Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

BGP allowas-in

Could someone explain to me about the BGP allow-as in configuration as it relates to MPLS VPN ? why do I need it, when do I need it ? It would help to explain in parrallel with as-overide, as I get mixed between the application of the two.

Thanks

Herbert.

1 ACCEPTED SOLUTION

Accepted Solutions
Purple

Re: BGP allowas-in

Here's how AS-override works:

- this is used when two or more CEs for a customer use the same BGP AS# (quite common)

- the PE looks at the first AS# in the AS-PATH of the route being advertised to a CE. If this is equal to the AS# of the CE it is advertising the route to, it is replaced by the provider's own AS#. This works even if there are multiple occurences of the As# (due to ASPATH prepending).

- the impact of the above will be that the ASPATH of the route received by the CE will have at least two occurences of the provider's own AS#.

Here's how allowas-in works:

- this is used in situations where a customer site links 2 VPNS e.g. a site has 2 links,where each terminates on a different VRF on the PE

- this is also applicable in cases where a CE is multi-homed to 2 PE routers (same VRF)

- now, when the CE advertises a route learned from one of the PEs to another, the PE will drop the route because it contains it's own AS# (since the route was learned from another PE in the first place).

- the use of allowas-in disables this check on the PE

- you can specify the maximum amount of occurences of the PE router's AS# in the ASPATH to prevent loops

You can also use the Site-of-Origin attribute to prevent advertising routes out to a site from which they were originally learned.

Hope that helps - pls rate the post if it does.

Paresh

4 REPLIES
Purple

Re: BGP allowas-in

Here's how AS-override works:

- this is used when two or more CEs for a customer use the same BGP AS# (quite common)

- the PE looks at the first AS# in the AS-PATH of the route being advertised to a CE. If this is equal to the AS# of the CE it is advertising the route to, it is replaced by the provider's own AS#. This works even if there are multiple occurences of the As# (due to ASPATH prepending).

- the impact of the above will be that the ASPATH of the route received by the CE will have at least two occurences of the provider's own AS#.

Here's how allowas-in works:

- this is used in situations where a customer site links 2 VPNS e.g. a site has 2 links,where each terminates on a different VRF on the PE

- this is also applicable in cases where a CE is multi-homed to 2 PE routers (same VRF)

- now, when the CE advertises a route learned from one of the PEs to another, the PE will drop the route because it contains it's own AS# (since the route was learned from another PE in the first place).

- the use of allowas-in disables this check on the PE

- you can specify the maximum amount of occurences of the PE router's AS# in the ASPATH to prevent loops

You can also use the Site-of-Origin attribute to prevent advertising routes out to a site from which they were originally learned.

Hope that helps - pls rate the post if it does.

Paresh

New Member

Re: BGP allowas-in

Thanks Paresh, very helpful explanation.

Is it safe to say in a multi-homed CE environment you will always soo and allowas-in ?

Herbert.

Purple

Re: BGP allowas-in

Hi Herbert,

You don't always have to ...sometimes the setup is such that these looping situations will just not occur. But it does not do any harm. Also, SoO is quite useful when you are running non-BGP PE-CE protocols in addition to BGP...

Hope that helps,

Paresh

New Member

Re: BGP allowas-in

Hi

Yes. I just saw this command being used in multihoming environment. I have tested our multihoming and it works as expected.

jasrine47

http://ciscorouterconfig.blogspot.com/

3829
Views
15
Helpful
4
Replies
CreatePlease to create content