CE-PE Routing: Configuring using BGP – II -BGP Site Of Origin, SOO:
· In the previous post http://mynotesonroutingprotocols.blogspot.in/2012/10/ce-pe-routing-configuring-using-bgp-i.html, we have learnt how to configure BGP as CE-PE protocol.
· In this post, let’s see what BGP SOO attribute is and how to configure it.
· In multihomed environments, if CE routers have backdoor link, then there is a probability of getting loops.
· In BGP, there is an extended community called Site Of Origin, SOO attribute to avoid this situation.
· This is used basically to tag the route where it is initially originated, so that it can never sent back to the same source.
· Its generally configure in PE router, towards the CE.
· Let’s see how to configure this.
PE1(config)#access-list 1 permit host 1.1.1.1
PE1(config)#route-map SITE
PE1(config-route-map)#match ip address 1
PE1(config-route-map)#set extcommunity soo 333:3
PE1(config-route-map)#router bgp 200
PE1(config-router)#address-family ipv4 vrf VPN_A
PE1(config-router-af)#neighbor 10.1.13.1 route-map SITE in
PE1(config-router-af)#
PE2(config)#access-list 1 permit host 2.2.2.2
PE2(config)#route-map SITE
PE2(config-route-map)#set extcommunity soo 444:4
PE2(config-route-map)#router bgp 200
PE2(config-router)#address-family ipv4 vrf VPN_A
PE2(config-router-af)#neighbor 10.1.24.2 route-map SITE in
PE2(config-router-af)#
Verification:
PE1#show ip bgp vpnv4 all 2.2.2.2
BGP routing table entry for 100:1:2.2.2.2/32, version 7
Paths: (1 available, best #1, no table)
Flag: 0x820
Not advertised to any peer
100
4.4.4.4 (metric 65) from 4.4.4.4 (4.4.4.4)
Origin IGP, metric 0, localpref 100, valid, internal, best
Extended Community: SoO:444:4 RT:100:1
mpls labels in/out nolabel/16
PE1#
PE1#show ip bgp vpnv4 all 1.1.1.1
BGP routing table entry for 100:1:1.1.1.1/32, version 3
Paths: (1 available, best #1, table VPN_A)
Flag: 0x820
Advertised to update-groups:
2
100
10.1.13.1 from 10.1.13.1 (1.1.1.1)
Origin IGP, metric 0, localpref 100, valid, external, best
Extended Community: SoO:333:3 RT:100:1
mpls labels in/out 18/nolabel
PE1#
PE2#show ip bgp vpnv4 all 2.2.2.2
BGP routing table entry for 100:1:2.2.2.2/32, version 16
Paths: (1 available, best #1, table VPN_A)
Flag: 0x820
Advertised to update-groups:
2
100
10.1.24.2 from 10.1.24.2 (2.2.2.2)
Origin IGP, metric 0, localpref 100, valid, external, best
Extended Community: SoO:444:4 RT:100:1
mpls labels in/out 16/nolabel
PE2#
*Mar 1 02:24:56.715: %SYS-5-CONFIG_I: Configured from console by console
PE2#show ip bgp vpnv4 all 1.1.1.1
BGP routing table entry for 100:1:1.1.1.1/32, version 14
Paths: (1 available, best #1, table VPN_A)
Flag: 0x820
Advertised to update-groups:
1
100
3.3.3.3 (metric 65) from 3.3.3.3 (3.3.3.3)
Origin IGP, metric 0, localpref 100, valid, internal, best
Extended Community: SoO:333:3 RT:100:1
mpls labels in/out nolabel/18
PE2#
Observation:
· PE1 assigned the SOO 333:3 to 1.1.1.1/32, which is received from CE1
· PE2 assigned the SOO 444:4 to 2.2.2.2/32, which is received from CE2
Lets see the basic example avoiding routing loops using SOO:
· In PE2, as of now I have one CE router connected
· Let’s see the outputs of send and received routes in PE2
PE2#show ip bgp vpnv4 all neighbors 10.1.24.2 received-routes
BGP table version is 16, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf VPN_A)
* 2.2.2.2/32 10.1.24.2 0 0 100 i
Total number of prefixes 1
PE2#
PE2#show ip bgp vpnv4 all neighbors 10.1.24.2 advertised-routes
BGP table version is 16, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf VPN_A)
*>i1.1.1.1/32 3.3.3.3 0 100 0 100 i
*>i10.1.13.0/24 3.3.3.3 0 100 0 ?
*> 10.1.24.0/24 0.0.0.0 0 32768 ?
