I have an ISP who gave me this basic config and it does not make sense to me. What I am looking for is someone to tell me I am not crazy.

Overview: An MPLS network to connect multiple sites together and provide one site with internet. All other sites will have their internet traffic sent over the MPLS network to the site with inet access and out to the web. They have setup everything up so that BGP is the only protocol to be used. i.e. the site with internet peers via BGP and all other sites peer with the ISP's MPLS cloud via BGP also.

Site A <--> MPLS Cloud <--> Site B <--> Internet

BGP AS numbers:
Site A - 65001 <--> MPLS Cloud - 65002 <--> Site B - 65001 <--> Internet - 65002

What the ISP has done though is only given two AS numbers. So my site A is its own BGP setup with AS 65001, the ISP uses its own public AS number (lets call it 65002), and Site B was also given AS 65001.

Call me crazy but routes going from AS 65001 to 65002 to 65001 breaks the fundamental rule of loop detection in BGP in seeing its own AS number in the AS path.

My ISP swears up and down that it will work, however it has not. As they will not change the config on their side, I have to live with this. My solution so far is to create an iBGP session between Site A and Site B to get my routes working.

What I suggested, and they promply told me "no", was to have a separate AS number for each site. i.e. 65001 for site A, 65002 for site B, etc.

Which makes things even more crazy, is that the MPLS cloud and the Internet side of things also share the same AS number, making any routes coming in from the internet not reach site A because the MPLS cloud sees its own AS number in the path and doesnt pass things along.

I would like it if someone could tell me I am thinking of this correctly or if I am missing something.


Lets deal with the MPLS and private piece first. There is a capability with most routers to use a technique called AS override.

This allows the use of same AS at your sites connecting to the MPLS cloud. You shouldn't have to set up an iBGP session on your routers to accommodate this configuration.

Normally the configuration provided would break BGP loop detection. What AS Overide does is essentially replace the Private AS number used at the Customer edge (CE) router with the cloud's own AS. This essentially hides the duplicate AS#. When you look at a BGP table from an environment like this you should never see your remote sites AS#'s and should not have to configure an iBGP relationship between the locations to get things working.

Rather than using iBGP between the sites using a GRE tunnel between the sites would allow you to use your IGP to share routes obviating the redistribution and AS problems associated with the BGP configuration.

If you Google AS override there are a number of resources that can describe the feature in greater detail.

Is the ISP connection provided on a separate circuit?

If it is it may be less complicated to use a separate router to terminate that circuit. Then you can re-distribute the default route from the internet into your IGP.

There are carriers that are offering Layer 2 services as well, which I have found to be straight forward in terms of managing the routing environment.

As it turns out I have MPLS clouds through 2 carriers, one provided via L2 connectivity and the other via L3 using BGP at the edge. It has posed some challenges...

Hope that helps some... Good luck