BGP SOO

romccallum · ‎11-08-2004

Ok folks, here is the picture. I need help to actually make a loop happen. I am trying to see where and why I would need to configure SOO. If anyone can update me on what I actually need to do to see this loop it would be appreciated. I am trying to do it in the lab and just simply cant see the loop. I have 2 CEs connected to each other running IBGP between then. The two CEs are connected to a different PE. At present they have the same RD and RT values. I have tried different RDs, different RTs (obviously importing the different numbers) but cannot see this damn loop. I have configured as-override on the neighbor statements also.

Help please - this is driving me NUTS.

Harold Ritter · ‎11-08-2004

Rob,

The SOO is mainly to avoid routing loops when 2 or more CEs belonging to the same site are multihomed to the MPLS VPN core and "neighbor as-override" is configured on the PEs.

Without SOO, updates coming from one site via one CE will be re-advertised to the same site via the other CE.

With SOO, the PE will not readvertised updates coming from one site back to the same site.

An easy way to recreate this is to have two PEs and two CEs connected in a square and to do mutual redistribution between BGP and the IGP on the CE routers.

Let say that CE1 has a directly connected subnet 192.168.1.0/24 and that it advertises it to PE1, which in turn advertises it to CE2. Because of the "as-override" CE2 accepts the update and installs it in the RIB because the eBGP AD is lower than the one of the IGP. CE2 would then use the MPLS VPN core to reach 192.168.1.0/24 rather than the direct link between the two CEs.

Hope this helps,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

romccallum · ‎11-09-2004

Harry , the setup you described below is what I have ..BUT... I am running IBGP between the devices. I never see the loop happening when I run IBGP between the devices. In another part of the lab I have two CE routers connected to the one PE router. I see the routing loop there but not when I have two CEs connected to different PE devices. I thought the routing loop was being automatically stopped based on the RT (extended community value) - this is the same for both connections i.e. rd 10:1 rt 10:1 ri 10:1. I changed these to different values but still could not see the routing loop. Why running IBGP between the CE devices stops this routing loop I dont know and how it doesnt stop the routing loop when both CEs are connected to the one PE bewilders me. Its great isnt it - when you try to intentionally break your network you cant.!!

Harold Ritter · ‎11-09-2004

Rob,

The reason iBGP stops the loop is that the iBGP route received from the other CE is preferred over the eBGP route because of its shorter AS-PATH.

The RT has nothing to do with the routing loop prevention. If it was the case, it would mean that BGP paths received from other sites could be dropped as well.

I'm sure there is many scenarios where a loop can be induced. The bottom line is that because of the as-override, you can't rely on the AS-PATH loop detection anymore and you therefore need some other mechanism to replace it hence the SoO extended community.

Hope this helps,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México