Information Technology Reference
In-Depth Information
Allow-AS
Allow-AS is another BGP feature that modifies the AS_PATH loop detection. It is used
primarily in hub-and-spoke VPN scenarios, as shown in Figure 10-12.
Figure 10-12
Hub-and-Spoke VPN
172.16.0.0/16
AS_PATH:
65000
AS 65000
172.16.0.0/16
AS_PATH: 100
100
CE1
AS 100
AS 65000
VPNa
Spoke 1
VRFa
PE1
PE3
CE3
VRFb
AS 65000
PE2
CE4
172.16.0.0/16
AS_PATH:
65000 100
1
00
172.16.0.0/16
AS_PATH: 100
100 100 10
0
CE2
VPNa
Hub
VPNa
Spoke 2
Three sites of VPNa are connected to AS 100: two spoke sites and one hub site. All spoke
sites rely on the hub site for connectivity to other sites. Both spoke PE devices (PE1 and
PE2) only exchange VPN routing information with PE3 for VPNa. The hub site has full
routing knowledge of all other sites of the same VPN and is the central transit point
between spoke sites. Spoke sites may also access central services that are available only
in the hub site.
The hub site connects to the provider with two links, which belong to two different VRFs
on PE3. One link is used to send updates to the hub site, and one is used to receive updates
from the hub site. The ways to accomplish this using RTs are discussed in the section
“Deployment Considerations.” The focus here is to discuss the AS_PATH manipulation that
is needed to provide full connectivity.
Because all sites use the same AS number, all three PEs must enable AS Override, as
discussed in the preceding section. The prefix 172.16.0.0/16 is originated in Spoke 1. When
the prefix is advertised from PE3 to CE3, the AS number is replaced with 100. When the
prefix is advertised from the hub site back to PE3, the AS_PATH is 65000 100 100. The
update is denied because PE3 detects its own AS number.
You can disable the AS_PATH loop check on PE3 using the command
neighbor CE4
allowas-in
under the VRFb address family. With this command, PE3 does not detect a loop
if its own AS number occurs three times or less. Note that you can change the number of
