[c-nsp] AS override

Danny Vernals danny.vernals at gmail.com
Fri Oct 7 11:46:09 EDT 2005 

Sorry should have been clearer, I'm talking about allowas-in above as AS
overide is unavailable

On 10/7/05, Danny Vernals <danny.vernals at gmail.com> wrote:
>
> Thanks Oliver,
>
> It is indeed risky but sadly its needed in problem I'm trying to solve:
>
> One of our ASs has transit connectivity provided by 2 links in different
> geographic locations. When the backbone between these 2 locations breaks we
> have a split AS so the only way for intra-AS communication between these 2
> locations is via transit (hense lcoation 1 needs routes for location 2 and
> vise versa).
>
> (Intra AS communication is normally via IGP)
>
> (NB no route reflectors in the AS so if there is no connectivity between
> the 2 locations they will only announce their own prefixes to transit AS).
>
> I'm going to lab it first to make sure no loops are caused.
>
> Thanks
>
> Danny
>
> On 10/6/05, Oliver Boehmer (oboehmer) <oboehmer at cisco.com> wrote:
> >
> > Danny,
> >
> > Re-writing AS paths is a dangerous thing (as you will take BGP's only
> > loop prevention mechanism away), so we are not allowing it except within
> > the MPLS-VPN setup using as-override.
> >
> > oli
> >
> > Danny Vernals <mailto:danny.vernals at gmail.com> wrote on Wednesday,
> > October 05, 2005 4:16 PM:
> >
> > > Hi Oliver,
> > >
> > > I just had concerns over routing table security / integrity but now I
> > > think about it the same issues arise with override as with
> > > allowas-in. I think I can mitigate against these issues with careful
> > > design.
> > >
> > > Ideally I'd only like to re-write the ASN for certain prefixes that
> > > are matched in a route map matching on community / prefix list etc.
> > > However as far as I'm aware this is not possible?
> > >
> > > Thanks for the reply
> > >
> > > Danny
> > >
> > >
> > > On 10/5/05, Oliver Boehmer (oboehmer) < oboehmer at cisco.com> wrote:
> > >
> > >
> > > >
> > > > Do you know of a way to configure AS override functionality
> > not in
> > > a > VRF? I need to allow prefixes oringated from an AS to be
> > > advertised > back into it. Ideally I'd like to avoid using
> > > allowas-in. I have > admin control of both of the connected
> > AS's.
> > >
> > > as-override is, as you have observed, only available in ipv4-VRF
> > > context. Why do you want to avoid allowas-in?
> > >
> > > oli
> >
>
>

More information about the cisco-nsp mailing list