Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1975
Views
5
Helpful
8
Replies

Public ASN vs Private ASN internally

Go to solution
Steven Williams
Level 4
Level 4

‎05-06-2019 10:11 AM

I am moving to BGP internally in my network core. I have an internet assigned ASN so my question is do people use their Public ASN internally so minimize the eBGP peering with their internet edge?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Seth Beauchamp
Level 1
Level 1
In response to Steven Williams

‎05-08-2019 05:55 AM

Yep, outbound advertisements are tightly controlled to allow only our public space.

View solution in original post

0 Helpful
8 Replies 8

Go to solution
Seth Beauchamp
Level 1
Level 1

‎05-08-2019 05:08 AM

We use our public ASN internally, have not had any issues doing that.
0 Helpful

Go to solution
Steven Williams
Level 4
Level 4
In response to Seth Beauchamp

‎05-08-2019 05:23 AM

So even through your core network and or Datacenter you are using public ASN? So iBGP for your internal network and the only eBGP is from your CE to PE?

0 Helpful

Go to solution
Steven Williams
Level 4
Level 4
In response to Seth Beauchamp

‎05-08-2019 05:35 AM

And this is perfectly acceptable? I just assume if your RFC1918 networks were accidentally learned via your PE they would just drop. So I assume you run route-maps to make sure when your edge peering you are only advertising your public space.
0 Helpful

Go to solution
Seth Beauchamp
Level 1
Level 1
In response to Steven Williams

‎05-08-2019 05:55 AM

Yep, outbound advertisements are tightly controlled to allow only our public space.
0 Helpful

Go to solution
Steven Williams
Level 4
Level 4
In response to Seth Beauchamp

‎05-08-2019 06:01 AM

Ok good to know. Thanks for the advice/feedback.
0 Helpful

Go to solution
Steven Williams
Level 4
Level 4
In response to Seth Beauchamp

‎06-10-2019 06:19 AM

So working with my lab I have noticed that route reflectors are going to come into place with iBGP obviously. But I think I am going to need a few route reflectors here.

 

The following diagram BGP will be ran at Core-sw-01 and 02, PA-FW-01 and 02, and Edge-ASA-01 and 02.

 

So with me using the public ASN all the way to the ISP01 router My route reflectors would have to be the palo alto Fw and how does it work north of the Edge firewalls if I am using my public ASN and my ISP routers are my CEs running also my public ASN? So now I have iBGP running though from the Core-sw-01 and 02 all the way to the CE routers. All iBGP peers need to be directly connected to the route reflectors correct? So in this case the CEs would not be. So am I better running private ASN from Core-sw-01 and 02 all the way to Edge ASAs then eBGP from ASAs to ISP CEs?

 

Screen Shot 2019-06-10 at 7.59.21 AM.png

0 Helpful

Go to solution
Steven Williams
Level 4
Level 4
In response to Steven Williams

‎06-10-2019 06:52 AM

ASAs do not support RR or Communities so looks like I need to use a private ASN to the edge then ASAs and CEs peer eBGP.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card