Table of Contents
Overview
The neighbor allowas-in command disables AS_PATH loop prevention for BGP routes received from a specific neighbor.This section describes the neighbor allowas-in command.
What is neighbor allowas-in command?
The AS_PATH attribute is used to prevent loops for BGP routes.If the AS_PATH attribute added to a BGP route contains its own AS number, the route is considered looped and is not received. This prevents the route from looping.
The neighbor allowas-in command is used to disable loop prevention by AS_PATH for BGP routes received from a specific neighbor.
The main case to use the neighbor allowas-in command is when connecting between sites via MPLS-VPN. When using MPLS-VPN to connect between sites and using BGP between PE and CE, the AS numbers of the CE routers may be the same. Then the BGP route will be invalid due to loop prevention by AS_PATH.
So, use neighbor allowas-in command on the CE router so that even if the AS_PATH attribute of the BGP route contains its own AS number, the route can be received without being considered looped.
Related article
Instead of neighbor allowas-in, you can also configure neighbor as-override. neighbor as-override command is explained in the following article.
neighbor allowas-in command and verification commands
Command format
Configure the neighbor allowas-in command in BGP configuration mode. The command format is as follows.
neighbor allowas-in
(config)#router bgp <AS>
(config-router)#neighbor <ip-address> allowas-in [<count>]
<AS> : AS number
<ip-address> : Neighbor IP address
<count> : Number of own AS numbers allowed.
Permit BGP routes received from the specified neighbor, even if it contains its own AS number up to .
Verifycation command
The neighbor details in the show ip bgp neighbor command indicates that the neighbor allowas-in command has been configured.
show ip bgp neighbor
R3#show ip bgp neighbors 10.1.3.1 BGP neighbor is 10.1.3.1, remote AS 65001, external link BGP version 4, remote router ID 1.1.1.1 BGP state = Established, up for 00:02:31 Last read 00:00:31, last write 00:00:31, hold time is 180, keepalive interval is 60 seconds Neighbor capabilities: Route refresh: advertised and received(old & new) Address family IPv4 Unicast: advertised and received Message statistics: InQ depth is 0 OutQ depth is 0 Sent Rcvd Opens: 1 1 Notifications: 0 0 Updates: 1 6 Keepalives: 5 5 Route Refresh: 2 0 Total: 9 12 Default minimum time between advertisement runs is 30 seconds For address family: IPv4 Unicast BGP table version 3, neighbor version 3/0 Output queue size: 0 Index 1, Offset 0, Mask 0x2 1 update-group member My AS number is allowed for 3 number of times ~省略~
neighbor allowas-in configuration example
Network Diagram
Consider the following network diagram with the neighbor allowas-in command.
Initial Configuration
Here is an excerpt of each router’s initial configuration, with BGP neighbors established between R1 and R2 and between R1 and R3: R2 advertises 192.168.1.0/24 via BGP; R3 advertises 192.168.3.0/24 via BGP.
R1 Initial Configuration(Click)
hostname R1 ! interface FastEthernet0/0 ip address 10.1.2.1 255.255.255.0 ! interface FastEthernet0/1 ip address 10.1.3.1 255.255.255.0 ! router bgp 65001 no synchronization bgp router-id 1.1.1.1 bgp log-neighbor-changes neighbor 10.1.2.2 remote-as 65100 neighbor 10.1.3.3 remote-as 65100 no auto-summary
R2 Initial Configuration(Click)
hostname R2 ! interface Loopback0 ip address 192.168.2.2 255.255.255.0 ! interface FastEthernet0/0 ip address 10.1.2.2 255.255.255.0 ! router bgp 65100 no synchronization bgp router-id 2.2.2.2 bgp log-neighbor-changes network 192.168.2.0 neighbor 10.1.2.1 remote-as 65001 no auto-summary
R3 Initial Configuration(Click)
hostname R3 ! interface Loopback0 ip address 192.168.3.3 255.255.255.0 ! interface FastEthernet0/0 ip address 10.1.3.3 255.255.255.0 router bgp 65100 no synchronization bgp router-id 3.3.3.3 bgp log-neighbor-changes network 192.168.3.0 neighbor 10.1.3.1 remote-as 65001 no auto-summary
Configuration adn Verifycation
Step1:Verify loop prevention by AS_PATH
Verify that if the AS_PATH attribute contains its own AS number, BGP route is considered a loop.Enable debugging of BGP UPDATE messages on R3 and receive BGP routes again.
R3 Verify loop prevention by AS_PATH
R3#debug ip bgp updates BGP updates debugging is on for address family: IPv4 Unicast R3#clear ip bgp * in R3# *Mar 1 00:25:46.339: BGP(0): 10.1.3.1 rcv UPDATE w/ attr: nexthop 10.1.3.1, origin i, originator 0.0.0.0, path 65001 65100, community , extended community *Mar 1 00:25:46.343: BGP(0): 10.1.3.1 rcv UPDATE about 192.168.3.0/24 -- DENIED due to: AS-PATH contains our own AS; *Mar 1 00:25:46.347: BGP(0): 10.1.3.1 rcv UPDATE w/ attr: nexthop 10.1.3.1, origin i, originator 0.0.0.0, path 65001 65100, community , extended community *Mar 1 00:25:46.351: BGP(0): 10.1.3.1 rcv UPDATE about 192.168.2.0/24 -- DENIED due to: AS-PATH contains our own AS; R3#undebug all All possible debugging has been turned off
The BGP route 192.168.2.0/24, which is considered a loop, is not received and is not in the BGP table.
