BGP AS Number Design

glenn.lim · ‎06-06-2013

Hi,

I am looking for recommendation for BGP AS number design and would like to know the pros and cons of each of the option below.

The setup is as below.

I have 1 HQ office and several remote offices. All of these sites will have 2 routers each and all the routers will join to a telco MPLS VPN network. I will have 2 planes of overlay routing.

Plane 1 : BGP peering with PE routers

Plane 2: IPSEC tunnels from remote sites to HQ.

BGP will be used as the dynamic routing protocl running over the IPSEC tunnels for routes exchange.

My question here is

Should i have a AS number for BGP on a per site basis or on a per link basis?? Is there any difference??

Hope to hear from some of the experts here.

Thanks!

Jose Jara · ‎06-07-2013

Hello Glenn,

- for the BGP peering between the CEs and PEs, it depends of the provider. They may allow you to use the AS number in each site. In that case, the most common approach is that they use AS-Override in their PE's. AS-Override change the AS Number by the provider's number in case the sites are using the same. For example:

AS of the CPE's in all the sites is 65000

AS of the provider is 1

The AS_PATH in the prefix received of other sites will be 1 1 ---- 1 the provider AS and the other 1 of AS of the site that was changed in provider's network

- Other option is that they do not allow you to use the same AS per site, as they may not use AS-Override, then you will have to configure a different AS number per site. An advantage here is that you may identify the sites by the AS Number. On the other hand, you have to prepare a plan of ASN's per site and you may always use communities to identify the sites.

- Of course, you may always use Allow-As in your CE's. This will allow you to use the same AS, as it allows prefixes coming with an AS in the AS_PATH which is the same as you are using. However, I would use one of the other two first options.

Hope this helps,

Jose.

milan.kulik · ‎06-07-2013

Hi,

IMHO, using per-site AS numbers is more comfortable for a network admin for a reasonable number of sites (and if the MPLS provider agrees to use them, of course).

You can simply identify the prefix origin within sh ip bgp ... command output.

Ad the original question "Should i have a AS number for BGP on a per site basis or on a per link basis?")

What do you mean by "AS number on a per link basis"?

Two routers on a site using different AS numbers each?

I'd not recommend that, as you would then see the same prefix in the network originated from two different AS numbers.

Which would bring a lot of confusion, I'm afraid.

Best regards,

Milan

paulstone80 · ‎06-07-2013

Hi,

On some of our MPLS sites we have a different AS number per link. We have one AS number for a fibre connection into the MPLS cloud, and the second AS number for a backup ADSL connection into the MPLS cloud. The different AS numbers were given to us by the provider as each CE router peers with a different PE through a different POP.

HTH

Paul

****Please rate useful posts****

HTH Paul ****Please rate useful posts****

milan.kulik · ‎06-07-2013

Hi,

yes, this is a special design by some providers.

But the provider then has to prefer the prefixes originated from the primary AS to suppress the routing to the backup AS as long as the primary line is alive.

BR,

Milan

glenn.lim · ‎06-10-2013

Hi Guys,

Firstly, thanks for the valuable opinions here. Just to check. Apart from causing routing confusion when you have 2 routers at 1 site but different AS numbers, are there any advantages that come with this kind of configuration since some setup do use this form of configuration??

To provide more info here, mine will be both routers going into the same MPLS cloud and the MPLS provider is willing to configure their AS numbers according to our design.

Any more suggestions here??

Thanks!

Jose Jara · ‎06-11-2013

Hi Glenn,

I do not see any advantage using two different AS numbers per site. The support/troubleshooting of this design is more difficult. For example, a very common and standard approach for routing policies in a Dual CE Primary/Backup site would be to use Local Preference and MED. If you use two different AS numbers, it would not be possible as Local Preference has only meaning inside the same AS and using MED towards the ISP it will not work as it is coming from two different AS and MED is not compared between different ASNs (could be if it's configured bgp always-compare-med).

Of course, you may always use different routing policies like prepends, origin, etc... but it is less standard way of doing things.

Another problem I see is that you would need to filter the routes of the site coming from the PE, if you are going to use different AS, BGP will accept the routes of the same site coming from the PE. Normally, providers that use AS-Override use Site of Origin to prevent this behavior. You may alway use standard communities as well.

Other difference is that, by default, in eBGP the MinAdvertisement Interval is 30 seconds, however in iBGP is 0.

So, I would go ahead with the same AS per site and the same or different in the VPN. If you use the same for all the sites in the VPN, you may use communities to identify the sites.

Hope this helps,

Jose.

glenn.lim · ‎06-20-2013

Hi Jose,

Thanks for all the information provided. They are really helpful.