Total number of prefixes 3
PE2#
Observation:
· PE2 is receiving 2.2.2.2/32 from CE2
· It’s not advertising the same route back to CE2
· Now, let me add one more CE router, CE3 to the PE2 and let me configure it in the same VRF
PE2(config)#int ser1/2
PE2(config-if)#no shut
PE2(config-if)#ip address 10.1.45.4 255.255.255.0
PE2(config-if)#
PE2(config-if)#ip vrf forwarding VPN_A
% Interface Serial1/2 IP address 10.1.45.4 removed due to enabling VRF VPN_A
PE2(config-if)#ip address 10.1.45.4 255.255.255.0
PE2(config-if)#router bgp 200
PE2(config-router)#address-family ipv4 vrf VPN_A
PE2(config-router-af)#neighbor 10.1.45.5 remote-as 100
PE2(config-router-af)#
PE2(config-router-af)#
*Mar 1 02:39:13.331: %BGP-5-ADJCHANGE: neighbor 10.1.45.5 vpn vrf VPN_A Up
PE2(config-router-af)#
CE3(config)#int loop0
CE3(config-if)#ip address 5.5.5.5 255.255.255.255
CE3(config-if)#int ser1/2
CE3(config-if)#no shut
CE3(config-if)#ip address 10.1.45.5 255.255.255.0
CE3(config-if)#router bgp 100
CE3(config-router)#bgp router-id 5.5.5.5
CE3(config-router)#neighbor 10.1.45.4 remote-as 200
CE3(config-router)#
*Mar 1 00:03:48.135: %BGP-5-ADJCHANGE: neighbor 10.1.45.4 Up
CE3(config-router)#do show ip bgp sum
BGP router identifier 5.5.5.5, local AS number 100
BGP table version is 6, main routing table version 6
4 network entries using 480 bytes of memory
4 path entries using 208 bytes of memory
4/3 BGP path/bestpath attribute entries using 496 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
Bitfield cache entries: current 1 (at peak 1) using 32 bytes of memory
BGP using 1240 total bytes of memory
BGP activity 4/0 prefixes, 4/0 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.1.45.4 4 200 9 5 6 0 0 00:00:07 3
CE3(config-router)#
Now, let’s see the received and advertised routes for CE2 in PE2:
PE2#show ip bgp vpnv4 all neighbors 10.1.24.2 received-routes
BGP table version is 19, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf VPN_A)
* 2.2.2.2/32 10.1.24.2 0 0 100 i
Total number of prefixes 1
PE2#show ip bgp vpnv4 all neighbors 10.1.24.2 advertised-routes
BGP table version is 19, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf VPN_A)
*>i1.1.1.1/32 3.3.3.3 0 100 0 100 i
*> 2.2.2.2/32 10.1.24.2 0 0 100 i
*> 5.5.5.5/32 10.1.45.5 0 0 100 i
*>i10.1.13.0/24 3.3.3.3 0 100 0 ?
*> 10.1.24.0/24 0.0.0.0 0 32768 ?
*> 10.1.45.0/24 0.0.0.0 0 32768 ?
Total number of prefixes 6
PE2#
PE2#show ip bgp vpnv4 all neighbors 10.1.45.5 received-routes
BGP table version is 19, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf VPN_A)
* 5.5.5.5/32 10.1.45.5 0 0 100 i
Total number of prefixes 1
PE2#show ip bgp vpnv4 all neighbors 10.1.45.5 advertised-routes
BGP table version is 19, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf VPN_A)
*>i1.1.1.1/32 3.3.3.3 0 100 0 100 i
*> 2.2.2.2/32 10.1.24.2 0 0 100 i
*> 5.5.5.5/32 10.1.45.5 0 0 100 i
*>i10.1.13.0/24 3.3.3.3 0 100 0 ?
*> 10.1.24.0/24 0.0.0.0 0 32768 ?
*> 10.1.45.0/24 0.0.0.0 0 32768 ?
Total number of prefixes 6
PE2#
Observation:
· PE2 is receiving 2.2.2.2/32 from CE2
· It’s advertising the same route back to the CE2
· PE2 is receiving 5.5.5.5/32 from CE3
· It’s advertising the same route back to the CE3
· Initially it was not happening like this right, lets check that again by shutting the PE2-CE3 link
PE2(config)#int ser1/2
PE2(config-if)#no ip vrf forwarding VPN_A
% Interface Serial1/2 IP address 10.1.45.4 removed due to disabling VRF VPN_A
PE2(config-if)#ip address 10.1.45.4 255.255.255.0
PE2(config-if)#
PE2#show ip bgp vpnv4 all neighbors 10.1.24.2 received-routes
BGP table version is 1, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf VPN_A)
* 2.2.2.2/32 10.1.24.2 0 0 100 i
Total number of prefixes 1
PE2#show ip bgp vpnv4 all neighbors 10.1.24.2 advertised-routes
BGP table version is 8, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf VPN_A)
*>i1.1.1.1/32 3.3.3.3 0 100 0 100 i
*>i10.1.13.0/24 3.3.3.3 0 100 0 ?
*> 10.1.24.0/24 0.0.0.0 0 32768 ?
Total number of prefixes 3
PE2#
Observation:
· PE2 is receiving 2.2.2.2/32 from CE2
· It’s not advertising the same route back to CE2
The reason is, when we have 2 CEs connected to the PE router, PE router BGP puts both the CEs in the same update group.
