[c-nsp] AS override

Oliver Boehmer (oboehmer) oboehmer at cisco.com
Fri Oct 7 11:53:11 EDT 2005 

Danny,

I would also investigate replacing (or supplementing) the transit links
via some form of Layer2 links (either L2VPN, L3VPN with CsC or even GRE
tunnels). BGP inter-domain routing assumes that ASN never become
partitioned..

	oli

Danny Vernals <mailto:danny.vernals at gmail.com> wrote on Friday, October
07, 2005 5:43 PM:

> Thanks Oliver,
> 
> It is indeed risky but sadly its needed in problem I'm trying to
> solve: 
> 
> One of our ASs has transit connectivity provided by 2 links in
> different geographic locations.  When the backbone between these 2
> locations breaks we have a split AS so the only way for intra-AS
> communication between these 2 locations is via transit (hense
> lcoation 1 needs routes for location 2 and vise versa).    
> 
> (Intra AS communication is normally via IGP)
> 
> (NB no route reflectors in the AS so if there is no connectivity
> between the 2 locations they will only announce their own prefixes to
> transit AS).  
> 
> I'm going to lab it first to make sure no loops are caused.
> 
> Thanks
> 
> Danny
> 
> 
> On 10/6/05, Oliver Boehmer (oboehmer) <oboehmer at cisco.com> wrote:
> 
> 	Danny,
> 
> 	Re-writing AS paths is a dangerous thing (as you will take BGP's
only
> 	loop prevention mechanism away), so we are not allowing it
except
> 	within the MPLS-VPN setup using as-override.
> 
> 	        oli
> 
> 	Danny Vernals <mailto:danny.vernals at gmail.com> wrote on
Wednesday,
> 	October 05, 2005 4:16 PM:
> 
> 	> Hi Oliver,
> 	>
> 	> I just had concerns over routing table security / integrity
but
> 	now I > think about it the same issues arise with override as
with
> 	> allowas-in.  I think I can mitigate against these issues with
> 	careful > design.
> 	>
> 	> Ideally I'd only like to re-write the ASN  for  certain
prefixes
> 	that > are matched in a route map matching on community / prefix
> 	list etc. > However as far as I'm aware this is not possible?
> 	>
> 	> Thanks for the reply
> 	>
> 	> Danny
> 	>
> 	>
> 	> On 10/5/05, Oliver Boehmer (oboehmer) < oboehmer at cisco.com>
wrote:
> 	>
> 	>
> 	>       >
> 	>       > Do you know of a way to configure AS override
functionality
> 	not in
> 	>       a > VRF? I need to allow prefixes oringated from an AS
to be
> 	>       advertised > back into it. Ideally I'd like to avoid
using
> 	>       allowas-in. I have > admin control of both of the
connected
> 	AS's.
> 	>
> 	>       as-override is, as you have observed, only available in
> 	ipv4-VRF >       context. Why do you want to avoid allowas-in?
> 	>
> 	>               oli

More information about the cisco-nsp mailing list