ASN requirements for site-to-site data transfer

If you are using Network Connectivity Center for site-to-site data transfer, use the following best practices for managing autonomous system numbers (ASNs).

ASN assignment

Assign ASNs as described in the following sections.

Google ASNs

All Cloud Routers that are associated with a single hub must use the same Google ASN. To select an ASN, follow the recommendations in the Cloud Router documentation.

Peer ASNs

All non-Google peering routers that are associated with a single spoke must use the same ASN when advertising prefixes to the Cloud Router. This is important because, if two peers advertise the same prefix with different ASNs or AS paths, only one peer's ASN and AS path is readvertised for that prefix. Different spokes must have different ASNs. That is, if two BGP sessions belong to different spokes, they must have different ASNs.

Example

Suppose that your Network Connectivity Center setup uses the following spokes:

  • Spoke A-east includes VPN tunnels 1 and 2. It uses Cloud Router A.
  • Spoke B-west includes VPN tunnels 3 and 4. It uses Cloud Router B.

Because all spokes connect to the same hub, Cloud Router A and Cloud Router B must both use the same number—for example, 65000—in the bpg.asn field.

In this same scenario, your setup includes the following on-premises routers:

  • Peer router A1-east is associated with spoke A-east and Cloud Router A.
  • Peer router A2-east is also associated with spoke A-east and Cloud Router A.
  • Peer router B1-west is associated with spoke B-west and Cloud Router B.
  • Peer router B2-west is also associated with spoke B-west and Cloud Router B.

Because peer router A1-east and peer router A2-east are associated with one spoke (spoke A-east), they must use the same ASN—for example, 65001. Cloud Router A also uses this number, in the bgpPeers.peerAsn field for VPN tunnel 1 and the bgpPeers.peerAsn field for VPN tunnel 2.

Similarly, peer router B1-west and peer router B2-west are both associated with one spoke (spoke B-west), so they must use the same ASN—for example, 65002. Cloud Router B also uses this number, in the bgpPeers.peerAsn field for VPN tunnel 3 and in the bgpPeers.peerAsn field for VPN tunnel 4.

AS path loop detection

We recommend configuring autonomous system (AS) path loop detection on your peer routers. This feature is almost always on by default, but if it is not, we recommend that you configure it. When AS path loop detection is enabled, if two spokes are configured with the same peer ASN, AS path loop detection on a peer router for one spoke drops all prefix advertisements from the other spoke.

What's next