BGP SoO
If multiple CEs in a VPN site access different PEs and BGP peer relationships are established between PEs and CEs, VPN routes sent from CEs to PEs may return to this VPN site after traveling across the backbone network. This may cause routing loops in the VPN site.
After the SoO attribute is configured on a PE, the PE adds the SoO attribute to the route sent from a CE and then advertises the route to other PE peers. Before advertising the VPN route to the connected CE, the PE peers check the SoO attribute carried in the VPN route. If the PE peers find that this SoO attribute is the same as the locally configured SoO attribute, the PE peers do not advertise this VPN route to the connected CE.
On the network shown in Figure 1, CE1 and CE2 belong to the same VPN site and can advertise routes to each other. CE1 advertises the route destined for 10.1.1.1/32 in the VPN site to PE1, and PE1 advertises the route to PE2 by using Multiprotocol Internal Border Gateway Protocol (MP-IBGP). PE2 then advertises the route to CE2 by using BGP. As a result, the route returns to the original VPN site from which the route is advertised, which may cause a routing loop in the VPN site.
To avoid routing loops in a VPN site, you can configure an SoO attribute on PE1 for CE1. The SoO attribute identifies the site where the CE1 resides. The routes advertised by CE1 to PE1 then carry this SoO attribute, and PE1 advertises the routes with the SoO attribute to PE2 across the backbone network. Before advertising the received routes to its peer CE2, PE2 checks whether the routes carry the SoO attribute specified for the site where CE2 resides. If a route carries this SoO attribute, this route is advertised from the site where CE2 resides. PE2 then refuses to advertise such a route to CE2, avoiding routing loops in the site.