Re: Registered BGP ASN and Public IP address Spaces

Steven Williams · ‎12-18-2018

If you have your own BGP ASN can you assign Public IP address space that you own and don't own? If I have a block I own and registered to me, but have two other blocks that are belonging to my ISP's (Different ISP's) can they all be advertised out?

mark.chennell · ‎12-19-2018

Hi.

IP address space and an ASN are two different things, if you want to advertise your IP space out of your ASN then yes you would need both (say to an upstream ISP etc)

You cannot advertise IP space that is not registered to you/your ASN and any upstream router would not allow that (there is cross referencing between the ripe DB etc to check that the address space matches the route object within the RIPE database etc etc

So in your case, your ISP will advertise the IP block they have assigned you out into BGP, i think the only other way round this would be they could assign your a private ASN and you could peer with them and then you could advertise this out .....but i dont really see the point of this (also not knowing what you are trying to do here etc...)

Hope this helps

Steven Williams · ‎12-19-2018

I am trying to just figure out how this was setup as I inherited it.

I have three providers. I have three IP spaces, 2 registered to the ISPs and 1 registered to me. I have a registered ASN as well. My ASN has all three spaces assigned to it.

I have three routers connected to two 3650s running HSRP and then two firewalls downstream. Now the firewalls have IP addresses on them (public addresses) from ISP 1 and 2 but NOT my registered IP space at all, but there are static routes that say to get to my registered IP block go to the SVI on the 3650 switches and I am advertising my public space via BGP. So even though my firewall doesnt have an interface assigned to that IP space it still works with one to one NATs? This is why you should never use the ISPs subnet blocks in an enterprise I feel. Gets too messy.

Richard Burts · ‎12-19-2018

Mark is not correct when he says that you can not advertise address space that does not belong to you. I have worked with several customers who do exactly that. You do have to arrange it and get permission from the owner of address block 1 to be able to advertise it to ISP 2, and you need to get ISP 2 to agree that they will accept it. But it certainly can be done. If you are trying to do something like that to achieve redundancy I advise using BGP Conditional Advertisement so that you advertise ISP 1 addresses to ISP 2 only when there is a problem with connectivity to ISP 1.

HTH

Rick

HTH

Rick

Richard Burts · ‎12-19-2018

Having read through the discussion again I would agree that if you use and advertise only your own address space then it is simpler and cleaner. Especially if your address space is at least /24. But the original post asks the question whether you could have address space from 2 ISPs and advertise those address spaces and the answer to that question is yes you can.

HTH

Rick

HTH

Rick

Steven Williams · ‎12-19-2018

Ok so we must be doing that. Because my internet outbound from clients are NATed to a public IP from ISP 1 and outbound traffic can go out ISP1 or ISP2 based on hard downs of ISP1. So for ISP1 public IP to go outbound and inbound on ISP2 we must have had both providers agreed to advertise each subnet out of their own PEs?

Richard Burts · ‎12-19-2018

Yes if I am understanding correctly that if ISP1 goes down you are able to send IP packets with source address in the address block of ISP 1 to ISP 2 and are able to receive response traffic then at some time in the past someone got both ISP to agree to do this.

HTH

Rick

HTH

Rick