BGP的SOO(Service Provider Order)特性用于PE设备中防止VPNv4路由在传递给CE时形成环路。通过比较PE接口配置的SOO值与从其他MP-BGP邻居接收到的路由的SOO值,若相同则不向CE传递,以此避免环路问题。
SOO 的防环机制,是在PE传递路由给CE的时候,检查出接口配置的SOO值是否与从其他MP-BGP邻居收到的VPNv4路由的SOO值一致,如果一致,就不传给CE。而不是PE根本就不接收,切记切记
SOO 的防环机制,是在PE传递路由给CE的时候,检查出接口配置的SOO值是否与从其他MP-BGP邻居收到的VPNv4路由的SOO值一致,如果一致,就不传给CE。而不是PE根本就不接收,切记切记。
R07(config)# router bgp 65001
R07(config-router)#add
R07(config-router)#address-family ipvr
R07(config-router)#address-family ipv
R07(config-router)# address-family ipv4 vrf RED
R07(config-router-af)#nei
R07(config-router-af)# neighbor 10.254.0.54 ?
activate Enable the Address Family for this Neighbor
advertise-map specify route-map for conditional advertisement
advertisement-interval Minimum interval between sending BGP routing updates
allow-policy Enable the policy support for this IBGP Neighbor
allowas-in Accept as-path with my AS present in it
as-override Override matching AS-number while sending update
capability Advertise capability to the peer
cluster-id Configure Route-Reflector Cluster-id (peers may
reset)
default-originate Originate default route to this neighbor
description Neighbor specific description
disable-connected-check one-hop away EBGP peer using loopback address
distribute-list Filter updates to/from this neighbor
dmzlink-bw Propagate the DMZ link bandwidth
ebgp-multihop Allow EBGP neighbors not on directly connected
networks
fall-over session fall on peer route lost
filter-list Establish BGP filters
ha-mode high availability mode
inherit Inherit a template
internal-vpn-client Stack iBGP-CE Neighbor Path in ATTR_SET for vpn
update
local-as Specify a local-as number
maximum-prefix Maximum number of prefixes accepted from this peer
next-hop-self Disable the next hop calculation for this neighbor
next-hop-unchanged Propagate next hop unchanged for iBGP paths to this
neighbor
password Set a password
path-attribute BGP optional attribute filtering
peer-group Member of the peer-group
prefix-list Filter updates to/from this neighbor
remote-as Specify a BGP neighbor
remove-private-as Remove private AS number from outbound updates
route-map Apply route map to neighbor
route-reflector-client Configure a neighbor as Route Reflector client
route-server-client Configure a neighbor as Route Server client
send-community Send Community attribute to this neighbor
send-label Send NLRI + MPLS Label to this peer
shutdown Administratively shut down this neighbor
slow-peer Configure slow-peer
soft-reconfiguration Per neighbor soft reconfiguration
soo Site-of-Origin extended community
timers BGP per neighbor timers
translate-update Translate Update to MBGP format
transport Transport options
ttl-security BGP ttl security check
unsuppress-map Route-map to selectively unsuppress suppressed
routes
update-source Source of routing updates
version Set the BGP version to match a neighbor
weight Set default weight for routes from this neighbor
R07(config-router-af)#neighbor 10.254.0.54 so
R07(config-router-af)#neighbor 10.254.0.54 soo
R07(config-router-af)#neighbor 10.254.0.54 soo ?
ASN:nn or IP-address:nn VPN extended community
R07(config-router-af)#neighbor 10.254.0.54 soo 2:2
R07(config-router-af)#end
R07#
R07#wr
Building configuration...
[OK]
R07#wr
Building configuration...
