Symptom

A local AS configuration is not applied to the eBGP neighbor on a Cisco ACI border leaf switch, which results in the switch sending the fabric ASN (configured in the BGP Route Reflector policy) in the OPEN messages, which makes the neighbor reject the session because of the "bad remote-as" reason. Log that can be seen on the external neighbor: 2019 Nov 21 14:19:15.309 RTR1 %BGP-3-BADPEERAS: bgp- [29095] VRF default, Peer 192.0.2.1 - bad remote-as, expecting 23456 (AS_TRANS), configured 65536 received 64511. Example of the problematic neighbor: RTR1# show bgp ipv4 unicast neighbors 192.0.2.2 vrf TN_A:VRF_A BGP neighbor is 192.0.2.2, remote AS 65537, ebgp link, Peer index 3 Peer is an instance of prefix peering 192.0.2.2/29 BGP version 4, remote router ID 0.0.0.0 BGP state = Idle, down for 00:00:01, retry in 00:00:41 Using Vlan30 as update source for this peer For comparison, from RTR1's vPC-peer-BL where the issue is not observed: RTR2# show bgp ipv4 unicast neighbors 192.0.2.2 vrf TN_A:VRF_A BGP neighbor is 192.0.2.2, remote AS 65537, local AS 65536, ebgp link, Peer index 3 Peer is an instance of prefix peering 192.0.2.2/29 BGP version 4, remote router ID 192.0.2.0 BGP state = Established, up for 1w1d Using Vlan40 as update source for this peer Peer is directly attached, interface Vlan40

Conditions

Workaround

Remove the Local-AS Number setting under the BGP Peer Connectivity Profile and then add it back, to make it to get re-pushed from the Cisco APIC.

Further Problem Description

The concrete object for the Local AS (with valid configuration) exists on the affected Border Leaf: RTR1# ls -l /mit/sys/bgp/inst/dom-TN_A:VRF_A/peer-[192.0.2.1--29] total 2 drw-rw---- 1 admin admin 512 Dec 5 15:40 af-ipv4-ucast drw-rw---- 1 admin admin 512 Dec 5 15:40 ent-[192.0.2.1] drw-rw---- 1 admin admin 512 Dec 5 15:40 localasn <<<< -r--r----- 1 admin admin 0 Dec 5 15:40 summary RTR1# moquery -c bgpLocalAsn | grep -B 3 -A 6 192.0.2.1 # bgp.LocalAsn asnPropagate : replace-as childAction : dn : sys/bgp/inst/dom-TN_A:VRF_A/peer-[192.0.2.1/29]/localasn lcOwn : local localAsn : 65536 modTs : 2019-11-16T19:59:10.754+00:00 name : rn : localasn status :