Problem Description

S9706 replace the existing network Cisco 3560 switch, due to customer demand, configure a VPN instance on the S9706 for routing isolation, S9706 and the existing network C7606 running OSPF protocols, OSPF on the S9706 running in the VPN instance, after the completion of the replacement of a service found to be unavailable

Alarm information

None

Processing

1. Check the routing table of S9706, and the route of this service is not learned.

2. Check the routes of C7606 and find that there are routes for this service.

3. Check the LSDB of S9706's type ase, and find that the route information of this service exists in the LSDB and set DN Bit.

Root Cause

When OSPF VPN multi-instance is deployed on the device, if there are Type3, Type5, or Type7 LSAs with DN Bit set in them, these routes cannot be calculated because OSPF performs anti-loop detection for route calculation.

Solution

In this case, you can cancel OSPF route loop detection by configuring the vpn-instance-capability simple command, which calculates all OSPF routes directly without checking DN Bit and Route-tag, and restores Route-tag to the default value of 1.

Recommendations and Summary

When interfacing with Cisco devices and configuring OSPF VPN instances, you need to pay attention to whether DN Bit is set in the ype3, type5, or type7 LSAs, and if it is not necessary to set it, but there exists the application of vpn-instance-capability simple to disable route loop detection and directly perform route calculation.