Saturday 6 October 2012

CE-PE Routing: Configuring using BGP – II -BGP Site Of Origin, SOO:

CE-PE Routing: Configuring using BGP – II -BGP Site Of Origin, SOO:

·         In the previous post http://mynotesonroutingprotocols.blogspot.in/2012/10/ce-pe-routing-configuring-using-bgp-i.html, we have learnt how to configure BGP as CE-PE protocol.
·         In this post, let’s see what BGP SOO attribute is and how to configure it.

·         In multihomed environments, if CE routers have backdoor link, then there is a probability of getting loops.
·         In BGP, there is an extended community called Site Of Origin, SOO attribute to avoid this situation.

·         This is used basically to tag the route where it is initially originated, so that it can never sent back to the same source.
·         Its generally configure in PE router, towards the CE.
·         Let’s see how to configure this.

PE1(config)#access-list 1 permit host 1.1.1.1
PE1(config)#route-map SITE
PE1(config-route-map)#match ip address 1
PE1(config-route-map)#set extcommunity soo 333:3
PE1(config-route-map)#router bgp 200
PE1(config-router)#address-family ipv4 vrf VPN_A
PE1(config-router-af)#neighbor 10.1.13.1 route-map SITE in
PE1(config-router-af)#

PE2(config)#access-list 1 permit host 2.2.2.2
PE2(config)#route-map SITE
PE2(config-route-map)#set extcommunity soo 444:4
PE2(config-route-map)#router bgp 200
PE2(config-router)#address-family ipv4 vrf VPN_A
PE2(config-router-af)#neighbor 10.1.24.2 route-map SITE in
PE2(config-router-af)#

Verification:

PE1#show ip bgp vpnv4 all 2.2.2.2
BGP routing table entry for 100:1:2.2.2.2/32, version 7
Paths: (1 available, best #1, no table)
Flag: 0x820
  Not advertised to any peer
  100
    4.4.4.4 (metric 65) from 4.4.4.4 (4.4.4.4)
      Origin IGP, metric 0, localpref 100, valid, internal, best
      Extended Community: SoO:444:4 RT:100:1
      mpls labels in/out nolabel/16
PE1#
PE1#show ip bgp vpnv4 all 1.1.1.1
BGP routing table entry for 100:1:1.1.1.1/32, version 3
Paths: (1 available, best #1, table VPN_A)
Flag: 0x820
  Advertised to update-groups:
        2
  100
    10.1.13.1 from 10.1.13.1 (1.1.1.1)
      Origin IGP, metric 0, localpref 100, valid, external, best
      Extended Community: SoO:333:3 RT:100:1
      mpls labels in/out 18/nolabel
PE1#

PE2#show ip bgp vpnv4 all 2.2.2.2
BGP routing table entry for 100:1:2.2.2.2/32, version 16
Paths: (1 available, best #1, table VPN_A)
Flag: 0x820
  Advertised to update-groups:
        2
  100
    10.1.24.2 from 10.1.24.2 (2.2.2.2)
      Origin IGP, metric 0, localpref 100, valid, external, best
      Extended Community: SoO:444:4 RT:100:1
      mpls labels in/out 16/nolabel
PE2#
*Mar  1 02:24:56.715: %SYS-5-CONFIG_I: Configured from console by console
PE2#show ip bgp vpnv4 all 1.1.1.1
BGP routing table entry for 100:1:1.1.1.1/32, version 14
Paths: (1 available, best #1, table VPN_A)
Flag: 0x820
  Advertised to update-groups:
        1
  100
    3.3.3.3 (metric 65) from 3.3.3.3 (3.3.3.3)
      Origin IGP, metric 0, localpref 100, valid, internal, best
      Extended Community: SoO:333:3 RT:100:1
      mpls labels in/out nolabel/18
PE2#