[OK]
R07(config-router)#add
R07(config-router)#address-family ipvr
R07(config-router)#address-family ipv
R07(config-router)# address-family ipv4 vrf RED
R07(config-router-af)#nei
R07(config-router-af)# neighbor 10.254.0.54 ?
activate Enable the Address Family for this Neighbor
advertise-map specify route-map for conditional advertisement
advertisement-interval Minimum interval between sending BGP routing updates
allow-policy Enable the policy support for this IBGP Neighbor
allowas-in Accept as-path with my AS present in it
as-override Override matching AS-number while sending update
capability Advertise capability to the peer
cluster-id Configure Route-Reflector Cluster-id (peers may
reset)
default-originate Originate default route to this neighbor
description Neighbor specific description
disable-connected-check one-hop away EBGP peer using loopback address
distribute-list Filter updates to/from this neighbor
dmzlink-bw Propagate the DMZ link bandwidth
ebgp-multihop Allow EBGP neighbors not on directly connected
networks
fall-over session fall on peer route lost
filter-list Establish BGP filters
ha-mode high availability mode
inherit Inherit a template
internal-vpn-client Stack iBGP-CE Neighbor Path in ATTR_SET for vpn
update
local-as Specify a local-as number
maximum-prefix Maximum number of prefixes accepted from this peer
next-hop-self Disable the next hop calculation for this neighbor
next-hop-unchanged Propagate next hop unchanged for iBGP paths to this
neighbor
password Set a password
path-attribute BGP optional attribute filtering
peer-group Member of the peer-group
prefix-list Filter updates to/from this neighbor
remote-as Specify a BGP neighbor
remove-private-as Remove private AS number from outbound updates
route-map Apply route map to neighbor
route-reflector-client Configure a neighbor as Route Reflector client
route-server-client Configure a neighbor as Route Server client
send-community Send Community attribute to this neighbor
send-label Send NLRI + MPLS Label to this peer
shutdown Administratively shut down this neighbor
slow-peer Configure slow-peer
soft-reconfiguration Per neighbor soft reconfiguration
soo Site-of-Origin extended community
timers BGP per neighbor timers
translate-update Translate Update to MBGP format
transport Transport options
ttl-security BGP ttl security check
unsuppress-map Route-map to selectively unsuppress suppressed
routes
update-source Source of routing updates
version Set the BGP version to match a neighbor
weight Set default weight for routes from this neighbor
R07(config-router-af)#neighbor 10.254.0.54 so
R07(config-router-af)#neighbor 10.254.0.54 soo
R07(config-router-af)#neighbor 10.254.0.54 soo ?
ASN:nn or IP-address:nn VPN extended community
R07(config-router-af)#neighbor 10.254.0.54 soo 2:2
R07(config-router-af)#end
R07#
R07#wr
Building configuration...
[OK]
R07#wr
Building configuration...
[OK]
==========================
Soo 防环机制, 在配置了之后如果show 出来还是没有生效,建议clear 一下bgp,最好实验就
是 把 物理接口给 shutdown--在no shutdown ,就好了,记住,!!!
--注意关于CE传过来的VPNv4路由会带上SOO的属性值,---- Extended Community--扩展团体属性,
Extended Community: SoO:65002:156 RT:65002:1
最后实验验证,R4确实没有在把 从(冗余网关)R3学过来的关于10.2.0.0/16(AS65002数据中心的路由在发回去给数据中心的另外一个ebgp邻居),这样就起到了防止路由环路的问题了,
-------------------------------------------
