cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5218
Views
30
Helpful
17
Replies

MP-BGP SOO Community

mounir.mohamed
Level 7
Level 7

HI,

I wanna ask about what is the actual use from appliy the Soo community on the incoming routes also how its working i mean how its attached and how its travel the path.

1 Accepted Solution

Accepted Solutions

pkhatri
Level 11
Level 11

The Site of Origin attribute is used mainly to prevent routing loops for multihomed sites i.e. sites with multiple links to the MPLS VPN backbone. All routes learned from the site are then given this attribute so that the PE can uniquely identify which site the route came from. In such cases, all routes learned from that site must be given the same attribute, even if links from that site come in on different PE routers. When routes are learned from the site, they are propagated into BGP together with this attribute. Therefore, when advertising routes to the multihomed site, routes that carry the same So) attribute as the site will not be injected. This helps to prevent routing loops.

The SoO attribute is not used for singly homed sites.

In a nutshell, the So) attribute prevents a multihomed site from learning routes that it itself injected into the VPN.

Hope that helps - pls rate the post if it does.

View solution in original post

17 Replies 17

pkhatri
Level 11
Level 11

The Site of Origin attribute is used mainly to prevent routing loops for multihomed sites i.e. sites with multiple links to the MPLS VPN backbone. All routes learned from the site are then given this attribute so that the PE can uniquely identify which site the route came from. In such cases, all routes learned from that site must be given the same attribute, even if links from that site come in on different PE routers. When routes are learned from the site, they are propagated into BGP together with this attribute. Therefore, when advertising routes to the multihomed site, routes that carry the same So) attribute as the site will not be injected. This helps to prevent routing loops.

The SoO attribute is not used for singly homed sites.

In a nutshell, the So) attribute prevents a multihomed site from learning routes that it itself injected into the VPN.

Hope that helps - pls rate the post if it does.

Tahnks for your help.

Question - Therefore, when advertising routes to the multihomed site, routes that carry the same So) attribute as the site will not be injected.

Is this automatic or have to be configured?

The router will drop the routes that attached with the same SOO because this is the concept of the SOO to prevent routing loop because the loop prevent mechanisms had bypass with the As-overried & Allowas-in, so once you configured the SOO the router will not accept the routes that have the same Soo automaticly.

Best Regards,

Mounir Mohamed

Hello,

here is a sample config highlighting what to do:

! Copy Right by Martin Heusinger

! Martin.Heusinger@globalknowledge.de

!

ip vrf CE11

rd 100:1

route-target export 100:101

route-target import 100:101

interface Serial1/1

ip vrf forwarding CE11

ip address 10.1.11.1 255.255.255.252

router bgp 100

!

address-family ipv4 vrf CE11

neighbor 10.1.11.2 remote-as 65001

neighbor 10.1.11.2 version 4

neighbor 10.1.11.2 activate

neighbor 10.1.11.2 as-override

neighbor 10.1.11.2 advertisement-interval 5

neighbor 10.1.11.2 route-map CE11sooIN in

! neighbor 10.1.11.2 route-map CE11sooOUT out

maximum-path ibgp 2

no auto-summary

no synchronization

exit-address-family

! The outgoing route-map is not needed, but setup automatically, when configuring SOO.

! This part of the configuration is just to remind you about the outgoing filter, which is installed automatically.

!

! ip extcommunity-list 11 permit soo 100:11

!

! route-map CE11sooOUT deny 10

! match extcommunity 11

!

! route-map CE11sooOUT permit 20

route-map CE11sooIN permit 10

set extcommunity soo 100:11

!-----------------Configuration of CE11 -------------

interface Loopback0

ip address 11.11.11.11 255.255.255.255

interface Serial0

description interface to PE1

ip address 10.1.11.2 255.255.255.252

interface Serial1

description interface to PE2

ip address 10.2.11.2 255.255.255.252

router bgp 65001

neighbor 10.1.11.1 remote-as 100

neighbor 10.2.11.1 remote-as 100

network 11.11.11.11 mask 255.255.255.255

no auto-summary

What I did above is to "mimic" the automatically installed outgoing filter through commands. They are not needed, so commented out.

