RE: "neighbor allowas-in" command ( SP CCIE)
From: Scott Morris (swm@emanon.com)
Date: Thu Nov 03 2005 - 11:47:13 GMT-3
It doesn't disable it per se, because you can put a number on that command
line. It says "how many" of my AS am I allowed to see? (1-10 times I think)
Still though, assume that you may get the same route showing up from
multiple peers, which is the "best path" at that point? That's where the
SOO can assist. It's purely for the CE's usage. Remember, the PE-CE
relationship is eBGP, so we're kinda bastardizing the process anyway!
HTH,
Scott
-----Original Message-----
From: Arun Arumuganainar [mailto:aarumuga@hotmail.com]
Sent: Thursday, November 03, 2005 5:25 AM
To: Olopade Olorunloba; 'Scott Morris'; 'Andrew Lissitz (alissitz)';
'Jongsoo'; 'C&S GroupStudy'; 'FORUM'
Subject: Re: "neighbor allowas-in" command ( SP CCIE)
Default Behavior in BGP : When ever a prefix is received , router checks the
AS Path for its own AS number . If its AS is found in the prefix's AS path
attribute , it infers a loop and the prefix will not be imported in to its
BGP table .
With Allowas-in feature turned on this ****AS PATH LOOP DETECTION CHECK****
is not performed at all . That is all it does and nothing else !!!
To the best of my knowledge this is not at all related to SOO .
Where do we really use Allowas-in feature ?
When BGP is used as PE-CE protocol , it allows all CE sites that belongs to
single customer to use the same AS number . And nothing else .
It is also used in HUB/SPOKE VPN as two VRFs are configured on PE to same CE
device ( HUB Router ) !!!
Pls. Note : SOO is a loop detection feature that will be useful in Multi
Homed CEs or a Site with multiple CE routers .You might or might not use
allowas-in feature depending on choice of AS u use in your deployment . In
case all the CEs across all the sites uses same AS you will have to use
allowas-in . Otherwise there is no need for turning this on .
Thanks and Regards
Arun
----- Original Message -----
From: "Olopade Olorunloba" <lolopade@ipnxnigeria.net>
To: "'Scott Morris'" <swm@emanon.com>; "'Andrew Lissitz (alissitz)'"
<alissitz@cisco.com>; "'Jongsoo'" <bstrt2004@gmail.com>; "'C&S GroupStudy'"
<comserv@groupstudy.com>; "'FORUM'" <ccielab@groupstudy.com>
Sent: Thursday, November 03, 2005 12:29 PM
Subject: RE: "neighbor allowas-in" command ( SP CCIE)
> Now I'm getting confused. I thought by setting the SOO on the inbound
> updates, the Cisco IOS automatically checks for loops, and I do not
> have
to
> use things like communities to filer?
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of Scott Morris
> Sent: 03 November 2005 03:03
> To: 'Andrew Lissitz (alissitz)'; 'Jongsoo'; 'C&S GroupStudy'; 'FORUM'
> Subject: RE: "neighbor allowas-in" command ( SP CCIE)
>
> Not to my knowledge, but I haven't really looked at that either.
>
> And yes, you'll still detect loops.
