Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

AS-Override in MPLS L3VPN

Why to use as-override ?

When using BGP as the CE-PE routing protocol in MPLS VPNs usually enterprise customers have two choices

1. Use different BGP AS number on every site from the private pool.

2. Use same BGP AS number on ever site.

Most commonly used method is number 2 because then the customer doesn't have to track all the AS numbers already used in the network.

Now, when you use the same AS number on every site routing will not be exchanged between sites because the local CE will see its own AS number coming in the BGP AS_PATH attribute and the route will be rejected.

Following message is seen when you do a debug on the CE router:

BGP(0): 140.0.0.202 rcv UPDATE about 1.1.1.1/32 -- DENIED due to: AS-PATH contains our own AS;

The solution is to use "as-override" on the PE routers.

How to configure as-override ?

It is configured per neighbor and is an address-family sub config mode

router bgp 1

!

address-family ipv4 vrf customer

neighbor 1.1.1.1 remote-as 2

neighbor 1.1.1.1 activate

neighbor 1.1.1.1 as-override

!

What as-override does ?

When configured per neighbor, the PE router does a check that will look at the BGP AS_PATH attribute and if it finds an AS number which is same as the one configured with "remote-as" command it replaces that AS number with its own AS-number.

But if the as-path doesn't contain the same "AS" as the one configured with the "remote-as" command then it doesn't replace that AS.

Example:

Looking at the above configuration example:

Actual AS-PATH

1 2

Sent AS-PATH

1 1

Actual AS-PATH

1 3

Sent AS-PATH

1 3

Version history
Revision #:
1 of 1
Last update:
‎06-03-2013 11:24 PM
Updated by:
 
Labels (1)
Everyone's tags (5)
Comments
Bronze

Adding to This there is one more way We can use the same AS on all the sites .

command neighor allowas-in

Configuration is quite simple.

router bgp 1

!

neighbor 1.1.1.1 remote-as 2

neighbor 1.1.1.1 activate

neighbor 1.1.1.1 allowas-in 1

The allowas-in command permits multiple occurrences of the same AS  in the as-path as the AS of the BGP speaker without BGP denying the route. The number you can configure is from 1 to 10, specifying the number of times that the AS is allowed in the as-path.

Key difference between the two command is that  Allowas-in allows the loop prevention to be ignored for the configured amount of instances, and the as-override causes the routers to modify the AS_PATH.

Using these two commands you can cheat AS Path criteria in BGP

Thanks

Vinay