MPLS Layer 3 VPN BGP AS Override

This topic is to discuss the following lesson:

Hi Rene,

So I’ve learned so far that BGP Allow_AS_IN and BPG Override achieve a similar outcome when confronted with using same ASes for MPLS VPN customer sites that use eBGP for the last mile, but from different end points: CE vs PE. So my question is, is there an advantage/disadvantage using one over another? Or in what context would one method be preferred over another?

Rgds,

Shannon

Shannon,
This is a good question, and there is a lot going on behind the scene to answer it. As you know, AllowAS-In and AS-Override are both essentially tricks that can be used to deal with what would normally be considered a BGP looped route (since the ASN number will appear in the AS Path).

The important consideration is whether the BGP “loop” route will actually be filtered on the PE side or the CE side. AllowAS-In assumes the filtering is being done on the CE side, but in reality, most PEs would have already filtered the route before it got to the CE.

For example, in IOS-XR, the default behavior in this situation is different than the regular IOS. With IOS-XR, the PE would do the filtering because it is more efficient to do this. The logic is that the PE router knows what the CE’s ASN is, so why bother sending it a BGP router that it “knows” the CE will filter anyway?

For this reason, it is probably best to have the PE control this situation, and therefore, use AS-Override instead of AllowAS-In.

Hi Andrew,

Awesome response & much appreciated! It’s clear now, thank you.

Rgds,

Shannon

Hi Rene,
Thanks for your nice article !
Is AS Override only support on MPLS environment ??

br//
zaman

Hi Zaman,

It is a BGP feature so it’s not only for MPLS. MPLS VPN however is one of those situations where this can be useful.

Rene

Hi Rene,
Got your point . Many Thanks

br//
zaman

Hi Rene,

Thanks for the Great explanation. I was wondering how does MPLS work & configured between different autonomous systems. Like when there are more than 2 Service providers involved. I checked in google but couldn’t find any article in simple terms… Could you please help ?

Thank you

Hello Kapil

Rene doesn’t yet have a lesson on MPLS connectivity via dual ISPs, however, take a look at Cisco’s latest design guide concerning such a scenario.


(see pg 21)

If you would like Rene to take a more detailed look at the specific scenario in a future lesson, feel free to make a suggestion at the Lesson Ideas page of the Network Lessons forum:


Here you can suggest additional topics to be covered in the future.

I hope this has been helpful!

Laz

Doesn’t using the Allow_AS_IN option set yourself up for a routing loop? What if CE2 received an update that included its own AS# and that update actually originated on that router? It just seems like the safest option would be to configure as-override on the PE router. Am I missing something?

Hello Andy

Take a look at @andrew’s response to a similar question below:


If you have further questions, don’t hesitate to ask!

I hope this has been helpful!

Laz

Thanks Lazaros. Makes sense now.

Just being picky :smile: , I believe that “If you take a closer look, you can see that AS number 1 has been replaced with AS number 234.” should be replaced with “If you take a closer look, you can see that AS number 12 has been replaced with AS number 234.” Also the picture and interfaces from Configurations files are not the same (in this lesson and also the previous one).

A question would be why the PE routers are not configured as BGP neighbors with P router? I guess the MPLS VPN does the trick (haven’t read the MPLS lessons yet).

You make great lessons and comments! Thank you all,
Stefanita

Hi Stefanita,

Thanks for letting me know about this error, I just fixed it.

About your question, it’s indeed MPLS VPN that does the trick. The P routers only do label switching, they only need to know how to reach the PE routers. The PE routers require iBGP to exchange VPN routes. If you haven’t seen it before, take a look at this explanation:

That should help :slight_smile:

Rene

1 Like

I´ve used as-override in vpnv4 links, but now i am trying to apply it to ipv4 link and is not workng… are you sure it can be used whether the link is vpnv4 or ipv4 ?

Hello Juan

When you say that it is not working, is the CLI not accepting the command or are the routers just not exchanging the expected prefixes?

Laz