Overview

The neighbor allowas-in command disables AS_PATH loop prevention for BGP routes received from a specific neighbor.This section describes the neighbor allowas-in command.

What is neighbor allowas-in command?

The AS_PATH attribute is used to prevent loops for BGP routes.If the AS_PATH attribute added to a BGP route contains its own AS number, the route is considered looped and is not received. This prevents the route from looping.

The neighbor allowas-in command is used to disable loop prevention by AS_PATH for BGP routes received from a specific neighbor.

The main case to use the neighbor allowas-in command is when connecting between sites via MPLS-VPN. When using MPLS-VPN to connect between sites and using BGP between PE and CE, the AS numbers of the CE routers may be the same. Then the BGP route will be invalid due to loop prevention by AS_PATH.

Figure: Connecting between sites with MPLS-VPN Part 1
Figure Connecting between sites with MPLS-VPN Part 1

So, use neighbor allowas-in command on the CE router so that even if the AS_PATH attribute of the BGP route contains its own AS number, the route can be received without being considered looped.

Figure: Connecting between sites with MPLS-VPN Part 2

neighbor allowas-in command and verification commands

Command format

Configure the neighbor allowas-in command in BGP configuration mode. The command format is as follows.

neighbor allowas-in

(config)#router bgp <AS>
(config-router)#neighbor <ip-address> allowas-in [<count>]

<AS> : AS number
<ip-address> : Neighbor IP address
<count> : Number of own AS numbers allowed.

Permit BGP routes received from the specified neighbor, even if it contains its own AS number up to .

Verifycation command

The neighbor details in the show ip bgp neighbor command indicates that the neighbor allowas-in command has been configured.

show ip bgp neighbor

R3#show ip bgp neighbors 10.1.3.1
BGP neighbor is 10.1.3.1,  remote AS 65001, external link
  BGP version 4, remote router ID 1.1.1.1
  BGP state = Established, up for 00:02:31
  Last read 00:00:31, last write 00:00:31, hold time is 180, keepalive interval is 60 seconds
  Neighbor capabilities:
    Route refresh: advertised and received(old & new)
    Address family IPv4 Unicast: advertised and received
  Message statistics:
    InQ depth is 0
    OutQ depth is 0
                         Sent       Rcvd
    Opens:                  1          1
    Notifications:          0          0
    Updates:                1          6
    Keepalives:             5          5
    Route Refresh:          2          0
    Total:                  9         12
  Default minimum time between advertisement runs is 30 seconds

 For address family: IPv4 Unicast
  BGP table version 3, neighbor version 3/0
  Output queue size: 0
  Index 1, Offset 0, Mask 0x2
  1 update-group member
  My AS number is allowed for 3 number of times
~省略~

neighbor allowas-in configuration example

Network Diagram

Consider the following network diagram with the neighbor allowas-in command.

Figure neighbor allowas-in Configuration Example
Figure neighbor allowas-in Configuration Example

Initial Configuration

Here is an excerpt of each router’s initial configuration, with BGP neighbors established between R1 and R2 and between R1 and R3: R2 advertises 192.168.1.0/24 via BGP; R3 advertises 192.168.3.0/24 via BGP.

R1 Initial Configuration(Click)

hostname R1
!
interface FastEthernet0/0
 ip address 10.1.2.1 255.255.255.0
!
interface FastEthernet0/1
 ip address 10.1.3.1 255.255.255.0
!
router bgp 65001
 no synchronization
 bgp router-id 1.1.1.1
 bgp log-neighbor-changes
 neighbor 10.1.2.2 remote-as 65100
 neighbor 10.1.3.3 remote-as 65100
 no auto-summary

R2 Initial Configuration(Click)

hostname R2
!
interface Loopback0
 ip address 192.168.2.2 255.255.255.0
!
interface FastEthernet0/0
 ip address 10.1.2.2 255.255.255.0
!
router bgp 65100
 no synchronization
 bgp router-id 2.2.2.2
 bgp log-neighbor-changes
 network 192.168.2.0
 neighbor 10.1.2.1 remote-as 65001
 no auto-summary

R3 Initial Configuration(Click)

hostname R3
!
interface Loopback0
 ip address 192.168.3.3 255.255.255.0
!
interface FastEthernet0/0
 ip address 10.1.3.3 255.255.255.0
router bgp 65100
 no synchronization
 bgp router-id 3.3.3.3
 bgp log-neighbor-changes
 network 192.168.3.0
 neighbor 10.1.3.1 remote-as 65001
 no auto-summary

Configuration adn Verifycation

Step1:Verify loop prevention by AS_PATH

Verify that if the AS_PATH attribute contains its own AS number, BGP route is considered a loop.Enable debugging of BGP UPDATE messages on R3 and receive BGP routes again.