PE2#show ip bgp vpnv4 all update-group
BGP version 4 update-group 1, external, Address Family: VPNv4 Unicast
BGP Update version : 19/0, messages 0
Update messages formatted 54, replicated 1
Number of NLRIs in the update sent: max 2, min 1
Minimum time between advertisement runs is 0 seconds
Has 2 members (* indicates the members currently being sent updates):
10.1.24.2 10.1.45.5
BGP version 4 update-group 2, internal, Address Family: VPNv4 Unicast
BGP Update version : 19/0, messages 0
Extended-community attribute sent to this neighbor
Update messages formatted 26, replicated 0
Number of NLRIs in the update sent: max 1, min 0
Minimum time between advertisement runs is 0 seconds
Has 1 member (* indicates the members currently being sent updates):
3.3.3.3
PE2#
SOO comes handy in this situation:
PE2(config)#access-list 1 permit host 2.2.2.2
PE2(config)#route-map SITE
PE2(config-route-map)#set extcommunity soo 444:4
PE2(config-route-map)#router bgp 200
PE2(config-router)#address-family ipv4 vrf VPN_A
PE2(config-router-af)#neighbor 10.1.24.2 route-map SITE in
PE2(config-router-af)#
PE2#show ip bgp vpnv4 all 2.2.2.2
BGP routing table entry for 100:1:2.2.2.2/32, version 3
Paths: (2 available, best #1, table VPN_A)
Flag: 0x820
Advertised to update-groups:
1 2
100
10.1.24.2 from 10.1.24.2 (2.2.2.2)
Origin IGP, metric 0, localpref 100, valid, external, best
Extended Community: SoO:444:4 RT:100:1
mpls labels in/out 21/nolabel
100, (received-only)
10.1.24.2 from 10.1.24.2 (2.2.2.2)
Origin IGP, metric 0, localpref 100, valid, external
mpls labels in/out 21/nolabel
PE2#
PE2#show ip bgp vpnv4 all neighbors 10.1.24.2 received-routes
BGP table version is 11, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf VPN_A)
* 2.2.2.2/32 10.1.24.2 0 0 100 i
Total number of prefixes 1
PE2#show ip bgp vpnv4 all neighbors 10.1.24.2 advertised-routes
BGP table version is 11, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf VPN_A)
*>i1.1.1.1/32 3.3.3.3 0 100 0 100 i
*> 5.5.5.5/32 10.1.45.5 0 0 100 i
*>i10.1.13.0/24 3.3.3.3 0 100 0 ?
*> 10.1.24.0/24 0.0.0.0 0 32768 ?
*> 10.1.45.0/24 0.0.0.0 0 32768 ?
Total number of prefixes 5
PE2#
PE2#show ip bgp vpnv4 all neighbors 10.1.45.5 received-routes
BGP table version is 11, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf VPN_A)
* 5.5.5.5/32 10.1.45.5 0 0 100 i
Total number of prefixes 1
PE2#show ip bgp vpnv4 all neighbors 10.1.45.5 advertised-routes
BGP table version is 11, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf VPN_A)
*>i1.1.1.1/32 3.3.3.3 0 100 0 100 i
*> 2.2.2.2/32 10.1.24.2 0 0 100 i
*>i10.1.13.0/24 3.3.3.3 0 100 0 ?
*> 10.1.24.0/24 0.0.0.0 0 32768 ?
*> 10.1.45.0/24 0.0.0.0 0 32768 ?
Total number of prefixes 5
PE2#
Observation:
· PE2 is receiving 2.2.2.2/32 from CE2
· PE2 is not advertising back the same route to CE2
· PE2 is receiving 5.5.5.5/32 from CE3
· PE2 is not advertising back the same route to CE3
· Let’s see the BGP Update-group now:
PE2#show ip bgp vpnv4 all update-group
BGP version 4 update-group 1, external, Address Family: VPNv4 Unicast
BGP Update version : 11/0, messages 0
Update messages formatted 75, replicated 2
Number of NLRIs in the update sent: max 2, min 1
Minimum time between advertisement runs is 0 seconds
Has 1 member (* indicates the members currently being sent updates):
10.1.45.5
BGP version 4 update-group 2, internal, Address Family: VPNv4 Unicast
BGP Update version : 11/0, messages 0
Extended-community attribute sent to this neighbor
Update messages formatted 39, replicated 0
Number of NLRIs in the update sent: max 2, min 0
Minimum time between advertisement runs is 0 seconds
Has 1 member (* indicates the members currently being sent updates):
3.3.3.3
BGP version 4 update-group 3, external, Address Family: VPNv4 Unicast
BGP Update version : 11/0, messages 0
route-map Site-of-Origin is SoO:444:4
Update messages formatted 9, replicated 0
Number of NLRIs in the update sent: max 2, min 0
Minimum time between advertisement runs is 0 seconds
Has 1 member (* indicates the members currently being sent updates):
10.1.24.2
PE2#
Observation:
· CE2 and CE3 are now in different update-groups!!!
No comments:
Post a Comment