Allowas-In

Scenario to verify BGP peer-group allowas-in inheritance. When allowas-in is configured on a peer-group, neighbors that are members of that group accept routes containing their own AS in the AS-path.

Test eBGP - Peer-group allowas-in accepts routes with own AS

Description

Test that allowas-in configured on a peer-group is inherited by its members. DUT1 prepends DUT0’s own AS (100) to the route. With allowas-in inherited from the peer-group, DUT0 accepts the route despite containing its own AS in the path.

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.10.0.100/24
set protocols bgp 100 neighbor peer peer-group MYGROUP
set protocols bgp 100 neighbor peer remote-address 10.10.0.200
set protocols bgp 100 peer-group MYGROUP allowas-in number 3
set protocols bgp 100 peer-group MYGROUP remote-as 200
set protocols bgp 100 peer-group MYGROUP route-map export ALLOW-ALL
set protocols bgp 100 peer-group MYGROUP route-map import ALLOW-ALL
set protocols route-map ALLOW-ALL rule 10 action permit
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 10.10.0.200/24
set protocols bgp 200 neighbor peer remote-address 10.10.0.100
set protocols bgp 200 neighbor peer remote-as 100
set protocols bgp 200 neighbor peer route-map export prepend-as
set protocols bgp 200 redistribute connected
set protocols route-map prepend-as rule 10 action permit
set protocols route-map prepend-as rule 10 set as-path prepend 100
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Attention

Verify eBGP session establishes.

Step 3: Run command protocols bgp show ip summary at DUT0 and check if output matches the following regular expressions:

10.10.0.200.*Established

Show output

IPv4 Unicast Summary:
BGP router identifier 10.10.0.100, local AS number 100 VRF default vrf-id 0
BGP table version 0
RIB entries 0, using 0 bytes of memory
Peers 1, using 24 KiB of memory
Peer groups 1, using 64 bytes of memory

Neighbor        LocalAddr       V         AS   MsgRcvd   MsgSent   TblVer  InQ OutQ  Up/Down        State   PfxRcd   PfxSnt Desc
10.10.0.200     10.10.0.100     4        200         2         4        0    0    0 00:00:01  Established        0        0 N/A

Total number of neighbors 1

Attention

Verify DUT0 accepts route 10.10.0.0/24 with its own AS in the path.

Step 4: Run command protocols bgp show ip 10.10.0.0/24 at DUT0 and check if output matches the following regular expressions:

200 100

Show output

BGP routing table entry for 10.10.0.0/24, version 1
Paths: (1 available, best #1, table default)
  Advertised to peers:
  10.10.0.200
  200 100
    10.10.0.200 from 10.10.0.200 (10.10.0.200)
      Origin incomplete, metric 0, valid, external, best (First path received)
      Last update: Thu Mar  5 15:46:43 2026

---

Test eBGP - Peer-group allowas-in disabled (default)

Description

Test that by default BGP rejects routes containing its own AS in the AS_PATH. DUT1 prepends DUT0’s AS (100) to the AS_PATH. Without allowas-in on the peer-group, DUT0 should reject this route.

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.10.0.100/24
set protocols bgp 100 neighbor peer peer-group MYGROUP
set protocols bgp 100 neighbor peer remote-address 10.10.0.200
set protocols bgp 100 peer-group MYGROUP remote-as 200
set protocols bgp 100 peer-group MYGROUP route-map export ALLOW-ALL
set protocols bgp 100 peer-group MYGROUP route-map import ALLOW-ALL
set protocols route-map ALLOW-ALL rule 10 action permit
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 10.10.0.200/24
set protocols bgp 200 neighbor peer remote-address 10.10.0.100
set protocols bgp 200 neighbor peer remote-as 100
set protocols bgp 200 neighbor peer route-map export prepend-as
set protocols bgp 200 redistribute connected
set protocols route-map prepend-as rule 10 action permit
set protocols route-map prepend-as rule 10 set as-path prepend 100
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Attention

Verify eBGP session establishes.

Step 3: Run command protocols bgp show ip summary at DUT0 and check if output matches the following regular expressions:

10.10.0.200.*Established

Show output

IPv4 Unicast Summary:
BGP router identifier 10.10.0.100, local AS number 100 VRF default vrf-id 0
BGP table version 0
RIB entries 0, using 0 bytes of memory
Peers 1, using 24 KiB of memory
Peer groups 1, using 64 bytes of memory

Neighbor        LocalAddr       V         AS   MsgRcvd   MsgSent   TblVer  InQ OutQ  Up/Down        State   PfxRcd   PfxSnt Desc
10.10.0.200     10.10.0.100     4        200         2         4        0    0    0 00:00:00  Established        0        0 N/A

Total number of neighbors 1

Note

DUT0 should NOT receive route 10.10.0.0/24 because it contains its own AS (100).

Step 4: Run command protocols bgp show ip at DUT0 and check if output does not match the following regular expressions:

10.10.0.0/24

Show output

No BGP prefixes displayed, 0 exist

---