Best practice BGP Multiple sites, using single or multiple ASN

christianpho · ‎10-29-2021

Hi,

I'm like to which better desing to use.

I have multiple sites on which BGP relationship are established with ISPs. Since most location have more than one ISPs an same prefix should be available on both connection. They are using public ASNs.

So site A as 2 ISPs over which BGP route exchange happen.

IP prefixes are actually not available for site B and C and so on.

Which one would be better Option A

Use at all location the same ASN regardless if they peer with same ISPs

Site A peer with ISP A and B

Site B perr with ISP B and C

Site C peer with ISP D and E

Or request differents ASN for each location ?

A what about if sites are all around the globe, some under APNIC responsability, while other under RIPE NCC, and so on ?

balaji.bandi · ‎10-29-2021

I Prefer to use the same ASN for all sites, Do you have connectivity between these sites like any private link or they connect through internet only?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

paul driver · ‎10-29-2021

Hello
@christianpho @balaji.bandi -
BGP basic loop prevention is in the as-sequence as such a prefix won’t be allowed if the rtr see its own asn in the as-path of a prefix so unless you are implementing L3vpn then each site would require a different ASN.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Giuseppe Larosa · ‎10-30-2021

Hello @christianpho ,

we would need more informaton about your network scenario:

are you using an MPLS L3VPN service with multiple service providers ?

if that is the case you can use the same private AS number in range last 1024 of 16 bit max number 65535. The PE nodes will perfom AS override or private AS replacement.

Or you would like to use different services like IPSec VPNs, DMVPNs or SD - WANs ?

All these work over public Internet .

In order to get a public ASN from a RIR you need to be multi homed .

>> A what about if sites are all around the globe, some under APNIC responsability, while other under RIPE NCC, and so on ?

The AS number is required in the region where your Head Quarters is but it can be used also outside that region as it is worldwide unique.

To make possible interconnection over public internet without using any form of tunneling like the above mentioned IPSec VPNs, DMVPNs or SD WAN if you have a single public AS number to avoid loop prevention in AS path you need

on each site towards each eBGP peer where x.x.x.x is the directly connecte ISP x eBGP peer:

neighbor x.x.x.x allowas-in [n]

This command allows to accepts BGP prefixes that have an AS path that contain your own BGP ASN up to 3 times.

There is an optional parameter that allows to increase the number of times your ASN appear to be able to handle cases where AS path prepending is used.

Hope to help

Giuseppe

christianpho · ‎11-01-2021

Hi,

We do not use any kind of private connectivity to get public Internet IP
range (including VPNs).

>From each service Provider I'm actually only receiving a default route from
each ISP to the Internet. Making Site A do not have to learn BGP routes to
get Site B prefix. So as I understand even if we have 2 different sites
which need to talk together since each site gets only a default route they
can communicate. In case one of each site will eventually get a wider
routing table from ISPs, I am going to have issues with this design....

Most of sites are multi-homing with more than one ISPs, for those is not
the case, I would like to make easier as possible to make them as
multi-home sites with multiple ISPs as possible.