Observation:
·         PE1 assigned the SOO 333:3 to 1.1.1.1/32, which is received from CE1
·         PE2 assigned the SOO 444:4 to 2.2.2.2/32, which is received from CE2

Lets see the basic example avoiding routing loops using SOO:

·         In PE2, as of now I have one CE router connected
·         Let’s see the outputs of send and received routes in PE2

PE2#show ip bgp vpnv4 all neighbors 10.1.24.2 received-routes
BGP table version is 16, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf VPN_A)
*  2.2.2.2/32       10.1.24.2                0             0 100 i

Total number of prefixes 1

PE2#
PE2#show ip bgp vpnv4 all neighbors 10.1.24.2 advertised-routes
BGP table version is 16, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf VPN_A)
*>i1.1.1.1/32       3.3.3.3                  0    100      0 100 i
*>i10.1.13.0/24     3.3.3.3                  0    100      0 ?
*> 10.1.24.0/24     0.0.0.0                  0         32768 ?

Total number of prefixes 3

PE2#

Observation:

·         PE2 is receiving 2.2.2.2/32 from CE2
·         It’s not advertising the same route back to CE2

·         Now, let me add one more CE router, CE3 to the PE2 and let me configure it in the same VRF

PE2(config)#int ser1/2
PE2(config-if)#no shut
PE2(config-if)#ip address 10.1.45.4 255.255.255.0
PE2(config-if)#
PE2(config-if)#ip vrf forwarding VPN_A
% Interface Serial1/2 IP address 10.1.45.4 removed due to enabling VRF VPN_A
PE2(config-if)#ip address 10.1.45.4 255.255.255.0
PE2(config-if)#router bgp 200
PE2(config-router)#address-family ipv4 vrf VPN_A
PE2(config-router-af)#neighbor 10.1.45.5 remote-as 100
PE2(config-router-af)#
PE2(config-router-af)#
*Mar  1 02:39:13.331: %BGP-5-ADJCHANGE: neighbor 10.1.45.5 vpn vrf VPN_A Up
PE2(config-router-af)#

CE3(config)#int loop0
CE3(config-if)#ip address 5.5.5.5 255.255.255.255
CE3(config-if)#int ser1/2
CE3(config-if)#no shut
CE3(config-if)#ip address 10.1.45.5 255.255.255.0
CE3(config-if)#router bgp 100
CE3(config-router)#bgp router-id 5.5.5.5
CE3(config-router)#neighbor 10.1.45.4 remote-as 200
CE3(config-router)#

*Mar  1 00:03:48.135: %BGP-5-ADJCHANGE: neighbor 10.1.45.4 Up
CE3(config-router)#do show ip bgp sum
BGP router identifier 5.5.5.5, local AS number 100
BGP table version is 6, main routing table version 6
4 network entries using 480 bytes of memory
4 path entries using 208 bytes of memory
4/3 BGP path/bestpath attribute entries using 496 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
Bitfield cache entries: current 1 (at peak 1) using 32 bytes of memory
BGP using 1240 total bytes of memory
BGP activity 4/0 prefixes, 4/0 paths, scan interval 60 secs

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
10.1.45.4       4   200       9       5        6    0    0 00:00:07        3
CE3(config-router)#

Now, let’s see the received and advertised routes for CE2 in PE2:

PE2#show ip bgp vpnv4 all neighbors 10.1.24.2 received-routes
BGP table version is 19, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf VPN_A)
*  2.2.2.2/32       10.1.24.2                0             0 100 i

Total number of prefixes 1

PE2#show ip bgp vpnv4 all neighbors 10.1.24.2 advertised-routes
BGP table version is 19, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf VPN_A)
*>i1.1.1.1/32       3.3.3.3                  0    100      0 100 i
*> 2.2.2.2/32       10.1.24.2                0             0 100 i
*> 5.5.5.5/32       10.1.45.5                0             0 100 i
*>i10.1.13.0/24     3.3.3.3                  0    100      0 ?
*> 10.1.24.0/24     0.0.0.0                  0         32768 ?
*> 10.1.45.0/24     0.0.0.0                  0         32768 ?

