Showing results for 
Search instead for 
Did you mean: 
John Patrick Lopez

Overriding Multiple AS Instance

I'm trying to do some lab here and just some odd behavior.



I have two routes, and being advertised from CE2 to PE2. For .77, I did some random prepends.



route-map AS20_OUT, permit, sequence 10
Match clauses:
ip address prefix-lists: 10
Set clauses:
as-path prepend 20 65000 20 20
Policy routing matches: 0 packets, 0 bytes
route-map AS20_OUT, permit, sequence 20


On PE2, I did allowas-in so that the route will still be accepted because I added 65000 in the route-map.


Here's what it looks like on PE1 now. PE1 is also doing local-as 100 for the peering with CE1.


*> 0 0           20 i

*> 0 0         20 20 65000 20 20 i


On CE1, I did allowas-in as well. However, it is rejecting the .77 route but allowing .7.


BGP(0): rcv UPDATE w/ attr: nexthop, origin i, originator, merged path 100 65000 20 20 65000 20 20, AS_PATH , community , extended community , SSA attribute
*Jan 21 09:47:01.425: BGPSSA ssacount is 0
*Jan 21 09:47:01.425: BGP(0): rcv UPDATE about -- DENIED due to: AS-PATH contains our own AS;



*> 0      100 65000 20 i


The above output is correct because since PE1 is doing local-as, I expected PE1 to advertise it as 100 65000 20 for .7/32 route. However, Even though I have allowas-in on CE1, it is rejecting .77/32. So I am wondering why it is accepting .7/32 with a single instance of AS20 but not accepting .77/32 which has multiple instance due to the prepends.


When I applied AS override on PE1 facing CE1, the route was indeed accepted by PE1. I just want to clarify though if this is the correct behavior as PE1 replaced all AS20 instance with AS100.


*> 0 100 65000 100 100 65000 100 100 i


I can't seem to find in Cisco documentation that it will replace all the AS#s in the AS_SET. Is this normal?


Hey John, could you post your config for CE1?


Might it be the case the allowas-in is working as intended and that the number of times (optional) the AS should be allowed in the as-path has not been statically configured?



If so, neighbor x.x.x.x allowas-in 4 should solve the issues here.


Hope this helps.



Thanks I see it now. What about the override? Is it a correct behavior that all the offending AS are going to be replaced? Thanks!

John, yes, the as-override is working as intended, for details about the implementation I found this article.

Hope this helps.
Cheers, L.
Content for Community-Ad