[c-nsp] allowas-in : Number of occurances of AS number
Bruce Pinsky
bep at whack.org
Fri Oct 14 14:47:05 EDT 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Mark Tohill wrote:
> Hi,
>
>
>
> I am hoping to implement BGP's 'allowas-in' command to get around a
> problem with isolated PoP's.
>
>
If you have isolated POPs, you don't have a contiguous AS and shouldn't be
trying to treat it as such. The "allowas-in" command was really designed
for use in MPLS/VPN environment to allow readvertising routes learned from
other PE routers with the same AS (allowing duplicate AS numbers at
multiple CE locations).
See
http://www.cisco.com/en/US/products/sw/iosswrel/ps1830/products_feature_guide09186a0080087b1f.html#wp1045854
>
> I have tested this in a lab and prefix's from other PoP's are passed
> over eBGP. :-)
>
>
Yep, but you can now create routing loops since you've broken BGP's loop
detection method.
>
> What I don't understand is this argument on CLI:
>
>
>
> '<1-10> Number of occurances of AS number'
>
>
>
> What is the purpose of this?
>
Allows the same AS to appear in the AS Path multiple times.
>
>
> Are there any security considerations with using allowas-in i.e losing
> inter-PoP communication in case of 'bad' routes?
>
>
Without knowing your topology and connectivity, it's hard to figure out
exactly what you are trying to achieve here. At a minimum, I would think
that you should be looking at some kind of tunneling (GRE for example) to
provide continuity between the disconnnected sights.
- --
=========
bep
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)
iD8DBQFDT/0pE1XcgMgrtyYRAuTFAJ9HA+NMNGdxQCv+1MpHj9Bpvbbh6QCgkYZp
JnddRdwyz7ZzJy+gAjI6EUI=
=sH5I
-----END PGP SIGNATURE-----
More information about the cisco-nsp
mailing list