From: Andrew Lissitz \(alissitz\) (alissitz@cisco.com)
Date: Thu Nov 03 2005 - 20:39:05 GMT-3
I agree, however this is pretty much a company decision.
Some ISPs do not like to do much provisioning work, and like to push
everything they can onto the customer. They would just provide a config
template to the customer, and ask the customer to ensure the configs are
performed. Most customers do not know BGP, and are happy to implement
whatever the ISP tells them
Other ISPs prefer to do everything rather than let the customer mess it
up ....
This is really a company decision... although being experienced ... I
know that if a customer can mess something up they will (and blame you),
and if anyone is going to mess something up ... it is going to be me!
;-)
-----Original Message-----
From: Scott Morris [mailto:swm@emanon.com]
Sent: Thursday, November 03, 2005 6:08 PM
To: 'Jongsoo'; 'Arun Arumuganainar'; Andrew Lissitz (alissitz)
Cc: 'Olopade Olorunloba'; 'C&S GroupStudy'; 'FORUM'
Subject: RE: "neighbor allowas-in" command ( SP CCIE)
I agree... The as-override makes much more sense. It's cleaner IMHO.
It is part of the address-family configuration, although if you specify
address-family ipv4 unicast, I don't see why not. *shrug*
-----Original Message-----
From: Jongsoo [mailto:bstrt2004@gmail.com]
Sent: Thursday, November 03, 2005 5:25 PM
To: Arun Arumuganainar; Andrew Lissitz (alissitz)
Cc: Olopade Olorunloba; Scott Morris; C&S GroupStudy; FORUM
Subject: Re: "neighbor allowas-in" command ( SP CCIE)
Arun/Andrew
Great discussion!!!
Just simple question regarding "When BGP is used as PE-CE protocol"
Let's say a toplogy like below
CE1 ASN100---ebgp--> ASN200 PE1 ---ibgp---ASN 200 PE2---ebgp-->ASN 100
CE2.
CE1 announces 10.0.0.0/24 to CE2. But in normal case, CE2 will see
10.0.0.0/24 with as-path 200 100 so that it will block it.
Per Andrew, we have two choices to resolve this, as-override in PE1 or
allowas-in in CE2.
I prefer as-override to allowas-in.
The fact bothering me is if we use allowas-in, then we have to configure
CE2 and CE2 will have just normal eBGP connection not address-family.
Can this command be still allowed in a normal ipv4 eBGP config?
Even if it allows, it will requir customer to configure the router
(CE) in unusual way.
Jongsoo
On 11/3/05, Arun Arumuganainar <aarumuga@hotmail.com> wrote:
> Default Behavior in BGP : When ever a prefix is received , router
> checks the AS Path for its own AS number . If its AS is found in the
> prefix's AS path attribute , it infers a loop and the prefix will not
> be imported in to its BGP table .
>
> With Allowas-in feature turned on this ****AS PATH LOOP DETECTION
> CHECK**** is not performed at all . That is all it does and nothing
> else
!!!
>
> To the best of my knowledge this is not at all related to SOO .
>
> Where do we really use Allowas-in feature ?
>
> When BGP is used as PE-CE protocol , it allows all CE sites that
> belongs to single customer to use the same AS number . And nothing
else .
>
> It is also used in HUB/SPOKE VPN as two VRFs are configured on PE to
> same CE device ( HUB Router ) !!!
>
> Pls. Note : SOO is a loop detection feature that will be useful in
> Multi Homed CEs or a Site with multiple CE routers .You might or might
> not use allowas-in feature depending on choice of AS u use in your
> deployment . In case all the CEs across all the sites uses same AS you
> will have to use allowas-in . Otherwise there is no need for turning
> this
on .
