neighbor CE as-override

 

 neighbor 192.168.25.2 as-override

RFC 1771
9.3 Route Selection Criteria- If the local AS appears in the AS path of the new route being considered,then that new route cannot be viewed as better than any other route. If such a route were ever used, a routing loop would result.

New AS path update procedures have been implemented to reuse the same AS number on

VPN B sites.

R6(config)#router bgp 56
R6(config-router)#add ipv4 vrf B
R6(config-router-af)#neigh 192.168.46.4 as-override
R6(config-router-af)#^Z

R4 is now receiving that information from R6 that comes as a VPNV4 Route from R5 that is
talking BGP with R2 that is announcing that network into this domain

R4#show ip bgp summ
BGP router identifier 4.4.4.4, local AS number 24
BGP table version is 9, main routing table version 9
2 network entries using 240 bytes of memory
2 path entries using 104 bytes of memory
3/2 BGP path/bestpath attribute entries using 372 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
Bitfield cache entries: current 1 (at peak 2) using 32 bytes of memory
BGP using 772 total bytes of memory
BGP activity 2/0 prefixes, 5/3 paths, scan interval 60 secs
Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
192.168.46.6    4    56      88      83        9    0    0 01:10:06        1

Let see the BGP Table.

R4#show ip bgp
BGP table version is 9, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network          Next Hop            Metric LocPrf Weight Path
2.2.2.2/32       192.168.46.6                           0 56 56 i
4.4.4.4/32       0.0.0.0                  0         32768 i

See that the AS Path is now replaced with the Carrier AS #, The same must be configured in R5 to R2

R2#deb ip bgp upda
BGP updates debugging is on for address family: IPv4 Unicast
R2#clear ip bgp * in
*May  11 12:32:26.687: BGP(0): 192.168.25.5 rcv UPDATE w/ attr: nexthop 192.168.25.5
origin i,originator 0.0.0.0, path 56 24, community ,  extended community
BGP(0): 192.168.25.5 rcv UPDATE about 4.4.4.4/32 --
DENIED due to:AS-PATH contains our own AS;

ok, we can override this rule, instead of sending the Customer AS#, we replace the Customer
AS # with ISPF AS# in order to respect RFC 1771, 9.3 rule, using the neighbor as-override
command, at the of each PE Router, that is talking BGP via the Customer via BGP VRF Address
Family.

R5(config)#router bgp 56
R5(config-router)#address-family ipv4 vrf B
R5(config-router-af)#neigh 192.168.25.2 as-override
R5(config-router-af)#^Z
R5#
%BGP-5-ADJCHANGE: neighbor 192.168.25.2 vpn vrf B Down AS-override change!

This WARNING for ISPs: the BGP Relationship is reestablished..
you know what i mean (BW, CPU, Memory, Routes being advertised here and there…. etc.

Now on R2 we are getting this:

BGP(0): 192.168.25.5 send UPDATE (format) 2.2.2.2/32, next 192.168.25.2,metric 0, path Local
BGP(0): 192.168.25.5 rcvd UPDATE w/ attr: nexthop 192.168.25.5,
origin i,path 56 56
BGP(0): 192.168.25.5 rcvd 4.4.4.4/32
BGP(0): Revise route installing 1 of 1 routes for 4.4.4.4/32 ->
192.168.25.5(main) to main IP table
R2#show ip bgp
BGP table version is 13, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network          Next Hop            Metric LocPrf Weight Path
2.2.2.2/32       0.0.0.0                  0         32768 i
4.4.4.4/32       192.168.25.5                           0 56 56 i

The neigh as-override command, allows the provider to replace customer AS with its own AS
and prepend his AS number to the AS Path. lets do a some test of as path prepending on R4

R4(config)#route-map PREPEND
R4(config-route-map)#set as-path prepend 45 22 24
R4(config-route-map)#router bgp 24
R4(config-router)#neigh 192.168.46.6 route-map PREPEND out
R4(config-router)#^Z

Lets see what R6 (the PE router ) is receiving..The route in the PE (Ingress)

R6#clear ip bgp vpnv4 unicast 24 in
R6#
R6#show ip bgp vpnv4 vrf B neighbors 192.168.46.4 routes | b Network
Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 6.6.6.6:46 (default for vrf B)
4.4.4.4/32       192.168.46.4             0             0 24 45 22 24 i
Total number of prefixes 1

The route send as VPNV4 route to R5, and annouced to R2 via BGP (watch the AS Sequence String)

R5#show ip bgp vpnv4 all neighbors 192.168.25.2 advertised-routes
BGP table version is 60, local router ID is 5.5.5.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 5.5.5.5:25 (default for vrf B)
i4.4.4.4/32       6.6.6.6                  0    100      0 24 45 22 24 i
Total number of prefixes 1

The route @ R2

R2#show ip bgp
BGP table version is 13, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network          Next Hop            Metric LocPrf Weight Path
2.2.2.2/32       0.0.0.0                  0         32768 i
4.4.4.4/32       192.168.25.5                           0 56 56 45 22 56 i

From this test, we can conclude, that BGP loop detection prevents Customers from
reusing their AS. The neighbor as-overide command replaces the customer AS number, with the ISP
AS number.

