BGP Autonomous System Override
This chapter describes BGP Autonomous System Override.
Topics in this chapter include:
Applicability
The information and configuration in this chapter are based on SR OS Release 20.5.R1. In SR OS releases earlier than 19.7.R1, BGP Autonomous System (AS) override is only supported in VPRN BGP instances; BGP AS override in the base router is supported in SR OS Release 19.7.R1 and later.
Overview
In some network designs, the same Autonomous System Number (ASN) is reused at different sites or regions that are interconnected by a common service or backbone. This can occur when an enterprise buys an IP VPN service to connect various sites that, in the past, were operated as a single ASN. This can also occur when a service provider builds a common backbone to interconnect regional networks that, for simplicity, reuse the same ASN.
This type of interconnectivity creates a problem because a BGP route originated by one of the sites and propagated through the backbone will appear as an AS path loop when advertised into another site. Routes with an AS loop are invalid; PE-2 detects AS-path loop and advertises the route to PE-3 as invalid shows an example. PE-2 in AS 64501 receives a BGP route from PE-1 in AS 64496. PE-2 detects that the ASN 64496 in the BGP AS-path attribute equals the ASN of its peer PE-3, so it detects an AS loop and advertises this route to PE-3 as an invalid route.
There are different solutions to this problem:
-
Use different ASNs per site or region. From an operational point of view, this is a major change in an existing network.
-
Disable AS path loop detection within each region. This is not encouraged in case you have external peering to the outside world. Any loops formed between these paths would be undetected.
-
Configure the base router or the VPRN instance with BGP AS override.
Most operators prefer to use BGP AS override. A router configured to use BGP AS override on a BGP session monitors outbound routes toward that peer. Whenever a route has the ASN of the peer in its AS-path, all occurrences of this ASN are replaced by the local ASN of the router (or its confederation ID, if the peer is outside the confederation). BGP AS override replaces the peer ASN in the AS-path with the local ASN shows that PE-2 has replaced ASN 64496 in the AS-path attribute of the BGP route toward PE-3 with its own ASN 64501.
BGP AS override applies to all supported address families and is supported whether the session is confed-EBGP or EBGP.
The as-override command is configurable in the BGP group or neighbor context, both for the base router and the VPRNs.
In SR OS, AS path loop detection is enabled by default. Several actions can be configured when detecting an AS path loop, but those actions are out of the scope of this chapter:
configure router bgp / group / neighbor loop-detect
{drop-peer|ignore-loop|off|discard-route}
configure service vprn bgp / group / neighbor loop-detect
{drop-peer|ignore-loop|off|discard-route}
With the ignore-loop parameter configured, the BGP routes are ignored when having an AS-loop flag but BGP peering remains established.
Configuration
Example topology shows the example topology with five routers: PE-1, PE-3, and PE-5 in AS 64496, PE-2 in AS 64501, and PE-4 in AS 64502.
The initial configuration includes:
-
Cards, MDAs, ports
-
Router interfaces
-
EBGP sessions between the nodes
The initial BGP configuration on PE-2 is as follows.
# on PE-2:
configure {
policy-options {
community "1:1" {
member "1:1" { }
}
policy-statement "1:1" {
entry 10 {
from {
community {
name "1:1"
}
}
action {
action-type accept
}
}
}
}
router "Base" {
autonomous-system 64501
bgp {
split-horizon true
group "eBGP" {
family {
ipv4 true
}
import {
policy ["1:1"]
}
export {
policy ["1:1"]
}
}
neighbor "192.168.12.1" {
group "eBGP"
peer-as 64496
}
neighbor "192.168.23.2" {
group "eBGP"
peer-as 64496
}
}
The BGP configuration on the other nodes is similar.
