Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
603
Views
1
Helpful
1
Replies

Use of allowas-in vs. local-as no-prepend replace-as inter-VRF BGP

ciscoCommunity_
Level 1
Level 1

‎03-25-2024 08:00 PM

The document Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 10.2(x) - Configuring Layer 4 - Layer 7 Network Services Integration [Cisco Nexus 9000 Series Switches] - Cisco describes a scenario with a firewall connected to a VxLAN fabric that is providing inter-VRF routing with eBGP as the routing protocol.

ciscoCommunity__2-1711421844303.png

Obviously the AS path loop prevention problems needs to be solved since the firewall needs to re-advertise prefixes learnt from one VRF on the fabric to another VRF on the same fabric.

The document says the following: "Various approaches exist, including disabling the rule that BGP drops routes from its own AS, which has further implications to the network. We recommend inserting the “local-as #ASN# no-prepend replace-as” on each firewall peering with different “local-as” per VRF."

Being from a service provider background and knowing the reason why the local-as feature was originally created, my instinct is to use allowas-in 1, which I have tested as working.  Since allowas-in 1 limits the extra ASes to 1 and is configured only on the firewall peers, can someone please clarify what "further implications to the network" might mean?

Seeing the same fabric AS number in the path with the intervening FW AS in downstream ASes can be helpful to see rather than "masking" one of the VxLAN VRFs with another AS.  My environment also has a scarcity of private ASes so burning an AS on local-as is undesirable.

Can experienced designers weigh in here, specifically as to what "further implications" exist?

Thanks,
Scott

 

Labels:
1 Reply 1

ciscoCommunity_
Level 1
Level 1
In response to TasiaWells

‎03-26-2024 01:58 AM - edited ‎03-26-2024 09:34 PM

Your response does not even begin to address the question and appears to be a regurgitation of some AI nonsense.  I don't quite understand your motivation for responding but unless you are going to further the conversation please refrain from polluting this thread any further.

Thanks.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card