cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3833
Views
0
Helpful
9
Replies

Private BGP AS advertising to internet

jmyatt209
Level 1
Level 1

We wish to run private bgp as' at our sites and we need our internet router to also run a private as but advertise our public as to our upstream isp. is this possible

2 Accepted Solutions

Accepted Solutions

Hi,

Try playing with the keywords [no-prepend [replace-as [dual-as]]], with the local-as command.

http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00802c07ac.html

HTH,

Mohammed Mahmoud.

View solution in original post

Hi,

I agree with Mohammed and slidersv, you need both commands:

router bgp [your private ASN]

neighbor x.x.x.x local-as [your public as-number] no-prepend replace-as

and

neighbor x.x.x.x remove-private-as

This will solve the problem for you because it will strip out the private AS in the path.

Try this in a small lab and let us know.

View solution in original post

9 Replies 9

jdevoll
Level 1
Level 1

I want to make sure I understand exactly what you are looking to do.

As I understand it...

You you have router A, and router A is your edge router. You have router B, and router B is a router internal to your network.

Router A is running eBGP with a provider, and you have your own public ASN being advertised by router A to your provider. You also want to run iBGP between router A and router B using a private ASN.

Is this correct?

Not quite. At site A we have router A1 connected to MPLS. At site B we have router B1 connected MPLS. We will run multihop BGP b/w the two routers. We also have internet routers at both sites that will have gre/ipsec tunnels to other site. We want to use private ASN so each site can be in its own ASN, and be able to advertise/speak our public ASN to ISP. We need to do this to overcome BGP convergence time of MPLS SP in case of failure as we intend to run live to air audio over network.

A picture is worth 1000 words...

Does this look better? (see attachment)

jmyatt209
Level 1
Level 1

Yep that is what we are trying to achieve. I've been playing around with neighbor xxx.xxx.xxx.xxx local-as yyyyy command, but in upstream isp router as path is showing public-asn private-asn. will the upstream isp care about this, or is it a no no. can the private asn be removed by our local router so that it does not reach the isp.

Hmmm...interesting. I would have though your upstream ISP would be filtering routes with a private ASN in the path. Do you see the private ASN on any looking glass servers?

If you can't then it shouldn't really matter but it's best to filter on your end all the same. I suspect that the core problem is that A2 is advertising routes learned via iBGP from B2 to the upstream provider to ISPA. (see drawing2.jpg)

You can verify this with the following command

show ip bgp nei x.x.x.x advertised-routes

Assuming I am right, a similar thing is happening at site B. I think this calls for an outbound route filter!!

neighbor remote-as

neighbor filter-list 1 out

!

ip as-path access-list 1 permit ^$

Obviously take this with a grain of salt. It will hide routes learned with the private ASN and stop your VPN from becoming a transit network. But it could also break other things that you want to accomplish (like being a transit network). Even if this particular filter doesn't fit the bill, you can definitely tailor an outbound filter that will.

http://www.cisco.com/en/US/docs/ios/11_0/router/command/reference/rregexp.html

Hi,

Try playing with the keywords [no-prepend [replace-as [dual-as]]], with the local-as command.

http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00802c07ac.html

HTH,

Mohammed Mahmoud.

Try using the following command where you are using the "xxx.xxx.xxx.xxx local-as yyyyy command"

neighbor x.x.x.x remove-private-as

more description here:

http://www.cisco.com/en/US/customer/tech/tk365/technologies_tech_note09186a0080093f27.shtml

Hi,

I agree with Mohammed and slidersv, you need both commands:

router bgp [your private ASN]

neighbor x.x.x.x local-as [your public as-number] no-prepend replace-as

and

neighbor x.x.x.x remove-private-as

This will solve the problem for you because it will strip out the private AS in the path.

Try this in a small lab and let us know.

jmyatt209
Level 1
Level 1

Thanks guys, the command:

neighbor xxx.xxx.xxx.xxx local-as xxxxx no-prepend replace-as

did what I was after.

Review Cisco Networking for a $25 gift card