This article describes the additional steps required to replace the AS-PATH for any received BGP prefix for redistribution to another BGP peer.

As a general practice, BGP provides the capability of using AS-OVERRIDE in situations where there is a need to accept a prefix even though the AS-PATH of that prefix contains the local AS number of the receiving unit.

In this given topology, AS65512 has two geographically separated sites, and prefix 9.7.3.8/32 is being advertised to AS65514 (R3 FGT) from AS65513 (R2). R2 has received this prefix from HQ AS65512(R1).

Note, AS65512 at the branch side(Juniper device) is a VRF, let's call it router R4(vrf) for understanding.

In an MSP environment, especially when the same device acts as a PE and CE device, route exchange occurs in a non-standard manner.

The use of the 'as-override' option works a little bit differently in FortiGate. Refer to this article: Technical Tip: BGP : 'allowas-in-enable' or 'as-override' when local AS in the AS-path conflicts wit... 

Once used for any neighbor, this command will not replace the whole AS-PATH for the advertised prefix with its local AS number, but will replace the AS number of the receiving neighbor only, and the rest of the AS numbers remains intact as below:

R4# get router info bgp neighbors 10.56.242.61 received-routes
VRF 0 BGP table version is 15, local router ID is 9.7.3.9
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight RouteTag Path

*> 9.7.3.8/32 10.56.242.61 0 0 64512  64514  65513  65512 i <-/-> <----- Behavior after allowas-in at R4 side, however, this solution still will not work in Juniper device as Juniper can still see 64513 AS number as it is one of the VRF and will drop the route.

R4# get router info bgp neighbors 10.56.242.61 received-routes
VRF 0 BGP table version is 14, local router ID is 9.7.3.9
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight RouteTag Path
*> 6.4.5.12/32 10.56.242.61 0 0 64512 i <-/->
*> 9.7.3.8/32 10.56.242.61 0 0 64512  64514  65513  65513i <-/-> <----- Behavior after as-override at R2 side, only the conflict as 65512  got replaced with 64513, but not the whole chain. However, this solution still will not work on a Juniper device.

The BGP specification mandates that a BGP speaker must not accept a route announcement if it sees its own local AS number anywhere within the AS-Path list. When a BGP route is received with its own Autonomous System (AS) number present in the AS-Path attribute, the route is immediately discarded. In this case, Juniper can still see 64513 AS number as it is one of the VRFs, and will drop the route.

Configuration Change at FortiGate:

R3# config router route-map

    edit "aspath-test"

        config rule

            edit 1

                set match-as-path "path-test"

                set set-aspath-action replace    <-----

                set set-aspath "10000"

                unset set-ip-nexthop

                unset set-ip6-nexthop

                unset set-ip6-nexthop-local

                unset set-originator-id

            next

        end

    next

end

!

R3# config router aspath-list

    edit "path-test"

        config rule

            edit 1

                set action permit

                set regexp ".*"

            next

        end

    next

end

R3# config router bgp

R3(bgp)# config neighbor

R3(neighbor)# edit 10.56.240.77

    set advertisement-interval 1

    set bfd enable

    set link-down-failover enable

    set next-hop-self enable

    set soft-reconfiguration enable

    set remote-as 65512

    set route-map-out "aspath-test"  <-----

next

end

Test:

R4# get router info bgp neighbors 10.56.242.61 received-routes | grep 9.7
VRF 0 BGP table version is 29, local router ID is 9.7.3.9
*> 9.7.3.8/32 10.56.242.61 0 0 64512 10000 i <-/->   <---- Whole AS-PATH is now replaced with 10000.