Hello!!! Advance Happy New Year 2015 wishes to everyone from Spice Up Your Knowledge Team.
Today lets lookinto the difference between BGP protocol commands "AS-Override" vs "AllowAS-In"
Have you ever came accross a situation where your head office & brance office are using the same BGP AS (Autonomous System) number? If the answer is Yes then I am sure you will be aware of the problem.
BGP has a inbuilt feature to prevent routing loop which stops it to learn the routes when advertised from the same AS / routes which are reachable via its own AS (i.e. In the AS_PATH attribute if it sees its own AS number then the receiving router will reject the prefix.)
In this example, we have the MPLS backbone in AS 65000 and two customers "cust_a" & "cust_b".
The customer "cust_a" is behind the routers IOU1 (Head office) & IOU6 (Branch office) both in AS 64999 connected via the AS 65000. The customer "cust_b" is behind the routers IOU2 (Head office) & IOU7 (Branch office) both in AS 12345 connected via the AS 65000.
The users in the branch office 6.6.6.0/24 will not be able to access the systems in their respective Head office 1.1.1.0/24 as the Router IOU1 won't learn the route 6.6.6.0/24 because it sees its own AS number 64999 in the AS_PATH attribute "65000 64999 i" and it will reject the prefix to prevent the loop and vice versa.
interface Loopback1
ip address 1.1.1.1 255.255.255.0
!
interface Ethernet0/0
ip address 10.10.10.2 255.255.255.0
!
router bgp 64999
bgp log-neighbor-changes
network 1.1.1.0 mask 255.255.255.0
neighbor 10.10.10.1 remote-as 65000
neighbor 10.10.10.1 soft-reconfiguration inbound
ip address 1.1.1.1 255.255.255.0
!
interface Ethernet0/0
ip address 10.10.10.2 255.255.255.0
!
router bgp 64999
bgp log-neighbor-changes
network 1.1.1.0 mask 255.255.255.0
neighbor 10.10.10.1 remote-as 65000
neighbor 10.10.10.1 soft-reconfiguration inbound
interface Loopback2
ip address 2.2.2.2 255.255.255.0
!
interface Ethernet0/1
ip address 20.20.20.2 255.255.255.0
!
router bgp 12345
bgp log-neighbor-changes
network 2.2.2.0 mask 255.255.255.0
neighbor 20.20.20.1 remote-as 65000
ip address 2.2.2.2 255.255.255.0
!
interface Ethernet0/1
ip address 20.20.20.2 255.255.255.0
!
router bgp 12345
bgp log-neighbor-changes
network 2.2.2.0 mask 255.255.255.0
neighbor 20.20.20.1 remote-as 65000
interface Loopback3
ip address 3.3.3.3 255.255.255.0
ip ospf network point-to-point
!
interface Ethernet0/0
ip vrf forwarding cust_a
ip address 10.10.10.1 255.255.255.0
!
interface Ethernet0/1
ip vrf forwarding cust_b
ip address 20.20.20.1 255.255.255.0
!
interface Ethernet0/2
ip address 30.30.30.2 255.255.255.0
mpls ip
!
router ospf 111
router-id 3.3.3.3
passive-interface default
no passive-interface Ethernet0/2
network 3.3.3.0 0.0.0.255 area 0
network 10.10.10.0 0.0.0.255 area 0
network 20.20.20.0 0.0.0.255 area 0
network 30.30.30.0 0.0.0.255 area 0
!
router bgp 65000
bgp log-neighbor-changes
neighbor 5.5.5.5 remote-as 65000
neighbor 5.5.5.5 update-source Loopback3
neighbor 5.5.5.5 next-hop-self
neighbor 5.5.5.5 soft-reconfiguration inbound
!
address-family vpnv4
neighbor 5.5.5.5 activate
neighbor 5.5.5.5 send-community extended
exit-address-family
!
address-family ipv4 vrf cust_a
neighbor 10.10.10.2 remote-as 64999
neighbor 10.10.10.2 activate
neighbor 10.10.10.2 soft-reconfiguration inbound
exit-address-family
!
address-family ipv4 vrf cust_b
neighbor 20.20.20.2 remote-as 12345
neighbor 20.20.20.2 activate
neighbor 20.20.20.2 soft-reconfiguration inbound
exit-address-family
ip address 3.3.3.3 255.255.255.0
ip ospf network point-to-point
!
interface Ethernet0/0
ip vrf forwarding cust_a
ip address 10.10.10.1 255.255.255.0
!
