We are connecting a couple dozen sites together with MPLS services from our provider. We plan to router through the provider network using BGP. We're thinking to use the same private BGP AS (e.g. 65001) at each of our sites by using the allowas-in command.
What's the down side of using the same BGP AS at all our sites? Is there a speed or scalability issue or anything?
Would there be a benefit of selecting a unique private BGP AS at each of our sites?
As far as speed and salability, there is not really a down side in allowas-in or as-override command. If you have a lots of routes per site than having a unique AS number helps in troubleshooting. You can easily tell where the routes come from. If you are using the allowas-in command, you would need to make sure people managing your routers know what this command is for, if not by accidentally removing it, you can have complete black hole throughout your network. On the other hand, it is not uncommon to deploy one AS number in an enterprise network.
if ths is an MPLS L3 VPN the service provider will likely use neighbor as-override.
As a result of this you will see remote site BGP routes with an AS path made of
if so you don't need the neighbor allowas-in command on your CE routers in order to accept routes coming from other sites
This is common settings on MPLS VPN providers.
if the SP is not going to do this you will need the neighbor allowas-in.
Be aware that if you are using AS path prepending on some site in order to make it a less attractive entry point for traffic in order to accepts these routes you will need
neighbor allowas-in N
where N is the number of times your AS number may appear in AS path attribute.
Clearly the drawback is a risk for routing loops as you accept routes that contain your AS number.
Hope to help
another con of using the same AS number in all sites is troubleshooting.
Imagine a scenario: There two of 50 sites advertising the same subnet by mistake.
With the same AS number used on all sites you are in trouble to find which site is advertising the subnet by mistake.
Similar scenarios can be created where unique AS number per site is useful.
With the BGP loop prevention mechansm does not allow a BGP speaker to accept prefixes with the local AS number in the AS_PATH list, allowas-in breaking the prevention machasim, however in cases like yours where it would be desirable to accept the routes originated in the same AS via another AS.
In order to prevent routing loops with this feature, you should be careful implementing prefix aggregation. Be careful with summarization. Only one border peer could implement summarization.