I have been trying to get a good understanding of the BGP Site of Origin attribute (not the EIGRP SoO). I understand its idea and implications but there is an issue I could not wrap my head around yet.
Quoting from RFC 4364, Section 8:
We add one more restriction on the distribution of routes from PE to CE: if a route's Site of Origin attribute identifies a particular site, that route must never be redistributed to any CE at that site.
My understanding of this statement is that a site should be identifiable by a particular value of the SoO attribute, or in other words, there should be a way to assign a particular value of the SoO attribute to the entire site. Then, knowing the value of the SoO for the entire site, a route once originated at this site should never be advertised back to it.
This is where my troubles start. We know that there is not a strict one-to-one mapping between a site and a VRF. A site may consist of one or more VRFs and is not actually represented by a single object in the IOS - rather, it is just a collection of VRFs that share routing information in such a way that for mutual communication, the usage of the backbone is not required. There is no representation of the site as a single object in IOS and hence there is no way to assign a particular SoO to the site as a whole. Moreover, the SoO attribute is not even configured on a per-VRF basis, rather, it is pushed onto individual routes received from CE using either a route-map or a per-neighbor configuration. What is the SoO attribute on a particular prefix compared to, then? I simply do not see how an entire VRF or an entire site gets assigned its own unique SoO value for comparison purposes, in a way similar to assigning route distinguishers or route targets on a per-VRF basis.
So my question is: if the SoO attribute is pushed onto routes received from a CE and these routes are advertised to another PE at the same site, how does the another PE know the proper site-wide value of the SoO so that it can compare it to the SoO on received prefixed and not advertise the routes back to the site where they came from? Does the VRF simply "inherit" the SoO of the individual routes as they are received and processed by a route-map set-ting the SoO?
Any help and clarification is much appreciated!
SoO for BGP is "linked" to CE-neighbor. So, when a prefix needs to be advertised to a CE neighbor, we check the SoO of the prefix with the SoO of the BGP neighbor. For anything else, it is linked to interface.
The configuration can be done in four ways (the setting of the SoO and the check for the SoO is linked to that) :
1) "route-map in" on CE BGP neighbor command
2) directly on the CE BGP neighbor command
3) sitemap on VRF interface and redistribution of IGP (static) into BGP and IGP (static) routes point to this interface
4) sitemap on VRF interface and network command
General principle (but you know this):
Using a route-map and setting different SoO's for different prefixes coming from the same BGP neighbor does not make much sense, so I guess we were never bothered with the possible non-uniqueness in the configuration when looking at what a "site" is.