MPLS Layer 3 VPN BGP AS Override

Hi Andrew,

Awesome response & much appreciated! It’s clear now, thank you.

Rgds,

Shannon

Hi Rene,
Thanks for your nice article !
Is AS Override only support on MPLS environment ??

br//
zaman

Hi Zaman,

It is a BGP feature so it’s not only for MPLS. MPLS VPN however is one of those situations where this can be useful.

Rene

Hi Rene,
Got your point . Many Thanks

br//
zaman

Hi Rene,

Thanks for the Great explanation. I was wondering how does MPLS work & configured between different autonomous systems. Like when there are more than 2 Service providers involved. I checked in google but couldn’t find any article in simple terms… Could you please help ?

Thank you

Hello Kapil

Rene doesn’t yet have a lesson on MPLS connectivity via dual ISPs, however, take a look at Cisco’s latest design guide concerning such a scenario.


(see pg 21)

If you would like Rene to take a more detailed look at the specific scenario in a future lesson, feel free to make a suggestion at the Lesson Ideas page of the Network Lessons forum:


Here you can suggest additional topics to be covered in the future.

I hope this has been helpful!

Laz

Doesn’t using the Allow_AS_IN option set yourself up for a routing loop? What if CE2 received an update that included its own AS# and that update actually originated on that router? It just seems like the safest option would be to configure as-override on the PE router. Am I missing something?

Hello Andy

Take a look at @andrew’s response to a similar question below:


If you have further questions, don’t hesitate to ask!

I hope this has been helpful!

Laz

Thanks Lazaros. Makes sense now.

Just being picky :smile: , I believe that “If you take a closer look, you can see that AS number 1 has been replaced with AS number 234.” should be replaced with “If you take a closer look, you can see that AS number 12 has been replaced with AS number 234.” Also the picture and interfaces from Configurations files are not the same (in this lesson and also the previous one).

A question would be why the PE routers are not configured as BGP neighbors with P router? I guess the MPLS VPN does the trick (haven’t read the MPLS lessons yet).

You make great lessons and comments! Thank you all,
Stefanita

Hi Stefanita,

Thanks for letting me know about this error, I just fixed it.

About your question, it’s indeed MPLS VPN that does the trick. The P routers only do label switching, they only need to know how to reach the PE routers. The PE routers require iBGP to exchange VPN routes. If you haven’t seen it before, take a look at this explanation:

That should help :slight_smile:

Rene

1 Like

I´ve used as-override in vpnv4 links, but now i am trying to apply it to ipv4 link and is not workng… are you sure it can be used whether the link is vpnv4 or ipv4 ?

Hello Juan

When you say that it is not working, is the CLI not accepting the command or are the routers just not exchanging the expected prefixes?

Laz

As-override apply if I have another customer site CE3 with the AS number 12 in the same vrf connected to PE1 ? I mean, Will I have connectivity without AS -override between CE1 and CE3 even if they area connected to the same PE1 router?

Hello Rodrigo

If you have another customer site C3 connected to PE1 on the same VRF, you would still have the same problem because CE3 would still see its own AS in the AS path since the communication takes place from CE1 to PE1 to CE3, which means the AS path is 12 234 12, causing the loop mechanism to kick in.

I hope this has been helpful!

Laz

Hi Laz ,
if we are talking about as-path override allowed-as in concept for the same topology , should I use both or can use only one ?
Either configure allowed-as in @CE side or can ok with configuration with as-path override @PE side.
which one is better & scalable ?

Thank you!

Tanmoy

Hello Tanmoy

Let’s look at how each one functions. Both of these features are used in order to deal with BGP’s loop prevention mechanism which states “do not accept a prefix over eBGP that contains your AS in its path”.

Allow-AS in will cause the CE router to “make an exception” to the loop preventing rule and accept the prefix, even though its own AS is in the path. This is configured on CE routers.

AS override will bypass the loop prevention mechanism by changing the AS so that no loop condition will ever occur in the first place. This is configured on P routers.

Although you can, there’s no need to configure both, because if you do, AS override will change the AS anyway, so you will never have a case where Allow-AS would be triggered.

To be honest, even though the mechanism of each is different, there is very little difference to the end result. Personally, I think that which you will use depends primarily on your network topology. If you have more CE routers than P routers, then choose AS override. It’s just a matter of administrative overhead. Both are equally scalable.

I hope this has been helpful! Stay healthy and safe!

Laz

Hi Laz ,
Superb .
Thank you so much .

Tanmoy

1 Like

Hi Rene,

Will AS Override work inbound, outbound or both ways? Meaning, will PE1 replace AS 12 with its own upon receiving the advertisement from CE1? Or when advertising the prefix to CE1? I guess this second case would only occur if there was no AS Override on PE2…

Thanks,
LP

Hello Luis

The AS override will replace the AS number of the advertised route before sharing it with the CE1 router. In the lesson topology, PE1 will receive a route to 5.5.5.5 with an AS of 12. Before advertising it to CE1, it will replace the AS of 12 with an AS of 234. So from the PE1 point of view, this occurs in an outgoing direction. This will not take place when CD1 advertises 1.1.1.1 to PE1 with AS12 as the AS. Because AS 234 will accept such an AS, there is no need to change this on an incoming direction from the point of view of PE1.

I hope this has been helpful!

Laz