interface Ethernet0/1
ip vrf forwarding cust_b
ip address 20.20.20.1 255.255.255.0
!
interface Ethernet0/2
ip address 30.30.30.2 255.255.255.0
mpls ip
!
router ospf 111
router-id 3.3.3.3
passive-interface default
no passive-interface Ethernet0/2
network 3.3.3.0 0.0.0.255 area 0
network 10.10.10.0 0.0.0.255 area 0
network 20.20.20.0 0.0.0.255 area 0
network 30.30.30.0 0.0.0.255 area 0
!
router bgp 65000
bgp log-neighbor-changes
neighbor 5.5.5.5 remote-as 65000
neighbor 5.5.5.5 update-source Loopback3
neighbor 5.5.5.5 next-hop-self
neighbor 5.5.5.5 soft-reconfiguration inbound
!
address-family vpnv4
neighbor 5.5.5.5 activate
neighbor 5.5.5.5 send-community extended
exit-address-family
!
address-family ipv4 vrf cust_a
neighbor 10.10.10.2 remote-as 64999
neighbor 10.10.10.2 activate
neighbor 10.10.10.2 soft-reconfiguration inbound
exit-address-family
!
address-family ipv4 vrf cust_b
neighbor 20.20.20.2 remote-as 12345
neighbor 20.20.20.2 activate
neighbor 20.20.20.2 soft-reconfiguration inbound
exit-address-family
interface Loopback4
ip address 4.4.4.4 255.255.255.0
ip ospf network point-to-point
!
interface Ethernet0/2
ip address 30.30.30.1 255.255.255.0
mpls ip
!
interface Ethernet0/3
ip address 50.50.50.1 255.255.255.0
mpls ip
!
router ospf 111
router-id 4.4.4.4
passive-interface default
no passive-interface Ethernet0/2
no passive-interface Ethernet0/3
network 4.4.4.0 0.0.0.255 area 0
network 30.30.30.0 0.0.0.255 area 0
network 50.50.50.0 0.0.0.255 area 0
ip address 4.4.4.4 255.255.255.0
ip ospf network point-to-point
!
interface Ethernet0/2
ip address 30.30.30.1 255.255.255.0
mpls ip
!
interface Ethernet0/3
ip address 50.50.50.1 255.255.255.0
mpls ip
!
router ospf 111
router-id 4.4.4.4
passive-interface default
no passive-interface Ethernet0/2
no passive-interface Ethernet0/3
network 4.4.4.0 0.0.0.255 area 0
network 30.30.30.0 0.0.0.255 area 0
network 50.50.50.0 0.0.0.255 area 0
interface Loopback5
ip address 5.5.5.5 255.255.255.0
ip ospf network point-to-point
!
interface Ethernet0/0
ip vrf forwarding cust_a
ip address 60.60.60.1 255.255.255.0
!
interface Ethernet0/1
ip vrf forwarding cust_b
ip address 70.70.70.1 255.255.255.0
!
interface Ethernet0/3
ip address 50.50.50.2 255.255.255.0
mpls ip
!
router ospf 111
router-id 5.5.5.5
passive-interface default
no passive-interface Ethernet0/3
network 5.5.5.0 0.0.0.255 area 0
network 50.50.50.0 0.0.0.255 area 0
network 60.60.60.0 0.0.0.255 area 0
network 70.70.70.0 0.0.0.255 area 0
!
router bgp 65000
bgp log-neighbor-changes
neighbor 3.3.3.3 remote-as 65000
neighbor 3.3.3.3 update-source Loopback5
neighbor 3.3.3.3 next-hop-self
neighbor 3.3.3.3 soft-reconfiguration inbound
!
address-family vpnv4
neighbor 3.3.3.3 activate
neighbor 3.3.3.3 send-community extended
exit-address-family
!
address-family ipv4 vrf cust_a
neighbor 60.60.60.2 remote-as 64999
neighbor 60.60.60.2 activate
neighbor 60.60.60.2 soft-reconfiguration inbound
exit-address-family
!
address-family ipv4 vrf cust_b
neighbor 70.70.70.2 remote-as 12345
neighbor 70.70.70.2 activate
neighbor 70.70.70.2 soft-reconfiguration inbound
exit-address-family
ip address 5.5.5.5 255.255.255.0
ip ospf network point-to-point
!
interface Ethernet0/0
ip vrf forwarding cust_a
ip address 60.60.60.1 255.255.255.0
!
interface Ethernet0/1
ip vrf forwarding cust_b
ip address 70.70.70.1 255.255.255.0
!
