RE: BGP SOO

Hi Splinter,

There are three ways to configure an SoO value for a BGP neighbor:

BGP peer policy template-A peer policy template is created, and an SoO
value is configured as part of the peer policy. Under address family IPv4
VRF, a neighbor is identified and is configured to inherit the peer policy
that contains the SoO value.

BGP neighbor command-Under address family IPv4 VRF, a neighbor is
identified, and an SoO value is configured for the neighbor.

BGP peer group-Under address family IPv4 VRF, a BGP peer group is
configured, an SoO value is configured for the peer group, a neighbor is
identified, and the neighbor is configured as a member of the peer group.

The configuration of SoO values for BGP neighbors is performed on a provider
edge (PE) router, which is the VPN entry point. When SoO is enabled, the PE
router forwards prefixes to the customer premises equipment (CPE) only when
the SoO tag of the prefix does not match the SoO tag configured for the CPE.

Say we have CPE1 (R7) --- Pe1 (R9) mpls network Pe2 (R10)-- CPE2 (R8); and
R7 and R8 have a link in between

We get from one of the PEs this

R9(config)#
BGP: Import walker start version 2, end version 3
BGP: ... start import cfg version = 0
R9(config)#
BGP: Import walker start version 3, end version 4
BGP: ... start import cfg version = 0
R9(config)#do show ip bgp 7.7.7.7
% Network not in table
R9(config)#do show ip bgp vpnv4 all 7.7.7.7
BGP routing table entry for 9:7:7.7.7.7/32, version 4
Paths: (1 available, best #1, table R7)
Flag: 0x820
  Advertised to update-groups:
     2
  78
    10.1.79.7 from 10.1.79.7 (10.1.79.7)
      Origin IGP, metric 0, localpref 100, valid, external, best
      Extended Community: SoO:78:78 RT:107:107
      mpls labels in/out 17/nolabel

and from the other PE the following

R10(config-router-af)#
*Jun 2 13:40:53.523: BGP: Import walker start version 3, end version 5
*Jun 2 13:40:53.523: BGP: ... start import cfg version = 0
R10(config-router-af)#no servi time
R10(config)#
BGP: Import walker start version 5, end version 6
BGP: ... start import cfg version = 0
BGP(2): 10.1.108.8 soo loop detected for 7.7.7.7/32 - sending unreachable
R10(config)#
BGP: Import walker start version 6, end version 7
BGP: ... start import cfg version = 0
R10(config)#

See the soo loop detected for 7.7.7.7/32

In R10 we have
BGP routing table entry for 10:8:7.7.7.7/32, version 7
Paths: (1 available, best #1, table R8)
  Not advertised to any peer
  78, imported path from 9:7:7.7.7.7/32
    9.9.9.9 (metric 2) from 9.9.9.9 (9.9.9.9)
      Origin IGP, metric 0, localpref 100, valid, internal, best
      Extended Community: SoO:78:78 RT:107:107
      mpls labels in/out nolabel/17

So in this example, an SoO tag is set as 78:78 for the customer site that
includes routers CPE1 and CPE2 with an autonomous system number of 65000.
When CPE1 sends prefixes to PE1, PE1 tags the prefixes with 78:78, which is
the SoO tag for CPE1 and CPE2. When PE1 sends the tagged prefixes to PE2,
PE2 performs a match against the SoO tag from CPE2. Any prefixes with the
tag value of 78:78 are not sent to CPE2 because the SoO tag matches the SoO
tag of CPE2, and a routing loop is avoided. (that is what we see from BGP:
.. start import cfg version = 0 BGP(2): 10.1.108.8 soo loop detected for
7.7.7.7/32 - sending unreachable)

Just my 2 cents

Thanks!

Victor Cappuccio.-
vcappucc_at_cisco.com
CCIE(R/S) #20657
Business Support Engineer
Cisco Small Business Support.

Cisco Technical Support Website: http://www.cisco.com/techsupport
Cisco TAC Service Request Tool:
http://www.cisco.com/techsupport/servicerequest
Cisco Technical Support Newsletter:
http://www.cisco.com/techsupport/newsletter

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
Splinter
Sent: martes, 02 de junio de 2009 10:23
To: Victor Cappuccio
Cc: Cisco certification
Subject: Re: BGP SOO

can this be used with network statement? or do i have to do an ACL then use
the neighbour statement.

for example: which one would be the correct way?

router bgp 2009
address-family ipv4
network 10.10.10.0 mask 255.255.255.0 route-map SOO

route-map SOO permit 10
set extcommunity soo 1000:10000

or

router bgp 2009
address-family ipv4
neighbour 172.10.10.1 route-map SOO

access-list 5 permit 10.10.10.0 0.0.0.255

route-map SOO permit 10
match ip address 5
set extcommunity soo 1000:1000

route-map SOO permit 20

thank you

Splinter

On Mon, Jun 1, 2009 at 8:34 PM, Victor Cappuccio
<vcappuccio_at_gmail.com>wrote:

> Hi,
>
> BGP have loops prevention mechanisms embedded , and we have tools to
> bypass this aspect of BGP, such as AS-Override or the allowas-in, SOO
> Extended Community is a loop prevention mechanism needed only for customer
> networks with multihomed sites. Loops can never occur in stub sites, the
SOO
> Attribute,is used to prevent loops, when EBGP is running between the PE
and
> CE routers, and this attribute is configured using a route-map. Now if the
> PE-CE routing protocol is not BGP we configure SOO under vrf interface by
ip
> vrf sitemap command.
>
>
> router bgp 123
> !
> address-family ipv4 vrf CCIESP
> neighbor 6.6.6.6 remote-as 999
> neighbor 6.6.6.6 route-map SETSOO in
> !
> route-map SETSOO permit 10 set extcommunity soo 96:96
>
> BGP SOO Link
> http://www.cisco.com/en/US/docs/ios/12_4t/12_4t11/htbgpsoo.html#wp1055228
> NON BGP Example:
> http://wiki.nil.com/Multihomed_MPLS_VPN_sites_running_EIGRP
>
> HTH
>
> thanks,Victor.-
>
> On Mon, Jun 1, 2009 at 6:34 PM, Splinter <splinter330_at_gmail.com> wrote:
>
>> Hi all,
>>
>> Is BGP Site-of-Origin only used with MPLS VPN or can this feature also be
>> used in IPV4 BGP?
>>
>>
>>
>> Splinter
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>>
>
>
> --
> Victor Cappuccio
> CCIE R/S# 20657
> CCSI# 30452
> www.anetworkerblog.com
> www.linkedin.com/in/vcappuccio

Blogs and organic groups at http://www.ccie.net
Received on Tue Jun 02 2009 - 13:48:25 ART