You are on page 1of 6

Como funciona BGP AS-Override

Introduccin El mecanismo de prevencin de loops (bucles) de BGP, es realizado a travs de la revisin del nmero de AS, dentro del atributo AS_PATH. Si el router receptor ve su nmero de AS en el atributo AS_PATH en el update BGP recibido, descarta el update. El router receptor asume que el update fue originado desde su propio AS y est volviendo al mismo AS de origen, en definitiva, se est produciendo un loop/bucle en cuanto a la informacin de routing. Este mecanismo, puede ser un problema cuando por ejemplo un cliente tiene un nico AS y esta distribuido entre distintos sites, y se usa otro AS de transito, entre ellos. En este tipo de escenarios, los updates desde un site son descartados por el otro site, al ver su propio numero de AS en el AS_PATH. Para poder solucionar este problema BGP cuenta con un feature que es llamado AS-Override que bsicamente lo que hace es sobrescribir el nmero de AS que se le enva a un vecino. El comando para habilitar este feature es neighbor ip-address as-override que solo est disponible en VPNv4 address-family. Para poder observar mejor el funcionamiento de esta feature, vamos a utilizar el siguiente escenario. El router TAURUS_Site-A anuncia la red 10.3.3.3 con el AS100. El router PE-1 propaga este anuncio como una ruta interna a PE2 con el AS100. PE2 agrega a la ruta 10.3.3.3 el AS121 y reemplaza el 100 en el AS-Path con el 121 y propaga el prefijo. El router TAURUS_Site-B acepta el update de la 10.3.3.3.

Diagrama Topologico

Escenario En esta topologa, el router PE-1 y el PE-2 conforman la red MPLS de Service Provider. Ambos routers estn conectados por la interface Fast Ethernet 0/0 y estn utilizando OSPF (Area 0) como protocolo de routing. MPLS est configurado en ambas interfaces Fast Ethernet 0/0. El tagging es realizado utilizando LDP y las etiquetas estn siendo asignadas en el rango que va de la 100-199 en el router PE1 y la de la 200-299 en el PE2. Los routers TAURUS y CINDY son dos clientes que tienen multiples sites (Site-A y Site-B). El cliente TAURUS est usando AS 100 el cliente CINDY el AS 200. Se usan vrf's VPNv4 en los routers del SP (vrf TAURUS y vrf CINDY) Las rutas son anunciadas desde cada site, hacia los PE utilizando EBGP. Una vez dentro de la vrf correspondiente, son transportadas hacia el prximo PE y de ah, al site correspondiente. Configuracin de los PE -----------------------------------------------------hostname PE-1 ! ip cef ! ip vrf CINDY rd 1:200 route-target export 1:200 route-target import 1:200

! ip vrf TAURUS rd 1:100 route-target export 1:100 route-target import 1:100 ! mpls label range 100 199 mpls label protocol ldp ! interface Loopback0 ip address 1.1.1.1 255.255.255.255 ! interface FastEthernet0/0 ip address 10.12.12.1 255.255.255.0 mpls ip ! interface Serial0/0 ip vrf forwarding TAURUS ip address 192.13.13.1 255.255.255.252 ! interface Serial0/1 ip vrf forwarding CINDY ip address 192.14.14.1 255.255.255.252 ! router ospf 10 router-id 1.1.1.1 log-adjacency-changes network 1.1.1.1 0.0.0.0 area 0 network 10.12.12.1 0.0.0.0 area 0 ! router bgp 121 no synchronization bgp log-neighbor-changes network 11.11.11.11 mask 255.255.255.255 neighbor 2.2.2.2 remote-as 121 neighbor 2.2.2.2 update-source Loopback0 neighbor 2.2.2.2 next-hop-self no auto-summary ! address-family vpnv4 neighbor 2.2.2.2 activate neighbor 2.2.2.2 send-community both exit-address-family ! address-family ipv4 vrf TAURUS redistribute connected neighbor 192.13.13.2 remote-as 100 neighbor 192.13.13.2 activate neighbor 192.13.13.2 as-override no synchronization exit-address-family ! address-family ipv4 vrf CINDY redistribute connected neighbor 192.14.14.2 remote-as 200 neighbor 192.14.14.2 activate neighbor 192.14.14.2 as-override no synchronization exit-address-family ! mpls ldp router-id Loopback0

! exit -----------------------------------------------------hostname PE-2 ! ip cef ! ip vrf CINDY rd 1:200 route-target export 1:200 route-target import 1:200 ! ip vrf TAURUS rd 1:100 route-target export 1:100 route-target import 1:100 ! mpls label range 200 299 mpls label protocol ldp ! interface Loopback0 ip address 2.2.2.2 255.255.255.255 ! interface Loopback1 ip address 22.22.22.22 255.255.255.255 ! interface FastEthernet0/0 ip address 10.12.12.2 255.255.255.0 mpls ip ! interface Serial0/0 ip vrf forwarding TAURUS ip address 192.23.23.1 255.255.255.252 ! interface Serial0/1 ip vrf forwarding CINDY ip address 192.26.26.1 255.255.255.252 ! router ospf 10 router-id 2.2.2.2 log-adjacency-changes network 2.2.2.2 0.0.0.0 area 0 network 10.12.12.2 0.0.0.0 area 0 ! router bgp 121 no synchronization bgp log-neighbor-changes network 22.22.22.22 mask 255.255.255.255 neighbor 1.1.1.1 remote-as 121 neighbor 1.1.1.1 update-source Loopback0 neighbor 1.1.1.1 next-hop-self no auto-summary ! address-family vpnv4 neighbor 1.1.1.1 activate neighbor 1.1.1.1 send-community both exit-address-family ! address-family ipv4 vrf TAURUS redistribute connected