interface Ethernet0/3
ip address 50.50.50.2 255.255.255.0
mpls ip
!
router ospf 111
router-id 5.5.5.5
passive-interface default
no passive-interface Ethernet0/3
network 5.5.5.0 0.0.0.255 area 0
network 50.50.50.0 0.0.0.255 area 0
network 60.60.60.0 0.0.0.255 area 0
network 70.70.70.0 0.0.0.255 area 0
!
router bgp 65000
bgp log-neighbor-changes
neighbor 3.3.3.3 remote-as 65000
neighbor 3.3.3.3 update-source Loopback5
neighbor 3.3.3.3 next-hop-self
neighbor 3.3.3.3 soft-reconfiguration inbound
!
address-family vpnv4
neighbor 3.3.3.3 activate
neighbor 3.3.3.3 send-community extended
exit-address-family
!
address-family ipv4 vrf cust_a
neighbor 60.60.60.2 remote-as 64999
neighbor 60.60.60.2 activate
neighbor 60.60.60.2 soft-reconfiguration inbound
exit-address-family
!
address-family ipv4 vrf cust_b
neighbor 70.70.70.2 remote-as 12345
neighbor 70.70.70.2 activate
neighbor 70.70.70.2 soft-reconfiguration inbound
exit-address-family
interface Loopback6
ip address 6.6.6.6 255.255.255.0
!
interface Ethernet0/0
ip address 60.60.60.2 255.255.255.0
!
router bgp 64999
bgp log-neighbor-changes
network 6.6.6.0 mask 255.255.255.0
neighbor 60.60.60.1 remote-as 65000
neighbor 60.60.60.1 soft-reconfiguration inbound
ip address 6.6.6.6 255.255.255.0
!
interface Ethernet0/0
ip address 60.60.60.2 255.255.255.0
!
router bgp 64999
bgp log-neighbor-changes
network 6.6.6.0 mask 255.255.255.0
neighbor 60.60.60.1 remote-as 65000
neighbor 60.60.60.1 soft-reconfiguration inbound
interface Loopback7
ip address 7.7.7.7 255.255.255.0
!
interface Ethernet0/1
ip address 70.70.70.2 255.255.255.0
!
router bgp 12345
bgp log-neighbor-changes
network 7.7.7.0 mask 255.255.255.0
neighbor 70.70.70.1 remote-as 65000
neighbor 70.70.70.1 soft-reconfiguration inbound
ip address 7.7.7.7 255.255.255.0
!
interface Ethernet0/1
ip address 70.70.70.2 255.255.255.0
!
router bgp 12345
bgp log-neighbor-changes
network 7.7.7.0 mask 255.255.255.0
neighbor 70.70.70.1 remote-as 65000
neighbor 70.70.70.1 soft-reconfiguration inbound
IOU1
If you look at the routing table on IOU1, We don't have the route 6.6.6.0/24. It the same on the other end route 1.1.1.0/24 is not available on IOU6
IOU2
If you look at the routing table on IOU2, We don't have the route 7.7.7.0/24. It the same on the other end route 2.2.2.0/24 is not available on IOU7
IOU3
But the PE router IOU3 & IOU5 has learned the route on customer specific vrf routing table.
We can fix this problem by using any one of the command "AS-Override" OR "AllowAS-In"
First lets look at AS-Override, Apply the command "neighbor 10.10.10.2 as-override" on the PE routers IOU3 & Apply the command "neighbor 60.60.60.2 as-override" on the other end of the PE routers IOU5 for customer "cust_a"
Note: This command is only available under "address-family ipv4 vrf [vrf_name]"
IOU1
Now the route 6.6.6.0/24 has popped up on IOU1 & route 1.1.1.0/24 on IOU6 routing table. If you look at the BGP table for the AS_Path attribute you will find "65000 65000 i" instead of "65000 64999 i" that's becuase of the AS-Override command. It overwrites the customer AS 64999 with its own AS 65000
By applying this command we are just going to bypass the BGP loop prevention feature for the specific neighbor and the number "1" after the "allowas-in" command tells the number of times it's own AS can appear for the specific prefix.
IOU2
Now the route 7.7.7.0/24 has popped up on IOU2 & route 2.2.2.0/24 on IOU7 routing
table. If you look at the BGP table for the AS_Path attribute you will
find "65000 12345 i" where 12345 is our own AS. It allows to learn the route even though it's originated / learned via our own AS.
 |
| Leave your comment below |
No comments:
Post a Comment