A Networker Blog

Advertisements

3 thoughts on “neighbor CE as-override

  1. Hi,
    I have questions here.
    1.)the command as-override only can be used for MPLS-VPN scenario, not public Internet?
    2.)only head-end or tail-end asn will be replaced by local asn?
    For instance:
    If the origin ASN of prefix 6.6.6.6/32 is 100 ,and the as_path on R5 is 24 45 22 24 100. if we configured as-oveeride on R2, whether the AS Path will be change from 24 45 22 24 100 to 56 56 45 22 56 100 or not?
    Thank you

  2. Hi Chien,

    for your first question:

    IPv4 Address Family does not support AS-Override (at least on the version that I am running)

    R2(config-if)#do show ver | in IOS
    Cisco IOS Software, 7200 Software (C7200-P-M), Version 12.2(25)S13, RELEASE SOFTWARE (fc1)
    

    it only supports AS-Override on the VRF address family, so yes, this feature could be used extensively on MPLS VPN Scenarios, or MultiVRF (VRF Lite) Configurations, also lets just not forget about the allowas-in feature that is available on the IPv4 address family and on the ipv4 vrf address family as well, that could probably help as an alternate configuration (with the combination of those 2 features, anything could be possible).

    for your second question, I´ve configured the following topology

    R1 in AS 1 — R2 in AS 2 — R3 in AS 1

    R2(config-if)#do show ip vrf inter
    Interface              IP-Address      VRF                              Protocol
    FastEthernet0/0        10.1.12.2       TEST                             up      
    FastEthernet1/0        10.1.23.2       TEST                             up      
    R2(config-if)#
    
    
    R2(config-router-af)#do show ip bgp vpnv4 all summ
    BGP router identifier 10.1.23.2, local AS number 2
    BGP table version is 3, main routing table version 3
    1 network entries using 137 bytes of memory
    1 path entries using 68 bytes of memory
    2/1 BGP path/bestpath attribute entries using 216 bytes of memory
    1 BGP AS-PATH entries using 40 bytes of memory
    0 BGP route-map cache entries using 0 bytes of memory
    0 BGP filter-list cache entries using 0 bytes of memory
    BGP using 461 total bytes of memory
    BGP activity 2/1 prefixes, 2/1 paths, scan interval 15 secs
    
    Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
    10.1.12.1       4     1       5       4        3    0    0 00:00:09        1
    10.1.23.3       4     1       4       5        3    0    0 00:00:36        0
    R2(config-router-af)#
    (config-router-af)#do show ip bgp vpnv4 all     
    BGP table version is 3, local router ID is 10.1.23.2
    Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
                  r RIB-failure, S Stale
    Origin codes: i - IGP, e - EGP, ? - incomplete
    
       Network          Next Hop            Metric LocPrf Weight Path
    Route Distinguisher: 10:1 (default for vrf TEST)
    *> 1.1.1.1/32       10.1.12.1                0             0 1 23 1 23 1 23 1 23 1 i
    R2(config-router-af)#neigh 10.1.23.3 as-over            
    00:29:36: %BGP-5-ADJCHANGE: neighbor 10.1.23.3 vpn vrf TEST Down AS-override change
    R2(config-router-af)#
    R2(config-router-af)#do clear ip bgp * in
    R2(config-router-af)#do show ip bgp vpnv4 all neigh 10.1.23.3 adver
    
    R2(config-router-af)#do show ip bgp vpnv4 all summ                 
    BGP router identifier 10.1.23.2, local AS number 2
    BGP table version is 3, main routing table version 3
    1 network entries using 137 bytes of memory
    1 path entries using 68 bytes of memory
    2/1 BGP path/bestpath attribute entries using 216 bytes of memory
    1 BGP AS-PATH entries using 40 bytes of memory
    0 BGP route-map cache entries using 0 bytes of memory
    0 BGP filter-list cache entries using 0 bytes of memory
    BGP using 461 total bytes of memory
    BGP activity 2/1 prefixes, 2/1 paths, scan interval 15 secs
    
    Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
    10.1.12.1       4     1       7       6        3    0    0 00:01:10        1
    10.1.23.3       4     1       5       6        0    0    0 00:00:21 Active
    R2(config-router-af)#
    00:30:07: %BGP-5-ADJCHANGE: neighbor 10.1.23.3 vpn vrf TEST Up 
    R2(config-router-af)#
    R2(config-router-af)#do show ip bgp vpnv4 all summ
    BGP router identifier 10.1.23.2, local AS number 2
    BGP table version is 3, main routing table version 3
    1 network entries using 137 bytes of memory
    1 path entries using 68 bytes of memory
    2/1 BGP path/bestpath attribute entries using 216 bytes of memory
    1 BGP AS-PATH entries using 40 bytes of memory
    0 BGP route-map cache entries using 0 bytes of memory
    0 BGP filter-list cache entries using 0 bytes of memory
    BGP using 461 total bytes of memory
    BGP activity 2/1 prefixes, 2/1 paths, scan interval 15 secs
    
    Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
    10.1.12.1       4     1       7       6        3    0    0 00:01:24        1
    10.1.23.3       4     1       9      11        3    0    0 00:00:04        0
    R2(config-router-af)#
    R2(config-router-af)#do show ip bgp vpnv4 all neigh 10.1.23.3 adver
    BGP table version is 3, local router ID is 10.1.23.2
    Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
                  r RIB-failure, S Stale
    Origin codes: i - IGP, e - EGP, ? - incomplete
    
       Network          Next Hop            Metric LocPrf Weight Path
    Route Distinguisher: 10:1 (default for vrf TEST)
    *> 1.1.1.1/32       10.1.12.1                0             0 1 23 1 23 1 23 1 23 1 i
    R2(config-router-af)#
    

    All As 1 information is replaced with 2 now

    R3#show ip bgp
    BGP table version is 2, local router ID is 10.1.23.3
    Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
                  r RIB-failure, S Stale
    Origin codes: i - IGP, e - EGP, ? - incomplete
    
       Network          Next Hop            Metric LocPrf Weight Path
    *> 1.1.1.1/32       10.1.23.2                              0 2 2 23 2 23 2 23 2 23 2 i
    R3#
    

    I hope this helps
    Victor.-

  3. Great post.. such a simple concept but no one can explain it like you did. Great job.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s