http://anetworkerblog.com/2008/05/11/neighbor-ce-as-override/
RFC 1771
9.3 Route Selection Criteria- If the local AS appears in the AS path of the
new route being considered,then that new route cannot be viewed as better
than any other route. If such a route were ever used, a routing loop would
result.
New AS path update procedures have been implemented to reuse the same AS
number on
VPN B sites.
R6(config)#router bgp 56
R6(config-router)#add ipv4 vrf B
R6(config-router-af)#neigh 192.168.46.4 as-override
R6(config-router-af)#^Z
R4 is now receiving that information from R6 that comes as a VPNV4 Route
from R5 that is
talking BGP with R2 that is announcing that network into this domain
R4#show ip bgp summ
BGP router identifier 4.4.4.4, local AS number 24
BGP table version is 9, main routing table version 9
2 network entries using 240 bytes of memory
2 path entries using 104 bytes of memory
3/2 BGP path/bestpath attribute entries using 372 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
Bitfield cache entries: current 1 (at peak 2) using 32 bytes of memory
BGP using 772 total bytes of memory
BGP activity 2/0 prefixes, 5/3 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down
State/PfxRcd
192.168.46.6 4 56 88 83 9 0 0 01:10:06 1
Let see the BGP Table.
R4#show ip bgp
BGP table version is 9, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i -
internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
2.2.2.2/32 192.168.46.6 0 56 56 i
4.4.4.4/32 0.0.0.0 0 32768 i
See that the AS Path is now replaced with the Carrier AS #, The same must be
configured in R5 to R2
R2#deb ip bgp upda
BGP updates debugging is on for address family: IPv4 Unicast
R2#clear ip bgp * in
*May 11 12:32:26.687: BGP(0): 192.168.25.5 rcv UPDATE w/ attr: nexthop
192.168.25.5
origin i,originator 0.0.0.0, path 56 24, community , extended community
BGP(0): 192.168.25.5 rcv UPDATE about 4.4.4.4/32 --
DENIED due to:AS-PATH contains our own AS;
ok, we can override this rule, instead of sending the Customer AS#, we
replace the Customer
AS # with ISPF AS# in order to respect RFC 1771, 9.3 rule, using the
neighbor as-override
command, at the of each PE Router, that is talking BGP via the Customer via
BGP VRF Address
Family.
R5(config)#router bgp 56
R5(config-router)#address-family ipv4 vrf B
R5(config-router-af)#neigh 192.168.25.2 as-override
R5(config-router-af)#^Z
R5#
%BGP-5-ADJCHANGE: neighbor 192.168.25.2 vpn vrf B Down AS-override change!
This WARNING for ISPs: the BGP Relationship is reestablished..
you know what i mean (BW, CPU, Memory, Routes being advertised here and
there�. etc.
Now on R2 we are getting this:
BGP(0): 192.168.25.5 send UPDATE (format) 2.2.2.2/32, next
192.168.25.2,metric 0, path Local
BGP(0): 192.168.25.5 rcvd UPDATE w/ attr: nexthop 192.168.25.5,
origin i,path 56 56
BGP(0): 192.168.25.5 rcvd 4.4.4.4/32
BGP(0): Revise route installing 1 of 1 routes for 4.4.4.4/32 ->
192.168.25.5(main) to main IP table
R2#show ip bgp
BGP table version is 13, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i -
internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
2.2.2.2/32 0.0.0.0 0 32768 i
4.4.4.4/32 192.168.25.5 0 56 56 i
The neigh as-override command, allows the provider to replace customer AS
with its own AS
and prepend his AS number to the AS Path. lets do a some test of as path
prepending on R4
R4(config)#route-map PREPEND
R4(config-route-map)#set as-path prepend 45 22 24
R4(config-route-map)#router bgp 24
R4(config-router)#neigh 192.168.46.6 route-map PREPEND out
R4(config-router)#^Z
Lets see what R6 (the PE router ) is receiving..The route in the PE
(Ingress)
R6#clear ip bgp vpnv4 unicast 24 in
R6#
R6#show ip bgp vpnv4 vrf B neighbors 192.168.46.4 routes | b Network
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 6.6.6.6:46 (default for vrf B)
4.4.4.4/32 192.168.46.4 0 0 24 45 22 24 i
Total number of prefixes 1
The route send as VPNV4 route to R5, and annouced to R2 via BGP (watch the
AS Sequence String)
R5#show ip bgp vpnv4 all neighbors 192.168.25.2 advertised-routes
BGP table version is 60, local router ID is 5.5.5.5
Status codes: s suppressed, d damped, h history, * valid, > best, i -
internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 5.5.5.5:25 (default for vrf B)
i4.4.4.4/32 6.6.6.6 0 100 0 24 45 22 24 i
Total number of prefixes 1
The route @ R2
R2#show ip bgp
BGP table version is 13, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i -
internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
2.2.2.2/32 0.0.0.0 0 32768 i
4.4.4.4/32 192.168.25.5 0 56 56 45 22 56 i
From this test, we can conclude, that BGP loop detection prevents Customers
from
reusing their AS. The neighbor as-overide command replaces the customer AS
number, with the ISP
AS number.
