AS path manipulations
1.5.d i Local AS, allowas-in, remove private as
local-AS
General information on “BGP local-AS”:
- When a BGP peer changes its AS number, every neighbor connected to it needs to change its BGP configuration
- To overcome this issue, the local-as command was introduced
- With local-as it’s possible for one physically connected AS to appear as two separate AS’es the outside world
- Problem: ISP-A (AS 100) buys ISP-C (AS 300). ISP-B (AS 200) is unable to change its configuration.
- Solution: ISP-C (AS 300), even now physically integrated into ISP-A (AS 100), can use the local-as feature to still pretend being AS 300 to ISP-B.
“BGP local-AS” CLI configuration commands:
## Configuring the BGP local-as feature
Router(config)# router bgp <asn>
Router(config-router)# neighbor <ip> local-as <asn>
allowas-in
General information on “BGP allowas-in”:
- By default, incoming routes which include the own AS in the AS_PATH are discarded
- This is because BGP uses the AS_PATH as a loop prevention mechanism
- As soon as the own AS is seen in the AS_PATH, BGP thinks it’s a loop
- This can cause problems in special situations
- Problem: Two sites of the same customer are connected via MPLS (VPNv4) and use the same AS number. As soon as the routes of site A reach site B they will get discarded because site B sees his own AS number in the AS_PATH.
- Solution: Configure allowas-in per neighbor on both sides to allow the installation of routes which include the local AS number. Important: Configured on the customer site!
- Important: Configured on the customer site!
“BGP allowas-in” CLI configuration commands:
## Configuring the BGP allowas-in feature
Router(config)# router bgp <asn>
Router(config-router)# address-family [ipv4 | ipv6 | vpnv4 | ...]
Router(config-router-af)# neighbor <ip> allowas-in
as-override (not on blueprint)
General information on “BGP as-override”:
- Fixes the same problem like allowas-in but is applied on the provider site
- Should always be used together with the SoO (Site of Origin) feature
- Difference to allowas-in: as-override overrides the AS_PATH attributes of the originating AS with his own AS number.
- Important: Configured on the provider site!
“BGP as-override” CLI configuration commands:
## Configuring the BGP as-override feature
Router(config)# router bgp <asn>
Router(config-router)# address-family [ipv4 | ipv6 | vpnv4 | ...]
Router(config-router-af)# neighbor <ip> as-override split-horizon
remove-private-as
General information on “BGP remove-private-as”:
- Private AS numbers should never be leaked onto the internet (just like private IP address ranges)
- If connected to a single(!) ISP, a private AS can be used to conserve public AS numbers
- However, the ISP must remove the private AS before sending route updates to the global BGP mesh (internet)
- Important: The remove-private-as command must be applied on the ISP connecting to the global BGP mesh and not on the customer site!
“BGP remove-private-as” CLI configuration commands:
## Configuring the BGP remove-private-as feature
Router(config)# router bgp <asn>
Router(config-router)# address-family [ipv4 | ipv6 | vpnv4 | ...]
Router(config-router-af)# neighbor <ip> remove-private-as
1.5.d ii Prepend
General information on “BGP Prepend”:
- Normally an outbound policy but can also be used inbound
- Affects the neighbor where the route is advertised to
- Can be used to manipulate the AS Path and therefor influence the inbound traffic on the router
- Example: Neighbor X receives the same route from two peer A and B with the same AS_PATH. If you prepend several AS’es to the path from peer A the neighbor X he won’t consider the route in the best path selection process anymore since the AS_PATH is longer.
“BGP Prepend” CLI configuration commands:
## Configuring a route-map for AS Path prepending
Router(config)# route-map [NAME] permit
Router(config-route-map)# match [argument]
Router(config-route-map)# set as-path [prepend] [asn1 asn2 asn... | last-as]
## Applying the AS Path prepending route-map to a BGP neighbor
Router(config)# router bgp <asn>
Router(config-router)# address-family [ipv4 | ipv6 | vpnv4 | ...]
Router(config-router-af)# neighbor [IP | peer-group] route-map [ROUTE-MAP-NAME] out
1.5.d iii Regexp
General information on “BGP Regexp”:
- Regexp = Regular Expressions
- Used to match one/several string/s depending on the syntax
Regexp characters:
| Character | Function |
|---|---|
| ^ | Start of the string. |
| $ | End of the string. |
| [ ] | Defines a range. |
| - | Used to specify the range. |
| . | Any single character. |
| ? | Zero or one instance. |
| * | Zero or more instances. |
| + | One or more instances. |
| _ | Matches the space between AS numbers or the end of the AS_PATH list. |
| \\ | Escape character. Needed for BGP confederations. |
Regexp examples:
| String | Matches |
|---|---|
| .* | Anything. |
| ^$ | Locally originated routes. |
| ^10_ | Routes learned from AS 10. |
| _10_ | Routes transiting through AS 10. |
| ^[0-9]+$ | Directly connected AS'es. |
| _10$ | Routes originated in AS 10. |
| ^([0-9]+)_10 | Routes from AS 10 where AS 10 is behind one of our directly connected AS'es. |
| ^([0-9]+)_10 | Routes from peers of the directly connected AS 10. |