BGP Allowas-in is a configuration option in Border Gateway
Protocol (BGP) routing that allows a router to accept routes with its own AS
(Autonomous System) number in the AS_PATH attribute.
There's a risk of creating routing loops if not managed properly. It should be used cautiously and with a clear understanding of network topology.
There's a risk of creating routing loops if not managed properly. It should be used cautiously and with a clear understanding of network topology.
- Purpose: Normally, BGP prevents loops by rejecting routes that contain the local AS number in the AS_PATH. However, in scenarios like multi-homed environments or when dealing with MPLS VPNs, you should allow routes to come back into your AS through different paths.
- Functionality: When you configure allowas-in, you specify how many times your AS number is allowed to appear in the AS_PATH. This number can be set between 1 to 10, although this varies by router vendor and model. For example, setting allowas-in 2 would allow routes with up to two instances of your AS number in the path.
Usage Scenario:
- Multi-homed Networks: If you have connections to the same ISP in different locations, allowas-in can prevent unnecessary route blackholing by allowing these routes back into your network.
- MPLS VPNs: In scenarios where customer routes are sent through a service provider network and back, allowas-in ensures these routes are not dropped.
Configuration Example (Cisco IOS-like syntax):
plaintext
router bgp 65100
neighbor 12.1.1.2 remote-as 65200
neighbor 12.1.1.2 allowas-in 2
end
To allow the re-advertisement of all prefixes that
contain duplicate ASNs, use the neighbor allowas-in command in router
configuration mode in Router
Risks:
- There's a risk of creating routing loops if not managed properly. It should be used cautiously and with a clear understanding of network topology.
- It can also lead to suboptimal routing if not configured correctly.
Best Practices:
- Use sparingly and only where necessary.
- Monitor BGP updates closely when employing this feature.
- Combine with route-maps or other BGP policies to control which routes are accepted.
Goal- allow the same AS routes installed in router 1 and router 5 routing table.
- configure the IP addresses as per the topology
- configure EBGP IBGP protocols
- verify the 10.0.0.0/8 in the router 5 routing table
- verify the 50.0.0.0/8 in the router 1 routing table
- configure BGP allowas-in feature on routers 1 and 5
- ensure route 10.1.1.1 and 50.1.1.1 in router 1 and 5 routing table.
- in the end, ensure the connectivity with ping traceroute commands
R1(config)#interface ethernet 5/0
R1(config-if)#ip address 10.1.1.1 255.0.0.0
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#interface serial 4/0
R1(config-if)#ip address 12.1.1.1 255.0.0.0
R1(config-if)#no shutdown
R1(config-if)#exit
R2(config)#interface ethernet 5/0
R2(config-if)#ip address 20.1.1.1 255.0.0.0
R2(config-if)#no shutdown
R2(config-if)#exit
R2(config)#interface serial 4/0
R2(config-if)#ip address 12.1.1.2 255.0.0.0
R2(config-if)#no shutdown
R2(config-if)#exit
