08-09-2010 07:08 PM - edited 03-04-2019 09:22 AM
We are connecting a couple dozen sites together with MPLS services from our provider. We plan to router through the provider network using BGP. We're thinking to use the same private BGP AS (e.g. 65001) at each of our sites by using the allowas-in command.
What's the down side of using the same BGP AS at all our sites? Is there a speed or scalability issue or anything?
Would there be a benefit of selecting a unique private BGP AS at each of our sites?
Thank you
08-09-2010 07:44 PM
Tod,
As far as speed and salability, there is not really a down side in allowas-in or as-override command. If you have a lots of routes per site than having a unique AS number helps in troubleshooting. You can easily tell where the routes come from. If you are using the allowas-in command, you would need to make sure people managing your routers know what this command is for, if not by accidentally removing it, you can have complete black hole throughout your network. On the other hand, it is not uncommon to deploy one AS number in an enterprise network.
HTH
Reza
08-10-2010 04:00 AM
Hello Tod,
if ths is an MPLS L3 VPN the service provider will likely use neighbor as-override.
As a result of this you will see remote site BGP routes with an AS path made of
SP-ASnumber SP-ASnumber
instead of:
SP-ASnumber 65001
if so you don't need the neighbor allowas-in command on your CE routers in order to accept routes coming from other sites
This is common settings on MPLS VPN providers.
if the SP is not going to do this you will need the neighbor allowas-in.
Be aware that if you are using AS path prepending on some site in order to make it a less attractive entry point for traffic in order to accepts these routes you will need
neighbor allowas-in N
where N is the number of times your AS number may appear in AS path attribute.
Clearly the drawback is a risk for routing loops as you accept routes that contain your AS number.
Hope to help
Giuseppe
08-10-2010 11:02 AM
Hi,
another con of using the same AS number in all sites is troubleshooting.
Imagine a scenario: There two of 50 sites advertising the same subnet by mistake.
With the same AS number used on all sites you are in trouble to find which site is advertising the subnet by mistake.
Similar scenarios can be created where unique AS number per site is useful.
BR,
Milan
08-10-2010 11:14 AM
With the BGP loop prevention mechansm does not allow a BGP speaker to accept prefixes with the local AS number in the AS_PATH list, allowas-in breaking the prevention machasim, however in cases like yours where it would be desirable to accept the routes originated in the same AS via another AS.
In order to prevent routing loops with this feature, you should be careful implementing prefix aggregation. Be careful with summarization. Only one border peer could implement summarization.
Francisco
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide