02-21-2014 01:21 AM - edited 03-04-2019 10:24 PM
Hi Team,
I have a doubt , I want to use same ASN number at different sites with different- different ISP.(consider i have public ip range 1.1.1.0/24 )
consider I have a public server with ip 1.1.1.1 at site A and and if i advertise same Public pool at B site , how return traffic know that if it has to come at site A or B.
or if some one from Internet want to access this 1.1.1.1 public server , Is that request will come to on Site A router or Site B router .
Regards,
Prashant
02-21-2014 03:07 AM
Prashant,
Are your two sites connected in any way? Or are they completely separate sites running the same AS?
Now, if you have for examle (1.1.1.0/24), and advertise this network out to the network, you could do AS_PATH prepending to try and equal out AS_PATH lengths for both routes, but I wouldn't recommend doing it this way.
I'm assuming these are Provider Independent addresses, so you could advertise out specific prefixes with a /32, and use AS_PATH prepending as well, for kind of a "double shot" so to speak.
You could also split up the /24 into two /25s, with one /25 being in Site A and another being in Site B.
02-21-2014 07:29 AM
Hi John,
Thanks for reply
These sites are not connected and they are completly separate sites runing same AS.
Yes my public Pool is From APNIC and it is ISP provider independent .
i have ask my both ISP and they are saying that they can not split /24 pool in /25 ,with one at site A another at site B.
I basically looking for a DR solution and if my site A goes down then my public ip 1.1.1.1 would be UP and work.
any suggestion ?
Regards,
Prashant
02-21-2014 07:39 AM
Prashant,
Thanks for the reply.
If you want to do this as a DR solution, this can be done pretty easy.
You can have the eBGP link going to your ISP that you want to use as backup, configure AS_PATH prepending, so it should never be used, for incoming traffic, unless the primary eBGP link goes down.
So you could do the following for example: (You can configure it out you like, this is jus an example)
access-list 1 permit 1.1.1.0 255.255.255.0
route-map ASPATH_PREPEND permit 10
match ip address 1
set as-path preped ASN ASN ASN
router bgp ASN
neighbor
As long as your primary ISP eBGP peer doesnt' go down, the 1.1.1.0/24 NLRI information from the Internet should always be taken, since it has a shorter AS_PATH
Feel free to research AS_PATH prepending to make sure this is something you want to implement, but this would be my suggestion.
02-21-2014 08:02 PM
Hi John,
Thanks a lot for help
i have done some research on As path prepend and i think this will work.
i will let you know as i will complete my testing on test environment.
Regards,
Prashant
05-08-2015 02:56 PM
Hi Prashant,
I had the exact same scenario.
I have my own, provider independent Public AS and a /23 Public IP.
We have 2 DC at 2 different locations with 2 Internet Routers at each site. Each receiving a FULL BGP table. So in a nutshell, I have 2 Datacenters ( San Diego and Phoenix), 4 ISP's (2 per DC),. Each site has redundant ISP's (eBGP to ISP and a iBGP between the 2 routers sharing the full internet routes) and I want to start advertising my new ARIN /23 IP via ANYCAST from the 2 DC's to all 4 ISP's.
DC # 2 is NOT live yet and I was wondering if I can use my same San Diego DC ARIN ASN and advertise my subnet?
Any feedback will be greatly appreciated.
05-09-2015 07:00 AM
hi there,
assuming that hte two DC's are interconnected, it is probably best to link the two DC's via iBGP also.
you can advertise your subnet on either border router, but it may be the case that the shortest path through the internet is via DC1 whereas the host to be reached is in DC2. This means that you need to have some link between DC1 and DC2.
If you don't like that, then you need to split the subnet you have and advertise a smaller prefix on either of the border routers of DC1 and DC2, but you'll have to check with your ISP's to see if they can accept your 2 /24's as opposed to a single /23.
regards!!
xander
05-09-2015 11:24 AM
Hey Xander,
Thanks for your response :) The 2 DC have a 1 Gb P2P connection. However, there are firewalls and other stuff in between and having an iBGP between my 2 DC border routers would mean that internet traffic outbound could go either way. We want to avoid this.
DC1 should always be the preffered inbound & outbound route, DC2 will have a 4-6 AS Prepends so that it is never preferred when DC1 is UP.
Will this configuration work , even without having an iBGP between DC's? Thanks!
05-09-2015 11:34 AM
hey networkcar, yeah that is perfectly doable and possible.
with the as-prepend you will definitely de-prefer the DC2 path,
you only want to make sure that of course it should not be a private AS, but your own AS that is pre-pended, and also check with your ISP's on DC2 whether they can accept that from you (the prepended path) and not strip it, or if else if they can add a few instances of your AS to the path to de-prefer it.
But if I may suggest, just thinking out loud here, you are effectively creating an active/standby design here, which may be "waste" of cost/power etc on DC2 side, possibly, you may consider using them both, but for different sources or different destinations. You can achieve this nicely at some point if you address your DC's well by being concious about the addressing used in each DC.
Or use private addressing and consider NAT on your borders (aik?:), it is an option to consider if you like to change addressing at some point for that orchestration and chnging nat stations and updating dns entries is always easier then re-addressing your hosts.
I just checked from the feeds taht I get from the cisco border routers and the average path length is about 5 AS, so prepending it by 4 to 6 will or should definitely do the trick for you.
if you can share your prefix (privately) with me then I can check what the AS path looks like for me from AS 109 and let you know if there is a potential for more or less prepending.
cheers
xander
05-11-2015 09:29 AM
Hi Xander,
I would like to share more details in private, how can I IM you privately?
02-21-2014 11:57 AM
Hello
yes you can hqve the same ASN numbers in different sites providing they are private ASNs
think of them like private and public ipv4 addressing using NAT
your isp could would hide this private address with a public.one or use confederations which utilizes a.public ASN but can have multiple private ASNs behind it
res
Paul
Sent from Cisco Technical Support Android App
02-21-2014 08:47 PM
Hi,
Thanks for reply
I am not using private ASN .
My ASN is Public provided by APNIC.
What is your comment on John's Solution ?
Regards,
Prashant
02-22-2014 12:02 AM
Hello
"I have a doubt , I want to use same ASN number at different sites with different- different ISP.(consider i have public ip range 1.1.1.0/24 )"
"These sites are not connected and they are completly separate sites runing same AS"
If this is a public ASN as you say it it- then it will not be allowed as no two sites cannot advertise the same public ASN due to the reason I previously stated .
eg -- need to be unique.
Res
Paul
Sent from Cisco Technical Support iPad App
02-22-2014 01:17 AM
Why do you say that he's not allowed to use the same public ASN at different sites? It depends on the region I suppose but it's not unheard of to use ASN assigned from say RIPE in ARIN region or vice versa.
If he advertises same prefix from those sites it will be anycasting service and clients will choose "closest" one depending on what their upstream has as the best path.
I don't know about the other mechanisms to make it work such as DNS and at the application level but from an IP perspective it should work.
Daniel Dib
CCIE #37149
Please rate helpful posts.
02-22-2014 01:34 AM
I would also like to understand this better as well.
I understood it that if two sites advertised prefixes with the same public ASN, then only those two sites couldn't receive each others prefixes due to the AS path loop prevention rule. This would only happen if the two sites received full routes and needed to communicate with each other using the public prefixes. If the two sites only receive a default route from the upstream provider or they didn't need to reach each others public addresses then this wouldn't be a problem
Have I understood this correctly or is there another reason why an ASN cannot be advertised from two sites?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide