MPLS + BGP

This test is up next week. I did take a swing at it for free at Cisco Live and unfortunately failed with a 785. I hit my weak points up, and have been doing quite a bit of reading and labbing over the last couple of weeks. I just wanted to show a bit here on allow-as in, and as-override. I used both in this scenario to enable the CE routers to receive routes from the other vpn clients. Heres the topo:

As you can see the customer vpn sites share the same autonomous-system number.  This is ok from the SP's perspective, but regular bgp rules will deny updates containing their own as number in the as-path attribute. 

*Mar  1 00:36:45.495: BGP(0): 155.1.1.1 send UPDATE (format) 172.16.10.0/24, next 155.1.1.0, metric 0, path Localclear ip bgp * soft in
R0#
*Mar  1 00:36:53.691: BGP(0): 155.1.1.1 rcv UPDATE w/ attr: nexthop 155.1.1.1, origin i, originator 0.0.0.0, path 100 200, community , extended community
*Mar  1 00:36:53.699: BGP(0): 155.1.1.1 rcv UPDATE about 172.16.20.0/24 -- DENIED due to: AS-PATH contains our own AS;

So what can we do to remedy this situation?  Well, two things, as-override on the PE router facing the CE router in the neighbor statement like we did on R1:


...snippet
R1
router bgp 100
 no bgp default ipv4-unicast
 bgp log-neighbor-changes
 neighbor 3.3.3.3 remote-as 100
 neighbor 3.3.3.3 update-source Loopback0
 !
 address-family vpnv4
  neighbor 3.3.3.3 activate
  neighbor 3.3.3.3 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf customer
  neighbor 155.1.1.0 remote-as 200
  neighbor 155.1.1.0 activate
  neighbor 155.1.1.0 as-override
  no synchronization
 exit-address-family

Or we could do an allow-as in on the CE router facing the PE router in the neighbor statement like we did on R4:


...snippet
router bgp 200
 no synchronization
 bgp log-neighbor-changes
 network 172.16.20.0 mask 255.255.255.0
 neighbor 155.1.1.6 remote-as 100
 neighbor 155.1.1.6 allowas-in 1
 no auto-summary


Either way works, the only difference is that the as-override will override the customers as number in an update message with its own (see below the show ip bgp output of R0):


R0#show ip bgp
BGP table version is 7, local router ID is 172.16.10.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 172.16.10.0/24   0.0.0.0                  0         32768 i
*> 172.16.20.0/24   155.1.1.1                              0 100 100 i  --overwrote the 200



Whereas allow-as in will allow it's own as number in the as-path a pre-determined number of time (1-10).  See output below on R4:


R4#show ip bgp
BGP table version is 5, local router ID is 172.16.20.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 172.16.10.0/24   155.1.1.6                              0 100 200 i ---allowed the bgp route in with 200 in path
*> 172.16.20.0/24   0.0.0.0                  0         32768 i