neighbor 192.23.23.2 remote-as 100 neighbor 192.23.23.2 activate neighbor 192.23.23.2 as-override no synchronization exit-address-family ! address-family ipv4 vrf CINDY redistribute connected neighbor 192.26.26.2 remote-as 200 neighbor 192.26.26.2 activate neighbor 192.26.26.2 as-override no synchronization exit-address-family ! mpls ldp router-id Loopback0 ! exit Configuracin de los CE -----------------------------------------------------hostname TAURUS-Site_A ! ip cef ! interface Loopback0 ip address 10.3.3.3 255.255.255.255 ! interface Serial0/0 ip address 192.13.13.2 255.255.255.252 ! router bgp 100 no synchronization bgp log-neighbor-changes network 10.3.3.3 mask 255.255.255.255 neighbor 192.13.13.1 remote-as 121 no auto-summary ! exit -----------------------------------------------------hostname CINDY-SITE_A ! ip cef ! interface Loopback0 ip address 10.4.4.4 255.255.255.255 ! interface Serial0/0 ip address 192.14.14.2 255.255.255.252 ! router bgp 200 no synchronization bgp log-neighbor-changes network 10.4.4.4 mask 255.255.255.255 neighbor 192.14.14.1 remote-as 121 no auto-summary ! exit ------------------------------------------------------

hostname TAURUS-Site_B ! ip cef ! interface Loopback0 ip address 10.5.5.5 255.255.255.255 ! interface Serial0/0 ip address 192.23.23.2 255.255.255.252 ! router bgp 100 no synchronization bgp log-neighbor-changes network 10.5.5.5 mask 255.255.255.255 neighbor 192.23.23.1 remote-as 121 no auto-summary ! exit -----------------------------------------------------hostname CINDY-SITE_B ! ip cef ! interface Loopback0 ip address 10.6.6.6 255.255.255.255 ! interface Serial0/0 ip address 192.26.26.2 255.255.255.252 ! router bgp 200 no synchronization bgp log-neighbor-changes network 10.6.6.6 mask 255.255.255.255 neighbor 192.26.26.1 remote-as 121 no auto-summary ! exit -----------------------------------------------------Verificacin del funcionamiento PE-1#show ip bgp vpnv4 all summary < output truncated > Neighbor V AS MsgRcvd MsgSent OutQ Up/Down State/PfxRcd 2.2.2.2 4 121 115 116 0 01:09:16 4 192.13.13.2 4 100 70 74 0 00:46:42 1 192.14.14.2 4 200 41 44 0 00:36:14 1 PE-2#show ip bgp vpnv4 all summary < output truncated > Neighbor V AS MsgRcvd MsgSent TblVer InQ TblVer 15 15 15 InQ 0 0 0

OutQ Up/Down State/PfxRcd 1.1.1.1 4 121 119 0 01:11:22 4 192.23.23.2 4 100 53 0 00:48:07 1 192.26.26.2 4 200 41 0 00:36:46 1

118 56 44

15 15 15

0 0 0

PE-1#sh ip route vrf TAURUS bgp 192.23.23.0/30 is subnetted, 1 subnets B 192.23.23.0 [200/0] via 2.2.2.2, 00:25:32 10.0.0.0/32 is subnetted, 2 subnets B 10.3.3.3 [20/0] via 192.13.13.2, 00:35:30 B 10.5.5.5 [200/0] via 2.2.2.2, 00:33:03 PE-1#show ip route vrf CINDY bgp 192.26.26.0/30 is subnetted, 1 subnets B 192.26.26.0 [200/0] via 2.2.2.2, 00:27:05 10.0.0.0/32 is subnetted, 2 subnets B 10.6.6.6 [200/0] via 2.2.2.2, 00:32:36 B 10.4.4.4 [20/0] via 192.14.14.2, 00:34:51 PE-1#show ip bgp vpnv4 all BGP table version is 15, local router ID is 11.11.11.11 Status codes: s suppressed, d damped, h history, * valid, > best, i internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 1:100 (default for vrf TAURUS) *> 10.3.3.3/32 192.13.13.2 0 100 i *>i10.5.5.5/32 2.2.2.2 0 100 100 i *> 192.13.13.0/30 0.0.0.0 0 32768 ? *>i192.23.23.0/30 2.2.2.2 0 100 0 ? Route Distinguisher: 1:200 (default for vrf CINDY) *> 10.4.4.4/32 192.14.14.2 0 200 i *>i10.6.6.6/32 2.2.2.2 0 100 200 i *> 192.14.14.0/30 0.0.0.0 0 32768 ? *>i192.26.26.0/30 2.2.2.2 0 100 0 ? TAURUS-Site_A#ping 10.5.5.5 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.5.5.5, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 456/696/972 ms El prefijo 10.5.5.5 (desde el router TAURUS-Site_B) es recibida y alcanzada mediante ping desde el router TAURUS-Site_A, sin problemas.

0 0

0 0