Comments on: BGP allowas-in, BGP local-as tips and tricks… http://ardenpackeer.com/routing-protocols/bgp-allowas-in-bgp-local-as-tips-and-tricks/ Helping You Become a Network Ninja Fri, 19 Mar 2010 22:04:51 -0600 http://wordpress.org/?v=2.8.4 hourly 1 By: 111 Articles to Help You Pass the CCIE Routing and Switching Lab Exam http://ardenpackeer.com/routing-protocols/bgp-allowas-in-bgp-local-as-tips-and-tricks/comment-page-1/#comment-14747 111 Articles to Help You Pass the CCIE Routing and Switching Lab Exam Wed, 21 Oct 2009 15:00:52 +0000 http://ardenpackeer.com/?p=17#comment-14747 [...] BGP local-as tips and [...] [...] BGP local-as tips and [...]

]]> By: Chaz http://ardenpackeer.com/routing-protocols/bgp-allowas-in-bgp-local-as-tips-and-tricks/comment-page-1/#comment-5750 Chaz Tue, 09 Dec 2008 21:01:16 +0000 http://ardenpackeer.com/?p=17#comment-5750 While this is a "tip/trick", please note the following as from an ISP perspective, this really is NOT a good set of options to use for the following reasons: The BGP local-as / no-prepend/replace-as feature is a "Not Supported Feature", a non-starter. As an alternative, cisco recommends the customer use a CE solution called Optimized Edge Routing (OER). The following comments regarding AS# changes are based upon Cisco's recommendation: The BGP local-as/no-prepend/replace-as feature is a knob in Cisco IOS added to assist customers in migrating from one AS to another AS, and should only be implemented as a short term workaround while networks are migrated. BGP prepends the autonomous system number from each BGP network that a route traverses. This behavior is designed to maintain network reach ability information and to prevent routing loops from occurring. Configuring this feature incorrectly could create routing loops. This is not intended to be used long term and can introduce operational support issues within ISP 's network. This feature, by it's very nature, breaks the routing loop protection automatically provided by BGP since ISP is not adding their AS to the AS-PATH and the customer is also peering with another provider. These loops could lead to extended outages to the customer due to the fact that the problem would be sporadic and difficult to troubleshoot. An example scenario is described below. - ISP advertises 10.1.1.0/24 (Customer site B) to Customer site A overwriting our AS of 999 with AS 65111. - Customer site A readvertises 10.1.1.0/24 (Customer site B) back to ISP , which would be accepted as ISP is not AS 65111 and ISP 's AS 999 in not listed in the AS path. - ISP 's PE connected to Customer site A will advertise the update of 10.1.1.0/24 to the route reflector's (RR). - ISP 's RR's will use IGP metrics to pick best path and forward on to ISP PE's, which would result in other Customer sites (C, D, etc) homed to those PE's receiving the wrong path creating routing loops. - This starts the churning of the BGP route for 10.1.1.0/24 within the GMPLS network, including RR's and advertisements to ISP PE's and other customer sites off of those PE's. Once the churn begins, ISP will have no way of knowing for sure where the advertisement should be coming from and the delay in troubleshooting this could be extended dramatically. Please note the example above only uses one route. Potentially, this could occur with numerous routes from numerous customer locations. This would also lead to an increase in memory utilization and processor utilization on the PE routers as noted in the past with similar EIGRP-related routing loop issues. While this is a “tip/trick”, please note the following as from an ISP perspective, this really is NOT a good set of options to use for the following reasons:

The BGP local-as / no-prepend/replace-as feature is a “Not Supported Feature”, a non-starter. As an alternative, cisco recommends the customer use a CE solution called Optimized Edge Routing (OER).

The following comments regarding AS# changes are based upon Cisco’s recommendation:

The BGP local-as/no-prepend/replace-as feature is a knob in Cisco IOS added to assist customers in migrating from one AS to another AS, and should only be implemented as a short term workaround while networks are migrated. BGP prepends the autonomous system number from each BGP network that a route traverses. This behavior is designed to maintain network reach ability information and to prevent routing loops from occurring. Configuring this feature incorrectly could create routing loops. This is not intended to be used long term and can introduce operational support issues within ISP ’s network.

This feature, by it’s very nature, breaks the routing loop protection automatically provided by BGP since ISP is not adding their AS to the AS-PATH and the customer is also peering with another provider. These loops could lead to extended outages to the customer due to the fact that the problem would be sporadic and difficult to troubleshoot.

An example scenario is described below.
- ISP advertises 10.1.1.0/24 (Customer site B) to Customer site A overwriting our AS of 999 with AS 65111.
- Customer site A readvertises 10.1.1.0/24 (Customer site B) back to ISP , which would be accepted as ISP is not AS 65111 and ISP ’s AS 999 in not listed in the AS path.
- ISP ’s PE connected to Customer site A will advertise the update of 10.1.1.0/24 to the route reflector’s (RR).
- ISP ’s RR’s will use IGP metrics to pick best path and forward on to ISP PE’s, which would result in other Customer sites (C, D, etc) homed to those
PE’s receiving the wrong path creating routing loops.
- This starts the churning of the BGP route for 10.1.1.0/24 within the GMPLS network, including RR’s and advertisements to ISP PE’s and other customer
sites off of those PE’s. Once the churn begins, ISP will have no way of knowing for sure where the advertisement should be coming from and the delay in
troubleshooting this could be extended dramatically.

Please note the example above only uses one route. Potentially, this could occur with numerous routes from numerous customer locations. This would also
lead to an increase in memory utilization and processor utilization on the PE routers as noted in the past with similar EIGRP-related routing loop issues.

]]> By: A hét érdekeségei - December 2, 2008 - xcke’s blog http://ardenpackeer.com/routing-protocols/bgp-allowas-in-bgp-local-as-tips-and-tricks/comment-page-1/#comment-5568 A hét érdekeségei - December 2, 2008 - xcke’s blog Tue, 02 Dec 2008 13:13:40 +0000 http://ardenpackeer.com/?p=17#comment-5568 [...] BGP allowas-in, BGP local-as tips and tricks… [...] [...] BGP allowas-in, BGP local-as tips and tricks… [...]

]]> By: wael osama http://ardenpackeer.com/routing-protocols/bgp-allowas-in-bgp-local-as-tips-and-tricks/comment-page-1/#comment-3051 wael osama Fri, 26 Sep 2008 11:29:41 +0000 http://ardenpackeer.com/?p=17#comment-3051 wills, If you don't have access to R3 and can not issue the command allowas-in the problem can be solved by issuing the command local-as with the no-prepend option on R2; the no-prepend option will remove the local-as from the AS-Path so R3 will accept the prefiexs wills,
If you don’t have access to R3 and can not issue the command allowas-in the problem can be solved by issuing the command local-as with the no-prepend option on R2; the no-prepend option will remove the local-as from the AS-Path so R3 will accept the prefiexs

]]> By: wills http://ardenpackeer.com/routing-protocols/bgp-allowas-in-bgp-local-as-tips-and-tricks/comment-page-1/#comment-3010 wills Thu, 25 Sep 2008 01:30:53 +0000 http://ardenpackeer.com/?p=17#comment-3010 ummm your assuming here that someone has access to all routers. What if you dont have access to the peer itself?? Aside from sniffing the wire If you are peering with a device and u see this error message you will never know what to configure the local as as unless you run a debug. For that matter some IOS versions will only show ur own as in the debug and the AS of the peering router but it wont tell you what you need to configure as the local as. In later IOS versions you can actually see via a debug what the expected as is, eg bad OPEN, remote AS is 400, expected 10 ummm your assuming here that someone has access to all routers. What if you dont have access to the peer itself?? Aside from sniffing the wire If you are peering with a device and u see this error message you will never know what to configure the local as as unless you run a debug. For that matter some IOS
versions will only show ur own as in the debug and the AS of the peering router but it wont tell you what you need to configure as the local as.

In later IOS versions you can actually see via a debug what the expected as is, eg

bad OPEN, remote AS is 400, expected 10

]]> By: Chien-Bon http://ardenpackeer.com/routing-protocols/bgp-allowas-in-bgp-local-as-tips-and-tricks/comment-page-1/#comment-2644 Chien-Bon Fri, 12 Sep 2008 03:31:55 +0000 http://ardenpackeer.com/?p=17#comment-2644 Hi, Allowas-in can be used for public internet BGPv4 and MP-BGP for MPLS-VPN scenario? Hi, Allowas-in can be used for public internet BGPv4 and MP-BGP for MPLS-VPN scenario?

]]> By: Sesano http://ardenpackeer.com/routing-protocols/bgp-allowas-in-bgp-local-as-tips-and-tricks/comment-page-1/#comment-727 Sesano Fri, 09 May 2008 16:55:00 +0000 http://ardenpackeer.com/?p=17#comment-727 Thanks for this explanation. Another interesting topic I ran into under BGP lately is the use of template to create ibgp peering instead of using peer group. It's kinda interesting Thanks for this explanation.

Another interesting topic I ran into under BGP lately is the use of template to create ibgp peering instead of using peer group.

It’s kinda interesting

]]>