I'm trying to do some lab here and just some odd behavior.
I have two routes, 192.168.255.7/32 and 192.168.255.77/32 being advertised from CE2 to PE2. For .77, I did some random prepends.
route-map AS20_OUT, permit, sequence 10
ip address prefix-lists: 10
as-path prepend 20 65000 20 20
Policy routing matches: 0 packets, 0 bytes
route-map AS20_OUT, permit, sequence 20
On PE2, I did allowas-in so that the route will still be accepted because I added 65000 in the route-map.
Here's what it looks like on PE1 now. PE1 is also doing local-as 100 for the peering with CE1.
*> 192.168.255.7/32 192.168.47.7 0 0 20 i
*> 192.168.255.77/32 192.168.47.7 0 0 20 20 65000 20 20 i
On CE1, I did allowas-in as well. However, it is rejecting the .77 route but allowing .7.
BGP(0): 192.168.16.1 rcv UPDATE w/ attr: nexthop 192.168.16.1, origin i, originator 0.0.0.0, merged path 100 65000 20 20 65000 20 20, AS_PATH , community , extended community , SSA attribute
*Jan 21 09:47:01.425: BGPSSA ssacount is 0
*Jan 21 09:47:01.425: BGP(0): 192.168.16.1 rcv UPDATE about 192.168.255.77/32 -- DENIED due to: AS-PATH contains our own AS;
*> 192.168.255.7/32 192.168.16.1 0 100 65000 20 i
The above output is correct because since PE1 is doing local-as, I expected PE1 to advertise it as 100 65000 20 for .7/32 route. However, Even though I have allowas-in on CE1, it is rejecting .77/32. So I am wondering why it is accepting .7/32 with a single instance of AS20 but not accepting .77/32 which has multiple instance due to the prepends.
When I applied AS override on PE1 facing CE1, the route was indeed accepted by PE1. I just want to clarify though if this is the correct behavior as PE1 replaced all AS20 instance with AS100.
*> 192.168.255.77/32 192.168.16.1 0 100 65000 100 100 65000 100 100 i
I can't seem to find in Cisco documentation that it will replace all the AS#s in the AS_SET. Is this normal?
Hey John, could you post your config for CE1?
Might it be the case the allowas-in is working as intended and that the number of times (optional) the AS should be allowed in the as-path has not been statically configured?
If so, neighbor x.x.x.x allowas-in 4 should solve the issues here.
Hope this helps.
Thanks I see it now. What about the override? Is it a correct behavior that all the offending AS are going to be replaced? Thanks!
John, yes, the as-override is working as intended, for details about the implementation I found this article.