R3:
router bgp 65001
address-family ipv4 vrf GREEN
neighbor 10.254.0.74 soo 65002:156
exit
R4:
router bgp 65001
address-family ipv4 vrf GREEN
neighbor 10.254.0.78 soo 65002:156
exit
R5:
router bgp 65001
address-family ipv4 vrf GREEN
neighbor 10.254.0.42 soo 65002:134
exit
R6:
router bgp 65001
address-family ipv4 vrf GREEN
neighbor 10.254.0.46 soo 65002:134
exit
R7:
router bgp 65001
address-family ipv4 vrf RED
neighbor 10.254.0.54 soo 65002:112
exit
R8:
router bgp 65001
address-family ipv4 vrf RED
neighbor 10.254.0.58 soo 65002:112
exit
R3:
router bgp 65001
address-family ipv4 vrf GREEN
neighbor 10.254.0.74 soo 65002:156
exit
R4:
router bgp 65001
address-family ipv4 vrf GREEN
neighbor 10.254.0.78 soo 65002:156
exit
R5:
router bgp 65001
address-family ipv4 vrf GREEN
neighbor 10.254.0.42 soo 65002:134
exit
R6:
router bgp 65001
address-family ipv4 vrf GREEN
neighbor 10.254.0.46 soo 65002:134
exit
R7:
router bgp 65001
address-family ipv4 vrf RED
neighbor 10.254.0.54 soo 65002:112
exit
R8:
router bgp 65001
address-family ipv4 vrf RED
neighbor 10.254.0.58 soo 65002:112
exit
------------------------------------------------------------------
R04#show bgp vpnv4 unicast all 10.2.0.0/16
BGP routing table entry for 65002:156:10.2.0.0/16, version 67
Paths: (2 available, best #2, table GREEN)
Advertised to update-groups:
2
Refresh Epoch 2
65002, (aggregated by 65002 10.255.1.15)
10.255.1.3 (metric 11) from 10.255.1.1 (10.255.1.1)
Origin IGP, metric 0, localpref 100, valid, internal, atomic-aggregate
Extended Community: RT:65002:1--------------------------SoO值还没有出来,
Originator: 10.255.1.3, Cluster list: 10.255.1.1
mpls labels in/out 31/30
rx pathid: 0, tx pathid: 0
Refresh Epoch 1
65002, (aggregated by 65002 10.255.1.16)
10.254.0.78 from 10.254.0.78 (10.255.1.16)
Origin IGP, metric 0, localpref 100, valid, external, atomic-aggregate, best
Extended Community: RT:65002:1
mpls labels in/out 31/nolabel
rx pathid: 0, tx pathid: 0x0
R04#
R04#
mpls labels in/out 31/30
rx pathid: 0, tx pathid: 0
Refresh Epoch 1
65002, (aggregated by 65002 10.255.1.16)
10.254.0.78 from 10.254.0.78 (10.255.1.16)
Origin IGP, metric 0, localpref 100, valid, external, atomic-aggregate, best
Extended Community: RT:65002:1
mpls labels in/out 31/nolabel
rx pathid: 0, tx pathid: 0x0
R04#
R04#
R04#
R04#show bgp vpnv4 unicast all neighbors 10.254.0.78 advertised-routes
BGP table version is 79, local router ID is 10.255.1.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 65002:156 (default for vrf GREEN)
*>i 10.1.0.0/16 10.255.1.7 0 100 0 65002 i
*>i 10.3.0.0/16 10.255.1.5 0 100 0 65002 i
*>i 10.16.1.0/24 10.255.1.3 1021 100 0 65002 ?
*>i 10.16.2.0/24 10.255.1.3 1021 100 0 65002 ?
*>i 10.16.3.0/24 10.255.1.3 1021 100 0 65002 ?
*>i 10.100.0.0/24 10.255.1.3 1011 100 0 65002 ?
*>i 10.255.1.11/32 10.255.1.7 0 100 0 65002 ?
*>i 10.255.1.12/32 10.255.1.8 0 100 0 65002 ?
*>i 10.255.1.13/32 10.255.1.5 0 100 0 65002 ?
*>i 10.255.1.14/32 10.255.1.6 0 100 0 65002 ?
*>i 10.255.1.15/32 10.255.1.3 0 100 0 65002 ?-----这里还是把数据中心的路由从冗余的网关R4传回去给了R16,(AS65002的数据中心网络)
*>i 10.255.1.17/32 10.255.1.3 12 100 0 65002 ?
*>i 10.255.1.19/32 10.255.1.3 1012 100 0 65002 ?
*>i 10.255.1.20/32 10.255.1.3 1012 100 0 65002 ?
*>i 10.255.1.21/32 10.255.1.3 1012 100 0 65002 ?
