[c-nsp] BGP Route Nailing & Reoriginatin
Lawrence Wong
lawrencewong72 at yahoo.com
Wed Dec 6 10:40:59 EST 2006
Hi Oliver,
To elaborate further on the environment as requested, we are currently engaged in a B2B project that will ultimately lead to:
> (R1 / AS1) <-> (R2 / AS2) <-> (R3 / AS3)
R1/AS1 is an IP VPN MPLS network linking up a number of our remote offices. The service provider uses public AS number instead of private AS number to do BGP peering. We (R2/AS2) peer with R1/AS1 to obtain the list of routes (aka WAN & LAN IPs) for our sites that are connected to the IP VPN. We could do static route between R1/AS1<->R2/AS2 but it would make the routing complex and hard to maintain and scale in future. There is also a possibility that R1/AS1 will need to connect to another AS for other functions in future.
R3/AS3 is an IP VPN for B2B purposes where a number of our business partners are connected to. We do BGP with R3/AS3 to advertise our routes as well as receive theirs so that traffic to/fro our business partners will pass through the link. R3/AS3 policy does not allow "transit" ASes (aka more than 1 AS number in the AS path).
Hence our original idea of "reoriginating R1/AS" routes under our own AS (R2/AS2).
Nailing on R2, I guess could be done as per Shakeel's advice of:
> ip route 1.1.1.0/24 Null 0 250
> ip route 2.2.2.0/24 Null 0 250
Thanks in advance for your time and assistance!
----- Original Message ----
From: Oliver Boehmer (oboehmer) <oboehmer at cisco.com>
To: Lawrence Wong <lawrencewong72 at yahoo.com>; Shakeel Ahmad <shakeelahmad at gmail.com>
Cc: cisco-nsp at puck.nether.net
Sent: Wednesday, December 6, 2006 4:01:52 PM
Subject: RE: [c-nsp] BGP Route Nailing & Reoriginatin
origin doesn't change anything in this regard, it doesn't cause BGP to
advertise or not advertise the prefix, so it doesn't help you.
I don't see a clean solution where you can achieve both objectives,
except of not running BGP at all (as it was suggested). Can you
elaborate why you need/want to hide AS1? Why are they running BGP in the
first place if they don't want to see their AS on the Internet?
You can use a private-as and "remove-private as" to hide AS1, but it
will still cause a withdrawal when your link to AS1 dies. You could use
a floating static Null route in AS2 to keep the advertisement up, but I
don't think this will fully hide any instabilities. Why are you worried?
You could use aggressive BGP dampening on your border to R1 to hide
continuous instabilities..
If AS1 is using part of your address space, you could create an
aggregate and advertise this summary.
oli
cisco-nsp-bounces at puck.nether.net <> wrote on Wednesday, December 06,
2006 2:52 AM:
> Hi SA,
>
> Confederation looks out for us because AS1/AS2 are run by
> seperate entities. "set origin" looks like a solution. But
> would it cause issues with the BGP between R1<->R2? Like for
> example R2 may treat 1.1.1/24 as it's "own" route and
> re-advertise back into R1 ?
>
>
> Thanks,
>
>
> ----- Original Message ----
> From: Shakeel Ahmad <shakeelahmad at gmail.com>
> To: Lawrence Wong <lawrencewong72 at yahoo.com>
> Cc: cisco-nsp at puck.nether.net
> Sent: Wednesday, December 6, 2006 3:20:20 AM
> Subject: Re: [c-nsp] BGP Route Nailing & Reoriginatin
>
>
> I just read somewhere we can use
>
> set origin .... command in a route-map to alter the origin
> codes for incoming routes
>
> So if this works (which it should) you need to configure a
> route-map on R2 to mend the origin code for prefixes 1.1.1/24
> & 2.2.2/4 and set it to igp...(someone please correct me here
> if i am wrong)
>
>
> thanks,
> SA
>
>
> On 12/5/06, Shakeel Ahmad <shakeelahmad at gmail.com> wrote:
> Umm i would do it like this --- Two options (idealy i would
> go with second but not sure what your requirment is)
>
> * Concidering you want BGP still running between R1 & R2
>
> Use Conferdeation in between R1 & R2 with AS2 as
> Confederation Identifier so that AS3 only knows about AS2
> (two private AS can be used on R1 & R2 to hide in AS2
> identifer) .. Solves your issue !!!
>
> * Concidering we don't want (or should'ny) run BGP in between R1 & R2
>
> on R2/AS2 put static routes for 1.1.1.0/24 & 2.2.2.0/24
> towards R1 (There's no point of BGP running in between R1 &
> R2 in this case). Now in your BGP session at R2, advertise
> 1.1.1/24 & 2.2.2/24 via network statement. It'll solve the
> first issue.....and R3 will recieve 1.1.1/24 & 2.2.2/24 as originated
> by AS2 -
>
>
> now points come to stop flapping , simply (also a best
> practice for both above) put these static routes on R2/AS2
>
> ip route 1.1.1.0/24 Null 0 250
> ip route 2.2.2.0/24 Null 0 250
>
> Remmember metric should be as lowest as possible and the
> subnet thrown on Null 0 should be as aggregated as possible.
> This will eventaully stop your flaps and routes will never
> disappear from AS3 and will always point back to AS2.
>
>
> hope this helps....
>
> Shakeel Ahmad
>
>
> On 12/5/06, Lawrence Wong <lawrencewong72 at yahoo.com > wrote:
> Dear gurus,
>
> I have an environment as follows:
>
> (R1 / AS1) <-> (R2 / AS2) <-> (R3 / AS3)
>
>
> R1 (router 1) has AS number 1 (AS 1) and advertises the
> routes 1.1.1.0/24 and 2.2.2.0/24 to R2 which inturn
> advertises to R3. All advertisement is done via eBGP.
>
> Is it possible to configure R2 such that the routes
> 1.1.1.0/24 and 2.2.2.0/24 are advertised to R3 under AS2
> instead of AS1? At the same time, can R2 "nail" down the
> routes so that in the event the (physical & BGP) link between
> R1 and R2 is down, the route continues to be advertised to R3 (and
> under AS2)?
>
> The objective is to "hide" AS1 and also to prevent BGP
> dampening at R3 caused by flapping link between R1 & R2.
>
>
> TIA!
>
>
>
>
>
>
> ______________________________________________________________
> ______________________ Do you Yahoo!?
> Everyone is raving about the all-new Yahoo! Mail beta.
> http://new.mail.yahoo.com
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
>
> ______________________________________________________________
> ______________________ Cheap talk?
> Check out Yahoo! Messenger's low PC-to-Phone call rates.
> http://voice.yahoo.com _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
____________________________________________________________________________________
Cheap talk?
Check out Yahoo! Messenger's low PC-to-Phone call rates.
http://voice.yahoo.com
More information about the cisco-nsp
mailing list