
When deploying an [MPLS](/mpls) layer 3 [VPN](/mpls-virtual-private-network-vpn) topology, and when using [BGP](/bgp) as the [routing protocol](/routing-dynamic-routing-protocols) between the [CE](/mpls-customer-edge-router) and [PE](/mpls-label-edge-router), there are situations where the [Allow-AS In](/bgp-allow-as-in) BGP feature must be used.   This is particularly the case when the [ASN](/bgp-autonomous-system-number) used at both remote customer sites is the same.

Take a look at the following topology:
![mpls-vpn-pe-ce-eBGP.png](/attachments/mpls-vpn-pe-ce-eBGP.png)

Note that both CE1 and CE2 are in ASes with [the same ASN](/bgp-discontiguous-autonomous-systems).  [eBGP loop prevention mechanisms](/bgp-ebgp-loop-prevention-mechanism-same-as-number) will not allow prefixes to be exchanged between CE1 and CE2 because of the fact that the same AS number appears in the AS Path.

One way to resolve this is to use a different ASN.  However, there are situations in which it is preferrable to keep the same ASN and use the Allow-AS In feature.  These reasons include:

- The use of public ASes - If these are public ASNs, then the choice of ASN is constrained, which may require you to use the same ASN at multiple remote sites.
- Routing policies - some organizations may have applied routing policies based on AS numbers. Changing the AS number could mean reworking these polices which may be more time-consuming and expensive than using the Allow-AS-in feature.
- BGP features dependent on AS number - there may be BGP features or design principles that are dependent on AS number such as [BGP Confederations](/bgp-confederations) and [AS_PATH](/bgp-attributes-and-path-selection) [prepending](/bgp-med-vs-as-prepending) and [filtering](/bgp-aspath-filtering-use-cases).
- Simplicity - some customers may just want to keep the same AS throughout their remote networks for operational simplicity. This way they don’t have to get involved in [eBGP](/bgp-definition-of-external-bgp-ebgp) [routing](/routing) and related configurations, especially if they may have tens or hundreds of remote sites.
- Network design - A customer may also be constrained in the choice of their ASN due to the nature of the rest of their network, network infrastructure that exists beyond the MPLS interconnections of their remote sites.

So although the use of different ASes at each remote site is a solution to the problem presented, there are reasons to maintain the same [AS](/bgp-autonomous-system-as) at remote sites necessitating the use of Allow-AS-In.


Links:

https://forum.networklessons.com/t/mpls-layer-3-vpn-bgp-allow-as-in/1322/27?u=lagapides

https://networklessons.com/bgp/mpls-layer-3-vpn-bgp-allow-as-in

MPLS - Using the BGP Allow-AS in feature

Interface - configuring a range of interfaces

Interface - no carrier counter

Interface - show interfaces counters explained

Interface - unknown protocol drops

Interface speed and bandwidth

Interior Gateway Protocol (IGP)

Internet Exchange Point (IXP)

Internet Service Provider (ISP)

Intrusion prevention system (IPS)

Kron task scheduler

L2TPv3 over IPSec

L2TPv3

LACP

LAG - Multi-Chassis LAG

LFA - Topology Independent LFA

LFA, remote LFA, and how they work together in OSPF

LISP - map request and reply process

LISP - what is it

LISP and overlapping address spaces

LISP debug traffic between two EIDs

LISP host mobility use cases

LISP where EID-to-RLOC mappings originate

LISP

Logging buffered command

Loop-Free Alternate (LFA) Fast Reroute (FRR)

Loop-Free Alternate (LFA) and remote LFA

Loops in layers 2 and 3

MAC Access List EtherType

MAC Access List

MAC address flapping

MAC address of all zeros

MAC address table - multiple entries of the same MAC address

MAC address table - show command on Nexus device

MAC address table populated using source address field

MAC address table static multicast entry

MAC address table

MAC address

MPLS - BGP customer prefixes do not appear in the LFIB

MPLS - Connecting IPv6 sites over an IPv4 backbone

MPLS - Disabling IPv4 address family in BGP for VPNv4

MPLS - Ethernet over MPLS (EoMPLS)

MPLS - L3VPN BGP EIGRP redistribution

MPLS - L3VPN BGP OSPF Redistribution

MPLS - LDP source interface

MPLS - Layer 2 VPNs

MPLS - Multi-VRF CE

MPLS - Segment Routing over MPLS

MPLS - Transport Profile

MPLS - VPN label

MPLS - VPNv4 Labels are assigned per route

MPLS - Virtual Private Network (VPN)

MPLS - label distribution using MP-BGP

MPLS - label

MPLS - multiarea OSPF in the core

MPLS - network redundancy

MPLS - what is fate sharing

MPLS - what is seamless MPLS

MPLS 6PE uses two labels in the data plane

MPLS Bytes Label Switched in the LFIB

MPLS Customer Edge Router

MPLS L3VPN Inter-AS Options

MPLS LDP Label Filtering

MPLS LDP Session Protection

MPLS LDP Targeted Hellos

MPLS LSR ID

MPLS Label Distribution Protocol

MPLS Label Distribution and Swapping

MPLS Label Edge Router

MPLS Label Switch Router

MPLS Layer 3 VPN communication between CE and PE routers

MPLS Layer 3 VPN communication between CE routers

MPLS Local Label Allocation Filtering

MPLS Penultimate hop popping

MPLS Route Distinguisher

MPLS Route Target

MPLS TE - Affinity attribute flag assignment best practices

MPLS TE - TE Tunnels

MPLS TE setup and hold priority

MPLS Troubleshooting

MPLS VPN extranet route leaking unique addressing

MPLS VRF names locally significant

MPLS addresses bound to peer LDP Ident output

MPLS advertising multiple customer subnets

MPLS entropy label

MPLS explicit NULL

MPLS implicit NULL

MPLS mandatory use of CEF

MPLS traffic engineering

MPLS-TE - why are IGPs necessary

MPLS

MPP vs ACLs

MQTT return codes

MST - Root port selection for switches outside MST topology

MST configuration revision number

MTU - Adjusting MTU to accommodate additional headers

MTU - Interface MTU configuration considerations

MTU - MSS and Jumbo Frames

MTU - Path MTU Discovery (PMTUD)