what is Site of Origin of BGP

Created 7 days agoLatest reply Dec 07, 2018 17:51:58 125 0 6 0

In a BGP/MPLS IP VPN scenario, if the ASs to which two VPN sites belong use private AS numbers, the AS numbers of the two VPN sites may be the same. As a result, different sites of the same VPN cannot communicate. The peer substitute-as command can be used to enable AS number substitution on PEs to address this problem.

Enabling AS number substitution will cause another problem. Several CEs at a VPN site may establish EBGP connections with different PEs of a BGP/MPLS IP VPN backbone network, and a routing protocol has been configured on the CEs. If AS number substitution is enabled on PEs, the AS numbers carried by VPN routes of this site will be replaced on the PEs. As a result, routes advertised from a CE to a PE may be re-advertised to this VPN site after the routes traverse the backbone network, causing a routing loop. The peer soo command can be run on the PEs to address this problem.

After the peer soo command is run on a PE to configure the SoO attribute for a specified CE, the PE adds the attribute to a route sent from the CE and advertises the route to the remote PE. The remote PE checks the SoO attribute of the route before sending it to its attached CE. If the SoO attribute is the same as the local SoO attribute on the remote PE, the remote PE does not send the route to its attached CE, preventing a routing loop in a VPN site.

Table 1-1 BGP SOO Topology

174939umo771pnwrlonoaa.png

As shown in the above figure, there are two CEs in the AS65101. The two CEs are at the same site and the route interworking configuration has been completed. There are two sites on the remote end that also use AS65101. The services between them need to communicate through the backbone network. The AS number of the backbone network is 65000. When CE1 sends data to the remote CE, the AS number of the data packet is replaced with 65000 on the backbone network. After receiving the other PE, the PE may send back to CE2 of the same site. This will cause a routing loop.

We can prevent this from happening by deploying BGP SOO.

We need configure the site of origin on the PE device, the same site CE will have same site-of-origin attribute.

The SoO attribute is a BGP extended community attribute and can be expressed in any of the following formats:

1. 2-byte AS number: 4-byte user-defined number, for example, 1:3 The AS number ranges from 0 to 65535, and the user-defined number ranges from 0 to 4294967295. The AS number and user-defined number cannot both be set to 0. This means that the value of the SoO attribute cannot be 0:0.

2. IPv4-address: 2-byte user-defined number, for example, 192.168.122.15:1 The IP address ranges from 0.0.0.0 to 255.255.255.255, and the user-defined number ranges from 0 to 65535.

3. Integral 4-byte AS number: 2-byte user-defined number, for example, 0:3 or 65537:3. An AS number ranges from 65536 to 4294967295. A user-defined number ranges from 0 to 65535. The AS number and user-defined number cannot be both 0s. That is, the value of the SoO attribute cannot be 0:0.

4. 4-byte AS number in dotted notation: 2-byte user-defined number, for example, 0.0:3 or 0.1:0. A 4-byte AS number in dotted notation is in the format of x.y, where x and y are integers that range from 1 to 65535 and from 0 to 65535, respectively. A user-defined number ranges from 0 to 65535. The AS number and user-defined number cannot be both 0s. That is, the value of the SoO attribute cannot be 0.0:0.

The configuration template is as below:

Table 1-2 BGP SoO Configuration Template

#

bgp 65001

ipv4-family vpn-instance vpn-instance-name

peer { group-name | ipv4-address | ipv6-address } soo site-of-origin

#

commit

#

 

  • x
  • convention:

Responses

Reply
You need to log in to reply to the post Login | Register

Notice:To ensure the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but not limited to politically sensitive content, content concerning pornography, gambling, drug abuse and trafficking, content that may disclose or infringe upon others' intellectual properties, including commercial secrets, trade marks, copyrights, and patents, and personal privacy. Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see“ Privacy Policy.”
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Fast reply Scroll to top