Routing Protocols
BGP allowas-in, BGP local-as tips and tricks…
Email this post
⋅ 
Print this post
⋅ Post a commentSite Search Tags: bgp, ccie, lab, Routing Protocols
Thanks for visiting! If you're new here, you may want to subscribe to my RSS feed. This blog posts regular tutorials, news, and study tips about networking, especially about Cisco CCIE related topics. Go ahead, subscribe to the feed! You can also receive updates from this blog via email. Thanks for visiting!
BGP Local-AS
BGP allows you to manipulate your Autonomous System (AS) number in a number of different ways including confederations, local-as, and remote-as commands. This article focuses on manipulating your AS as seen by other remote AS’s using the local-as command. We will also look at some tips and tricks using this in conjunction with BGP allowas-in.
Lets say you have this scenario:
You can download the sample .net file for use with dynamips here.
R1 has the following configuration:
hostname R1
!
int s1/0
ip add 192.168.1.1 255.255.255.252
no shut
!
int lo0
ip add 150.1.1.1 255.255.255.252
!
int lo1
ip add 150.1.2.1 255.255.255.252
!
int lo2
ip add 150.1.3.1 255.255.255.252
!
router ospf 1
network 192.168.1.1 0.0.0.0 area 0
!
router bgp 250
network 150.1.1.0 mask 255.255.255.252
network 150.1.2.0 mask 255.255.255.252
network 150.1.3.0 mask 255.255.255.252
neighbor 192.168.1.2 remote-as 1So far so good. We have set up R1 with an IGP (ospf) which is not really important for this examples we just want to make sure that all three routers have full IGP connectivity. We have created three loopback interfaces on R1 that we are advertising through BGP.
Lets have a look at R2’s configuration:
hostname R2
!
int s1/0
ip add 192.168.1.2 255.255.255.252
no shut
!
int s1/1
ip add 192.168.1.5 255.255.255.252
no shut
!
router ospf 1
network 192.168.1.2 0.0.0.0 area 0
network 192.168.1.5 0.0.0.0 area 0
!
router bgp 101
neighbor 192.168.1.1 remote-as 250Wait a minute, alarms bells should be ringing. Didn’t we tell R1 that R2 was in AS 1! Sure enough soon R1, starts popping up with error messages:
R1(config-router)#
*Mar 1 00:02:55.059: %BGP-3-NOTIFICATION: sent to neighbor 192.168.1.2 2/2 (peer in wrong AS) 2 bytes
0065 FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF 002D 0104 0065 00B4 C0A8 0105 1002 0601 0400 0100 0102
0280 0002 0202 00R2(config-router)#
*Mar 1 00:03:26.335: %BGP-3-NOTIFICATION: received from neighbor 192.168.1.1 2/2 (peer in wrong AS)
2 bytes 0065That wrong AS 2 bytes 0065 is in hex. Converting 0×0065 to decimal gives us 101. So its telling us “Hey you said he was in as 1, but he is telling me he’s in 101!”. We can change the AS number on R2 or change the neighbor peering statement on R1, or we could do something a bit trickier and tell R2 to pretend to be in AS 1 by using the neighbour local-as command.
R2(config)# router bgp 101
R2(config-router)#neighbor 192.168.1.1 local-as 1We can see on R1 and R2 that this works:
R2#
*Mar 1 00:04:55.279: %BGP-5-ADJCHANGE: neighbor 192.168.1.1 Up
R2#sh ip bgp summ
BGP router identifier 192.168.1.5, local AS number 101
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
192.168.1.1 4 250 9 9 0 0 0 00:00:10 0
Cool so we have our neighbor up and we are successfully pretending to be AS 1 to R1. R2 has learnt the three BGP prefixes from R1:
R2#sh ip bgp
BGP table version is 4, local router ID is 192.168.1.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 150.1.1.0/30 192.168.1.1 0 0 1 250 i
*> 150.1.2.0/30 192.168.1.1 0 0 1 250 i
*> 150.1.3.0/30 192.168.1.1 0 0 1 250 i
BGP Allowas-in
Let configure R3:
hostname R3
!
int s1/0
ip add 192.168.1.6 255.255.255.252
no shut
!
router ospf 1
network 192.168.1.6 0.0.0.0 area 0
!
router bgp 1
neighbor 192.168.1.5 remote-as 101
Then add R3 as a BGP neighbor on R2:
R2(config)#router bgp 101
R2(config-router)#neighbor 192.168.1.6 remote-as 1
Here we have R3 in AS 1 peering to R2 in AS 101. Should be cool. But it isn’t. The adjacency is formed between R2 and R3. The problem is no prefixes are being received by R3.
R3#
*Mar 1 00:05:33.347: %BGP-5-ADJCHANGE: neighbor 192.168.1.5 Up
R3#sh ip bgp summ
BGP router identifier 192.168.1.6, local AS number 1
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
192.168.1.5 4 101 5 4 1 0 0 00:00:11 0
R3#sh ip bgp
R3#
That last command returns nada! What is the problem?!
Well if we look at R2’s BGP prefixes what does it have as the AS-PATH for the the three prefixes advertised by R1:
R2#sh ip bgp
BGP table version is 4, local router ID is 192.168.1.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 150.1.1.0/30 192.168.1.1 0 0 1 250 i
*> 150.1.2.0/30 192.168.1.1 0 0 1 250 i
*> 150.1.3.0/30 192.168.1.1 0 0 1 250 i
See how it has 1 in the path! What is the rule regarding prefixes when you see your own AS in them. Disregard them, there must be a loop! So When R3 gets the Prefixes from R2, and sees its own AS in the path, it goes “Whoa, i see my own AS in there so there must be a loop!”
To fix this we can use the neighbor allowas-in command. This will override the AS rule, and we will accept the prefix even if we see our own AS:
R3(config)#router bgp 1
R3(config-router)#neighbor 192.168.1.5 allowas-inVoila! Problem solved.
R3#sh ip bgp
BGP table version is 4, local router ID is 192.168.1.6
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 150.1.1.0/30 192.168.1.5 0 101 1 250 i
*> 150.1.2.0/30 192.168.1.5 0 101 1 250 i
*> 150.1.3.0/30 192.168.1.5 0 101 1 250 i
Summary:
- The neighbor local-as command allows you to pretend to be another AS
- The neighbor allowas-in command allows you to disregard the rule where we will not accept a prefix if we see our own AS in the AS-PATH.
Resources:
Download preconfigured .net file for dynamips
Download Sample R1 Configuration
Download Sample R2 Configuration
Download Sample R3 Configuration
Related posts
Discussion
One comment for “BGP allowas-in, BGP local-as tips and tricks…”
Post a comment
Categories
Twitter Feed...
- @scottbristowe 155 is my record
- @rickyli99 it comes from "the it crowd" an awesome British comedy series
- LOLCiscoAdmin - Im in ur data centerz fixin up ur routerz
- @joshatterbury Knock em dead Rocky!
- http://unplugyourfriends.com/
Follow me...
Recent Comments
- mamoun on Tutorial: How to set up a basic Dynamips Lab using Dynagen, Part 1
- DDmC on Blog: Cisco, the new CCIE Plaques suck!
- NTllect on Blog: CCIE Assessor Lab A
- iperu on Tutorial: Filtering Routes in OSPF Part 1 » Filtering Within An Area
- Nick Critten on Tutorial: Filtering Routes in OSPF Part 2 » Filtering Between Areas Using area filter-list
Most Emailed
- Tutorial: How to use Cisco MQC & NBAR to filter websites like Youtube - 6 emails
- Tutorial: How to set up a basic Dynamips Lab using Dynagen, Part 1 - 5 emails
- Tutorial: OSPF Network Types and Frame Relay Part 1 - 5 emails
- Tutorial: What is the difference between bandwidth percent and bandwidth remaining percent? - 4 emails
- Tutorial: OSPF Network Types and Frame Relay Part 4 - 3 emails
Thanks for this explanation.
Another interesting topic I ran into under BGP lately is the use of template to create ibgp peering instead of using peer group.
It’s kinda interesting