BGP SoO

BGP  have loops prevention mechanisms embedded , and we have tools to bypass this aspect of BGP, such as AS-Override or the allowas-in, SOO Extended Community is a loop prevention mechanism needed only for customer networks with multihomed sites. Loops can never occur in stub sites, the SOO Attribute,is used to prevent loops, when EBGP is running between the PE and CE routers, and this attribute is configured using a route-map. Now if the PE-CE routing protocol is not BGP we configure SOO under vrf interface by ip vrf sitemap command.
router bgp 123
!
address-family ipv4 vrf CCIESP
neighbor 6.6.6.6 remote-as 999
neighbor 6.6.6.6 route-map SETSOO in
!
route-map SETSOO permit 10 set extcommunity soo 96:96
BGP SOO Link
NON BGP Example:
here are three ways to configure an SoO value for a BGP neighbor:
BGP peer policy template-A peer policy template is created, and an SoO
value is configured as part of the peer policy. Under address family IPv4
VRF, a neighbor is identified and is configured to inherit the peer policy
that contains the SoO value.
BGP neighbor command-Under address family IPv4 VRF, a neighbor is
identified, and an SoO value is configured for the neighbor.
BGP peer group-Under address family IPv4 VRF, a BGP peer group is
configured, an SoO value is configured for the peer group, a neighbor is
identified, and the neighbor is configured as a member of the peer group.
The configuration of SoO values for BGP neighbors is performed on a provider
edge (PE) router, which is the VPN entry point. When SoO is enabled, the PE
router forwards prefixes to the customer premises equipment (CPE) only when
the SoO tag of the prefix does not match the SoO tag configured for the CPE.
Say we have
We get from one of the PEs this
R9(config)#
BGP: Import walker start version 2, end version 3
BGP: … start import cfg version = 0
R9(config)#
BGP: Import walker start version 3, end version 4
BGP: … start import cfg version = 0
R9(config)#do show ip bgp 7.7.7.7
% Network not in table
R9(config)#do show ip bgp vpnv4 all 7.7.7.7
BGP routing table entry for 9:7:7.7.7.7/32, version 4
Paths: (1 available, best #1, table R7)
Flag: 0x820
Advertised to update-groups:
2
78
10.1.79.7 from 10.1.79.7 (10.1.79.7)
Origin IGP, metric 0, localpref 100, valid, external, best
Extended Community: SoO:78:78 RT:107:107
mpls labels in/out 17/nolabel
and from the other PE the following
R10(config-router-af)#
*Jun  2 13:40:53.523: BGP: Import walker start version 3, end version 5
*Jun  2 13:40:53.523: BGP: … start import cfg version = 0
R10(config-router-af)#no servi time
R10(config)#
BGP: Import walker start version 5, end version 6
BGP: … start import cfg version = 0
BGP(2): 10.1.108.8 soo loop detected for 7.7.7.7/32 – sending unreachable
R10(config)#
BGP: Import walker start version 6, end version 7
BGP: … start import cfg version = 0
R10(config)#
See the soo loop detected for 7.7.7.7/32
In R10 we have
BGP routing table entry for 10:8:7.7.7.7/32, version 7
Paths: (1 available, best #1, table R8)
Not advertised to any peer
78, imported path from 9:7:7.7.7.7/32
9.9.9.9 (metric 2) from 9.9.9.9 (9.9.9.9)
Origin IGP, metric 0, localpref 100, valid, internal, best
Extended Community: SoO:78:78 RT:107:107
mpls labels in/out nolabel/17
So in this example, an SoO tag is set as 78:78 for the customer site that
includes routers CPE1 and CPE2 with an autonomous system number of 65000.
When CPE1 sends prefixes to PE1, PE1 tags the prefixes with 78:78, which is
the SoO tag for CPE1 and CPE2. When PE1 sends the tagged prefixes to PE2,
PE2 performs a match against the SoO tag from CPE2. Any prefixes with the
tag value of 78:78 are not sent to CPE2 because the SoO tag matches the SoO
tag of CPE2, and a routing loop is avoided. (that is what we see from BGP:
.. start import cfg version = 0 BGP(2): 10.1.108.8 soo loop detected for
7.7.7.7/32 – sending unreachable)

BGP  have loops prevention mechanisms embedded , and we have tools to bypass this aspect of BGP, such as AS-Override or the allowas-in, SOO Extended Community is a loop prevention mechanism needed only for customer networks with multihomed sites. Loops can never occur in stub sites, the SOO Attribute,is used to prevent loops, when EBGP is running between the PE and CE routers, and this attribute is configured using a route-map. Now if the PE-CE routing protocol is not BGP we configure SOO under vrf interface by ip vrf sitemap command, pleease click here to see an example.

router bgp 123
!
address-family ipv4 vrf CCIESP
neighbor 6.6.6.6 remote-as 999
neighbor 6.6.6.6 route-map SETSOO in
!
route-map SETSOO permit 10 set extcommunity soo 96:96

There are three ways to configure an SoO value for a BGP neighbor:

1.- BGP peer policy template-A peer policy template is created, and an SoO value is configured as part of the peer policy. Under address family IPv4 VRF, a neighbor is identified and is configured to inherit the peer policy that contains the SoO value.

2.- BGP neighbor command-Under address family IPv4 VRF, a neighbor is identified, and an SoO value is configured for the neighbor.

3.- BGP peer group-Under address family IPv4 VRF, a BGP peer group is  configured, an SoO value is configured for the peer group, a neighbor is identified, and the neighbor is configured as a member of the peer group. The configuration of SoO values for BGP neighbors is performed on a provider edge (PE) router, which is the VPN entry point. When SoO is enabled, the PE  router forwards prefixes to the customer premises equipment (CPE) only when the SoO tag of the prefix does not match the SoO tag configured for the CPE.

Say we want to configure the 1 method as an example

ASSoO

Here, In this example, an SoO tag is set as 1:1 for the customer site that includes routers CPE1 and CPE2 with an autonomous system number of 78. When CPE1 sends prefixes to PE1, PE1 tags the prefixes with 1:1, which is the SoO tag for CPE1 and CPE2. When PE1 sends the tagged prefixes to PE2,  PE2 performs a match against the SoO tag from CPE2. Any prefixes with the tag value of 1:1 are not sent to CPE2 because the SoO tag matches the SoO tag of CPE2, and a routing loop is avoided. (that is we see from BGP: .. start import cfg version = 0 BGP(2): 10.1.108.8 soo loop detected for  7.7.7.7/32 – sending unreachable)

A Networker Blog

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s