Total number of prefixes 6

PE2#
PE2#show ip bgp vpnv4 all neighbors 10.1.45.5 received-routes
BGP table version is 19, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf VPN_A)
*  5.5.5.5/32       10.1.45.5                0             0 100 i

Total number of prefixes 1

PE2#show ip bgp vpnv4 all neighbors 10.1.45.5 advertised-routes
BGP table version is 19, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf VPN_A)
*>i1.1.1.1/32       3.3.3.3                  0    100      0 100 i
*> 2.2.2.2/32       10.1.24.2                0             0 100 i
*> 5.5.5.5/32       10.1.45.5                0             0 100 i
*>i10.1.13.0/24     3.3.3.3                  0    100      0 ?
*> 10.1.24.0/24     0.0.0.0                  0         32768 ?
*> 10.1.45.0/24     0.0.0.0                  0         32768 ?

Total number of prefixes 6

PE2#

Observation:
·         PE2 is receiving 2.2.2.2/32 from CE2
·         It’s advertising the same route back to the CE2
·         PE2 is receiving 5.5.5.5/32 from CE3
·         It’s advertising the same route back to the CE3
·         Initially it was not happening like this right, lets check that again by shutting the PE2-CE3 link

PE2(config)#int ser1/2
PE2(config-if)#no ip vrf forwarding VPN_A
% Interface Serial1/2 IP address 10.1.45.4 removed due to disabling VRF VPN_A
PE2(config-if)#ip address 10.1.45.4 255.255.255.0
PE2(config-if)#

PE2#show ip bgp vpnv4 all neighbors 10.1.24.2 received-routes
BGP table version is 1, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf VPN_A)
*  2.2.2.2/32       10.1.24.2                0             0 100 i

Total number of prefixes 1

PE2#show ip bgp vpnv4 all neighbors 10.1.24.2 advertised-routes
BGP table version is 8, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf VPN_A)
*>i1.1.1.1/32       3.3.3.3                  0    100      0 100 i
*>i10.1.13.0/24     3.3.3.3                  0    100      0 ?
*> 10.1.24.0/24     0.0.0.0                  0         32768 ?

Total number of prefixes 3

PE2#
Observation:

·         PE2 is receiving 2.2.2.2/32 from CE2
·         It’s not advertising the same route back to CE2

The reason is, when we have 2 CEs connected to the PE router, PE router BGP puts both the CEs in the same update group.

PE2#show ip bgp vpnv4 all update-group
BGP version 4 update-group 1, external, Address Family: VPNv4 Unicast
  BGP Update version : 19/0, messages 0
  Update messages formatted 54, replicated 1
  Number of NLRIs in the update sent: max 2, min 1
  Minimum time between advertisement runs is 0 seconds
  Has 2 members (* indicates the members currently being sent updates):
   10.1.24.2        10.1.45.5

BGP version 4 update-group 2, internal, Address Family: VPNv4 Unicast
  BGP Update version : 19/0, messages 0
  Extended-community attribute sent to this neighbor
  Update messages formatted 26, replicated 0
  Number of NLRIs in the update sent: max 1, min 0
  Minimum time between advertisement runs is 0 seconds
  Has 1 member (* indicates the members currently being sent updates):
   3.3.3.3

PE2#

SOO comes handy in this situation:

PE2(config)#access-list 1 permit host 2.2.2.2
PE2(config)#route-map SITE
PE2(config-route-map)#set extcommunity soo 444:4
PE2(config-route-map)#router bgp 200
PE2(config-router)#address-family ipv4 vrf VPN_A
PE2(config-router-af)#neighbor 10.1.24.2 route-map SITE in
PE2(config-router-af)#