*>i 10.255.1.101/32 10.255.1.7 11 100 0 65002 ?
*>i 10.255.1.102/32 10.255.1.5 11 100 0 65002 ?
*>i 10.255.1.103/32 10.255.1.3 11 100 0 65002 ?
Total number of prefixes 18
R04#
R04#
R04#
R04#show bgp vpnv4 unicast all neighbors 10.254.0.78 advertised-routes
BGP table version is 79, local router ID is 10.255.1.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 65002:156 (default for vrf GREEN)
*>i 10.1.0.0/16 10.255.1.7 0 100 0 65002 i
*>i 10.3.0.0/16 10.255.1.5 0 100 0 65002 i
*>i 10.16.1.0/24 10.255.1.3 1021 100 0 65002 ?
*>i 10.16.2.0/24 10.255.1.3 1021 100 0 65002 ?
*>i 10.16.3.0/24 10.255.1.3 1021 100 0 65002 ?
*>i 10.100.0.0/24 10.255.1.3 1011 100 0 65002 ?
*>i 10.255.1.11/32 10.255.1.7 0 100 0 65002 ?
*>i 10.255.1.12/32 10.255.1.8 0 100 0 65002 ?
*>i 10.255.1.13/32 10.255.1.5 0 100 0 65002 ?
*>i 10.255.1.14/32 10.255.1.6 0 100 0 65002 ?
*>i 10.255.1.15/32 10.255.1.3 0 100 0 65002 ?-----这里还是把数据中心的路由从冗余的网关R4传回去给了R16,(AS65002的数据中心网络)
*>i 10.255.1.17/32 10.255.1.3 12 100 0 65002 ?
*>i 10.255.1.19/32 10.255.1.3 1012 100 0 65002 ?
*>i 10.255.1.20/32 10.255.1.3 1012 100 0 65002 ?
*>i 10.255.1.21/32 10.255.1.3 1012 100 0 65002 ?
*>i 10.255.1.101/32 10.255.1.7 11 100 0 65002 ?
*>i 10.255.1.102/32 10.255.1.5 11 100 0 65002 ?
*>i 10.255.1.103/32 10.255.1.3 11 100 0 65002 ?
Total number of prefixes 18
R04#
R04#
R04#
R04#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R04(config)#
R04(config)#inter
R04(config)#interface e
R04(config)#interface ethernet 0/1
R04(config-if)#sh
R04(config-if)#shutdown
R04(config-if)#
*Sep 11 11:22:11.075: %BGP-5-NBR_RESET: Neighbor 10.254.0.78 reset (Interface flap)
*Sep 11 11:22:11.076: %BGP-5-ADJCHANGE: neighbor 10.254.0.78 vpn vrf GREEN Down Interface flap
*Sep 11 11:22:11.076: %BGP_SESSION-5-ADJCHANGE: neighbor 10.254.0.78 IPv4 Unicast vpn vrf GREEN topology base removed from session Interface flap
R04(config-if)#
*Sep 11 11:22:13.045: %LINK-5-CHANGED: Interface Ethernet0/1, changed state to administratively down
*Sep 11 11:22:14.046: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/1, changed state to down
R04(config-if)#no shu
R04(config-if)#no shutdown
R04(config-if)#
R04(config-if)#end
R04#wr
Building configuration...
[OK]
R04#wr
Building configuration...
[OK]
R04#wr
Building configuration...
[OK]
R04#wr
Building configuration...
[OK]
R04#w
*Sep 11 11:23:22.537: %SYS-5-CONFIG_I: Configured from console by console
R04#wr
Building configuration...
[OK]
R04#wr
Building configuration...
[OK]
R04#wr
Building configuration...
[OK]
R04#wr
*Sep 11 11:23:23.324: %LINK-3-UPDOWN: Interface Ethernet0/1, changed state to up
*Sep 11 11:23:24.326: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/1, changed state to up
R04#wr
最低0.47元/天 解锁文章
扫一扫
7505
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
