From: Yasser Aly (blackyeyes00@hotmail.com)
Date: Mon Mar 01 2004 - 20:32:54 GMT-3
Dear All,
My reply below is wrong - brain overloaded by the end of the day :) -. All
the explanation is correct only if we are speaking about the " neighbor bgp
as-override" command.
For your question on " neighbor bgp allowas-in " can be used in the
following scenario.
Typically if a customer is using MPLS services from a client there will be
no need to have a hub taht all spokes need to pass by to reach other spokes
as one of most MPLS VPNx advantages is any-to-any connectivity with one a
single PVC from each customer side to the provider network That's to say
PVCs are not end-to-end.
Sometimes, due to security constrains or other constrains, the customer need
is to pass all traffic by the hub and prohibit direct interaction between
spokes. In this case if Customer is running BGP with the provider, this will
lead to a problem.
Consider Customer who is having 4 branches and a central site, each site has
its own AS number:
Site A AS: 250
Site B AS: 251
Customer Hub AS: 255
Service Provider AS: 5000
Site A wants to talk with site B, traffic pass will be Site A ---> SP cloud
---> Customer Hub ---> Service Provider cloud ---> Site B
Once the traffic reaches the hub it will have the service provider AS in its
AS-PATH, which will make the service provider drop this traffic once the hub
forwards it to reach site B. In order to solve this probem you can use this
command in the service provider edge routers, where you specify the max.
number the service provider AS number occurance in the AS path.
It's like you allow a situation to occur that appears that it is a routing
loop but in it not and you want to sort this out one way or the other.
Regards,
Yasser
>From: "Yasser Aly" <blackyeyes00@hotmail.com>
>Reply-To: "Yasser Aly" <blackyeyes00@hotmail.com>
>To: ccie2b@hotmail.com, ccielab@groupstudy.com
>Subject: RE: BGP neighbor....allowas-in
>Date: Mon, 01 Mar 2004 17:49:02 -0500
>
>Hi Packet Man,
>
> The command " bgp neighbor .... allowsas-is " typical usage is with
>networks having it's Core as
>MPLS. In the real world, typically it is the service provider network that
>is running MPLS.
>
>In MPLS-VPNs, the service provider is interacting directly with the
>customer on Layer 3 level, rather than just providing a layer 2 level. In
>this case, the customer router other end will be the service provider PE
>(Provider Edge) router. Other branches for this customer will be the same -
>terminated on the Service Provider PE routers. Now to link the customer
>branches together the customer will gain the benefit of any to any
>connectivity. In this pattern you can not really say that there exist a hub
>and spokes where a branch needs to pass by some hub to reach another
>branch.
>
>Sorry for the introduction but this will help to explain your question
>better.
>
>No back to your question, if the customer is running BGP between him and
>the service provider,
>Once the routes arrive from a branch to the Service provider network it
>will be tagged with the customer AS. Once the Service Provider pass it to
>its desination - the other branch of the customer - it will be dropped if
>the other branch was also running BGP with the SP using the same AS number.
>
>Many solutions are offered to solve this problem, one of which is the
>allow-as in command, inorder to fool BGP the other side and let the updates
>pass to its destiantion.
>
>If you ever thought of studying for the CCIE SP you will face lots and lots
>of similar and other wierd scenarios that exist in the service provider
>world.
>
>HTH,
>Yasser
>
>>From: "Packet Man" <ccie2b@hotmail.com>
>>Reply-To: "Packet Man" <ccie2b@hotmail.com>
>>To: ccielab@groupstudy.com
>>Subject: BGP neighbor....allowas-in
>>Date: Mon, 01 Mar 2004 13:18:17 -0500
>>
>>Hi all,
>>
>>Trying to understand where, why and how to properly use the above command.
>> The command reference says,
>>
>>"neighbor allowas-in
>>To configure provider edge (PE) routers to allow readvertisement of all
>>prefixes containing duplicate autonomous system numbers (ASNs), use the
>>neighbor allowas-in command in router configuration mode. To disable the
>>readvertisement of the ASN of the PE router, use the no form of this
>>command.
>>
>>neighbor allowas-in number
>>
>>no neighbor allowas-in number"
>>
>>Could somebody explain what that's saying in plain English. And, maybe
>>describe a scenario where using this command makes sense. I'm confused
>>because the only that I know of where there would be deplicate ASN's is
>>when ASn's have been prepended and I know this command isn't needed then.
>>
>>Also, is this command only applicable when MPLS is somehow involved in the
>>config? Or, might this command be needed in the type of BGP scenarios
>>possible in the lab?
>>
>>Thanks in advance
>>
>>_________________________________________________________________
>>Watch high-quality video with fast playback at MSN Video. Free!
>>http://click.atdmt.com/AVE/go/onm00200365ave/direct/01/
>>
>>_______________________________________________________________________
>>Please help support GroupStudy by purchasing your study materials from:
>>http://shop.groupstudy.com
>>
>>Subscription information may be found at:
>>http://www.groupstudy.com/list/CCIELab.html
>
>_________________________________________________________________
>The new MSN 8: advanced junk mail protection and 2 months FREE*
>http://join.msn.com/?page=dept/bcomm&pgmarket=en-ca&RU=http%3a%2f%2fjoin.msn.com%2f%3fpage%3dmisc%2fspecialoffers%26pgmarket%3den-ca
>
>_______________________________________________________________________
>Please help support GroupStudy by purchasing your study materials from:
>http://shop.groupstudy.com
>
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Thu Apr 01 2004 - 08:15:11 GMT-3