VXLAN Underlay eBGP Two-AS

This topic is to discuss the following lesson:

1 Like

Thanks Rene, great lesson! Regarding the “disable-peer-as-check”, could an another option to use be the “as-override” command? If not, why?

Hello Mohammed

You bring up a very good point, these two commands are similar but they do two different things.

disable-peer-as-check: Bypasses the BGP loop prevention mechanism that rejects routes containing the local AS in the AS_PATH. This is critical in asymmetric routing scenarios (e.g., data center interconnects where routes traverse the same AS multiple times).
as-override: This is used primarily in MPLS/VPN setups to replace a customer’s AS number with the provider’s AS in the AS_PATH. This allows sites with the same AS to accept routes as if they originated locally, avoiding standard eBGP AS_PATH loop checks.

as-override modifies the AS_PATH (replacing the peer’s AS with the local AS), whereas disable-peer-as-check preserves the original AS_PATH but disables loop checks.

For VXLAN Underlays using eBGP like the one in the lesson, the disable-peer-as-check is preferred. In such a two-AS eBGP underlay, routes are exchanged directly between Spines and Leafs (no duplicate ASes). The primary issue is the AS_PATH validation when route reflection is used. disable-peer-as-check solves this by allowing Spines to advertise routes to Leafs with the same AS number. as-override may break the AS_PATH structure and is unnecessary in this topology since there are no duplicate ASes to override. The following lesson shows an example of where as-override is useful.

I hope this has been helpful!

Laz

1 Like