Re: Trying to Understand this - Page 2

Steven Williams · ‎02-10-2014

R1169063#show ip bgp neighbors 152.162.63.101 received-routes | inc 10.70.

*> 10.70.20.0/23 152.162.63.101 0 65000 64705 ?

*> 10.70.30.0/23 152.162.63.101 0 65000 64704 ?

*> 10.70.40.0/23 152.162.63.101 0 65000 64701 ?

*> 10.70.60.0/23 152.162.63.101 0 65000 64708 ?

*> 10.70.70.0/23 152.162.63.101 0 65000 64702 ?

*> 10.70.80.0/23 152.162.63.101 0 65000 64703 ?

*> 10.70.89.0/24 152.162.63.101 0 65000 64714 i

*> 10.70.100.0/23 152.162.63.101 0 65000 64714 ?

*> 10.70.110.0/23 152.162.63.101 0 65000 64712 i

*> 10.70.120.0/23 152.162.63.101 0 65000 64714 ?

*> 10.70.130.0/24 152.162.63.101 0 65000 64712 i

*> 10.70.131.0/24 152.162.63.101 0 65000 64712 i

*> 10.70.140.0/23 152.162.63.101 0 65000 64712 i

*> 10.70.150.0/23 152.162.63.101 0 65000 64712 ?

I am very confused....But maybe this tells me something about my network.

10.70.100.0/23 and 10.70.120.0/23 are TWO different physical locations....so does this tell me that in order to get to both sites I have to go through almost like a hub router?

Jon Marshall · ‎02-10-2014

They will drop routes learned from each other due to the rule of iBGP neighbors.No iBGP neighbor will advertise routes it learns from another iBGP neighbor....

No because this is EBGP. If an EBGP speaking router receives a router from an EBGP peer and sees it's own AS in the AS PATH it drops the route. This is how EBGP avoids loops. The rule you quote is for IBGP although it is related to loop prevention as well.

But these two sites being differnet, this could cause an issue. correct? So what is allowas-in for? what kind of attribute is this? Well-known? etc, etc.

It would only cause an issue between the sites using the same AS. Any other sites would be fine as they would not drop the routes although there may be an underlying issue that is causing the symptom that needs looking at. Within an MPLS environment where the AS numbers are for your sites it is only an issue for you. Obviously for ISPs peering on the internet using the wrong AS could have rather more serious consequences.

The "allowas-in ..." command can be used by the customer to tell your EBGP router to accept a certain number of occurences of its own AS. It is not a BGP attribute just another BGP configuration option. So

router bgp

neighbor x.x.x.x allowas-in where x is the number of times your own AS can occur in the AS PATH

the above would allow an EBGP router to accept a route with its own AS in the AS PATH "x" number of times. It shouldl obviously only be used where there is no chance of creating a loop. With a customer MPLS environment that is usually okay to do but if you were a transit AS then it would not be a good idea to use it.

In my last job we had an MPLS network provider and we used the same AS number in all sites and used the above command on all our EBGP speaking routers and it worked fine.

Jon

Steven Williams · ‎02-10-2014

Dear...why would you use the same AS on all sites? This is a good question because the company that has purchased us uses AS# per region, like West Coast uses 65000, East Coast uses 65001...but shouldnt these be unique?

Does it matter where in sequence it sees its own AS_PATH? For example:

*> 10.70.89.0/24 152.162.63.101 0 65000 64714 i

*> 10.70.100.0/23 152.162.63.101 0 65000 64714 ?

*> 10.70.110.0/23 152.162.63.101 0 65000 64712 i

*> 10.70.120.0/23 152.162.63.101 0 65000 64714 ?

Will AS 64714 drop all these routes with 64714?

So site with 10.70.120.0/23 subnet will never see a BGP advertisement for the other two subnets because its own AS_PATH in line?

Jon Marshall · ‎02-10-2014

On the internet AS numbers do need to be unique but for a customer connecting to an MPLS network for example there is no reason why you cannot reuse the same AS across all your sites.

It doesn't matter where in the AS PATH it is. If an EBGP router in AS 64714 received a route advertisement from an EBGP peer with AS 64714 in the AS PATH then without extra configuration yes it would drop it.

So site with 10.70.120.0/23 subnet will never see a BGP advertisement for the other two subnets because its own AS_PATH in line?

Yes, unless you used the "allowas-in ..." command.

Edit - just to be precise on that last bit. The site will see the advertisements ie. it will receive them but it will drop them and they cannot be used unless you use the extra configuration i mentioned.

Jon

Steven Williams · ‎02-10-2014

Ya so this was definately an issue, because these sites were using a default route back to the datacenter to essentially get to each other, rather than directly communicating direct. the allowas-in 1 worked beautifully.

I still would think to keep it clean you should use different AS numbers for all sites.

Jon Marshall · ‎02-10-2014

I still would think to keep it clean you should use different AS numbers for all sites.

It is really a matter of preference for something like this. We found that using the same AS allowed us to create a more standard template for our implementation engineers but i wouldn't argue against using a different AS per site.

Jon

Steven Williams · ‎02-26-2014

Hey Jon is there any official cisco docs that explain same ASN for multiple sites? I have some peers telling me that routing is not working correctly because two sites cannot have the same ASN. Now from what we talked about with the allowas-in configured there shouldnt be any issues. Can you think of anything else this would cause an issue with?

Jon Marshall · ‎02-26-2014

The allowas-in command should only be an issue if the AS is a transit AS.

We used it at the last place i worked in all our sites connecting to an MPLS network with no routing issues.

Here is a link to a Cisco doc which covers it -

http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/112236-allowas-in-bgp-config-example.html

Jon