cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
171
Views
10
Helpful
3
Replies
Highlighted

Overriding Multiple AS Instance

I'm trying to do some lab here and just some odd behavior.

CE1(AS20)----PE1(65000)----(65000)PE2----CE2(AS20)

 

I have two routes, 192.168.255.7/32 and 192.168.255.77/32 being advertised from CE2 to PE2. For .77, I did some random prepends.

 

CE2#

route-map AS20_OUT, permit, sequence 10
Match clauses:
ip address prefix-lists: 10
Set clauses:
as-path prepend 20 65000 20 20
Policy routing matches: 0 packets, 0 bytes
route-map AS20_OUT, permit, sequence 20

 

On PE2, I did allowas-in so that the route will still be accepted because I added 65000 in the route-map.

 

Here's what it looks like on PE1 now. PE1 is also doing local-as 100 for the peering with CE1.

 

*> 192.168.255.7/32 192.168.47.7 0 0           20 i

*> 192.168.255.77/32 192.168.47.7 0 0         20 20 65000 20 20 i

 

On CE1, I did allowas-in as well. However, it is rejecting the .77 route but allowing .7.

 

BGP(0): 192.168.16.1 rcv UPDATE w/ attr: nexthop 192.168.16.1, origin i, originator 0.0.0.0, merged path 100 65000 20 20 65000 20 20, AS_PATH , community , extended community , SSA attribute
*Jan 21 09:47:01.425: BGPSSA ssacount is 0
*Jan 21 09:47:01.425: BGP(0): 192.168.16.1 rcv UPDATE about 192.168.255.77/32 -- DENIED due to: AS-PATH contains our own AS;

 

CE1:

*> 192.168.255.7/32 192.168.16.1 0      100 65000 20 i

 

The above output is correct because since PE1 is doing local-as, I expected PE1 to advertise it as 100 65000 20 for .7/32 route. However, Even though I have allowas-in on CE1, it is rejecting .77/32. So I am wondering why it is accepting .7/32 with a single instance of AS20 but not accepting .77/32 which has multiple instance due to the prepends.

 

When I applied AS override on PE1 facing CE1, the route was indeed accepted by PE1. I just want to clarify though if this is the correct behavior as PE1 replaced all AS20 instance with AS100.

 

*> 192.168.255.77/32 192.168.16.1 0 100 65000 100 100 65000 100 100 i

 

I can't seem to find in Cisco documentation that it will replace all the AS#s in the AS_SET. Is this normal?

3 REPLIES 3
Highlighted

Hey John, could you post your config for CE1?

 

Might it be the case the allowas-in is working as intended and that the number of times (optional) the AS should be allowed in the as-path has not been statically configured?

 

llowas.png

If so, neighbor x.x.x.x allowas-in 4 should solve the issues here.

 

Hope this helps.

 

L.

Highlighted

Thanks I see it now. What about the override? Is it a correct behavior that all the offending AS are going to be replaced? Thanks!

Highlighted

John, yes, the as-override is working as intended, for details about the implementation I found this article.

 
Hope this helps.
 
Cheers, L.
Content for Community-Ad