R2(config)#interface serial 4/1
R2(config-if)#ip address 23.1.1.1 255.0.0.0
R2(config-if)#no shutdown
R2(config-if)#exit
R3(config)#interface ethernet 5/0
R3(config-if)#ip address 30.1.1.1 255.0.0.0
R3(config-if)#no shutdown
R3(config-if)#exit
R3(config)#interface serial 4/0
R3(config-if)#ip address 34.1.1.1 255.0.0.0
R3(config-if)#no shutdown
R3(config-if)#exit
R3(config)#interface serial 4/1
R3(config-if)#ip address 23.1.1.2 255.0.0.0
R3(config-if)#no shutdown
R3(config-if)#exit
R4(config)#interface ethernet 5/0
R4(config-if)#ip address 40.1.1.1 255.0.0.0
R4(config-if)#no shutdown
R4(config-if)#exit
R4(config)#interface serial 4/0
R4(config-if)#ip address 34.1.1.2 255.0.0.0
R4(config-if)#no shutdown
R4(config-if)#exit
R4(config)#interface serial 4/1
R4(config-if)#ip address 45.1.1.1 255.0.0.0
R4(config-if)#no shutdown
R4(config-if)#exit
R5(config)#interface ethernet 5/0
R5(config-if)#ip address 50.1.1.1 255.0.0.0
R5(config-if)#no shutdown
R5(config-if)#exit
R5(config)#interface serial 4/1
R5(config-if)#ip address 45.1.1.2 255.0.0.0
R5(config-if)#no shutdown
R5(config-if)#exit
R1(config)#router bgp 65100
R1(config-router)#neighbor 12.1.1.2 remote-as 65200
R1(config-router)#network 10.0.0.0 mask 255.0.0.0
R1(config-router)#network 12.0.0.0 mask 255.0.0.0
R1(config-router)#no sync
R1(config-router)#exit
*Feb 18 12:04:32.531: %BGP-5-ADJCHANGE: neighbor 12.1.1.2 Up
R2(config)#router bgp 65200
R2(config-router)#neighbor 12.1.1.1 remote-as 65100
R2(config-router)#neighbor 23.1.1.2 remote-as 65200
R2(config-router)#network 20.0.0.0 mask 255.0.0.0
R2(config-router)#network 12.0.0.0 mask 255.0.0.0
R2(config-router)#network 23.0.0.0 mask 255.0.0.0
R2(config-router)#no sync
R2(config-router)#exit
*Feb 18 12:04:32.687: %BGP-5-ADJCHANGE: neighbor 12.1.1.1 Up
*Feb 18 12:05:30.427: %BGP-5-ADJCHANGE: neighbor 23.1.1.2 Up
R3(config)#router bgp 65200
R3(config-router)#neighbor 34.1.1.2 remote-as 65300
R3(config-router)#neighbor 23.1.1.1 remote-as 65200
R3(config-router)#network 30.0.0.0 mask 255.0.0.0
R3(config-router)#network 34.0.0.0 mask 255.0.0.0
R3(config-router)#network 23.0.0.0 mask 255.0.0.0
R3(config-router)#no sync
R3(config-router)#exit
*Feb 18 12:05:30.535: %BGP-5-ADJCHANGE: neighbor 23.1.1.1 Up
*Feb 18 12:09:19.379: %BGP-5-ADJCHANGE: neighbor 34.1.1.2 Up
R4(config)#router bgp 65300
R4(config-router)#neighbor 34.1.1.1 remote-as 65200
R4(config-router)#neighbor 45.1.1.2 remote-as 65100
R4(config-router)#network 40.0.0.0 mask 255.0.0.0
R4(config-router)#network 34.0.0.0 mask 255.0.0.0
R4(config-router)#network 45.0.0.0 mask 255.0.0.0
R4(config-router)#no sync
R4(config-router)#exit
*Feb 18 12:09:18.955: %BGP-5-ADJCHANGE: neighbor 34.1.1.1 Up
*Feb 18 12:09:56.799: %BGP-5-ADJCHANGE: neighbor 45.1.1.2 Up
R5(config)#router bgp 65100
R5(config-router)#neighbor 45.1.1.1 remote-as 65300
R5(config-router)#network 50.0.0.0 mask 255.0.0.0
R5(config-router)#network 45.0.0.0 mask 255.0.0.0
R5(config-router)#no sync
R5(config-router)#exit
*Feb 18 12:09:56.643: %BGP-5-ADJCHANGE: neighbor 45.1.1.1 Up
R1#show ip bgp
BGP table version is 9, local router ID is 12.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 10.0.0.0 0.0.0.0 0 32768 i