In this chapter, two examples are shown:
-
BGP AS override in the base router
-
BGP AS override in a VPRN
Default: BGP AS override disabled in base router
By default, BGP AS override is not configured for a BGP group or BGP neighbor; this is verified on PE-2 as follows:
[]
A:admin@PE-2# show router bgp neighbor 192.168.12.1 detail | match "AS Override"
Multihop : 0 (Default) AS Override : Disabled
[]
A:admin@PE-2# show router bgp neighbor 192.168.23.2 detail | match "AS Override"
Multihop : 0 (Default) AS Override : Disabled
PE-1 exports BGP route 10.1.0.0/16, defined as a loopback interface in the base routing instance. The configuration is as follows:
# on PE-1:
configure {
policy-options {
community "1:1" {
member "1:1" { }
}
prefix-list "10.1.0.0/16" {
prefix 10.1.0.0/16 type longer {
}
}
policy-statement "export-prefix_10.1" {
entry 10 {
from {
prefix-list ["10.1.0.0/16"]
}
to {
protocol {
name [bgp]
}
}
action {
action-type accept
community {
add ["1:1"]
}
}
}
}
policy-statement "1:1" {
entry 10 {
from {
community {
name "1:1"
}
}
action {
action-type accept
}
}
}
}
router "Base" {
autonomous-system 64496
bgp {
split-horizon true
group "eBGP" {
peer-as 64501
family {
ipv4 true
}
import {
policy ["1:1"]
}
}
neighbor "192.168.12.2" {
group "eBGP"
export {
policy ["export-prefix_10.1"]
}
}
}
PE-2 receives the BGP route from PE-1 with AS-path 64496, as follows:
[]
A:admin@PE-2# show router bgp neighbor 192.168.12.1 received-routes
===============================================================================
BGP Router ID:192.0.2.2 AS:64501 Local AS:64501
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>i 10.1.0.0/16 None None
192.168.12.1 None 0
64496 -
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
PE-2 detects that the ASN 64496 in the AS-path equals the ASN of the peer AS of PE-3, so an AS loop is detected and PE-2 advertises this route to PE-3 as an invalid route:
[]
A:admin@PE-2# show router bgp neighbor 192.168.23.2 advertised-routes
===============================================================================
BGP Router ID:192.0.2.3 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
i 10.1.0.0/16 n/a None
192.168.23.1 None 0
64501 64496 -
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
PE-3 receives this route with the following flags:
[]
A:admin@PE-3# show router bgp routes hunt | match Flags
Flags : Invalid IGP AS-Loop
Normal BGP rules do not allow invalid routes to be advertised, so PE-3 does not advertise any route to PE-4, as follows:
[]
A:admin@PE-3# show router bgp neighbor 192.168.34.2 advertised-routes
===============================================================================
BGP Router ID:192.0.2.3 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
No Matching Entries Found.
===============================================================================
PE-2 detects AS loop and advertises a route to PE-3 as invalid shows the BGP routes advertised by PE-1 and PE-2 with the corresponding AS-path.
BGP AS override in base router
On PE-2 and PE-4, the following command configures BGP AS override in the group "eBGP":
# on PE-2, PE-4:
configure {
router "Base" {
bgp {
group "eBGP" {
as-override true
}
}
With this configuration, BGP AS override is configured for both BGP neighbors, as follows:
[]
A:admin@PE-2# show router bgp neighbor 192.168.12.1 detail | match "AS Override"
Multihop : 0 (Default) AS Override : Enabled
[]
A:admin@PE-2# show router bgp neighbor 192.168.23.2 detail | match "AS Override"
Multihop : 0 (Default) AS Override : Enabled
PE-2 receives the route from PE-1 with ASN 64496, as follows:
[]
A:admin@PE-2# show router bgp routes 10.1.0.0/16
===============================================================================
BGP Router ID:192.0.2.2 AS:64501 Local AS:64501
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>i 10.1.0.0/16 None None
192.168.12.1 None 0
64496 -
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
Instead of advertising a route with an AS loop, PE-2 will now replace ASN 64496 in the AS-path attribute with its own ASN 64501, so PE-3 receives the following valid route:
[]
A:admin@PE-3# show router bgp routes 10.1.0.0/16
===============================================================================
BGP Router ID:192.0.2.3 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>i 10.1.0.0/16 None None
192.168.23.1 None 0
64501 64501 -
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
PE-4 receives the following BGP route:
[]
A:admin@PE-4# show router bgp routes 10.1.0.0/16
===============================================================================
BGP Router ID:192.0.2.4 AS:64502 Local AS:64502
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>i 10.1.0.0/16 None None
192.168.34.1 None 0
64496 64501 64501 -
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
PE-4 detects an AS loop when advertising this route to its peer PE-5 in AS 64496, so it replaces ASN 64496 in the AS-path with its own ASN 64502. PE-5 receives the following valid route from PE-4:
[]
A:admin@PE-5# show router bgp routes 10.1.0.0/16
===============================================================================
BGP Router ID:192.0.2.5 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>i 10.1.0.0/16 None None
192.168.45.1 None 0
64502 64502 64501 64501 -
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
No AS loop when BGP AS override is enabled for group "eBGP" on PE-2 and PE-4 shows the BGP routes advertised by the PEs with the corresponding AS-path.
Default: BGP AS override disabled in VPRN
Example topology with VPRN 1 on all PEs shows the example topology with VPRN 1 configured on all PEs.
On PE-2, VPRN 1 is configured as follows. By default, as-override is not configured for any BGP group or BGP neighbor.
# on PE-2:
configure {
service {
vprn "VPRN 1" {
admin-state enable
service-id 1
customer "1"
autonomous-system 64503
router-id 172.31.0.2
route-distinguisher "64503:1"
vrf-target {
community "target:1:1"
}
bgp {
split-horizon true
group "eBGP" {
peer-as 64497
local-as {
as-number 64503
}
import {
policy ["1:1"]
}
export {
policy ["1:1"]
}
}
neighbor "172.16.12.1" {
group "eBGP"
}
neighbor "172.16.23.2" {
group "eBGP"
}
}
interface "int-VPRN1-PE-2-PE-1" {
ipv4 {
primary {
address 172.16.12.2
prefix-length 30
}
}
sap 1/1/2:1 {
}
}
interface "int-VPRN1-PE-2-PE-3" {
ipv4 {
primary {
address 172.16.23.1
prefix-length 30
}
}
sap 1/1/1:1 {
}
}
interface "system" {
loopback true
ipv4 {
primary {
address 172.31.0.2
prefix-length 32
}
}
}
The service configuration on the other nodes is similar. The IP addresses and ASNs are shown in Example topology with VPRN 1 on all PEs.
