Re: BGP and AS loop prevention from Victor Cappuccio on 2009-10-20 (Ccielab archives 10/2009)

From: Victor Cappuccio <vcappuccio_at_gmail.com>
Date: Tue, 20 Oct 2009 16:24:35 +0300

Hi,

Like Andrew said you can use allowas-in to prevent this from happening: to
prevent this happening: *Mar 1 00:05:34.851: BGP(0): 10.1.12.2 rcv UPDATE
about 3.3.3.3/32 -- DENIED due to: AS-PATH contains our own AS;
the thing here is that the other routers will have back the route from the
next hop AS, now if allowed to use VRF to solve this issue, using the
as-overrride feature
http://anetworkerblog.com/2008/05/11/neighbor-ce-as-override/
making Narbik Happy by using a 007 stuff here :-)

R2(config-router)#do show run | b router bgp
router bgp 200
bgp log-neighbor-changes
!
address-family ipv4
no auto-summary
no synchronization
exit-address-family
!
address-family ipv4 vrf X
neighbor 10.1.12.1 remote-as 100
neighbor 10.1.12.1 activate
neighbor 10.1.12.1 as-override
neighbor 10.1.23.3 remote-as 100
neighbor 10.1.23.3 activate
neighbor 10.1.23.3 as-override
no synchronization
exit-address-family
!
R2(config-router)#do show ip bgp vpnv4 all
BGP table version is 7, local router ID is 10.1.23.2
Status codes: s suppressed, d damped, h history, * valid, > best, i -
internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
   Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:1 (default for vrf X)
*> 1.1.1.1/32 10.1.12.1 0 0 100 i
*> 3.3.3.3/32 10.1.23.3 0 0 100 i
R2(config-router)#do show ip bgp vpnv4 all neigh 10.1.23.3 ad
BGP table version is 7, local router ID is 10.1.23.2
Status codes: s suppressed, d damped, h history, * valid, > best, i -
internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
   Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:1 (default for vrf X)
*> 1.1.1.1/32 10.1.12.1 0 0 100 i
Total number of prefixes 1
R2(config-router)#do show ip bgp vpnv4 all neigh 10.1.12.1 ad
BGP table version is 7, local router ID is 10.1.23.2
Status codes: s suppressed, d damped, h history, * valid, > best, i -
internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
   Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:1 (default for vrf X)
*> 3.3.3.3/32 10.1.23.3 0 0 100 i
Total number of prefixes 1
and
R3#show ip bgp
BGP table version is 5, local router ID is 10.1.12.1
Status codes: s suppressed, d damped, h history, * valid, > best, i -
internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
   Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 10.1.23.2 0 200 200 i
*> 3.3.3.3/32 0.0.0.0 0 32768 i

Just my 2 cents!
Victor.-

On Tue, Oct 20, 2009 at 6:35 AM, ALL From_NJ <all.from.nj_at_gmail.com> wrote:

> I would re-check your setup.
>
> You are right, the allow-as will simply allow in the local AS x number of
> times in the path. This is done on the receiving end.
>
> If you changed your set up some, and one side has the AS 101, is the
> problem
> present? I might suggest to try this and make sure all BGP is cool first.
>
> Also, you can prepend an AS on advertisement, so you can leave the one side
> with AS 101 as is and simply send out a route with AS 100 in the path. The
> AS 100 router should not accept it. This is another way to test the
> allowed-as command.
>
> Create a new loopback on AS 101 and prepend AS 100 in it.
>
> HTH,
>
> Andrew Lee Lissitz
>
>
>
>
>
> On Mon, Oct 19, 2009 at 11:12 PM, Nate Lee <natetlee_at_gmail.com> wrote:
>
> > I have a scenario labbed up where I have an discontiguous BGP AS split by
> > another AS, something like this: (AS100) <> (AS 200) <> (AS 100).
> >
> > I am trying to get the prefixes on the AS 100 routers to show up in each
> > others BGP tables. I have implemented the neighbor x.x.x.x allowas-in
> > command on the AS 100 routers on their neighbor statements facing the AS
> > 200
> > routers but it does not seem to work. When I do a SHOW IP BGP NEIGH
> > x.x.x.x
> > ADVERTISED-ROUTES on the AS 200 routers, I see that the AS 200 router
> will
> > not send the route that originated in the far side AS 100.
> >
> > Is there some sort of configuration needed on the AS 200 routers to allow
> > them to send a route with an AS PATH that contains the AS they are
> sending
> > into? I was under the impression that they do not perform an outgoing AS
> > PATH check.
> >
> > Thanks!
> >
> > Nate
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> >
> >
> >
> >
> >
>
>
> --
> Andrew Lee Lissitz
> all.from.nj_at_gmail.com
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>

-- 
Victor Cappuccio
CCIE R/S# 20657
CCSI# 30452
www.anetworkerblog.com
www.linkedin.com/in/vcappuccio
Blogs and organic groups at http://www.ccie.net

Received on Tue Oct 20 2009 - 16:24:35 ART

This archive was generated by hypermail 2.2.0 : Sun Nov 01 2009 - 07:51:00 ART