PE2#show ip bgp vpnv4 all 2.2.2.2
BGP routing table entry for 100:1:2.2.2.2/32, version 3
Paths: (2 available, best #1, table VPN_A)
Flag: 0x820
  Advertised to update-groups:
        1    2
  100
    10.1.24.2 from 10.1.24.2 (2.2.2.2)
      Origin IGP, metric 0, localpref 100, valid, external, best
      Extended Community: SoO:444:4 RT:100:1
      mpls labels in/out 21/nolabel
  100, (received-only)
    10.1.24.2 from 10.1.24.2 (2.2.2.2)
      Origin IGP, metric 0, localpref 100, valid, external
      mpls labels in/out 21/nolabel
PE2#
PE2#show ip bgp vpnv4 all neighbors 10.1.24.2 received-routes
BGP table version is 11, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf VPN_A)
*  2.2.2.2/32       10.1.24.2                0             0 100 i

Total number of prefixes 1

PE2#show ip bgp vpnv4 all neighbors 10.1.24.2 advertised-routes
BGP table version is 11, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf VPN_A)
*>i1.1.1.1/32       3.3.3.3                  0    100      0 100 i
*> 5.5.5.5/32       10.1.45.5                0             0 100 i
*>i10.1.13.0/24     3.3.3.3                  0    100      0 ?
*> 10.1.24.0/24     0.0.0.0                  0         32768 ?
*> 10.1.45.0/24     0.0.0.0                  0         32768 ?

Total number of prefixes 5

PE2#
PE2#show ip bgp vpnv4 all neighbors 10.1.45.5 received-routes
BGP table version is 11, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf VPN_A)
*  5.5.5.5/32       10.1.45.5                0             0 100 i

Total number of prefixes 1

PE2#show ip bgp vpnv4 all neighbors 10.1.45.5 advertised-routes
BGP table version is 11, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf VPN_A)
*>i1.1.1.1/32       3.3.3.3                  0    100      0 100 i
*> 2.2.2.2/32       10.1.24.2                0             0 100 i
*>i10.1.13.0/24     3.3.3.3                  0    100      0 ?
*> 10.1.24.0/24     0.0.0.0                  0         32768 ?
*> 10.1.45.0/24     0.0.0.0                  0         32768 ?

Total number of prefixes 5

PE2#

Observation:
·         PE2 is receiving 2.2.2.2/32 from CE2
·         PE2 is not advertising back the same route to CE2
·         PE2 is receiving 5.5.5.5/32 from CE3
·         PE2 is not advertising back the same route to CE3

·         Let’s see the BGP Update-group now:

PE2#show ip bgp vpnv4 all update-group
BGP version 4 update-group 1, external, Address Family: VPNv4 Unicast
  BGP Update version : 11/0, messages 0
  Update messages formatted 75, replicated 2
  Number of NLRIs in the update sent: max 2, min 1
  Minimum time between advertisement runs is 0 seconds
  Has 1 member (* indicates the members currently being sent updates):
   10.1.45.5

BGP version 4 update-group 2, internal, Address Family: VPNv4 Unicast
  BGP Update version : 11/0, messages 0
  Extended-community attribute sent to this neighbor
  Update messages formatted 39, replicated 0
  Number of NLRIs in the update sent: max 2, min 0
  Minimum time between advertisement runs is 0 seconds
  Has 1 member (* indicates the members currently being sent updates):
   3.3.3.3

BGP version 4 update-group 3, external, Address Family: VPNv4 Unicast
  BGP Update version : 11/0, messages 0
  route-map Site-of-Origin is SoO:444:4
  Update messages formatted 9, replicated 0
  Number of NLRIs in the update sent: max 2, min 0
  Minimum time between advertisement runs is 0 seconds
  Has 1 member (* indicates the members currently being sent updates):
   10.1.24.2

PE2#

Observation:
·         CE2 and CE3 are now in different update-groups!!!

No comments:

Post a Comment