BGP Autonomous System Override
This chapter describes BGP Autonomous System Override.
Topics in this chapter include:
Applicability
The information and configuration in this chapter are based on SR OS Release 20.5.R1. In SR OS Releases earlier than 19.7.R1, BGP Autonomous System (AS) override is only supported in VPRN BGP instances; BGP AS override in the base router is supported in SR OS Release 19.7.R1 and later.
Overview
In some network designs, the same Autonomous System Number (ASN) is reused at different sites or regions that are interconnected by a common service or backbone. This can occur when an enterprise buys an IP VPN service to connect various sites that, in the past, were operated as a single ASN. This can also occur when a service provider builds a common backbone to interconnect regional networks that, for simplicity, reuse the same ASN.
This type of interconnectivity creates a problem because a BGP route originated by one of the sites and propagated through the backbone will appear as an AS path loop when advertised into another site. Routes with an AS loop are invalid; PE-2 detects AS-path loop and advertises the route to PE-3 as invalid shows an example. PE-2 in AS 64501 receives a BGP route from PE-1 in AS 64496. PE-2 detects that the ASN 64496 in the BGP AS-path attribute equals the ASN of its peer PE-3, so it detects an AS loop and advertises this route to PE-3 as an invalid route.
There are different solutions to this problem:
Use different ASNs per site or region. From an operational point of view, this is a major change in an existing network.
Disable AS path loop detection within each region. This is not encouraged in case you have external peering to the outside world. Any loops formed between these paths would be undetected.
Configure the base router or the VPRN instance with BGP AS override.
Most operators prefer to use BGP AS override. A router configured to use BGP AS override on a BGP session monitors outbound routes toward that peer. Whenever a route has the ASN of the peer in its AS-path, all occurrences of this ASN are replaced by the local ASN of the router (or its confederation ID, if the peer is outside the confederation). BGP AS override replaces the peer ASN in the AS-path with the local ASN shows that PE-2 has replaced ASN 64496 in the AS-path attribute of the BGP route toward PE-3 with its own ASN 64501.
BGP AS override applies to all supported address families and is supported whether the session is confed-EBGP or EBGP.
The as-override command is configurable in the BGP group or neighbor context, both for the base router and the VPRNs.
In SR OS, AS path loop detection is enabled by default. Several actions can be configured when detecting an AS path loop, but those actions are out of the scope of this chapter:
configure router bgp / group / neighbor loop-detect {drop-peer|discard-route|ignore-loop|off}
configure service vprn bgp / group / neighbor loop-detect {drop-peer|discard-route|ignore-loop|off}
With the ignore-loop parameter configured, the BGP routes are ignored when having an AS-loop flag but BGP peering remains established.
Configuration
Example topology shows the example topology with five routers: PE-1, PE-3, and PE-5 in AS 64496, PE-2 in AS 64501, and PE-4 in AS 64502.
The initial configuration includes:
Cards, MDAs, ports
Router interfaces
EBGP sessions between the nodes
The initial BGP configuration on PE-2 is as follows.
# on PE-2:
configure
router Base
autonomous-system 64501
bgp
split-horizon
group "eBGP"
family ipv4
neighbor 192.168.23.2
peer-as 64496
exit
neighbor 192.168.12.1
peer-as 64496
exit
exit
no shutdown
exit
The BGP configuration on the other nodes is similar.
In this chapter, two examples are shown:
BGP AS override in the base router
BGP AS override in a VPRN
Default: BGP AS override disabled in base router
By default, BGP AS override is not configured for a BGP group or BGP neighbor; this is verified on PE-2 as follows:
*A:PE-2# show router bgp neighbor 192.168.12.1 detail | match "AS Override"
Multihop : 0 (Default) AS Override : Disabled
*A:PE-2# show router bgp neighbor 192.168.23.2 detail | match "AS Override"
Multihop : 0 (Default) AS Override : Disabled
PE-1 exports BGP route 10.1.0.0/16, defined as a loopback interface in the base routing instance. The configuration is as follows:
# on PE-1:
configure
router Base
autonomous-system 64496
policy-options
begin
prefix-list "10.1.0.0/16"
prefix 10.1.0.0/16 longer
exit
policy-statement "export-prefix_10.1"
entry 10
from
prefix-list "10.1.0.0/16"
exit
action accept
exit
exit
exit
commit
exit
bgp
split-horizon
group "eBGP"
family ipv4
peer-as 64501
neighbor 192.168.12.2
export "export-prefix_10.1"
exit
exit
no shutdown
exit
PE-2 receives the BGP route from PE-1 with AS-path 64496, as follows:
*A:PE-2# show router bgp neighbor 192.168.12.1 received-routes
===============================================================================
BGP Router ID:192.0.2.2 AS:64501 Local AS:64501
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>i 10.1.0.0/16 None None
192.168.12.1 None 0
64496 -
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
PE-2 detects that the ASN 64496 in the AS-path equals the ASN of the peer AS of PE-3, so an AS loop is detected and PE-2 advertises this route to PE-3 as an invalid route:
*A:PE-2# show router bgp neighbor 192.168.23.2 advertised-routes
===============================================================================
BGP Router ID:192.0.2.3 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
i 10.1.0.0/16 n/a None
192.168.23.1 None 0
64501 64496 -
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
PE-3 receives this route with the following flags:
*A:PE-3# show router bgp routes hunt | match Flags
Flags : Invalid IGP AS-Loop
Normal BGP rules do not allow invalid routes to be advertised, so PE-3 does not advertise any route to PE-4, as follows:
*A:PE-3# show router bgp neighbor 192.168.34.2 advertised-routes
===============================================================================
BGP Router ID:192.0.2.3 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
No Matching Entries Found.
===============================================================================
PE-2 detects AS loop and advertises a route to PE-3 as invalid shows the BGP routes advertised by PE-1 and PE-2 with the corresponding AS-path.
BGP AS override in base router
On PE-2 and PE-4, the following command configures BGP AS override in the group "eBGP":
# on PE-2, PE-4:
configure
router Base
bgp
group "eBGP"
as-override
exit
exit
With this configuration, BGP AS override is configured for both BGP neighbors, as follows:
*A:PE-2# show router bgp neighbor 192.168.12.1 detail | match "AS Override"
Multihop : 0 (Default) AS Override : Enabled
*A:PE-2# show router bgp neighbor 192.168.23.2 detail | match "AS Override"
Multihop : 0 (Default) AS Override : Enabled
PE-2 receives the route from PE-1 with ASN 64496, as follows:
*A:PE-2# show router bgp routes 10.1.0.0/16
===============================================================================
BGP Router ID:192.0.2.2 AS:64501 Local AS:64501
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>i 10.1.0.0/16 None None
192.168.12.1 None 0
64496 -
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
Instead of advertising a route with an AS loop, PE-2 will now replace ASN 64496 in the AS-path attribute with its own ASN 64501, so PE-3 receives the following valid route:
*A:PE-3# show router bgp routes 10.1.0.0/16
===============================================================================
BGP Router ID:192.0.2.3 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>i 10.1.0.0/16 None None
192.168.23.1 None 0
64501 64501 -
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
PE-4 receives the following BGP route:
*A:PE-4# show router bgp routes 10.1.0.0/16
===============================================================================
BGP Router ID:192.0.2.4 AS:64502 Local AS:64502
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>i 10.1.0.0/16 None None
192.168.34.1 None 0
64496 64501 64501 -
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
PE-4 detects an AS loop when advertising this route to its peer PE-5 in AS 64496, so it replaces ASN 64496 in the AS-path with its own ASN 64502. PE-5 receives the following valid route from PE-4:
*A:PE-5# show router bgp routes 10.1.0.0/16
===============================================================================
BGP Router ID:192.0.2.5 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>i 10.1.0.0/16 None None
192.168.45.1 None 0
64502 64502 64501 64501 -
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
No AS loop when BGP AS override is enabled for group "eBGP" on PE-2 and PE-4 shows the BGP routes advertised by the PEs with the corresponding AS-path.
Default: BGP AS override disabled in VPRN
Example topology with VPRN 1 on all PEs shows the example topology with VPRN 1 configured on all PEs.
On PE-2, VPRN 1 is configured as follows. By default, as-override is not configured for any BGP group or BGP neighbor.
# on PE-2:
configure
service
vprn 1 name "VPRN 1" customer 1 create
router-id 172.31.0.2
autonomous-system 64503
route-distinguisher 64503:1
vrf-target target:1:1
interface "int-VPRN1-PE-2-PE-1" create
address 172.16.12.2/30
sap 1/1/2:1 create
exit
no shutdown
exit
interface "int-VPRN1-PE-2-PE-3" create
address 172.16.23.1/30
sap 1/1/1:1 create
exit
no shutdown
exit
interface "system" create
address 172.31.0.2/32
loopback
no shutdown
exit
bgp
split-horizon
group "eBGP"
local-as 64503
peer-as 64497
neighbor 172.16.12.1
exit
neighbor 172.16.23.2
exit
exit
exit
no shutdown
The service configuration on the other nodes is similar. The IP addresses and ASNs are shown in Example topology with VPRN 1 on all PEs.