>
> Thanks and Regards
> Arun
> ----- Original Message -----
> From: "Olopade Olorunloba" <lolopade@ipnxnigeria.net>
> To: "'Scott Morris'" <swm@emanon.com>; "'Andrew Lissitz (alissitz)'"
> <alissitz@cisco.com>; "'Jongsoo'" <bstrt2004@gmail.com>; "'C&S
GroupStudy'"
> <comserv@groupstudy.com>; "'FORUM'" <ccielab@groupstudy.com>
> Sent: Thursday, November 03, 2005 12:29 PM
> Subject: RE: "neighbor allowas-in" command ( SP CCIE)
>
>
> > Now I'm getting confused. I thought by setting the SOO on the
> > inbound updates, the Cisco IOS automatically checks for loops, and I
> > do not have
> to
> > use things like communities to filer?
> >
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> > Of Scott Morris
> > Sent: 03 November 2005 03:03
> > To: 'Andrew Lissitz (alissitz)'; 'Jongsoo'; 'C&S GroupStudy';
'FORUM'
> > Subject: RE: "neighbor allowas-in" command ( SP CCIE)
> >
> > Not to my knowledge, but I haven't really looked at that either.
> >
> > And yes, you'll still detect loops.
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> > Of Andrew Lissitz (alissitz)
> > Sent: Wednesday, November 02, 2005 8:59 PM
> > To: swm@emanon.com; Jongsoo; C&S GroupStudy; FORUM
> > Subject: RE: "neighbor allowas-in" command ( SP CCIE)
> >
> > Thanks Scott,
> >
> > So ... with SoO being set, you will still have loop detection? Also
> > I
> asked
> > Robert a question of whether or not SoO is set automatically. Can
> > you comment on this Scott? Just quick comments, nothing lengthy
> > needed
> > ;-)
> >
> > Andrew
> >
> >
> >
> > -----Original Message-----
> > From: Scott Morris [mailto:swm@emanon.com]
> > Sent: Wednesday, November 02, 2005 8:08 PM
> > To: Andrew Lissitz (alissitz); 'Jongsoo'; 'C&S GroupStudy'; 'FORUM'
> > Subject: RE: "neighbor allowas-in" command ( SP CCIE)
> >
> > You can still use this in conjunction with SOO to determine which
> > router REALLY originated it. This is also used (IMHO) when you
> > don't entirely trust your SP to clear out everything necessry on the
> > BGP feeds. ;)
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> > Of Andrew Lissitz (alissitz)
> > Sent: Wednesday, November 02, 2005 7:50 PM
> > To: Jongsoo; C&S GroupStudy; FORUM
> > Subject: RE: "neighbor allowas-in" command ( SP CCIE)
> >
> > Hey Buddy,
> >
> > Here is a live example, I have not done the hub and spoke labs like
> several
> > others on this mail list have:
> >
> > CE ---bgp---PE ---(ISP Cloud)--- PE---bgp---CE
> >
> > Each CE runs AS 65000 and shares routes with the PE. The PEs share
> > routes via iBGP. The remote PE shares routes with the remote CE,
> > and the CE sees the routes from AS 65000.
> >
> > What is BGP to do? It sees its own AS number and realizes there is
> > a problem.
> >
> > Solution: Either PE changes the AS number with as-override or the CE
> allows
> > its own AS number to come in via the allowed-as command. The number
> > @ the end is how many times the CE will allow it's own AS number to
> > be present
> in
> > the path string of the incoming route information.
> >
> > Concerning your gut feelings (btw ... hope you are not writing on
> > empty stomach), number one sounds good, but with number 2, you are
> > essentially saying that this command will override bgp split
> > horizon. This is not
> what
> > it will do, if a route is already coming in, and it contains the
> > BGP's AS number in the path, then let this in. Not whether or not
> > to advertise to other peers. I have not seen this command change BGP
> > split horizon
> behavior
> > ...
> >
> > BGP best path selection still occurs, it is just that the routes
> > will not
> be
> > rejected because of loop detection. I have not seen multiple routes
> > being accepted as best paths... Can multiple routes exist without
> > the BGP multipath command?
> >
> >
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf