Tuesday, November 18, 2008

MPLS VPNs with BGP Site-Of-Origin Complete

This was an interesting lab that took a bit of research for me to understand what was happening.

When we use as-override, the intention is to work around the loop prevention mechanism of eBGP so that a CE router will accept a route from another CE router with the same AS.

But sometimes that loop prevention mechanism is still needed. This typically occurs when two CE routers have a backdoor (i.e. non-PE) connection to each other, in addition to the PE connection.

Such a connection can create a routing loop when used in conjunction with as-override. This is because the PE router strips the originating AS and then advertises the route back out to the other CE. This CE router has no idea that this is the same route it is learning from its backdoor neighbor, so a routing loop can be created.

To prevent this, the site-of-origin (soo) extended community can be set via a route-map. No filtering is required, everything happens automatically once it is set. When a PE router learns a route with an SOO set, it will not advertise another route with the same SOO set to its CE neighbor.

The catch to this is that the backdoor route cannot be used as a redundant connetion to the other CE router. If the MPLS connection drops, traffic cannot be rerouted dynamically through the other CE router.

To check if SOO is set on the PE router, use sh ip bgp vpnv4 all X.X.X.X

8 comments:

Tarun said...

Hi Ed,

I am Tarun, I am a CCIE R&S & am thinking of starting studies for my CCIE SP. Would you mind sharing with me what exactly is your study plan, I know from your blog that you are probably first going for your CCIP exams & then looking at your CCIE. Since you have already cleared 3 of your CCIP exams & now looking at the MPLS exam. I wanted to know what should I refer to study for my BGP, MPLS & QoS exams?

I am also looking at first clearing the individual exams to make up my CCIP & then look at CCIE.

I would appreciate if you can help me on this.

Tarun Lohumi.

Ed said...

Tarun,

I was conflicted at first as to how to go about the SP as well. I knew the biggest challenge was going to be in learning MPLS. The main reason I chose to go for the CCIP first was so I could pick up another certification along the way. It also forces me to focus on MPLS, at least until I have it down enough to pass the CCIP exam.

Thus far the BGP, QoS, and Routing material is pretty much straight from the R&S CCIE material.

The book MPLS Configuration on Cisco IOS Software has been the best guide to learning MPLS that I have found. Just make sure to do some labs as well.

I've also found this link to be particularly helpful.

Anonymous said...

Hi Ed,

Looks you are systematcially tackling each topic. Are you using any workbooks from IE or IPExperts?

Thanks,
James

Ed said...

James,

I'm currently going through the Inernetwork Expert Vol I workbook.

Ed

slt said...

Thank you. And I've got concepts from your sentences.

shivlu jain said...

good article.

regards
shivlu jain

Peter Ehiwe said...

great article!

Anonymous said...

great article