2023: BGP AS Override vs BGP Allow-AS-In: A Comprehensive Comparison

BGP AS Override vs BGP Allow-AS-In: A Comprehensive Comparison

BGP is used to exchange routing information between multiple autonomous systems (AS) on the Internet. An autonomous system is a group of networks that share a common administrative area. BGP is used to route traffic across multiple independent systems and is the protocol used by Internet Service Providers (ISPs) to communicate routing information with one another.

More on BGP
BGP: Path Selection Criteria - Path Vector Protocol
BGP Basics: BGP Neighbor States

BGP AS Override and BGP Allow-AS-In: Know the difference
Fig 1.1- BGP AS Override and BGP Allow-AS-In: Know the difference

BGP AS Override Feature

BGP AS Override is a BGP functionality that allows a Provider Edge (PE) router to modify the private Autonomous System (AS) number used by a Customer Edge (CE) device over an external BGP (EBGP) session operating on a VPN routing and forwarding (VRF) access connection. The PE AS number replaces the private AS number.

When clients utilize the same AS number across several sites, this feature prevents customer sites with identical AS numbers from being connected via another AS number. In this case, routing changes from one site are discarded when they arrive at the other. The AS-Override function replaces the originating router's AS number with the transmitting BGP router's AS number to override this functionality.


BGP Allow-AS-In permits a BGP speaker to receive BGP updates even if its own BGP AS number is in the AS-Path property. By default, EBGP loop protection is enabled, which implies that the update is denied if any BGP speaker detects its own AS Number in the BGP update. Routes can be accepted and processed using the Allow AS feature even if the router identifies its own ASN in the AS-Path.

Assume you have two branch routers that communicate with each other via an ISP and use BGP. The AS numbers of the two branch routers are the same. When routes reach the Service Provider (SP) network from a branch (R1), they might be tagged with the user AS. When the SP forwards it to the other branch router (R2), the routes are discarded by default if the other branch also utilizes BGP with the SP and has the same AS number. In this case, the Allow-AS-In functionality may be used to allow BGP on the opposite side to inject updates.

Difference between BGP AS Override & Allow-AS-IN

BGP AS Override Vs BGP Allow-AS-IN
Fig 1.2- BGP AS Override and BGP Allow-AS-In: Know the difference

"Allowas-in" will be set up on the CE device at the customer site, "As Override" must be supplied at the service provider end.

To summarize, in complicated BGP configurations with route reflectors, BGP AS Override is largely used to assure appropriate route reflection and loop avoidance. However, in non-standard network settings where such routes are expected, BGP Allow-AS-In is used to regulate whether BGP routes with the local AS number in their AS_PATH characteristics are accepted.

Continue Reading...

More on BGP...