From: Andrew Lissitz \(alissitz\) (alissitz@cisco.com)
Date: Thu Nov 03 2005 - 21:39:35 GMT-3
Hey Dude,
ISPs run iBGP between PEs (more common to use RRs but same concept), so
the idea of a PE seeing it's own ASN in the path is not likely. The PE
may see different AS numbers repeated in the path, but what does it
care? As long as it does not see its own ASN and detect a loop, all is
well.
Some ISPs give the customers one ASN for all the customer sites. In
this case, this problem will occur. The CE will see the routes from the
remotes sites and see it's ASN in the path. Refer to that earlier
diagram.
Other ISPs give the customers different ASN for each site... but for
obvious reasons this does not scale.
So, in the case of hub and spoke (is this common, have you all seen this
in production?), each PE is running iBGP with each other or the hub is a
RR. Each PE will not see it's own ASN. Each PE has learned BGP routes
from it's CE and will pass these between peers. Each peer will run the
best path process and select the best route. Only best routes are
advertised ...
If for some reason, your BGP speakers will see what appears to be a
loop, then allowas will work. You can also override the ASN as well.
Andrew rule of thumb (does not mean much ... will not even get you free
coffee): allowas-in would be configured on CEs because they are
receiving these routes, and as-override would be configured on routers
advertising routes ... more than likely the PEs.
Jongsoo, I do not feel as though I have fully answered your question ...
Sorry about that.
Andrew
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Jongsoo
Sent: Thursday, November 03, 2005 5:06 PM
To: Andrew Lissitz (alissitz)
Cc: C&S GroupStudy; FORUM
Subject: Re: "neighbor allowas-in" command ( SP CCIE)
When I wrote the below email, my stomach was a little empty :)
Regarding my point 2) "advertize iBGP routes to iBGP peers ( normal
behavior of iBGP is not to advertize iBGP routes to any iBGP peers)",
First, this thought is from CCO descprition "One Virtual Private Network
routing/forwarding instance (VRF) receives prefixes with ASNs from all
PE routers and then advertises them to neighboring PE routers."
I figured from the description that a PE receives a prefix with its own
ASN from PE router and advertize
Let's say "neighbor allowas-in 1" in AS 100 in three PE's( pe1, pe2,
pe3).
If via MP-BGP, PE1 and PE2 learn from PE3 a VPN route 10.0.0.0/24 with
as-path = null, I think PE1 will annouce back 10.0.0.0/24 with
as-path=100 to PE2 and PE3 as well as PE2 will do the same to PE1 and
PE3, which is not normal iBGP behavior. But 10.0.0.0/24 with AS-path 100
from PE1 and PE 2 can't beat 10.0.0.0/24 with as-path null from PE3.
But the interesting result is if PE2 is not importing 10.0.0.0/24 with
as-path=null from PE3, then PE2 will only have 10.0.0.0/24 with
as-path=100 from PE1.
This will achieve hub-and-spoke VPN topology ( PE1 = hub and PE2 and
PE3 = spokes)
Please feel free to correct me if I am wrong.
Jongsoo
On 11/2/05, Andrew Lissitz (alissitz) <alissitz@cisco.com> wrote:
> Hey Buddy,
>
> Here is a live example, I have not done the hub and spoke labs like
> several others on this mail list have:
>
> CE ---bgp---PE ---(ISP Cloud)--- PE---bgp---CE
>
> Each CE runs AS 65000 and shares routes with the PE. The PEs share
> routes via iBGP. The remote PE shares routes with the remote CE, and
> the CE sees the routes from AS 65000.
>
> What is BGP to do? It sees its own AS number and realizes there is a
> problem.
>
> Solution: Either PE changes the AS number with as-override or the CE
> allows its own AS number to come in via the allowed-as command. The
> number @ the end is how many times the CE will allow it's own AS
> number to be present in the path string of the incoming route
information.
>
> Concerning your gut feelings (btw ... hope you are not writing on
> empty stomach), number one sounds good, but with number 2, you are
> essentially saying that this command will override bgp split horizon.
> This is not what it will do, if a route is already coming in, and it
> contains the BGP's AS number in the path, then let this in. Not
> whether or not to advertise to other peers. I have not seen this
> command change BGP split horizon behavior ...
>
> BGP best path selection still occurs, it is just that the routes will
> not be rejected because of loop detection. I have not seen multiple
> routes being accepted as best paths... Can multiple routes exist
> without the BGP multipath command?
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of Jongsoo
> Sent: Wednesday, November 02, 2005 7:33 PM
> To: C&S GroupStudy; FORUM
> Subject: "neighbor allowas-in" command ( SP CCIE)
>
> I am trying to understand this command will allow to receive MP-bgp
> vpn routes with the same ASN.
>
> If I see usage guide in CCO, it says
>
> ##################################
> Usage Guidelines
> In a hub and spoke configuration, a PE router readvertises all
> prefixes containing duplicate autonomous system numbers. Use the
> neighbor allowas-in command to configure two VRFs on each PE router to