VPRN 1 on PE-1 exports BGP route 172.31.0.1/32, defined as a loopback interface within the VPRN 1 routing instance. The configuration is as follows:
# on PE-1:
configure
router Base
policy-options
begin
prefix-list "172.31.0.0/16"
prefix 172.31.0.0/16 longer
exit
policy-statement "export-prefix_172.31"
entry 10
from
protocol direct
prefix-list "172.31.0.0/16"
exit
to
protocol bgp
exit
action accept
exit
exit
exit
commit
exit
exit
service
vprn 1 name "VPRN 1" customer 1 create
router-id 172.31.0.1
autonomous-system 64497
route-distinguisher 64497:1
vrf-target target:1:1
interface "int-VPRN1-PE-1-PE-2" create
address 172.16.12.1/30
sap 1/1/1:1 create
exit
no shutdown
exit
interface "system" create
address 172.31.0.1/32
loopback
no shutdown
exit
bgp
split-horizon
group "eBGP"
local-as 64497
peer-as 64503
neighbor 172.16.12.2
export "export-prefix_172.31"
exit
exit
exit
no shutdown
VPRN 1 on PE-1 exports route 172.31.0.1/32 with ASN 64497 to VPRN 1 on PE-2. On PE-2, the following route is received in VPRN 1:
*A:PE-2# show router 1 bgp neighbor 172.16.12.1 received-routes
===============================================================================
BGP Router ID:172.31.0.2 AS:64503 Local AS:64503
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>i 172.31.0.1/32 n/a None
172.16.12.1 None 0
64497 -
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
ASN 64497 equals the peer AS of PE-3, so an AS loop is detected, and the following route is advertised to VPRN 1 on PE-3 as invalid:
*A:PE-2# show router 1 bgp neighbor 172.16.23.2 advertised-routes
===============================================================================
BGP Router ID:172.31.0.2 AS:64503 Local AS:64503
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
i 172.31.0.1/32 n/a None
172.16.23.1 None 0
64503 64497 -
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
AS loop when BGP AS override is not configured in VPRN 1 on PE-2 shows the routes sent by VPRN 1 on PE-1 and PE-2. PE-3 receives an invalid route with an AS loop that is not re-advertised.
BGP AS override in VPRN
On PE-2 and PE-4, as-override is configured in VPRN 1 for group "eBGP", as follows:
# on PE-2, PE-4:
configure
service
vprn "VPRN 1"
bgp
group "eBGP"
as-override
exit
exit
Routes advertised when BGP AS override is enabled in VPRN 1 on the PEs shows the routes advertised in VPRN 1 on the PEs when BGP AS override is enabled on PE-2 and PE-4.
VPRN 1 on PE-2 receives the route with ASN 64497:
*A:PE-2# show router 1 bgp routes 172.31.0.1/32
===============================================================================
BGP Router ID:172.31.0.2 AS:64503 Local AS:64503
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>i 172.31.0.1/32 None None
172.16.12.1 None 0
64497 -
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
As a result of the as-override setting, VPRN 1 on PE-3 receives the following valid route where ASN 64497 is replaced by ASN 64503:
*A:PE-3# show router 1 bgp routes 172.31.0.1/32
===============================================================================
BGP Router ID:192.0.2.3 AS:64497 Local AS:64497
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>i 172.31.0.1/32 None None
172.16.23.1 None 0
64503 64503 -
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
VPRN 1 on PE-4 receives the following route:
*A:PE-4# show router 1 bgp routes 172.31.0.1/32
===============================================================================
BGP Router ID:172.31.0.4 AS:64504 Local AS:64504
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>i 172.31.0.1/32 None None
172.16.34.1 None 0
64497 64503 64503 -
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
VPRN 1 on PE-4 replaces ASN 64497 with its own ASN 64504, so PE-5 receives the following valid route with AS-path <64504 64504 64503 64503>:
*A:PE-5# show router 1 bgp routes 172.31.0.1/32
===============================================================================
BGP Router ID:172.31.0.5 AS:64497 Local AS:64497
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>i 172.31.0.1/32 None None
172.16.45.1 None 0
64504 64504 64503 64503 -
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
Conclusion
BGP AS override can prevent AS loops in network designs where different sites or regions are interconnected by a common service or backbone. BGP AS override can be enabled for BGP groups or BGP neighbors, both in the base router and in VPRNs.