VPRN 1 on PE-1 exports BGP route 172.31.0.1/32, defined as a loopback interface within the VPRN 1 routing instance. The configuration is as follows:
# on PE-1:
configure {
policy-options {
prefix-list "172.31.0.0/16" {
prefix 172.31.0.0/16 type longer {
}
}
policy-statement "export-prefix_172.31" {
entry 10 {
from {
prefix-list ["172.31.0.0/16"]
protocol {
name [direct]
}
}
to {
protocol {
name [bgp]
}
}
action {
action-type accept
community {
add ["1:1"]
}
}
}
}
}
service {
vprn "VPRN 1" {
admin-state enable
service-id 1
customer "1"
autonomous-system 64497
router-id 172.31.0.1
route-distinguisher "64497:1"
vrf-target {
community "target:1:1"
}
bgp {
split-horizon true
group "eBGP" {
peer-as 64503
local-as {
as-number 64497
}
import {
policy ["1:1"]
}
}
neighbor "172.16.12.2" {
group "eBGP"
export {
policy ["export-prefix_172.31"]
}
}
}
interface "int-VPRN1-PE-1-PE-2" {
ipv4 {
primary {
address 172.16.12.1
prefix-length 30
}
}
sap 1/1/1:1 {
}
}
interface "system" {
loopback true
ipv4 {
primary {
address 172.31.0.1
prefix-length 32
}
}
}
VPRN 1 on PE-1 exports route 172.31.0.1/32 with ASN 64497 to VPRN 1 on PE-2. On PE-2, the following route is received in VPRN 1:
[]
A:admin@PE-2# show router 1 bgp neighbor 172.16.12.1 received-routes
===============================================================================
BGP Router ID:172.31.0.2 AS:64503 Local AS:64503
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>i 172.31.0.1/32 n/a None
172.16.12.1 None 0
64497 -
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
ASN 64497 equals the peer AS of PE-3, so an AS loop is detected, and the following route is advertised to VPRN 1 on PE-3 as invalid:
[]
A:admin@PE-2# show router 1 bgp neighbor 172.16.23.2 advertised-routes
===============================================================================
BGP Router ID:172.31.0.2 AS:64503 Local AS:64503
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
i 172.31.0.1/32 n/a None
172.16.23.1 None 0
64503 64497 -
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
AS loop when BGP AS override is not configured in VPRN 1 on PE-2 shows the routes sent by VPRN 1 on PE-1 and PE-2. PE-3 receives an invalid route with an AS loop that is not re-advertised.
BGP AS override in VPRN
On PE-2 and PE-4, as-override is enabled in VPRN 1 for group "eBGP", as follows:
# on PE-2, PE-4:
configure {
service {
vprn "VPRN 1" {
bgp {
group "eBGP" {
as-override true
}
}
Routes advertised when BGP AS override is enabled in VPRN 1 on the PEs shows the routes advertised in VPRN 1 on the PEs when BGP AS override is enabled on PE-2 and PE-4.
VPRN 1 on PE-2 receives the route with ASN 64497:
[]
A:admin@PE-2# show router 1 bgp routes 172.31.0.1/32
===============================================================================
BGP Router ID:172.31.0.2 AS:64503 Local AS:64503
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>i 172.31.0.1/32 None None
172.16.12.1 None 0
64497 -
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
With AS override enabled, VPRN 1 on PE-3 receives the following valid route where ASN 64497 is replaced by ASN 64503:
[]
A:admin@PE-3# show router 1 bgp routes 172.31.0.1/32
===============================================================================
BGP Router ID:192.0.2.3 AS:64497 Local AS:64497
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>i 172.31.0.1/32 None None
172.16.23.1 None 0
64503 64503 -
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
VPRN 1 on PE-4 receives the following route:
[]
A:admin@PE-4# show router 1 bgp routes 172.31.0.1/32
===============================================================================
BGP Router ID:172.31.0.4 AS:64504 Local AS:64504
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>i 172.31.0.1/32 None None
172.16.34.1 None 0
64497 64503 64503 -
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
VPRN 1 on PE-4 replaces ASN 64497 with its own ASN 64504, so PE-5 receives the following valid route with AS-path <64504 64504 64503 64503>:
[]
A:admin@PE-5# show router 1 bgp routes 172.31.0.1/32
===============================================================================
BGP Router ID:172.31.0.5 AS:64497 Local AS:64497
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>i 172.31.0.1/32 None None
172.16.45.1 None 0
64504 64504 64503 64503 -
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
Conclusion
BGP AS override can prevent AS loops in network designs where different sites or regions are interconnected by a common service or backbone. BGP AS override can be enabled for BGP groups or BGP neighbors, both in the base router and in VPRNs.