Hope this helps! Please rate all posts.

Regards, Martin

juttaro
Level 1
Level 1

SOO is an community attribute used to prevent loops. From an SP perspective it is difficult to manage in a large scale environment as the CVs need to be synchronised on the PE and CE sides.

Of course you could do this all on the CE sides by using well known CVs to represent each site.

Martin,

What if you're not using BGP for PE-CE?

Also let me understand, your example shows that PE assigns SOO extended community to prefixes received from CE and these are imported into VRF. On egress PE those prefixes are imported into proper VRF, BUT since they are filtered by outbound route-map they are not advertised to CE (which is in fact the same CE, or CE leading to the same customer site). Is that correct?

The other use for SOO is inherent to later versions of EIGRP where it is used differently, but for the same principle of preventing prefix feedback to an originating site. Correct?

Are these the only two uses? I think that in one of Cisco MPLS books they also mentioned setting SOO community on VPNv4 iBGP sessions, however from what I see setting SOO community in outbound route-map is not permitted...

Thanks,

David

Hello David,

first, in case you do not have BGP as PE-CE protocoll, but EIGRP you can use "ip vrf sitemap " on the interface between PE and CE. The route-map will be the same as in the example config above leading also to BGP SoO entries.

With OSPF there is no problem, because the OSPF LSA is not reinserted into an area.

Second, your description about the operation of SoO is correct.

Third, the "ip vrf sitemap" command mentioned above is used with EIGRP. Correct.

This are the only two occasions to use SoO to my knowledge. Can you cite the book precisely and from there we can work out, what they meant.

Hope this helps! please rate all posts.

Regards, Martin

Hello Martin,

Just as a precision, the "ip vrf sitemap" command can also be used with ospf and rip.

Hope this helps,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Hello Harold,

thank you for the clarification!

Funny, I know it can be used for all IGPs, but now that I read the post again it sounds quite different. I should spend some time on improving my english.

By the way: did you notice that it was not possible to rate your TechTalk? I tried it several times and nothing happened. I hope your share options do not depend too much on the bingo cards there. ;-)

Regards, Martin

Hello Martin,

You are welcome.

Your english is far better than mine will ever be (not to mention my german) ;o) But then again, I'm not a reference ;o)

You should have been able to rate the Tech Talk before the closing date of Feb. 10th but not after. Let me know if it wasn't the case and I will report it.

It shouldn't affect my share options that much but I'm already looking for a second job just in case ;o)

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Hello Harold,

I tried several times to rate one of your posts (regarding RT filter with InterAS MBGP) - but to no avail.

I had already rated another post before, but this should not imply that I couldn´t rate a second time.

Regards, Martin

P.S.: Where are you from? Non-native english speaker!?

I will look into it with the NetPro folks.

I'm from Montreal, Quebec. French is my native language.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

mheusinger wrote:

Hello David,

first, in case you do not have BGP as PE-CE protocoll, but EIGRP you can use "ip vrf sitemap " on the interface between PE and CE. The route-map will be the same as in the example config above leading also to BGP SoO entries.

With OSPF there is no problem, because the OSPF LSA is not reinserted into an area.

Second, your description about the operation of SoO is correct.

Third, the "ip vrf sitemap" command mentioned above is used with EIGRP. Correct.

This are the only two occasions to use SoO to my knowledge. Can you cite the book precisely and from there we can work out, what they meant.

Hope this helps! please rate all posts.

Regards, Martin

hi mheusinger,


when an IGP (OSPF / EIGRP) or even eBGP is a routing protocol, its a clear fact the PE will not accept a route from iBGP which it already received from CE through IGP because of ADs......than y do we need SoO ????????

kindly comment...

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: