Re: bgp soo and route-maps from Shawn Zandi on 2010-09-10 (Ccielab archives 09/2010)

From: Shawn Zandi <szmetal_at_gmail.com>
Date: Fri, 10 Sep 2010 22:33:15 +0400

Piotr,
As far as I know, the protocol itself performs the filtering, so if there's
a SSO match, route will be dropped. If there's no match route is accepted. I
don't understand why filtering is performed manually in your example.

"The configuration of SoO values for BGP neighbors is performed on a
provider edge (PE) router, which is the VPN entry point. When SoO is
enabled, the PE router forwards prefixes to the customer premises equipment
(CPE) only when the SoO tag of the prefix does not match the SoO tag
configured for the CPE."
http://www.cisco.com/en/US/docs/ios/iproute_bgp/configuration/guide/irg_neighbor_soo.html#wp1054689

-- 
-- 
Sincerely,
Shawn Zandi
Network Architect and Consultant
Cisco Certified CCIE x2 (R&S + Security)
Juniper JNCIS x2 (ER & SEC) - Foundry/Brocade BCNE - Procurve Master ASE
(MASE)
web: http://www.shafagh.com
blog: http://blog.shafagh.com
email: shafagh_at_shafagh.com
On Fri, Sep 10, 2010 at 8:49 PM, Piotr Malarski <piotr.malarski.99_at_gmail.com
> wrote:
> Hello,
>
> I need a clarification about bgp soo. In the example below R4 and R5 are
> connected with two links 10.1.45.0/24 and 10.1.100.0/24:
>
> R4 (PE)===========R5 (CE)
> AS65001           AS6015
>
> R5 (CE) advertises network 5.0.0.0.
> The problem is that R5 (CE) receives it's own route redistributed back from
> R4:
> R5#
> R5#sh ip bgp | b Network
>   Network          Next Hop            Metric LocPrf Weight Path
> *  5.0.0.0          10.1.100.4                             0 65001 65001 i
> *>                  0.0.0.0                  0         32768 i
> R5#
>
> To remediate, SOO is configured on R4:
>
> 1. Route-map is configured:
>
> route-map SOO-IN permit 10
>  set extcommunity soo 1:100
>
> 2. Route map is applied:
>
> router bgp 65001
> !
>  address-family ipv4 vrf CB
>  neighbor 10.1.45.5 route-map SOO-IN in
>  neighbor 10.1.100.5 route-map SOO-IN in
>
> AT THIS POINT the problem is solved. R5 does not contain it's own route
> back
> from R4:
>
> R5#sh ip bgp | b Network
>   Network          Next Hop            Metric LocPrf Weight Path
> *> 5.0.0.0          0.0.0.0                  0         32768 i
>
> HOWEVER the workbook goes extra few steps and confiures additional
> filtering
> on PE OUT to CE:
>
> ip extcommunity-list 1 permit soo 1:105
> route-map SOO-OUT deny 10
>  match extcommunity 1
> route-map SOO-OUT permit 99
> !
> router bgp 65001
> !
>  address-family ipv4 vrf CB
>  neighbor 10.1.45.5 route-map SOO-OUT out
>  neighbor 10.1.100.5 route-map SOO-OUT out
> My question is why second route-map OUT is configured on PE. It looks like
> only marking on PE incoming routes with ext community soo works OK.
Blogs and organic groups at http://www.ccie.net

Received on Fri Sep 10 2010 - 22:33:15 ART

This archive was generated by hypermail 2.2.0 : Fri Oct 01 2010 - 05:58:05 ART