Understanding BGP AS-Override Feature

Document

Jan 5, 2012 5:41 AM
Jan 5th, 2012
Introduction

Loop prevention in BGP is done by verifying the AS number in the AS Path. If the receiving router sees its own AS number in the AS Path of the received BGP packet, the packet is dropped. The receiving Router assumes that the packet was originated from its own AS and has reached the same place from where it originated initially.

The feature could be a disaster if customers are using same AS number along the various sites and disallows customer sites having identical AS numbers to be linked by another AS number. In such a scenario, routing updates from one site will be dropped when the other site receives them.

To override this feature, AS-Override function causes to replace the AS number of originating router with the AS number of the sending BGP router. The command is neighbor ip-address as-override and can only be executed under the VPNv4 address-family.

Here are the steps to illustrate the As-Override process

  • Router TAURUS_Site-A advertises route 10.3.3.3 with AS100.
  • Router PE-1 propagates this as an internal route to PE2 as AS100.
  • PE2 prepends 10.3.3.3 with AS 121 and replaces 100 in the AS-Path to 121 and propagates the prefix.
  • Router TAURUS_Site-B accepts 10.3.3.3 update.

Prerequisite
  • Understanding of MPLS Technology
  • Understanding of MBGP
  • Understanding of OSPF routing protocol

Topology Diagram

BGP_AS-Override.bmp

Background

In this Topology, router PE-1 and PE-2 forms the Service Provider MPLS Cloud. The two routers are connected via fast Ethernet interface 0/0 and are running OSPF (Area 0) routing protocol. MPLS is configured on physical links (Fast Ethernet 0/0) of the SP network. Tagging is done via LDP and the labels are assigned in the range 100-199 on PE1 and 200-299 on PE2.

TAURUS and CINDY are the two customers with multiple sites (Site-A and Site-B). Customer TAURUS is operating under AS 100 and customer CINDY is operating under AS 200.

VPNv4 neighbor relationship is configured between (vrf TAURUS and vrf CINDY)

  • PE-1 & TAURUS_Site-A
  • PE-1 & CINDY_Site-A
  • PE-2 & TAURUS_Site-B
  • PE-2 & CINDY_Site-A

Routes from each site are advertised to PE routers within EBGP session. These routes are further propagated to next PE routers which are then forwarded to respective Customer-Site.

Note: All configurations are tested on Cisco 3700 series router with IOS 12.4.

Configuration
1. PE Configuration

   

PE-1PE-2

hostname PE-1

ip cef

ip vrf CINDY

rd 1:200

route-target export 1:200

route-target import 1:200

ip vrf TAURUS

rd 1:100

route-target export 1:100

route-target import 1:100

no ip domain lookup

mpls label range 100 199

mpls label protocol ldp

interface Loopback0

ip address 1.1.1.1 255.255.255.255

interface FastEthernet0/0

ip address 10.12.12.1 255.255.255.0

duplex auto

speed auto

mpls ip

interface Serial0/0

ip vrf forwarding TAURUS

ip address 192.13.13.1 255.255.255.252

clock rate 2000000

interface Serial0/1

ip vrf forwarding CINDY

ip address 192.14.14.1 255.255.255.252

clock rate 2000000

router ospf 10

router-id 1.1.1.1

log-adjacency-changes

network 1.1.1.1 0.0.0.0 area 0

network 10.12.12.1 0.0.0.0 area 0

router bgp 121

no synchronization

bgp log-neighbor-changes

network 11.11.11.11 mask 255.255.255.255

neighbor 2.2.2.2 remote-as 121

neighbor 2.2.2.2 update-source Loopback0

neighbor 2.2.2.2 next-hop-self

no auto-summary

address-family vpnv4

  neighbor 2.2.2.2 activate

  neighbor 2.2.2.2 send-community both

exit-address-family

address-family ipv4 vrf TAURUS

  redistribute connected

  neighbor 192.13.13.2 remote-as 100

  neighbor 192.13.13.2 activate

  neighbor 192.13.13.2 as-override

  no synchronization

exit-address-family

address-family ipv4 vrf CINDY

  redistribute connected

  neighbor 192.14.14.2 remote-as 200

  neighbor 192.14.14.2 activate

  neighbor 192.14.14.2 as-override

  no synchronization

exit-address-family

mpls ldp router-id Loopback0

exit

hostname PE-2

ip cef

ip vrf CINDY

rd 1:200

route-target export 1:200

route-target import 1:200

ip vrf TAURUS

rd 1:100

route-target export 1:100

route-target import 1:100

no ip domain lookup

mpls label range 200 299

mpls label protocol ldp

interface Loopback0

ip address 2.2.2.2 255.255.255.255

interface Loopback1

ip address 22.22.22.22 255.255.255.255

interface FastEthernet0/0

ip address 10.12.12.2 255.255.255.0

duplex auto

speed auto

mpls ip

interface Serial0/0

ip vrf forwarding TAURUS

ip address 192.23.23.1 255.255.255.252

clock rate 2000000

interface Serial0/1

ip vrf forwarding CINDY

ip address 192.26.26.1 255.255.255.252

clock rate 2000000

router ospf 10

router-id 2.2.2.2

log-adjacency-changes

network 2.2.2.2 0.0.0.0 area 0

network 10.12.12.2 0.0.0.0 area 0

router bgp 121

no synchronization

bgp log-neighbor-changes

network 22.22.22.22 mask 255.255.255.255

neighbor 1.1.1.1 remote-as 121

neighbor 1.1.1.1 update-source Loopback0

neighbor 1.1.1.1 next-hop-self

no auto-summary

address-family vpnv4

  neighbor 1.1.1.1 activate

  neighbor 1.1.1.1 send-community both

exit-address-family

address-family ipv4 vrf TAURUS

  redistribute connected

  neighbor 192.23.23.2 remote-as 100

  neighbor 192.23.23.2 activate

  neighbor 192.23.23.2 as-override

  no synchronization

exit-address-family

address-family ipv4 vrf CINDY

  redistribute connected

  neighbor 192.26.26.2 remote-as 200

  neighbor 192.26.26.2 activate

  neighbor 192.26.26.2 as-override

  no synchronization

exit-address-family

mpls ldp router-id Loopback0

exit



2. CE Configuration

TAURUS_Site-ACINDY_Site-ATAURUS_Site-BCINDY_Site-B

hostname TAURUS-Site_A

ip cef

no ip domain lookup

interface Loopback0

ip address 10.3.3.3 255.255.255.255

interface Serial0/0

ip address 192.13.13.2 255.255.255.252

clock rate 2000000

router bgp 100

no synchronization

bgp log-neighbor-changes

network 10.3.3.3 mask 255.255.255.255

neighbor 192.13.13.1 remote-as 121

no auto-summary

exit

hostname CINDY-SITE_A

ip cef

no ip domain lookup

interface Loopback0

ip address 10.4.4.4 255.255.255.255

interface Serial0/0

ip address 192.14.14.2 255.255.255.252

clock rate 2000000

router bgp 200

no synchronization

bgp log-neighbor-changes

network 10.4.4.4 mask 255.255.255.255

neighbor 192.14.14.1 remote-as 121

no auto-summary

exit

hostname TAURUS-Site_B

ip cef

no ip domain lookup

interface Loopback0

ip address 10.5.5.5 255.255.255.255

interface Serial0/0

ip address 192.23.23.2 255.255.255.252

clock rate 2000000

router bgp 100

no synchronization

bgp log-neighbor-changes

network 10.5.5.5 mask 255.255.255.255

neighbor 192.23.23.1 remote-as 121

no auto-summary

exit

hostname CINDY-SITE_B

ip cef

no ip domain lookup

interface Loopback0

ip address 10.6.6.6 255.255.255.255

interface Serial0/0

ip address 192.26.26.2 255.255.255.252

clock rate 2000000

router bgp 200

no synchronization

bgp log-neighbor-changes

network 10.6.6.6 mask 255.255.255.255

neighbor 192.26.26.1 remote-as 121

no auto-summary

exit

Verification

PE-1#show ip bgp vpnv4 all summary

< output truncated >

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd

2.2.2.2           4    121     115     116            15       0    0      01:09:16        4

192.13.13.2    4    100      70      74             15       0     0      00:46:42        1

192.14.14.2    4    200      41      44             15       0     0      00:36:14        1

PE-2#show ip bgp vpnv4 all summary

< output truncated >

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd

1.1.1.1            4   121     119     118             15       0    0      01:11:22        4

192.23.23.2     4   100      53      56               15       0    0      00:48:07        1

192.26.26.2     4   200      41      44               15       0    0      00:36:46        1

PE-1#sh ip route vrf  TAURUS bgp

     192.23.23.0/30 is subnetted, 1 subnets

B       192.23.23.0 [200/0] via 2.2.2.2, 00:25:32

     10.0.0.0/32 is subnetted, 2 subnets

B       10.3.3.3 [20/0] via 192.13.13.2, 00:35:30

B       10.5.5.5 [200/0] via 2.2.2.2, 00:33:03

PE-1#show ip route vrf CINDY bgp

     192.26.26.0/30 is subnetted, 1 subnets

B       192.26.26.0 [200/0] via 2.2.2.2, 00:27:05

     10.0.0.0/32 is subnetted, 2 subnets

B       10.6.6.6 [200/0] via 2.2.2.2, 00:32:36

B       10.4.4.4 [20/0] via 192.14.14.2, 00:34:51

PE-1#show ip bgp vpnv4 all

BGP table version is 15, local router ID is 11.11.11.11

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

              r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

    Network          Next Hop            Metric LocPrf Weight Path

Route Distinguisher: 1:100 (default for vrf TAURUS)

*> 10.3.3.3/32      192.13.13.2                 0                   0 100 i

*>i10.5.5.5/32      2.2.2.2                        0     100         0 100 i

*> 192.13.13.0/30   0.0.0.0                      0              32768 ?

*>i192.23.23.0/30   2.2.2.2                      0      100          0 ?

Route Distinguisher: 1:200 (default for vrf CINDY)

*> 10.4.4.4/32      192.14.14.2                 0                    0 200 i

*>i10.6.6.6/32      2.2.2.2                        0    100           0 200 i

*> 192.14.14.0/30   0.0.0.0                      0               32768 ?

*>i192.26.26.0/30   2.2.2.2                      0     100            0 ?

TAURUS-Site_A#ping 10.5.5.5

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.5.5.5, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 456/696/972 ms

The prefix 10.5.5.5 (from Router TAURUS-Site_B) is receieved and pinged successfully from Router TAURUS-Site_A.

References

Cisco IOS IP and IP Routing Command Reference

Configuring Basic MPLS VPN

Cisco IOS Multiprotocol Label Switching Configuration Guide

Cisco MPLS Support Page

Cisco BGP Support Page

Average Rating: 0 (0 ratings)

Comments

Actions

Login or Register to take actions

This Document

Posted January 5, 2012 at 5:41 AM
Stats:
Comments:1 Avg. Rating:0
Views:15900 Contributors:1
Shares:0

Related Content

Documents Leaderboard