MPLS Layer 3 VPN BGP Allow-AS-In

This topic is to discuss the following lesson:

Hi Rene,

I want to know the configuration, where the customer will be using bgp protocol.

what will be the steps for CE1 to PE1, PE1-P-PE2, CE2to PE2.

kindly reply.

S Alladi

Hi S,

Here is a step-by-step walkthrough:


Hi Rene,

Thanks! Very Good explanation.


HI Rene,

you mentioned two methods to solve the two same AS issue.

Use Allow-AS in to overrule the loop prevention mechanism of external BGP.
Use AS override to change the AS number on the PE routers.

my question is that among both method which method should I use for which situation?

Nyi Nyi.

Hi Nyi Nyi,

Both will get the job done, the main difference is that allow AS in is configured on the customer routers and AS override is done on the SP routers. In the real world you probably don’t have access to both the customer and SP routers so it’s possible that only one of the two options is available to you.


Hi Rene,

Thank you for your clarification.

Nyi Nyi.

Hi Rene,
everything was clear about this lesson but am confused why did you configure AS 12 on Router CE1? It should have been AS1. If we configure different AS then we dont have to use Allowas-in command, right?

hostname CE1
interface Loopback0
 ip address
interface GigabitEthernet0/1
 ip address
 duplex auto
 speed auto
 media-type rj45
router bgp 12
 bgp log-neighbor-changes
 network mask
 neighbor remote-as 234
 neighbor allowas-in

Good catch. The text of the article is consistent in that each CE is using AS 12, but the picture at the beginning of the article shows them as using AS 1 (it should be 12). I will make sure this gets corrected.

It’s clear you have paid attention and understood the lesson!

Hi Lal & Andrew,

Quick update: I just fixed the picture so that it shows AS12 now.


Excellent lab Rene! keep it up!

Hi Rene,

Might be a dumb question… but can i just know the reason why under address-family ipv4 the neighbor was set to “No” to be activated?

Hi Eleever,

You mean this part?

 address-family ipv4
  no neighbor activate
 address-family vpnv4
  neighbor activate
  neighbor send-community extended

What is does is that we don’t exchange IPv4 unicast routes but only VPNv4 routes with our neighbor.