Saludos,
Victor Cappuccio.-
On Fri, May 29, 2009 at 8:49 AM, Rsharma <cciers09_at_gmail.com> wrote:
> Both are different for sure : remove-private-as and as-override
>
> remove-private-as : as stated by NN
>
> my view is diff on as-override .I beleive that even if receiving
> neighbor and advertising neighbor AS are diff ,its doesnt affect the
> as-override .As-override would still do the same job.
> 1) Strip-Off receiving neighbor AS (Previous AS in AS-Path list need to
> match)
> 2) Add own As number in AS-Path list in the place of last AS.
> 3) While Sending to another neighbor ,ADD OWN AS.
>
> normally you would see R2 AS number two times in R3 BGP Table.
>
> Rsharma
>
> On 5/29/09, NN Kumar <nagendra.cisco_at_gmail.com> wrote:
> > Hi,
> >
> > "remove-private-as" command will check for private AS in your AS-PATH and
> > remove all.
> >
> > "as-override" will check if the first AS number in AS-PATH is same as the
> > neigbor's AS number to which you are advertising and if it matches, it
> will
> > replace the AS number with its own As number.
> >
> > 1.1.1.1-------R1---------------R2-------------------R3
> > AS100 AS200 AS100
> >
> > In the above case, you have AS100 partitioned by AS200 (may be ISP) with
> > as-override. R2 while advertising 1.1.1.1 prefix to R3 will check if the
> > first AS number in AS-PATH is 100. In this case, yes and it will be
> replaced
> > by 200.
> >
> > HTH,
> > Nagendra
> >
> >
> > On 5/28/09, Joe Astorino <jastorino_at_ipexpert.com> wrote:
> >>
> >> Basically what it does is replace the AS in prefixes coming in with your
> >> own
> >> AS. I believe that is what you want to do here, although you could
> >> accomplish the same thing with "remove-private-as"
> >>
> >>
> >> Regards,
> >>
> >> Joe Astorino
> >> CCIE #24347 (R&S)
> >> Sr. Support Engineer - IPexpert, Inc.
> >> URL: http://www.IPexpert.com
> >>
> >> -----Original Message-----
> >> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
> >> Jitendra Anbu
> >> Sent: Friday, May 29, 2009 12:47 AM
> >> To: ccielab_at_groupstudy.com
> >> Subject: How does AS-override work?
> >>
> >> Hi GS,
> >>
> >> Can some explain how AS-override works? If I am trying to strip off a
> >> private AS from an AP-Path will this command do the trick?
> >>
> >> ---------------------------------------------------------
> >> Regards,
> >>
> >> Jit
> >>
> >>
> >> Blogs and organic groups at http://www.ccie.net
> >>
> >> _______________________________________________________________________
> >> Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >> No virus found in this incoming message.
> >> Checked by AVG - www.avg.com
> >> Version: 8.5.339 / Virus Database: 270.12.43/2139 - Release Date:
> 05/28/09
> >> 08:10:00
> >>
> >>
> >> Blogs and organic groups at http://www.ccie.net
> >>
> >> _______________________________________________________________________
> >> Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
--
Victor Cappuccio
CCIE R/S# 20657
CCSI# 30452
www.anetworkerblog.com
www.linkedin.com/in/vcappuccio
Blogs and organic groups at http://www.ccie.net
Received on Sun May 31 2009 - 13:45:36 ART