This topic is to discuss the following lesson:
Thanks Rene, great lesson! Regarding the “disable-peer-as-check
”, could an another option to use be the “as-override
” command? If not, why?
Hello Mohammed
You bring up a very good point, these two commands are similar but they do two different things.
disable-peer-as-check
: Bypasses the BGP loop prevention mechanism that rejects routes containing the local AS in the AS_PATH. This is critical in asymmetric routing scenarios (e.g., data center interconnects where routes traverse the same AS multiple times).
as-override
: This is used primarily in MPLS/VPN setups to replace a customer’s AS number with the provider’s AS in the AS_PATH. This allows sites with the same AS to accept routes as if they originated locally, avoiding standard eBGP AS_PATH loop checks.
as-override
modifies the AS_PATH (replacing the peer’s AS with the local AS), whereas disable-peer-as-check
preserves the original AS_PATH but disables loop checks.
For VXLAN Underlays using eBGP like the one in the lesson, the disable-peer-as-check
is preferred. In such a two-AS eBGP underlay, routes are exchanged directly between Spines and Leafs (no duplicate ASes). The primary issue is the AS_PATH validation when route reflection is used. disable-peer-as-check
solves this by allowing Spines to advertise routes to Leafs with the same AS number. as-override
may break the AS_PATH structure and is unnecessary in this topology since there are no duplicate ASes to override. The following lesson shows an example of where as-override
is useful.
I hope this has been helpful!
Laz