Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
5679
Views
8
Helpful
2
Comments

AS-Override in MPLS L3VPN

Vivek Ruhil
Cisco Employee
Cisco Employee

on ‎06-03-2013 11:24 PM

Why to use as-override ?

When using BGP as the CE-PE routing protocol in MPLS VPNs usually enterprise customers have two choices

1. Use different BGP AS number on every site from the private pool.

2. Use same BGP AS number on ever site.

Most commonly used method is number 2 because then the customer doesn't have to track all the AS numbers already used in the network.

Now, when you use the same AS number on every site routing will not be exchanged between sites because the local CE will see its own AS number coming in the BGP AS_PATH attribute and the route will be rejected.

Following message is seen when you do a debug on the CE router:

BGP(0): 140.0.0.202 rcv UPDATE about 1.1.1.1/32 -- DENIED due to: AS-PATH contains our own AS;

The solution is to use "as-override" on the PE routers.

How to configure as-override ?

It is configured per neighbor and is an address-family sub config mode

router bgp 1

!

address-family ipv4 vrf customer

neighbor 1.1.1.1 remote-as 2

neighbor 1.1.1.1 activate

neighbor 1.1.1.1 as-override

!

What as-override does ?

When configured per neighbor, the PE router does a check that will look at the BGP AS_PATH attribute and if it finds an AS number which is same as the one configured with "remote-as" command it replaces that AS number with its own AS-number.

But if the as-path doesn't contain the same "AS" as the one configured with the "remote-as" command then it doesn't replace that AS.

Example:

Looking at the above configuration example:

Actual AS-PATH

1 2

Sent AS-PATH

1 1

Actual AS-PATH

1 3

Sent AS-PATH

1 3

Labels:
Comments
vinayk3
Cisco Employee
Cisco Employee
‎06-04-2013 12:01 AM

Adding to This there is one more way We can use the same AS on all the sites .

command neighor allowas-in

Configuration is quite simple.

router bgp 1

!

neighbor 1.1.1.1 remote-as 2

neighbor 1.1.1.1 activate

neighbor 1.1.1.1 allowas-in 1

The allowas-in command permits multiple occurrences of the same AS  in the as-path as the AS of the BGP speaker without BGP denying the route. The number you can configure is from 1 to 10, specifying the number of times that the AS is allowed in the as-path.

Key difference between the two command is that  Allowas-in allows the loop prevention to be ignored for the configured amount of instances, and the as-override causes the routers to modify the AS_PATH.

Using these two commands you can cheat AS Path criteria in BGP

Thanks

Vinay

ปลาวาฬทราย RMUTT CPE IX
Level 4
Level 4
‎01-03-2018 08:15 PM

I use it. I see the route can install in the routing table but I can't ping, how should I do?

 

My Topology:

PE1 vrf A - PE2 with as-override - PE1 vrf B - PE3 vrf B - CE destination

 

Thank you very much.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links
Discussions
Customers Also Viewed These Support Documents