MP-BGP SOO Community

Answered Question
Jan 25th, 2006

HI,

I wanna ask about what is the actual use from appliy the Soo community on the incoming routes also how its working i mean how its attached and how its travel the path.

I have this problem too.
0 votes
Correct Answer by pkhatri about 8 years 2 months ago

The Site of Origin attribute is used mainly to prevent routing loops for multihomed sites i.e. sites with multiple links to the MPLS VPN backbone. All routes learned from the site are then given this attribute so that the PE can uniquely identify which site the route came from. In such cases, all routes learned from that site must be given the same attribute, even if links from that site come in on different PE routers. When routes are learned from the site, they are propagated into BGP together with this attribute. Therefore, when advertising routes to the multihomed site, routes that carry the same So) attribute as the site will not be injected. This helps to prevent routing loops.

The SoO attribute is not used for singly homed sites.

In a nutshell, the So) attribute prevents a multihomed site from learning routes that it itself injected into the VPN.

Hope that helps - pls rate the post if it does.

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (5 ratings)
Correct Answer
pkhatri Wed, 01/25/2006 - 04:45

The Site of Origin attribute is used mainly to prevent routing loops for multihomed sites i.e. sites with multiple links to the MPLS VPN backbone. All routes learned from the site are then given this attribute so that the PE can uniquely identify which site the route came from. In such cases, all routes learned from that site must be given the same attribute, even if links from that site come in on different PE routers. When routes are learned from the site, they are propagated into BGP together with this attribute. Therefore, when advertising routes to the multihomed site, routes that carry the same So) attribute as the site will not be injected. This helps to prevent routing loops.

The SoO attribute is not used for singly homed sites.

In a nutshell, the So) attribute prevents a multihomed site from learning routes that it itself injected into the VPN.

Hope that helps - pls rate the post if it does.

olorunloba Wed, 01/25/2006 - 05:53

Question - Therefore, when advertising routes to the multihomed site, routes that carry the same So) attribute as the site will not be injected.

Is this automatic or have to be configured?

mounir.mohamed Wed, 01/25/2006 - 06:06

The router will drop the routes that attached with the same SOO because this is the concept of the SOO to prevent routing loop because the loop prevent mechanisms had bypass with the As-overried & Allowas-in, so once you configured the SOO the router will not accept the routes that have the same Soo automaticly.

Best Regards,

Mounir Mohamed

mheusinger Wed, 01/25/2006 - 08:47

Hello,

here is a sample config highlighting what to do:

! Copy Right by Martin Heusinger

! Martin.Heusinger@globalknowledge.de

!

ip vrf CE11

rd 100:1

route-target export 100:101

route-target import 100:101

interface Serial1/1

ip vrf forwarding CE11

ip address 10.1.11.1 255.255.255.252

router bgp 100

!

address-family ipv4 vrf CE11

neighbor 10.1.11.2 remote-as 65001

neighbor 10.1.11.2 version 4

neighbor 10.1.11.2 activate

neighbor 10.1.11.2 as-override

neighbor 10.1.11.2 advertisement-interval 5

neighbor 10.1.11.2 route-map CE11sooIN in

! neighbor 10.1.11.2 route-map CE11sooOUT out

maximum-path ibgp 2

no auto-summary

no synchronization

exit-address-family

! The outgoing route-map is not needed, but setup automatically, when configuring SOO.

! This part of the configuration is just to remind you about the outgoing filter, which is installed automatically.

!

! ip extcommunity-list 11 permit soo 100:11

!

! route-map CE11sooOUT deny 10

! match extcommunity 11

!

! route-map CE11sooOUT permit 20

route-map CE11sooIN permit 10

set extcommunity soo 100:11

!-----------------Configuration of CE11 -------------

interface Loopback0

ip address 11.11.11.11 255.255.255.255

interface Serial0

description interface to PE1

ip address 10.1.11.2 255.255.255.252

interface Serial1

description interface to PE2

ip address 10.2.11.2 255.255.255.252

router bgp 65001

neighbor 10.1.11.1 remote-as 100

neighbor 10.2.11.1 remote-as 100

network 11.11.11.11 mask 255.255.255.255

no auto-summary

What I did above is to "mimic" the automatically installed outgoing filter through commands. They are not needed, so commented out.

Hope this helps! Please rate all posts.

Regards, Martin

juttaro@ieee.org Mon, 01/30/2006 - 06:05

SOO is an community attribute used to prevent loops. From an SP perspective it is difficult to manage in a large scale environment as the CVs need to be synchronised on the PE and CE sides.

Of course you could do this all on the CE sides by using well known CVs to represent each site.

dknov Sun, 02/19/2006 - 12:36

Martin,

What if you're not using BGP for PE-CE?

Also let me understand, your example shows that PE assigns SOO extended community to prefixes received from CE and these are imported into VRF. On egress PE those prefixes are imported into proper VRF, BUT since they are filtered by outbound route-map they are not advertised to CE (which is in fact the same CE, or CE leading to the same customer site). Is that correct?

The other use for SOO is inherent to later versions of EIGRP where it is used differently, but for the same principle of preventing prefix feedback to an originating site. Correct?

Are these the only two uses? I think that in one of Cisco MPLS books they also mentioned setting SOO community on VPNv4 iBGP sessions, however from what I see setting SOO community in outbound route-map is not permitted...

