cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
18930
Views
47
Helpful
7
Replies

neighbor allowas-in

What is the command in BGP

neighbor allowas-in 4

when to use it in BGP?

1 Accepted Solution

Accepted Solutions

Peter Paluch
Cisco Employee
Cisco Employee

Hello Ambrish,

Imagine a scenario like this one:

 

 

A single customer has two locations interconnected via the same provider in ASN 1234. The provider requires that the customer uses BGP to advertise its routes, and tells the customer to use the ASN 65001 on both its locations.

The obvious problem is now that if a network X is advertised by CE1 to PE1, its AS_PATH attribute will contain "65001". When the route is advertised from PE1 to PE2 and subsequently to CE2, the AS_PATH attribute will be modified to "1234 65001". However, CE2 is in ASN 65001 itself, and when it sees the same ASN in a received update from PE2, it will think that this is a route that is simply being advertised back to the same autonomous system that has already seen it, and it will drop it. In other words, no routes behind CE1 will be visible on CE2, and vice versa.

Correctly, the provider should configure its PE routers to "masquerade" the ASN 65001 in these updates using the

neighbor as-override

command. This will cause all occurrences of the ASN 65001 to be rewritten to the provider's own ASN of 1234, so the AS_PATH as seen by CE routers would in fact be "1234 1234". However, this command is only available for MPLS L3VPN deployments and cannot be used in all situations.

Therefore, the CE router, itself being in ASN 65001, can be instructed to bypass the anti-routing-loop check in BGP and accept even those routes that already carry the AS 65001 in their AS_PATH attribute. This is exactly the meaning of the

neighbor allowas-in

command. The optional numeric argument specifies how many times the CE's own ASN can be present in the AS_PATH in order for the path to be accept. By default, it is 3.

You can read more about the command here:

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mpls/command/mp-cr-book/mp-m4.html#wp2021165699

Feel welcome to ask further!

Best regards,
Peter

View solution in original post

7 Replies 7

Peter Paluch
Cisco Employee
Cisco Employee

Hello Ambrish,

Imagine a scenario like this one:

 

 

A single customer has two locations interconnected via the same provider in ASN 1234. The provider requires that the customer uses BGP to advertise its routes, and tells the customer to use the ASN 65001 on both its locations.

The obvious problem is now that if a network X is advertised by CE1 to PE1, its AS_PATH attribute will contain "65001". When the route is advertised from PE1 to PE2 and subsequently to CE2, the AS_PATH attribute will be modified to "1234 65001". However, CE2 is in ASN 65001 itself, and when it sees the same ASN in a received update from PE2, it will think that this is a route that is simply being advertised back to the same autonomous system that has already seen it, and it will drop it. In other words, no routes behind CE1 will be visible on CE2, and vice versa.

Correctly, the provider should configure its PE routers to "masquerade" the ASN 65001 in these updates using the

neighbor as-override

command. This will cause all occurrences of the ASN 65001 to be rewritten to the provider's own ASN of 1234, so the AS_PATH as seen by CE routers would in fact be "1234 1234". However, this command is only available for MPLS L3VPN deployments and cannot be used in all situations.

Therefore, the CE router, itself being in ASN 65001, can be instructed to bypass the anti-routing-loop check in BGP and accept even those routes that already carry the AS 65001 in their AS_PATH attribute. This is exactly the meaning of the

neighbor allowas-in

command. The optional numeric argument specifies how many times the CE's own ASN can be present in the AS_PATH in order for the path to be accept. By default, it is 3.

You can read more about the command here:

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mpls/command/mp-cr-book/mp-m4.html#wp2021165699

Feel welcome to ask further!

Best regards,
Peter

From your above answer i came to know that Same As information will not propagates by Provider/ISP for other C.E. location with same AS running , then

neighbor allowas-in

comes in role now by the help of this command location or C.E ROUTER GET THE SAME AS INFORMATION FROM ISP or provider,correct me if i am wrong.

 

But  still i unable to understand why we are giving the numeric value like in command

neighbor allowas-in

1, 2,3,4

 

 

From your above answer i came to know that Same As information will not propagates by Provider/ISP for other C.E. location with same AS running

That's not what Peter was saying.

The

allowas-in

command is nothing to do with the provider in terms of propagation of routes.

If the provider PEs see multiple instances of the same AS in the path it will affect the routing decisions on their PEs but it will not stop them sending the routing advertisements from one CE to another.

But without that command a CE device receiving a route advertisement with it's own AS in the path will not accept the route. So using that command allows the CE devices to accept routes with their own AS in the path.

The numeric value is simply there so you can choose how many times you want to allow the same AS to be there.

For example if you were adding multiple instances of your AS to the path to influence routing decisions within the provider network then being able to define the number of times the AS can be present gives you more flexibility and also helps to control exactly which routes you accept on the CE devices.

Jon

Thanks Peter & John for your great support,

Now one thing more could you give me a demo of Routes updates  with this command using numeric value 1 and 4.
 

If you have something to run it on then run it yourself to see what happens.

We have explained how it works, it should not be hard to setup a test.

Jon

very good explanation, thank you 

Excellent Explanation Peter!! 

Review Cisco Networking for a $25 gift card