<HUAWEI> system-view [~HUAWEI] ip vpn-instance huawei [*HUAWEI-vpn-instance-huawei] ipv4-family [*HUAWEI-vpn-instance-huawei-af-ipv4] quit [*HUAWEI-vpn-instance-huawei] quit [*HUAWEI] ospf 100 vpn-instance huawei [*HUAWEI-ospf-100] dn-bit-check disable summary router-id 1.1.1.1
<HUAWEI> system-view [~HUAWEI] ip vpn-instance huawei [*HUAWEI-vpn-instance-huawei] ipv6-family [*HUAWEI-vpn-instance-huawei-af-ipv6] quit [*HUAWEI-vpn-instance-huawei] quit [*HUAWEI] ospfv3 100 vpn-instance huawei [*HUAWEI-ospfv3-100] dn-bit-check disable summary router-id 1.1.1.1
| Item | Description |
|---|---|
| Check ASE | Enables or disables the check on the DN bit in all ASE LSAs. |
| Check NSSA | Enables or disables the check on the DN bit in NSSA LSAs. |
| Check Summary LSA | Enables or disables the check on the DN bit in summary LSAs. |
| Router ID | ID of a router. The DN bit in summary LSAs generated by this router is not checked. |