R3 Verify loop prevention by AS_PATH

R3#debug ip bgp updates
BGP updates debugging is on for address family: IPv4 Unicast
R3#clear ip bgp * in
R3#
*Mar  1 00:25:46.339: BGP(0): 10.1.3.1 rcv UPDATE w/ attr: nexthop 10.1.3.1, origin i, originator 0.0.0.0, path 65001 65100, community , extended community
*Mar  1 00:25:46.343: BGP(0): 10.1.3.1 rcv UPDATE about 192.168.3.0/24 -- DENIED due to: AS-PATH contains our own AS;
*Mar  1 00:25:46.347: BGP(0): 10.1.3.1 rcv UPDATE w/ attr: nexthop 10.1.3.1, origin i, originator 0.0.0.0, path 65001 65100, community , extended community
*Mar  1 00:25:46.351: BGP(0): 10.1.3.1 rcv UPDATE about 192.168.2.0/24 -- DENIED due to: AS-PATH contains our own AS;
R3#undebug all
All possible debugging has been turned off

The BGP route 192.168.2.0/24, which is considered a loop, is not received and is not in the BGP table.

R3 show ip bgp

R3#show ip bgp
BGP table version is 4, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 192.168.3.0      0.0.0.0                  0         32768 i
Figure Loop Prevention by AS_PATH
Figure Loop Prevention by AS_PATH

Step2:R3 Configure neighbor allowas-in

Configure the neighbor allowas-in command so that R3 does not consider the BGP route 192.168.2.0/24 to be looping.

R3 neighbor allowas-in

router bgp 65100
 neighbor 10.1.3.1 allowas-in

Step3:R3 Verify BGP route

By configuring the neighbor allowas-in command, R3 receives the BGP route 192.168.2.0/24 and makes it the best path. Then, the route is registered in the routing table.

R3 Verify BGP route

R3#show ip bgp
BGP table version is 5, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 192.168.2.0      10.1.3.1                               0 65001 65100 i
*  192.168.3.0      10.1.3.1                               0 65001 65100 i
*>                  0.0.0.0                  0         32768 i
R3#show ip route
~省略~

Gateway of last resort is not set

     10.0.0.0/24 is subnetted, 1 subnets
C       10.1.3.0 is directly connected, FastEthernet0/0
B    192.168.2.0/24 [20/0] via 10.1.3.1, 00:03:07
C    192.168.3.0/24 is directly connected, Loopback0
Figure neighbor allowas-in
Figure neighbor allowas-in

Step4:R2 Configure neighbor allowas-in

As with R3, the neighbor allowas-in command must be configured on R2.

R2 neighbor allowas-in

router bgp 65100
 neighbor 10.1.2.1 allowas-in

Step5:Verify Communication

Now communication is possible in the network between distant ASes with the same AS number. verify the BGP table and routing table of R2/R3.

R2/R3 BGP table and routing table

R2#show ip bgp
BGP table version is 3, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*  192.168.2.0      10.1.2.1                               0 65001 65100 i
*>                  0.0.0.0                  0         32768 i
*> 192.168.3.0      10.1.2.1                               0 65001 65100 i
R2#show ip route bgp
B    192.168.3.0/24 [20/0] via 10.1.2.1, 00:00:09
R3#show ip bgp
BGP table version is 5, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 192.168.2.0      10.1.3.1                               0 65001 65100 i
*  192.168.3.0      10.1.3.1                               0 65001 65100 i
*>                  0.0.0.0                  0         32768 i
R3#show ip route bgp
B    192.168.2.0/24 [20/0] via 10.1.3.1, 00:06:37

Then verify that communication is possible between 192.168.2.0/24 and 192.168.3.0/24. Ping from R2 to R3.

Ping from R2 to R3

R2#ping 192.168.3.3 source 192.168.2.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.3.3, timeout is 2 seconds:
Packet sent with a source address of 192.168.2.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/38/44 ms

Summary

Point

  • The neighbor allowas-in command disables loop prevention with AS_PATH for BGP routes received from a particular neighbor.
  • Enter the following command in BGP configuration mode
    • (config-router)#neighbor <ip-address> allowas-in [<count>]