BGP Site-of-Origin SoO

@Network_Eric
sir, i`m using this lab for testing the BGP SoO .

step-1 CE-1 R5 advertise 55.5.5.0/24 to R1 PE-1
step-2
PE-1 reicevd that route on vrf-a address family as an ebgp update
step-3
PE-1 add the RD value which is 1:1 and the vpnv4 route would be
1:1:55.5.5.0/24.PE-1 do that in oder to tell the bgp instance on PE-1 if the
exact same route 55.5.5.0/24 is received on PE-1 not to do bgp best path
selection process against these exact two routes and these two routes are
totally different from each others. so, using the RD 1:1 is only used on R1
PE-1 and the RD value has nothing to do if it received on PE-2 side
step-4
PE-1 add another extended community which is RT . let`s say vrf-a on PE-1 R1
has export route-target 1000:1 . that is going to be used on the PE-2 side in
oder to tell the PE-2 R4 which is the receiving side which vrf this route is
belongs to .
so
we have two thing right now,
the
RD which is used on the sending side only PE-1 R1 to tell him these routes are
different from each others and do not use bgp best path selection process NWLLA
OMNI OLL
and
the RT which is used on the receiving side only PE-2 R4 to tell him this route
is belongs to which vrf you have
step-5
PE-1 add another extended community called soo value to the vpnv4 route 55.5.5.0/24 soo 1111:1111Extended Community: SoO:1111:1111.

step-6 PE-2 get that route with the RT value 1000:1 and this value is
configured under vrf-c import . so, R4 is going to put that route on vrf-c

step-7 PE-2 advertise that route to CE-2 R6 as an ebgp update.
and now, why do we need to use the soo tag value ?

Hey Major,

Because the RD isn’t used to make a site unique. The purpose of an RD is almost the exact opposite of what you’re thinking. It’s used to make a VPN instance unique. Say you have 4 routers.

R1:
RD 1:1
route-target export 1:1
route-target import 1:1

R2:
RD 1:2
route-target export 1:1
route-target import 1:1

R3:
RD 1:3
route-target export 1:1
route-target import 1:1

R4:
A route reflector in the middle of all of these routers.

All three routers advertise their own unique subnets and the 192.168.0.0/24 subnet.

This will make 3 separate entries in the VPNV4 table for the 192.168.0.0/24 network. Each site will receive all 3 of these routes and then choose the best route to get to the destination.

Let’s do the same thing but with slightly differently.

R1:
RD 1:1
route-target export 1:1
route-target import 1:1

R2:
RD 1:1
route-target export 1:1
route-target import 1:1

R3:
RD 1:1
route-target export 1:1
route-target import 1:1

R4:
A route reflector in the middle of all of these routers.

Now we’re telling VPNv4 all of these routes belong to the same VPN, which means the route reflector will learn all 3 of the 192.168.0.0/24 routes that are being advertised. However, the route reflector will now do NWLLA OMNI OLL and then only advertise the best route the clients.

RD is mostly used for load balancing within the BGP VPNv4 network. You might have two edge routers in one AS and want to load balance between them, but because you used the same RD on both, only one can be selected (in fact, INE has a lab on this specifically).

So to sum up, the RD is NOT used to prevent a route from being advertised back to itself, it is used within VPNv4 to specify when you want to forward on multiple overlapping subnets. That’s the entire purpose. You learn multiples of the same route from different VRFs, etc, and you want them all to be advertised.

1 Like