Re: Influencing BGP routes with MPLS provider

MachadoGB · ‎04-25-2011

Hello,

I need help to understand an odd situation.

I have 4 BGP connections to a provider (multi-homed environment). This is MPLS-VPN not Internet. The provider is allowing multi-path for the EBGP peer. My AS is 65000 and the provider’s AS is 123. My AS is doing IBGP. Each connection to the provider is located in one country region, such as East, South-East, Central, and West.

As a simple approach I have applied AS-PREPEND for 3 regions except West, so when the remote sites connected to MPLS need to access resources at West region they will take the West MPLS connection, instead of entering my AS at East side and hop through my internal AS to get to West.

But it seems not working. When you do the show command from a remote site filtering for specific path at West I can not see the prepended ASs. And it continue taking the preferred MPLS connection to the East. Is there a way to set this with AS_PREPEND? I do not want to get into too complicated design. There are no communities and no confederation. Is the provider doing any kind of AS manipulation such way the additional AS numbers do not pass to the remote sites? Thanks.

The configuration I am using is:

!

ip as-path access-list 10 permit _123$ (Provider AS)

!

route-map AS_PREPEND permit 10

match as-path 10

set as-path prepend 65123 65123 65123

!

route-map AS_PREPEND permit 20

!

router bgp 65000

neighbor [peer ip address] route-map AS_PREPEND out

!

samavedula_rama · ‎04-25-2011

May be the provider is using "neighbor as-override" to make sure your routes are not discarded by the remote router ?? So, if your remote site is also on the same AS as yours, they might not see these routes at all, since they see the AS in the AS-PATH.

MachadoGB · ‎04-25-2011

Yes, The provider is using as-override command when peer with my AS. And no the remote sites do not have the same AS 65000. But there is a group of remote sites with the same AS number let's say 65001 (5 sites with the same number).

Is there any suggestion?

Thank you.

Mohamed Sobair · ‎04-25-2011

Hi,

That absolutely wrong. the reason you are not seeing your prepended AS is because you are prepending Networks that is not originated by You or Your own AS.

You need to change your config to look like this:

ip as-path access-list 10 permit ^$ (Locally Originated routes)

!

route-map AS_PREPEND permit 10

match as-path 10

set as-path prepend 65123 65123 65123

!

route-map AS_PREPEND permit 20

!

router bgp 65000

neighbor [peer ip address] route-map AS_PREPEND out

!

Regards,

Mohamed

milan.kulik · ‎04-26-2011

Hi,

I'd also recommend using

set as-path prepend 65000 65000 65000

instead of

set as-path prepend 65123 65123 65123

Otherwise the prefixes with the prepend applied look like originated from AS 65123 instead of 65000 when recieved on the remote site.

Which might be confusing.

BR,

Milan

MachadoGB · ‎04-26-2011

Hi Milan,

I kind of agree with you.. but the case is not for my AS to be prepended, but to prepend the downstream AS.. in this particular case one specific AS.. just for test..

Thanks for your colaboration.. it is working... Now the chalenge is to find an elegant solution for that...

MachadoGB · ‎04-26-2011

Hi Mohamed,

I got your point... and I wish it was that simple. In fact we are dealing with upstream, duplicate AS#, and multipath into BGP.

So a solution was found, but not quite the way you proposed.

Considering the ASs connected to my AS so I did repalce the access-path link by:

!

ip as-path access-list 10 permit _AS-DOWNSTREAM-1$

ip as-path access-list 10 permit _AS-DOWNSTREAM-2$

!

and applied:

set as-path prepend 65123 65123 65123

Note that 65123 is one of my downstream ASs.

The provider is masking the AS3s to my remotes as normal operation and they have provided the output of the AS path from their PE routers peering with my AS.

So, case is solved.

Thanks for your colaboration.