Thanks,

David

mheusinger Sun, 02/19/2006 - 13:25

Hello David,

first, in case you do not have BGP as PE-CE protocoll, but EIGRP you can use "ip vrf sitemap " on the interface between PE and CE. The route-map will be the same as in the example config above leading also to BGP SoO entries.

With OSPF there is no problem, because the OSPF LSA is not reinserted into an area.

Second, your description about the operation of SoO is correct.

Third, the "ip vrf sitemap" command mentioned above is used with EIGRP. Correct.

This are the only two occasions to use SoO to my knowledge. Can you cite the book precisely and from there we can work out, what they meant.

Hope this helps! please rate all posts.

Regards, Martin

Harold Ritter Sun, 02/19/2006 - 14:19

Hello Martin,

Just as a precision, the "ip vrf sitemap" command can also be used with ospf and rip.

Hope this helps,

mheusinger Sun, 02/19/2006 - 14:45

Hello Harold,

thank you for the clarification!

Funny, I know it can be used for all IGPs, but now that I read the post again it sounds quite different. I should spend some time on improving my english.

By the way: did you notice that it was not possible to rate your TechTalk? I tried it several times and nothing happened. I hope your share options do not depend too much on the bingo cards there. ;-)

Regards, Martin

Harold Ritter Sun, 02/19/2006 - 16:22

Hello Martin,

You are welcome.

Your english is far better than mine will ever be (not to mention my german) ;o) But then again, I'm not a reference ;o)

You should have been able to rate the Tech Talk before the closing date of Feb. 10th but not after. Let me know if it wasn't the case and I will report it.

It shouldn't affect my share options that much but I'm already looking for a second job just in case ;o)

Regards,

mheusinger Tue, 02/21/2006 - 03:47

Hello Harold,

I tried several times to rate one of your posts (regarding RT filter with InterAS MBGP) - but to no avail.

I had already rated another post before, but this should not imply that I couldn´t rate a second time.

Regards, Martin

P.S.: Where are you from? Non-native english speaker!?

Harold Ritter Tue, 02/21/2006 - 05:43

I will look into it with the NetPro folks.

I'm from Montreal, Quebec. French is my native language.

Regards,

Mukarram Jah Raheel Mon, 05/31/2010 - 04:44

mheusinger wrote:

Hello David,

first, in case you do not have BGP as PE-CE protocoll, but EIGRP you can use "ip vrf sitemap " on the interface between PE and CE. The route-map will be the same as in the example config above leading also to BGP SoO entries.

With OSPF there is no problem, because the OSPF LSA is not reinserted into an area.

Second, your description about the operation of SoO is correct.

Third, the "ip vrf sitemap" command mentioned above is used with EIGRP. Correct.

This are the only two occasions to use SoO to my knowledge. Can you cite the book precisely and from there we can work out, what they meant.

Hope this helps! please rate all posts.

Regards, Martin

hi mheusinger,


when an IGP (OSPF / EIGRP) or even eBGP is a routing protocol, its a clear fact the PE will not accept a route from iBGP which it already received from CE through IGP because of ADs......than y do we need SoO ????????

kindly comment...

Giuseppe Larosa Mon, 05/31/2010 - 12:06

Hello Mukarram,

I'm not Martin, however I will try to answer from my experience on this subject

>> its a clear fact the PE will not accept a route from iBGP which it already received from CE through IGP because of ADs......than y do we need SoO ?????

This is the theory, in practice when you deal with a multihomed VRF site with two PE and two CE nodes you can see one PE picking as best path the MP BGP that comes from colocated PE instead of eBGP session with connected CE node.

I saw this some years ago during testing of 12.0ST code on 7500 and 12000 GSR nodes.

So the message is that you cannot consider the sessions between PEs regarding VRFs as treated as true iBGP sessions.

One of the countermeasures we took was the use of neigh .. weight command to give preference to true eBGP session with connected CE over routing feedback provided by colocated PE node.

Notice that this helps in correctly restoring BGP best paths after a failure between PE and CE node that leads to installation of routes coming from colocated PE node serving the same VRF site

Site of origin can be used in a scenario like this to avoid this routing feedback in case of single PE-CE link failure and to provide correct behaviour on restore of failed link.

Hope to help

Giuseppe

mounir.mohamed Mon, 02/20/2006 - 07:05

The SOO community is used as loop prevention future because AS-override and allowas-in can overwrite the AS loop prevention mechanisms which may lead to routing loops but are u talking about customer that running BGP as CE-PE and used the same AS number in all branches?

inderdeeps Tue, 06/22/2010 - 06:24

As per my knowledge the SOO is used at the following situation:

The SOO is used in the case where 2 or more CE routers at the same site have the backdoor link between them. The problem arise when PE recieve route from CE1 and then send out to CE2 which is also updated back to CE1 again via backdoor link. This may cause the suboptimal route or routing loop in some of IGP. That is where SOO came in. SOO is an ext. community of BGP - when PE receive route from CE1 and redistribute to BGP it will be impose with SOO string. The PE will not advertise these route if it see that the another CE such as CE2 has same SOO value in the vrf they are connected to because same SOO imply that CE1 and CE2 is in the same site hence the name Site of Origin.

Cheers!!!!

Inderdeep

Actions

Login or Register to take actions

This Discussion

Posted January 25, 2006 at 1:34 AM
Stats:
Replies:17 Avg. Rating:5
Views:2366 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard