Solved: Re: local-as command ignored by BGP neighbour

mmoulson1 · ‎06-12-2020

Hi all,

I have BGP running using a private AS, within the BGP config I also have an ipv4 address family for a separate VRF, within this I have 3 neighbors, 1 is iBGP (my firewall) the other 2 are eBGP links to ISP's. As BGP is running globally using the private AS I am using the local-as command on the ISP neighbors. However 1 of the ISP's is complaining saying they are receiving updates from our private AS?

When I run the show command on my side I can see the local AS is being set correctly.

I believe the ISP is using a Juniper not sure if that could be the issue? Some kind of compatibility?

Thanks in advance

Harold Ritter · ‎06-12-2020

To make sure your neighbor does not see the ASN 65000 configured on your router bgp process, you need to use "local-as 10000 no-prepend replace-as".

Please refer to the following configuration guide for more information:

https://www.cisco.com/c/en/us/td/docs/ios/12_2s/feature/guide/fsbgpdas.html

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

View solution in original post

balaji.bandi · ‎06-12-2020

Siunce we not have your configuration to validate

so please provide your configuraiton bit, also request provider about the Logs to verify the same.

make sure your bgp update interface set correctly.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

mmoulson1 · ‎06-12-2020

router bgp 65000
!
address-family ipv4 vrf Outside
bgp router-id 5.5.5.6
network 5.5.5.0 mask 255.255.255.0
redistribute static
neighbor 1.1.1.1 remote-as 100
neighbor 1.1.1.1 local-as 10000
neighbor 1.1.1.1 description ISP1
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 prefix-list OutsideOut out
neighbor 2.2.2.2 remote-as 200
neighbor 2.2.2.2 local-as 10000
neighbor 2.2.2.2 description ISP2
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 weight 10
neighbor 2.2.2.2 prefix-list OutsideOut out
neighbor 5.5.5.5 remote-as 10000
neighbor 5.5.5.5 local-as 10000
neighbor 5.5.5.5 description To firewall
neighbor 5.5.5.5 activate
exit-address-family

Obviously I have changed the IP's and AS's.

What logs should I ask for?

balaji.bandi · ‎06-12-2020

what updates they seeing "ISP's is complaining saying they are receiving updates from our private AS?"

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

mmoulson1 · ‎06-12-2020

They basically sent me some output from what looks like a Juniper:

AS path: 10000 65000

So actually that looks like they are receiving my "real" AS (10000) but maybe the trouble is they are also seeing 65000 within the AS path?

If the 'local-as' is applied to a neighbor would it also send the global AS?

Harold Ritter · ‎06-12-2020

To make sure your neighbor does not see the ASN 65000 configured on your router bgp process, you need to use "local-as 10000 no-prepend replace-as".

Please refer to the following configuration guide for more information:

https://www.cisco.com/c/en/us/td/docs/ios/12_2s/feature/guide/fsbgpdas.html

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México