[c-nsp] Fw: Re: ReUSE AS number per VRF

Robert Raszuk robert at raszuk.net
Sat Sep 3 12:10:55 EDT 2011


Hi,

By "reusing the AS number" you mean you will configure the same AS on
more then one customer CE right then on each EBGP PE-CE session ?

If this is right assumption you need to be careful on the other side so
the routes will be accepted by the remote CE ... members of the same
VPN. By default they would get dropped if the receiving CE's local AS
number is already present in the AS PATH.

To address this you would have to configure as-overwrite on the PE or
allowas-in on the CE - typically only needed in some hub and spoke
topologies.

Have you considered IBGP on the PE-CE as described in:
http://tools.ietf.org/html/draft-ietf-l3vpn-ibgp-08 or just use of
private AS number for each VPN site ? Perhaps it could actually help you
to identify site given route is originated by ... especially useful in
case of multihomed sites where RD could be different yet originated by
the same site.

Thx,
R.

> Alright. I will import these client vrfs in the NMS vrf. But not with the client-to-client VRFs...i think this is safe? am i right?
> 
> --- On Sat, 9/3/11, Keegan Holley <keegan.holley at sungard.com> wrote:
> 
> From: Keegan Holley <keegan.holley at sungard.com>
> Subject: Re: [c-nsp] ReUSE AS number per VRF
> To: "ar" <ar_djp at yahoo.com>
> Cc: cisco-nsp at puck.nether.net
> Date: Saturday, September 3, 2011, 10:52 PM
> 
> It really depends on your network.  It's not inherently dangerous though. I've even seen it done intentionally with the AS path looping used to prevent certain customers from accidentally talking to each other.  That of course is the caveat.  If you ever have to import
>  routes from one VRF into the other you'll have to remove the reused AS.  It could become cumbersome if there isn't a record of what AS's are used in what VRF's.
> 
> 
> 
> 2011/9/3 ar <ar_djp at yahoo.com>
> 
> 
> Hi.
> 
> 
> 
> I tested re-using as numbers in different VRFs. And it is working.....
> 
> 
> 
> Is this practically safe? I am deploying VPN solution to customers...one vrf, one client...PE-to-CE will be BGP for policy control..I will reuse BGP AS numbers to different VRFs later on.....
> 
> 
> 
> 
> 
> Comments pls....
> 
> _______________________________________________
> 
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> 
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> 
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 
> 
> 
> 
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 
> 



More information about the cisco-nsp mailing list