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of Andrew Lissitz (alissitz)
> Sent: Wednesday, November 02, 2005 8:59 PM
> To: swm@emanon.com; Jongsoo; C&S GroupStudy; FORUM
> Subject: RE: "neighbor allowas-in" command ( SP CCIE)
>
> Thanks Scott,
>
> So ... with SoO being set, you will still have loop detection? Also I
asked
> Robert a question of whether or not SoO is set automatically. Can you
> comment on this Scott? Just quick comments, nothing lengthy needed
> ;-)
>
> Andrew
>
>
>
> -----Original Message-----
> From: Scott Morris [mailto:swm@emanon.com]
> Sent: Wednesday, November 02, 2005 8:08 PM
> To: Andrew Lissitz (alissitz); 'Jongsoo'; 'C&S GroupStudy'; 'FORUM'
> Subject: RE: "neighbor allowas-in" command ( SP CCIE)
>
> You can still use this in conjunction with SOO to determine which
> router REALLY originated it. This is also used (IMHO) when you don't
> entirely trust your SP to clear out everything necessry on the BGP
> feeds. ;)
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of Andrew Lissitz (alissitz)
> Sent: Wednesday, November 02, 2005 7:50 PM
> To: Jongsoo; C&S GroupStudy; FORUM
> Subject: RE: "neighbor allowas-in" command ( SP CCIE)
>
> Hey Buddy,
>
> Here is a live example, I have not done the hub and spoke labs like
several
> others on this mail list have:
>
> CE ---bgp---PE ---(ISP Cloud)--- PE---bgp---CE
>
> Each CE runs AS 65000 and shares routes with the PE. The PEs share
> routes via iBGP. The remote PE shares routes with the remote CE, and
> the CE sees the routes from AS 65000.
>
> What is BGP to do? It sees its own AS number and realizes there is a
> problem.
>
> Solution: Either PE changes the AS number with as-override or the CE
allows
> its own AS number to come in via the allowed-as command. The number @
> the end is how many times the CE will allow it's own AS number to be
> present
in
> the path string of the incoming route information.
>
> Concerning your gut feelings (btw ... hope you are not writing on
> empty stomach), number one sounds good, but with number 2, you are
> essentially saying that this command will override bgp split horizon.
> This is not
what
> it will do, if a route is already coming in, and it contains the BGP's
> AS number in the path, then let this in. Not whether or not to
> advertise to other peers. I have not seen this command change BGP
> split horizon
behavior
> ...
>
> BGP best path selection still occurs, it is just that the routes will
> not
be
> rejected because of loop detection. I have not seen multiple routes
> being accepted as best paths... Can multiple routes exist without the
> BGP multipath command?
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of Jongsoo
> Sent: Wednesday, November 02, 2005 7:33 PM
> To: C&S GroupStudy; FORUM
> Subject: "neighbor allowas-in" command ( SP CCIE)
>
> I am trying to understand this command will allow to receive MP-bgp
> vpn routes with the same ASN.
>
> If I see usage guide in CCO, it says
>
> ##################################
> Usage Guidelines
> In a hub and spoke configuration, a PE router readvertises all
> prefixes containing duplicate autonomous system numbers. Use the
> neighbor
allowas-in
> command to configure two VRFs on each PE router to receive and
> readvertise prefixes are as follows:
>
> �One Virtual Private Network routing/forwarding instance (VRF)
> receives prefixes with ASNs from all PE routers and then advertises
> them to neighboring PE routers.
>
> �The other VRF receives prefixes with ASNs from the customer edge (CE)
> router and readvertises them to all PE routers in the hub and spoke
> configuration.
>
> You control the number of times an ASN is advertised by specifying a
number
> from 1 to 10. "
> ################################################
>
> In my gut feeling, basically, this command seems allow two things, 1)
> receive BGP routes with its own ASN from PE or CE, ( normal behavior
> of
BGP
> blocks BGP route with its own ASN in order to prevent loop) and
> 2) advertize iBGP routes to iBGP peers ( normal behavior of iBGP is
> not to advertize iBGP routes to any iBGP peers).
>
> What seems interesting is this feature will creates a lot of redundant
> routes but the length of AS path will quickly determine the best
> routes so that there won't be any loop...
>
> This will be a perfect command to make hub and spoke topology to work...
>
> The biggest question I have now is " am I right or wrong?".
> Someone please correct me if I am wrong.
>
> Thanks
>
>
> Jongsoo
>
> ______________________________________________________________________
> _ Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> ______________________________________________________________________
> _ Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> ______________________________________________________________________
> _ Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _____________________________________________________________________
> Subscription information: http://www.groupstudy.com/list/comserv.html
>
> _____________________________________________________________________
> Subscription information: http://www.groupstudy.com/list/comserv.html
This archive was generated by hypermail 2.1.4
: Thu Dec 01 2005 - 09:12:05 GMT-3