Ads 468x60px

21 October 2019

Same BGP AS Number in two Datacenters



I remember the first time I studied dynamic routing protocols such as EIGRP, OSPF and BGP. I hadn’t studied anything about these protocols at University but I wanted to pass the CCNP certification exam because I wanted to deep down in networking. These protocols are not used in LAN networks, thus, it’s unlikely you have to configure and know about EIGRP, OSPF or BGP. However, I wanted the three kings bring me an AS and I got it. Since then, I have to manage an AS and when I have to modify something, I have to know exactly what I’m doing. No doubts! No errors!

Recently, the WAN network I manage has had an important change. Right now, there are two datacenters in different places, geographically speaking, but both datacenters are in the same Autonomous System (AS). They were working properly. In addition, WAN public IP addresses in one datacenter were different from the IP addresses of the other datacenter. However, there was an issue. An important issue. Datacenter couldn’t connect each other. There wasn’t connectivity between datacenters. This is a protection feature enabled by default in BGP networks to prevent loops.

Network Topology

Surfing on the net, searching about this issue, I realised there were lots of network engineers who came across they couldn’t interconnect datacenters which share the same AS. The solution. Easy. The “allowas-infunction in BGP is able to override the loop prevention mechanism in the router and allow an instance of AS to be in the AS_PATH attribute. Therefore, both routers and both datacenters can share the same AS and they can send and receive traffic each other.

Actually, I had to configure the “allowas-in” function in two routers. The first one was a FortiGate “router” where BGP is configured in one site. It is easy to configure due to the fact that the “allowas-in {integer}” command allows the AS number as many times as we set the integer. On the other hand, I also run the “neighbor {IPv4 address} allowas-in {integer}” command in a Cisco router to finally interconnect both datacenter with the same AS number.

AllowAS-in Configuration

However, there is another interesting feature in the BGP protocol which can also be used to interconnect both sites with the same AS number. The AS-Override feature is similar to the AllowAS-in feature but the AS-Override function has to be run in the Provider Edge (PE) router instead of on the Customer Edge (CE) router. The “neighbor {IPv4 address} as-override” command just strip the AS number from the BGP UPDATE before sending it to the CE routers.

AS-Override Configuration

These are two interesting functions I didn’t know. I think even these functions are not in the CCNP curriculum but in the CCIE curriculum. Once you know these features, you will be able to send and receive traffic between sites easily. It’s up to you which one you want to use. If you only have access to CE routers, you’ll run the AllowAS-in function but if you only have access to PE routers, you’ll run the AS-Override function.

Regards my friends. Drop me a line with the first thing you are thinking!!

0 comments :

Post a Comment

Related Posts Plugin for WordPress, Blogger...

Entradas populares