Allowas-In
This scenario demonstrates how to configure the allowas-in feature for IPv6 BGP neighbors. By default, BGP rejects routes that contain its own AS number in the AS_PATH to prevent loops. The allowas-in feature allows a router to accept routes with its own AS in the path up to a specified number of occurrences, which is useful in hub-and-spoke eBGP topologies where the same AS may appear multiple times legitimately.
Test eBGP IPv6 - Allowas-in disabled (default)
Description
Test to verify that by default BGP rejects routes containing its own AS in the AS_PATH. DUT1 prepends DUT0’s AS (100) to the AS_PATH, simulating a route that has traversed DUT0’s AS. DUT0 should reject this route because it contains its own AS number.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address '2001:db8:1::100/64' set protocols bgp 100 neighbor peer address-family ipv6-unicast activate set protocols bgp 100 neighbor peer address-family ipv6-unicast route-map export ALLOW-ALL set protocols bgp 100 neighbor peer address-family ipv6-unicast route-map import ALLOW-ALL set protocols bgp 100 neighbor peer remote-address '2001:db8:1::200' set protocols bgp 100 neighbor peer remote-as 200 set protocols bgp 100 parameters router-id 1.1.1.100 set protocols route-map ALLOW-ALL rule 10 action permit set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces dummy dum0 address '2001:db8:10::1/64' set interfaces ethernet eth0 address '2001:db8:1::200/64' set protocols bgp 200 address-family ipv6-unicast redistribute connected set protocols bgp 200 neighbor peer address-family ipv6-unicast activate set protocols bgp 200 neighbor peer address-family ipv6-unicast route-map export prepend-as set protocols bgp 200 neighbor peer remote-address '2001:db8:1::100' set protocols bgp 200 neighbor peer remote-as 100 set protocols bgp 200 parameters router-id 1.1.1.200 set protocols route-map prepend-as rule 10 action permit set protocols route-map prepend-as rule 10 set as-path prepend 100 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Attention
Verify eBGP session establishes between DUT0 and DUT1.
Step 3: Run command protocols bgp show ipv6 summary at DUT0 and check if output matches the following regular expressions:
2001:db8:1::200.*EstablishedShow output
IPv6 Unicast Summary: BGP router identifier 1.1.1.100, local AS number 100 VRF default vrf-id 0 BGP table version 0 RIB entries 0, using 0 bytes of memory Peers 1, using 24 KiB of memory Neighbor LocalAddr V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State PfxRcd PfxSnt Desc 2001:db8:1::200 0.0.0.0 4 200 4 3 0 0 0 00:00:00 Established 0 0 N/A Total number of neighbors 1
Note
DUT0 should NOT receive route 2001:db8:10::/64 because it contains its own AS (100) in the AS_PATH.
Step 4: Run command protocols bgp show ipv6 at DUT0 and check if output does not match the following regular expressions:
2001:db8:10::/64Show output
No BGP prefixes displayed, 0 exist
Test eBGP IPv6 - Allowas-in enabled
Description
Test to verify that allowas-in allows routes with own AS in the AS_PATH. DUT0 is configured with address-family ipv6-unicast allowas-in number 3. DUT0 should now accept the route even though it contains its own AS number.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address '2001:db8:1::100/64' set protocols bgp 100 neighbor peer address-family ipv6-unicast activate set protocols bgp 100 neighbor peer address-family ipv6-unicast allowas-in number 3 set protocols bgp 100 neighbor peer address-family ipv6-unicast route-map export ALLOW-ALL set protocols bgp 100 neighbor peer address-family ipv6-unicast route-map import ALLOW-ALL set protocols bgp 100 neighbor peer remote-address '2001:db8:1::200' set protocols bgp 100 neighbor peer remote-as 200 set protocols bgp 100 parameters router-id 1.1.1.100 set protocols route-map ALLOW-ALL rule 10 action permit set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces dummy dum0 address '2001:db8:10::1/64' set interfaces ethernet eth0 address '2001:db8:1::200/64' set protocols bgp 200 address-family ipv6-unicast redistribute connected set protocols bgp 200 neighbor peer address-family ipv6-unicast activate set protocols bgp 200 neighbor peer address-family ipv6-unicast route-map export prepend-as set protocols bgp 200 neighbor peer remote-address '2001:db8:1::100' set protocols bgp 200 neighbor peer remote-as 100 set protocols bgp 200 parameters router-id 1.1.1.200 set protocols route-map prepend-as rule 10 action permit set protocols route-map prepend-as rule 10 set as-path prepend 100 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Attention
Verify eBGP session establishes between DUT0 and DUT1.
Step 3: Run command protocols bgp show ipv6 summary at DUT0 and check if output matches the following regular expressions:
2001:db8:1::200.*EstablishedShow output
IPv6 Unicast Summary: BGP router identifier 1.1.1.100, local AS number 100 VRF default vrf-id 0 BGP table version 0 RIB entries 0, using 0 bytes of memory Peers 1, using 24 KiB of memory Neighbor LocalAddr V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State PfxRcd PfxSnt Desc 2001:db8:1::200 0.0.0.0 4 200 3 4 0 0 0 00:00:01 Established 0 0 N/A Total number of neighbors 1
Note
With allowas-in enabled, DUT0 should accept route 2001:db8:10::/64 despite containing its own AS.
Step 4: Run command protocols bgp show ipv6 at DUT0 and check if output matches the following regular expressions:
2001:db8:10::/64Show output
BGP table version is 2, local router ID is 1.1.1.100, vrf id 0 Default local pref 100, local AS 100 local address - Status codes: s suppressed, d damped, h history, u unsorted, * valid, > best, = multipath, i internal, r RIB-failure, S Stale, R Removed Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *> 2001:db8:1::/64 fe80::dcad:beff:feef:6c10 0 0 200 100 ? *> 2001:db8:10::/64 fe80::dcad:beff:feef:6c10 0 0 200 100 ? Displayed 2 routes and 2 total paths
Attention
Verify the AS_PATH contains the local AS (100) prepended by DUT1.
Step 5: Run command protocols bgp show ipv6 2001:db8:10::/64 at DUT0 and check if output matches the following regular expressions:
200 100Show output
BGP routing table entry for 2001:db8:10::/64, version 2 Paths: (1 available, best #1, table default) Advertised to peers: 2001:db8:1::200 200 100 2001:db8:1::200 from 2001:db8:1::200 (1.1.1.200) (fe80::dcad:beff:feef:6c10) (used) Origin incomplete, metric 0, valid, external, best (First path received) Last update: Thu Mar 5 14:48:44 2026