* 12.0.0.0 12.1.1.2 0 0 65200 i
*> 0.0.0.0 0 32768 i
*> 20.0.0.0 12.1.1.2 0 0 65200 i
*> 23.0.0.0 12.1.1.2 0 0 65200 i
*> 30.0.0.0 12.1.1.2 0 65200 i
*> 34.0.0.0 12.1.1.2 0 65200 i
*> 40.0.0.0 12.1.1.2 0 65200 65300 i
*> 45.0.0.0 12.1.1.2 0 65200 65300 I
(as you can see router 1 does not have a 50.1.1.1/8 network in its routing table because of the loop prevention feature)
R5#show ip bgp
BGP table version is 9, local router ID is 50.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 12.0.0.0 45.1.1.1 0 65300 65200 i
*> 20.0.0.0 45.1.1.1 0 65300 65200 i
*> 23.0.0.0 45.1.1.1 0 65300 65200 i
*> 30.0.0.0 45.1.1.1 0 65300 65200 i
*> 34.0.0.0 45.1.1.1 0 0 65300 i
*> 40.0.0.0 45.1.1.1 0 0 65300 i
* 45.0.0.0 45.1.1.1 0 0 65300 i
*> 0.0.0.0 0 32768 i
*> 50.0.0.0 0.0.0.0 0 32768 i
(as you can see router 5 does not have a 10.1.1.1/8 network in its routing table because of the loop prevention feature both routers are in the same AS 65100)
R1(config)#router bgp 65100
R1(config-router)#neighbor 12.1.1.2 allowas-in
R1(config-router)#exit
R1(config)#end
R5(config)#router bgp 65100
R5(config-router)#neighbor 45.1.1.1 allowas-in
R5(config-router)#exit
R5(config)#end
R1#show ip bgp
BGP table version is 10, local router ID is 12.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 10.0.0.0 0.0.0.0 0 32768 i
* 12.0.0.0 12.1.1.2 0 0 65200 i
*> 0.0.0.0 0 32768 i
*> 20.0.0.0 12.1.1.2 0 0 65200 i
*> 23.0.0.0 12.1.1.2 0 0 65200 i
*> 30.0.0.0 12.1.1.2 0 65200 i
*> 34.0.0.0 12.1.1.2 0 65200 i
*> 40.0.0.0 12.1.1.2 0 65200 65300 i
*> 45.0.0.0 12.1.1.2 0 65200 65300 i
*> 50.0.0.0 12.1.1.2 0 65200 65300 65100 i
R5#show ip bgp
BGP table version is 10, local router ID is 50.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 10.0.0.0 45.1.1.1 0 65300 65200 65100 i
*> 12.0.0.0 45.1.1.1 0 65300 65200 i
*> 20.0.0.0 45.1.1.1 0 65300 65200 i
*> 23.0.0.0 45.1.1.1 0 65300 65200 i
*> 30.0.0.0 45.1.1.1 0 65300 65200 i
*> 34.0.0.0 45.1.1.1 0 0 65300 i
*> 40.0.0.0 45.1.1.1 0 0 65300 i
* 45.0.0.0 45.1.1.1 0 0 65300 i
*> 0.0.0.0 0 32768 i
* 50.0.0.0 45.1.1.1 0 65300 65100 i
*> 0.0.0.0 0 32768 I
(as you can see after we allows-in feature both the routers installed same AS routes in to their routing table)
R1#ping 50.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 50.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 132/154/180 ms
R1#traceroute 50.1.1.1
Type escape sequence to abort.
Tracing the route to 50.1.1.1
1 12.1.1.2 20 msec 32 msec 32 msec
2 23.1.1.2 [AS 65200] 72 msec 64 msec 64 msec
3 34.1.1.2 [AS 65200] 96 msec 92 msec 104 msec
4 45.1.1.2 [AS 65300] 148 msec 116 msec 140 msec
R5#ping 10.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 120/148/180 ms
R5#traceroute 10.1.1.1
Type escape sequence to abort.
Tracing the route to 10.1.1.1
1 45.1.1.1 32 msec 32 msec 32 msec
2 34.1.1.1 [AS 65300] 64 msec 64 msec 64 msec
3 23.1.1.1 [AS 65200] 104 msec 96 msec 96 msec
4 12.1.1.1 [AS 65200] 128 msec 152 msec 132 msec
I hope you like this article if you like it please visit to our YouTube channel
No comments:
Post a Comment