BGP AS-Override

0
1620

If you follow me on Twitter (@TheRoutingTable) you may have seen my tweet earlier this evening:

This is because I was working on a CCIE MPLS lab earlier and forgot it again. Since this is nothing new, I am going to write a quick post focusing on AS-override. This will get it embedded in my mind a bit more and be a good refresher as well. Let’s get started.

Above is a topology. There are two routers in AS65001 and the transport MPLS network in the middle is AS65002. This example is fitting because both of the customer edge routers are in the same AS number. Should R1 want to get to a device on R5, the path would beĀ AS65002 -> AS65001. That is good and fine, except for the fact that standard BGP will not allow this. If R5 sees that the path includes its own AS number along the way, it will not accept this information about the route and will drop it.

If you are having an issue and suspect that this is the cause, run a debug (always be careful with debugs in a live, production environment). The command to use is “debug ip bgp all updates”. If the as-override situation is the cause of a route not showing up, you will see the message “DENIED due to:AS-PATH contains our own AS”. That will be a dead giveaway. On the provider edge router, in our case R2 and R4, you want to add an additional neighbor statement: “neighbor X.X.X.X as-override”. The connection will flap and reset, but then for that hop in the path, the provider router will replace the AS number with it’s own. In our case, instead of seeing 65001 and 65002 in the path, the path will be 65002 -> 65002. The route will then be showing in our routing table as well! Otherwise, if you can’t do the debug, just check the AS numbers again and see if there are any matches between customer edge devices.

Overall, not too much to it, but this is one of those things that I know I personally always overlook and then it’s the last thing I’ll think of while troubleshooting. If you can run the debug, it’s an easy catch, so keep that in mind as well! If you have any questions or need clarification, leave a comment below.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.