08-11-2015 06:19 PM - edited 03-01-2019 07:59 AM
Hi:
I have 2 BGP peers, one a cust CE and one an ISP PE both peering BGP on the same global AS #.
Need to establish an EBGP session over an IPsec tunnel but using the BGP local-as feature is not working.
The feature expects one side to be in a different AS but unfortunately neither side can change their AS # (since both are production routers with customer traffic).
Thus both the peers are forming an IBGP session which is a big no, no :-)
Is there a BGP/Cisco 'hack'/feature that we can use to enable EBGP b/w these peers?
Appreciate any guidance.
Thanks,
-Nick
08-12-2015 01:01 AM
Hi Nick,
If you have 2 peers in same AS you are not able to use local-as feature, and one of the reasons why is default bgp loop prevention. Router prepend "real" ASN and "local" ASN in AS-PATH list, so if routers are in the same AS neighbor will drop all updates from such peer.
If you really want to "hack" it, and understand all risks of that, you can use something like back to back local-as between your peers, and disable loop prevention between the peers by using allowas-in:
In my example I have 2 peers and both of them are in same AS #3
R1#show run | sec router bgp
router bgp 3
bgp log-neighbor-changes
redistribute connected
neighbor 3.3.3.3 remote-as 300
neighbor 3.3.3.3 local-as 100
neighbor 3.3.3.3 ebgp-multihop 255
neighbor 3.3.3.3 update-source Loopback0
neighbor 3.3.3.3 allowas-in 1
R3#show run | sec router bgp
router bgp 3
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 100
neighbor 1.1.1.1 local-as 300
neighbor 1.1.1.1 ebgp-multihop 255
neighbor 1.1.1.1 update-source Loopback0
neighbor 1.1.1.1 allowas-in 1
R1#show ip bgp neighbors 3.3.3.3
BGP neighbor is 3.3.3.3, remote AS 300, local AS 100, external link
BGP version 4, remote router ID 3.3.3.3
BGP state = Established, up for 00:02:35
Last read 00:02:35, last write 00:00:39, hold time is 180, keepalive interval is 60 seconds
R1#show ip bgp neighbors 3.3.3.3 advertised-routes
BGP table version is 4, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 0.0.0.0 0 32768 ?
*> 11.11.11.11/32 0.0.0.0 0 32768 ?
*> 192.168.12.0 0.0.0.0 0 32768 ?
R3# show ip bgp neighbors 1.1.1.1
BGP neighbor is 1.1.1.1, remote AS 100, local AS 300, external link
BGP version 4, remote router ID 1.1.1.1
BGP state = Established, up for 00:03:24
Last read 00:00:49, last write 00:00:32, hold time is 180, keepalive interval is 60 seconds
R3#show ip bgp
BGP table version is 104, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 1.1.1.1 0 0 300 100 3 ?
*> 11.11.11.11/32 1.1.1.1 0 0 300 100 3 ?
*> 192.168.12.0 1.1.1.1 0 0 300 100 3 ?
R3#show ip bgp 11.11.11.11/32
BGP routing table entry for 11.11.11.11/32, version 103
Paths: (1 available, best #1, table default)
Not advertised to any peer
Refresh Epoch 2
300 100 3, (received & used)
1.1.1.1 (metric 3) from 1.1.1.1 (1.1.1.1)
Origin incomplete, metric 0, localpref 100, valid, external, best
rx pathid: 0, tx pathid: 0x0
R3#show ip route | in 1.
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/3] via 192.168.23.2, 00:09:21, FastEthernet0/0
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/2] via 192.168.23.2, 00:52:01, FastEthernet0/0
3.0.0.0/32 is subnetted, 1 subnets
11.0.0.0/32 is subnetted, 1 subnets
B 11.11.11.11 [20/0] via 1.1.1.1, 00:09:36
B 192.168.12.0/24 [20/0] via 1.1.1.1, 00:09:36
But be aware that in such config routers don`t have loop prevention anymore and you can have issues with routing because BGP AD is higher than any of IGPs.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide