MPLS VPN BGP AS Override

redditpinterestlinkedin

This configuration scenario demonstrates the use of BGP AS override in an MPLS VPN. In MPLS VPN network shown in the figure below, two customer sites connected to service provider MPLS network and using BGP as its PE-CE routing protocol. Implementing BGP PE-CE routing for customer imposes an issue when customer uses the same BGP AS number. This is due to the fact BGP loop prevention mechanism prohibits customer sites having same AS numbers to be linked by another AS number. In layman’s terms, routing updates coming from site A with AS A will be dropped when site B received them that is also configured with AS A.

BGP AS override

As shown in the debug output (debug ip bgp updates command entered in CE-3), routes 192.168.20.0/24 and 10.20.20.0/30 received from PE-1 router where denied because the BGP update contains its own BGP AS.

CE-3#
*Mar  1 01:41:23.627: BGP(0): 10.10.10.1 rcv UPDATE about 10.20.20.0/30 -- withdrawn
*Mar  1 01:41:23.631: BGP(0): 10.10.10.1 rcv UPDATE about 192.168.20.0/24 -- withdrawn
CE-3#
*Mar  1 01:41:25.143: BGP(0): 10.10.10.1 rcv UPDATE w/ attr: nexthop 10.10.10.1, origin i, originator 0.0.0.0, path 100 1, community , extended community 
*Mar  1 01:41:25.151: BGP(0): 10.10.10.1 rcv UPDATE about 10.20.20.0/30 -- DENIED due to: AS-PATH contains our own AS;
*Mar  1 01:41:25.155: BGP(0): 10.10.10.1 rcv UPDATE about 192.168.20.0/24 -- DENIED due to: AS-PATH contains our own AS;
CE-3#

To get around the BGP loop prevention mechanism, the AS-PATH parameter in BGP update must be modified. This is done by using BGP AS override feature in BGP.
The BGP AS override function changes all occurrences of the AS number of the receiving BGP router to be replaced with the AS number of the sending BGP router.

BGP AS override is configured in PE-1 and PE-2 routers under the BGP IPv4 vrf customer-a address-family.

router bgp 100
 !
 address-family ipv4 vrf customer-a
  neighbor 10.10.10.2 as-override
 exit-address-family

router bgp 100
 !
 address-family ipv4 vrf customer-a
  neighbor 10.20.20.2 as-override
 exit-address-family

After configuring BGP AS override in both PE routers, routes are now installed. Take note the AS path is replaced with 100 (this is the service provider BGP AS).

*Mar  1 01:48:22.119: BGP(0): 10.10.10.1 rcvd UPDATE w/ attr: nexthop 10.10.10.1, origin i, path 100 100
*Mar  1 01:48:22.119: BGP(0): 10.10.10.1 rcvd 10.20.20.0/30
*Mar  1 01:48:22.123: BGP(0): 10.10.10.1 rcvd 192.168.20.0/24
*Mar  1 01:48:22.123: BGP(0): Revise route installing 1 of 1 routes for 10.20.20.0/30 -> 10.10.10.1(main) to main IP table
*Mar  1 01:48:22.123: BGP(0): Revise route installing 1 of 1 routes for 192.168.20.0/24 -> 10.10.10.1(main) to main IP table

Final configuration with BGP AS override.

hostname PE-1
!
ip vrf customer-a
 rd 1:100 
 route-target export 1:100
 route-target import 1:100
!
interface Loopback1
 ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
 ip address 10.1.1.1 255.255.255.252
 duplex auto
 speed auto
 mpls ip
!
interface Serial1/1
 ip vrf forwarding customer-a
 ip address 10.10.10.1 255.255.255.252
 serial restart-delay 0
!
router ospf 100
 router-id 1.1.1.1
 network 1.1.1.1 0.0.0.0 area 0
 network 10.1.1.1 0.0.0.0 area 0
!
router bgp 100
 bgp router-id 1.1.1.1
 bgp log-neighbor-changes
 neighbor 2.2.2.2 remote-as 100
 neighbor 2.2.2.2 update-source Loopback1
 !
 address-family vpnv4
  neighbor 2.2.2.2 activate
  neighbor 2.2.2.2 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf customer-a
  neighbor 10.10.10.2 remote-as 1
  neighbor 10.10.10.2 update-source Serial1/1
  neighbor 10.10.10.2 activate
  neighbor 10.10.10.2 as-override
 exit-address-family
!
mpls ldp router-id Loopback1

hostname P
!
interface Loopback1
 ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
 ip address 10.1.1.2 255.255.255.252
 ip ospf priority 255
 duplex auto
 speed auto
 mpls ip
!
interface FastEthernet0/1
 ip address 10.1.1.5 255.255.255.252
 ip ospf priority 255
 duplex auto
 speed auto
 mpls ip  
!
router ospf 100
 router-id 2.2.2.2
 network 2.2.2.2 0.0.0.0 area 0
 network 10.1.1.2 0.0.0.0 area 0
 network 10.1.1.5 0.0.0.0 area 0
!
router bgp 100
 bgp router-id 2.2.2.2
 bgp log-neighbor-changes
 neighbor 1.1.1.1 remote-as 100
 neighbor 1.1.1.1 update-source Loopback1
 neighbor 1.1.1.1 route-reflector-client
 neighbor 3.3.3.3 remote-as 100
 neighbor 3.3.3.3 update-source Loopback1
 neighbor 3.3.3.3 route-reflector-client
 !
 address-family vpnv4
  neighbor 1.1.1.1 activate
  neighbor 1.1.1.1 send-community extended
  neighbor 1.1.1.1 route-reflector-client
  neighbor 3.3.3.3 activate
  neighbor 3.3.3.3 send-community extended
  neighbor 3.3.3.3 route-reflector-client
 exit-address-family
!         
mpls ldp router-id Loopback1

hostname PE-2
!
ip vrf customer-a
 rd 1:100 
 route-target export 1:100
 route-target import 1:100
!
interface Loopback1
 ip address 3.3.3.3 255.255.255.255
!
interface FastEthernet0/0
 ip address 10.1.1.6 255.255.255.252
 duplex auto
 speed auto
 mpls ip
!
interface Serial1/0
 ip vrf forwarding customer-a
 ip address 10.20.20.1 255.255.255.252
 serial restart-delay 0
!     
router ospf 100
 router-id 3.3.3.3
 network 3.3.3.3 0.0.0.0 area 0
 network 10.1.1.6 0.0.0.0 area 0
!
router bgp 100
 bgp router-id 3.3.3.3
 bgp log-neighbor-changes
 neighbor 2.2.2.2 remote-as 100
 neighbor 2.2.2.2 update-source Loopback1
 !
 address-family vpnv4
  neighbor 2.2.2.2 activate
  neighbor 2.2.2.2 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf customer-a
  neighbor 10.20.20.2 remote-as 1
  neighbor 10.20.20.2 activate
  neighbor 10.20.20.2 as-override
 exit-address-family
!
mpls ldp router-id Loopback1

hostname CE-3
!
interface Loopback1
 ip address 192.168.10.1 255.255.255.0
!
interface Loopback2
 ip address 11.11.11.1 255.255.255.0
!
interface Loopback3
 ip address 22.22.22.1 255.255.255.0
!
interface Loopback100
 ip address 1.1.10.1 255.255.255.255
!
interface Serial1/0
 ip address 10.10.10.2 255.255.255.252
 serial restart-delay 0
!         
router bgp 1
 no synchronization
 bgp router-id 1.1.10.1
 bgp log-neighbor-changes
 network 10.10.10.0 mask 255.255.255.252
 network 11.11.11.0 mask 255.255.255.0
 network 22.22.22.0 mask 255.255.255.0
 network 192.168.10.0
 neighbor 10.10.10.1 remote-as 100
 neighbor 10.10.10.1 update-source Serial1/0
 no auto-summary

hostname CE-4
!
interface Loopback1
 ip address 192.168.20.1 255.255.255.0
!
interface Loopback100
 ip address 1.1.10.2 255.255.255.255
!
interface Serial1/0
 ip address 10.20.20.2 255.255.255.252
 serial restart-delay 0
!
router bgp 1
 no synchronization
 bgp router-id 1.1.10.2
 bgp log-neighbor-changes
 network 10.20.20.0 mask 255.255.255.252
 network 192.168.20.0
 neighbor 10.20.20.1 remote-as 100
 neighbor 10.20.20.1 update-source Serial1/0
 no auto-summary

Rejohn Cuares

He is Network Engineer working in one of the Managed Service Providers in Brisbane, Australia. His role as an engineer spans across multiple technologies like Unified Communications, Security, Wireless and Routing/Switching. He loves learning new things that makes his job fun and interesting.

Latest posts by Rejohn Cuares (see all)

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

  

  

  

*