Accepted Solutions
- last edited on by
Translator
Hello Ambrish,
Imagine a scenario like this one:
A single customer has two locations interconnected via the same provider in ASN 1234. The provider requires that the customer uses BGP to advertise its routes, and tells the customer to use the ASN 65001 on both its locations.
The obvious problem is now that if a network X is advertised by CE1 to PE1, its AS_PATH attribute will contain "65001". When the route is advertised from PE1 to PE2 and subsequently to CE2, the AS_PATH attribute will be modified to "1234 65001". However, CE2 is in ASN 65001 itself, and when it sees the same ASN in a received update from PE2, it will think that this is a route that is simply being advertised back to the same autonomous system that has already seen it, and it will drop it. In other words, no routes behind CE1 will be visible on CE2, and vice versa.
Correctly, the provider should configure its PE routers to "masquerade" the ASN 65001 in these updates using the
neighbor as-override
command. This will cause all occurrences of the ASN 65001 to be rewritten to the provider's own ASN of 1234, so the AS_PATH as seen by CE routers would in fact be "1234 1234". However, this command is only available for MPLS L3VPN deployments and cannot be used in all situations.
Therefore, the CE router, itself being in ASN 65001, can be instructed to bypass the anti-routing-loop check in BGP and accept even those routes that already carry the AS 65001 in their AS_PATH attribute. This is exactly the meaning of the
neighbor allowas-in
command. The optional numeric argument specifies how many times the CE's own ASN can be present in the AS_PATH in order for the path to be accept. By default, it is 3.
You can read more about the command here:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mpls/command/mp-cr-book/mp-m4.html#wp2021165699
Feel welcome to ask further!
Best regards,
Peter
- last edited on by
Translator
Hello Ambrish,
Imagine a scenario like this one:
A single customer has two locations interconnected via the same provider in ASN 1234. The provider requires that the customer uses BGP to advertise its routes, and tells the customer to use the ASN 65001 on both its locations.
The obvious problem is now that if a network X is advertised by CE1 to PE1, its AS_PATH attribute will contain "65001". When the route is advertised from PE1 to PE2 and subsequently to CE2, the AS_PATH attribute will be modified to "1234 65001". However, CE2 is in ASN 65001 itself, and when it sees the same ASN in a received update from PE2, it will think that this is a route that is simply being advertised back to the same autonomous system that has already seen it, and it will drop it. In other words, no routes behind CE1 will be visible on CE2, and vice versa.
Correctly, the provider should configure its PE routers to "masquerade" the ASN 65001 in these updates using the
neighbor as-override
command. This will cause all occurrences of the ASN 65001 to be rewritten to the provider's own ASN of 1234, so the AS_PATH as seen by CE routers would in fact be "1234 1234". However, this command is only available for MPLS L3VPN deployments and cannot be used in all situations.
Therefore, the CE router, itself being in ASN 65001, can be instructed to bypass the anti-routing-loop check in BGP and accept even those routes that already carry the AS 65001 in their AS_PATH attribute. This is exactly the meaning of the
neighbor allowas-in
command. The optional numeric argument specifies how many times the CE's own ASN can be present in the AS_PATH in order for the path to be accept. By default, it is 3.
You can read more about the command here:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mpls/command/mp-cr-book/mp-m4.html#wp2021165699
Feel welcome to ask further!
Best regards,
Peter
