Allowas-in Feature in BGP Configuration Example

This document describes a scenario where two branch routers are connected via an ISP and running Border Gateway Protocol (BGP) between them. The two branch routers (R1 and R2), though at different locations, share the same AS number. Once the routes arrive from a branch (R1 in this case) to the Service Provider (SP) network, they will be tagged with the customer AS. Once the SP passes it to the other branch router (R2), by default, the routes will be dropped if the other branch was also running BGP with the SP using the same AS number. In this scenario, the neighbor allowas-in command is issued in order to allow BGP at the other side to inject updates. This document provides a sample configuration that helps you to understand the Allowas-in feature in BGP.

Note: This feature can only be used for true eBGP peers. You cannot use this feature for two peers that are members of different confederation sub-ASs.

Prerequisites

Requirements

There are no specific requirements for this document.

Components Used

This document is not restricted to specific software and hardware versions.

Conventions

Refer to Cisco Technical Tips Conventions for more information on document conventions.

Configure

This section presents you with the information to configure the features that this document describes.

Note: Use the Command Lookup Tool (registered customers only) to find more information on the commands used in this document.

Network Diagram

This document uses this network setup:

Configurations

This document uses these configurations:

Router_A
Router R1
Router R2

Configuration on Router_A
Router_A#interface Loopback1 ip address 1.1.1.1 255.255.255.255 ! interface Loopback2 ip address 2.2.2.2 255.255.255.255 ! interface Loopback3 ip address 3.3.3.3 255.255.255.255 ! interface GigabitEthernet0/1 no switchport ip address 192.1.12.2 255.255.255.0 ! router eigrp 100 network 1.1.1.1 0.0.0.0 network 2.2.2.2 0.0.0.0 network 3.3.3.3 0.0.0.0 network 192.1.12.0 auto-summary !

Configuration on Router_A

Router_A#interface Loopback1
 ip address 1.1.1.1 255.255.255.255
!
interface Loopback2
 ip address 2.2.2.2 255.255.255.255
!
interface Loopback3
 ip address 3.3.3.3 255.255.255.255
!
interface GigabitEthernet0/1
 no switchport
 ip address 192.1.12.2 255.255.255.0
!
router eigrp 100
 network 1.1.1.1 0.0.0.0
 network 2.2.2.2 0.0.0.0
 network 3.3.3.3 0.0.0.0
 network 192.1.12.0
 auto-summary
!

Configuration on Router R1
R1#interface Loopback22 ip address 22.22.22.22 255.255.255.255 ! interface FastEthernet0/0 ip address 192.1.12.1 255.255.255.0 duplex auto speed auto ! interface Serial1/0 ip address 172.16.12.1 255.255.255.0 ! ! router eigrp 100 network 192.1.12.0 no auto-summary ! router bgp 121 no synchronization bgp router-id 22.22.22.22 bgp log-neighbor-changes network 22.22.22.22 mask 255.255.255.255 !--- This is the advertising loopback address. redistribute eigrp 100 !--- This shows the redistributing internal routes in BGP. neighbor 172.16.12.2 remote-as 500 !--- This shows the EBGP connection with ISP. neighbor 172.16.12.2 ebgp-multihop 5 no auto-summary !

Configuration on Router R1

R1#interface Loopback22
 ip address 22.22.22.22 255.255.255.255
!
interface FastEthernet0/0
 ip address 192.1.12.1 255.255.255.0
 duplex auto
 speed auto
!
interface Serial1/0
 ip address 172.16.12.1 255.255.255.0
!
!
router eigrp 100
 network 192.1.12.0
 no auto-summary
!
router bgp 121
 no synchronization
 bgp router-id 22.22.22.22
 bgp log-neighbor-changes
 network 22.22.22.22 mask 255.255.255.255 

!--- This is the advertising loopback address.

 redistribute eigrp 100 

!--- This shows the redistributing internal routes in BGP.

 neighbor 172.16.12.2 remote-as 500 

!--- This shows the EBGP connection with ISP.

 neighbor 172.16.12.2 ebgp-multihop 5
 no auto-summary
!

This example shows that the EIGRP runs between Router_A and R1:

r1#show ip eigrp neighbors
IP-EIGRP neighbors for process 100
H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq
                                            (sec)         (ms)       Cnt Num
0   192.1.12.2              Fa0/0             14 01:17:12  828  4968  0  7

This example shows how Router R1 learns routes from Router_A through EIGRP:

r1#show ip route eigrp 100
D    1.0.0.0/8 [90/156160] via 192.1.12.2, 00:02:24, FastEthernet0/0
D    2.0.0.0/8 [90/156160] via 192.1.12.2, 00:02:24, FastEthernet0/0
D    3.0.0.0/8 [90/156160] via 192.1.12.2, 00:02:24, FastEthernet0/0

This example shows how Router R1 establishes a BGP connection with an ISP running BGP AS500:

r1#show ip bgp summary
BGP router identifier 22.22.22.22, local AS number 121
BGP table version is 19, main routing table version 19
7 network entries using 924 bytes of memory
7 path entries using 364 bytes of memory
5/4 BGP path/bestpath attribute entries using 840 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
Bitfield cache entries: current 1 (at peak 2) using 32 bytes of memory
BGP using 2184 total bytes of memory
BGP activity 40/33 prefixes, 42/35 paths, scan interval 60 secs

Neighbor        V          AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
172.16.12.2     4        500      86      76       19    0    0 00:25:13        2

This example shows how R1 announces the BGP learned routes:

r1#show ip bgp
BGP table version is 19, local router ID is 22.22.22.22
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 1.0.0.0          192.1.12.2          156160         32768 ? 
*> 2.0.0.0          192.1.12.2          156160         32768 ?
*> 3.0.0.0          192.1.12.2          156160         32768 ?
*> 10.10.12.0/24    172.16.12.2              0             0 500 i
*> 22.22.22.22/32   0.0.0.0                  0         32768 i
r> 172.16.12.0/24   172.16.12.2              0             0 500 i
*> 192.1.12.0       0.0.0.0                  0         32768 ?

r1#ping 10.10.12.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.12.2, timeout is 2 seconds:
!!!!!  
!--- This is the connectivity with Router 2 across the Internet cloud.

Configuration on Router R2
R2#interface Loopback33 ip address 33.33.33.33 255.255.255.255 ! interface Serial1/0 ip address 10.10.12.1 255.255.255.0 router bgp 121 no synchronization bgp router-id 33.33.33.33 bgp log-neighbor-changes network 33.33.33.33 mask 255.255.255.255 !--- This is the advertising loopback address. neighbor 10.10.12.2 remote-as 500 !--- This is the EBGP connection with ISP. neighbor 10.10.12.2 ebgp-multihop 5 no auto-summary

Configuration on Router R2

R2#interface Loopback33
 ip address 33.33.33.33 255.255.255.255
!
interface Serial1/0
 ip address 10.10.12.1 255.255.255.0

router bgp 121
 no synchronization
 bgp router-id 33.33.33.33
 bgp log-neighbor-changes
 network 33.33.33.33 mask 255.255.255.255 

!--- This is the advertising loopback address.
 
 neighbor 10.10.12.2 remote-as 500 

!--- This is the EBGP connection with ISP.

 neighbor 10.10.12.2 ebgp-multihop 5
no auto-summary

Router R2 does not learn any routes from router R1.

This is natural behavior because the BGP tries to avoid routing loops. For example, the readvertisement of all prefixes that contain duplicate Autonomous System Numbers (ASNs) is disabled by default.

Redistributed EIGRP routes (1.0.0.0, 2.0.0.0, 3.0.0.0) and the BGP internal route 22.22.22.22 from R1 are not received by R2 as they are originating from the same ASN across the Internet. Since R2 see its own AS number (121) in the AS-PATH, R2 does not take those routes.

r2#show ip bgp
BGP table version is 20, local router ID is 33.33.33.33
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
r> 10.10.12.0/24    10.10.12.2               0             0 500 i
*> 33.33.33.33/32   0.0.0.0                  0         32768 i
*> 172.16.12.0/24   10.10.12.2               0             0 500 i

In order to allow the readvertisement of all prefixes that contain duplicate ASNs, use the neighbor allowas-in command in router configuration mode in Router R2.

r2(config-router)#neighbor 10.10.12.2 allowas-in
r2#clear ip bgp*
r2#show ip bgp
BGP table version is 10, local router ID is 33.33.33.33
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 1.0.0.0          10.10.12.2                             0 500 121 ?
*> 2.0.0.0          10.10.12.2                             0 500 121 ?
*> 3.0.0.0          10.10.12.2                             0 500 121 ?
r> 10.10.12.0/24    10.10.12.2               0             0 500 i
*> 22.22.22.22/32   10.10.12.2                             0 500 121 i
*  33.33.33.33/32   10.10.12.2                             0 500 121 i
*>                  0.0.0.0                  0         32768 i
*> 172.16.12.0/24   10.10.12.2               0             0 500 i
*> 192.1.12.0       10.10.12.2                             0 500 121 ?

Now try to ping from R1 to R2:

r2#ping 22.22.22.22
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 22.22.22.22, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/57/60 ms

Verify

There is currently no verification procedure available for this configuration.

Troubleshoot

Error Message

The Message: %BGP% Neighbor A.B.C.D recv bogus route : AS loop error message is received.

This notification means that the BGP route received by the CE router has its own AS number in the AS path and is considered a router loop for the CE router. As a workaround, configure the CE router with the allowas-in feature as illustrated in the previous example.