R3 show ip bgp
R3#show ip bgp BGP table version is 4, local router ID is 3.3.3.3 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 192.168.3.0 0.0.0.0 0 32768 i
Step2:R3 Configure neighbor allowas-in
Configure the neighbor allowas-in command so that R3 does not consider the BGP route 192.168.2.0/24 to be looping.
R3 neighbor allowas-in
router bgp 65100 neighbor 10.1.3.1 allowas-in
Step3:R3 Verify BGP route
By configuring the neighbor allowas-in command, R3 receives the BGP route 192.168.2.0/24 and makes it the best path. Then, the route is registered in the routing table.
R3 Verify BGP route
R3#show ip bgp BGP table version is 5, local router ID is 3.3.3.3 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 192.168.2.0 10.1.3.1 0 65001 65100 i * 192.168.3.0 10.1.3.1 0 65001 65100 i *> 0.0.0.0 0 32768 i R3#show ip route ~省略~ Gateway of last resort is not set 10.0.0.0/24 is subnetted, 1 subnets C 10.1.3.0 is directly connected, FastEthernet0/0 B 192.168.2.0/24 [20/0] via 10.1.3.1, 00:03:07 C 192.168.3.0/24 is directly connected, Loopback0
Step4:R2 Configure neighbor allowas-in
As with R3, the neighbor allowas-in command must be configured on R2.
R2 neighbor allowas-in
router bgp 65100 neighbor 10.1.2.1 allowas-in
Step5:Verify Communication
Now communication is possible in the network between distant ASes with the same AS number. verify the BGP table and routing table of R2/R3.
R2/R3 BGP table and routing table
R2#show ip bgp BGP table version is 3, local router ID is 2.2.2.2 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path * 192.168.2.0 10.1.2.1 0 65001 65100 i *> 0.0.0.0 0 32768 i *> 192.168.3.0 10.1.2.1 0 65001 65100 i R2#show ip route bgp B 192.168.3.0/24 [20/0] via 10.1.2.1, 00:00:09
R3#show ip bgp BGP table version is 5, local router ID is 3.3.3.3 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 192.168.2.0 10.1.3.1 0 65001 65100 i * 192.168.3.0 10.1.3.1 0 65001 65100 i *> 0.0.0.0 0 32768 i R3#show ip route bgp B 192.168.2.0/24 [20/0] via 10.1.3.1, 00:06:37
Then verify that communication is possible between 192.168.2.0/24 and 192.168.3.0/24. Ping from R2 to R3.
Ping from R2 to R3
R2#ping 192.168.3.3 source 192.168.2.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.3.3, timeout is 2 seconds: Packet sent with a source address of 192.168.2.2 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 32/38/44 ms
Summary
Point
- The neighbor allowas-in command disables loop prevention with AS_PATH for BGP routes received from a particular neighbor.
- Enter the following command in BGP configuration mode
- (config-router)#neighbor <ip-address> allowas-in [<count>]
How the BGP works
- BGP Basic Configuration and Verification Commands
- BGP Neighbor Status
- BGP Neighbor Authentication
- BGP Well Known Mandatory Attributes
- Illustration: BGP Best Path Selection
- BGP KEEPALIVE timer/Hold time Configuration
- BGP Route Minimum Advertisement Interval Configuration
- BGP Route Dampening
- BGP Route Filter Overview
- BGP Route Filter : distribute-list
- BGP Route Filter : distribute-list Configuration Example
- BGP Route Filter : prefix-list
- BGP Route Filter : prefix-list Configuration Example
- BGP Route Filter : filter-list(AS_PATH ACL)-
- BGP Route Filter : filter-list(AS_PATH ACL) Configuration Example
- BGP Route Filter : Route-map
- BGP Route Filter : route-map Configuration Example
- BGP neighbor allowas-in command
- BGP neighbor as-override command
- BGP Route RIB Failure
- BGP Route Administrative Distance Adjustment
- BGP Route Load Balancing
- BGP Auto Summary
- BGP Route Summary : network command
- BGP Route Summarization : network command configuration example
- BGP Route Summary aggregate-address command
- aggregte-address command : summary-only opiton
- aggregte-address command : attribute-map opiton
- aggregte-address command : as-set opiton
- aggregte-address command : advertise-map opiton
- BGP Selective Aggregation Overview
- BGP Selective Aggregation : suppress-map
- BGP Selective Aggregation : unsuppress-map
- BGP local-as
- BGP neighbor remove-private-AS
- bgp fast-external-fallover
- BGP Prefix Limitation