cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
10383
Views
12
Helpful
19
Replies

BGP and same ASN number

prashantrecon
Level 1
Level 1

Hi Team,

I have a doubt , I want to use same ASN number at different sites with different- different ISP.(consider i have public ip range 1.1.1.0/24 )

consider I have a public server with ip 1.1.1.1 at site A and and if i advertise same Public pool at B site , how return traffic know that if it has to come at site A or B.

or if some one from Internet want to access this 1.1.1.1 public server , Is that request will come to on Site A router or Site B router . 

Regards,

Prashant

19 Replies 19

JohnTylerPearce
Level 7
Level 7

Prashant,

Are your two sites connected in any way? Or are they completely separate sites running the same AS?

Now, if you have for examle (1.1.1.0/24), and advertise this network out to the network, you could do AS_PATH prepending to try and equal out AS_PATH lengths for both routes, but I wouldn't recommend doing it this way.

I'm assuming these are Provider Independent addresses, so you could advertise out specific prefixes with a /32, and use AS_PATH prepending as well, for kind of a "double shot" so to speak.

You could also split up the /24 into two /25s, with one /25 being in Site A and another being in Site B.

Hi John,

Thanks for reply

These sites are not connected and they are completly separate sites runing same AS.

Yes my public Pool is From APNIC and it is ISP provider independent .

i have ask my both ISP and they are saying that they can not split /24 pool in /25 ,with one at site A another at site B.

I basically looking for a DR solution and if my site A goes down then my public ip 1.1.1.1 would be UP and work.

any suggestion ?

Regards,

Prashant

Prashant,

Thanks for the reply.

If you want to do this as a DR solution, this can be done pretty easy.

You can have the eBGP link going to your ISP that you want to use as backup, configure AS_PATH prepending, so it should never be used, for incoming traffic, unless the primary eBGP link goes down.

So you could do the following for example: (You can configure it out you like, this is jus an example)

access-list 1 permit 1.1.1.0 255.255.255.0

route-map ASPATH_PREPEND permit 10

match ip address 1

set as-path preped ASN ASN ASN

router bgp ASN

neighbor route-map ASPATH_PREPEND out

As long as your primary ISP eBGP peer doesnt' go down, the 1.1.1.0/24 NLRI information from the Internet should always be taken, since it has a shorter AS_PATH

Feel free to research AS_PATH prepending to make sure this is something you want to implement, but this would be my suggestion.

Hi John,

Thanks a lot for help

i have done some research on As path prepend and i think this will work.

i will let you know as i will complete my testing on test environment.

Regards,

Prashant

Hi Prashant,

I had the exact same scenario.

I have my own, provider independent Public AS and a /23 Public IP.

We have 2 DC at 2 different locations with 2 Internet Routers at each site. Each receiving a FULL BGP table. So in a nutshell, I have 2 Datacenters ( San Diego and Phoenix), 4 ISP's (2 per DC),. Each site has redundant ISP's (eBGP to ISP and a iBGP between the 2 routers sharing the full internet routes) and I want to start advertising my new ARIN /23 IP via ANYCAST from the 2 DC's to all 4 ISP's.

DC # 2 is NOT live yet and I was wondering if I can use my same San Diego DC ARIN ASN and advertise my subnet?

 

Any feedback will be greatly appreciated.

hi there,

assuming that hte two DC's are interconnected, it is probably best to link the two DC's via iBGP also.

you can advertise your subnet on either border router, but it may be the case that the shortest path through the internet is via DC1 whereas the host to be reached is in DC2. This means that you need to have some link between DC1 and DC2.

If you don't like that, then you need to split the subnet you have and advertise a smaller prefix on either of the border routers of DC1 and DC2, but you'll have to check with your ISP's to see if they can accept your 2 /24's as opposed to a single /23.

 

regards!!

xander

Hey Xander,

 

Thanks for your response :) The 2 DC have a 1 Gb P2P connection. However, there are firewalls and other stuff in between and having an iBGP between my 2 DC border routers would mean that internet traffic outbound could go either way. We want to avoid this.

DC1 should always be the preffered inbound & outbound route, DC2 will have a 4-6 AS Prepends so that it is never preferred when DC1 is UP. 

Will this configuration work , even without having an iBGP between DC's? Thanks!

hey networkcar, yeah that is perfectly doable and possible.

with the as-prepend you will definitely de-prefer the DC2 path,

you only want to make sure that of course it should not be a private AS, but your own AS that is pre-pended, and also check with your ISP's on DC2 whether they can accept that from you (the prepended path) and not strip it, or if else if they can add a few instances of your AS to the path to de-prefer it.

But if I may suggest, just thinking out loud here, you are effectively creating an active/standby design here, which may be "waste" of cost/power etc on DC2 side, possibly, you may consider using them both, but for different sources or different destinations. You can achieve this nicely at some point if you address your DC's well by being concious about the addressing used in each DC.

Or use private addressing and consider NAT on your borders (aik?:), it is an option to consider if you like to change addressing at some point for that orchestration and chnging nat stations and updating dns entries is always easier then re-addressing your hosts.

I just checked from the feeds taht I get from the cisco border routers and the average path length is about 5 AS, so prepending it by 4 to 6 will or should definitely do the trick for you.

if you can share your prefix (privately) with me then I can check what the AS path looks like for me from AS 109 and let you know if there is a potential for more or less prepending.

 

cheers

xander

Hi Xander,

 

I would like to share more details in private, how can I IM you privately?

Hello

yes you can hqve the same ASN numbers in different sites providing they are private ASNs

think of them like private and public ipv4 addressing using NAT

your isp could would hide this private address with a public.one or use confederations which utilizes a.public ASN but can have multiple private ASNs behind it

res
Paul

Sent from Cisco Technical Support Android App


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Hi,

Thanks for reply

I am not using private ASN .

My ASN is Public provided by APNIC.

What is your comment on John's  Solution ?

Regards,

Prashant

Hello

"I have a doubt , I want to use same ASN number at different sites with different- different ISP.(consider i have public ip range 1.1.1.0/24 )"
"These sites are not connected and they are completly separate sites runing same AS"

If this is a public ASN as you say it it- then it will not be allowed as no two sites cannot advertise the same public ASN due to the reason I previously stated .

eg -- need to be unique.


Res
Paul


Sent from Cisco Technical Support iPad App


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Why do you say that he's not allowed to use the same public ASN at different sites? It depends on the region I suppose but it's not unheard of to use ASN assigned from say RIPE in ARIN region or vice versa.

If he advertises same prefix from those sites it will be anycasting service and clients will choose "closest" one depending on what their upstream has as the best path.

I don't know about the other mechanisms to make it work such as DNS and at the application level but from an IP perspective it should work.

Daniel Dib
CCIE #37149

Please rate helpful posts.

Daniel Dib
CCIE #37149
CCDE #20160011

Please rate helpful posts.

I would also like to understand this better as well.

I understood it that if two sites advertised prefixes with the same public ASN, then only those two sites couldn't receive each others prefixes due to the AS path loop prevention rule. This would only happen if the two sites received full routes and needed to communicate with each other using the public prefixes. If the two sites only receive a default route from the upstream provider or they didn't need to reach each others public addresses then this wouldn't be a problem

Have I understood this correctly or is there another reason why an ASN cannot be advertised from two sites?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco