On Sun, Mar 31, 2019 at 01:09:06PM +0200, Claudio Jeker wrote:
> On Fri, Mar 29, 2019 at 08:36:26AM +0100, openbsd@kene.nu wrote:
> > I forgot to add to my previous email. One thing that could be useful
> > in this case is to mimic the Cisco option "neighbor x.x.x.x
> > remove-private-as" which removes any private ASes from the path on any
> > updates to a peer. Just throwing it out there, cant be a very
> > difficult option to implement I guess?
>
> I think changing the AS PATH is a bad thing, removing elements from your
> AS path has a major impact on the route selection and opens doors for
> routing loops. In general I will only add features like 'as-override' when
> there is a clear reason why it is needed.
> So my question is, why do you need to use private AS numbers in your
> internal network?
It's common to use private AS numbers in data center networks for Clos
topologies (one AS number per leaf switch and one for all spine switches
because of ECMP).
Private AS numbers are also used for large DMVPN deployments.
Many BGP implementations have this feature:
Junos (remove-private), NetIron (remove-private-as), IOS (remove-private-as)
>
> > On Thu, Mar 28, 2019 at 2:55 PM <openbsd@kene.nu> wrote:
> > >
> > > That will indeed help. Will check it out.
> > >
> > > How I have solved it now is by having network statements on the edge
> > > (/24s). To make the internal routing work I announce more specific
> > > prefixes from the internal router, so externally I announce a /24
> > > (from edge to peering partners) but internally I announce two /25s
> > > (from internal to edge). That way internet knows how to find my /24
> > > and edge knows how to find its way internally due to /25 being more
> > > specific compared to /24.
> > >
> > > On Wed, Mar 27, 2019 at 9:33 PM Sebastian Benoit <benoit-lists@fb12.de> wrote:
> > > >
> > > > openbsd@kene.nu(openbsd@kene.nu) on 2019.03.27 12:25:33 +0100:
> > > > > Hello,
> > > > >
> > > > > That would unforunately affect all the prefixes announced to the edge
> > > > > router from the internal router. I need it to be only prefixes
> > > > > announced to my peering partners.
> > > > >
> > > > > /Oscar
> > > > >
> > > > > On Tue, Mar 26, 2019 at 3:50 PM Denis Fondras <openbsd@ledeuns.net> wrote:
> > > > > >
> > > > > > On Tue, Mar 26, 2019 at 02:54:38PM +0100, openbsd@kene.nu wrote:
> > > > > > > Hello,
> > > > > > >
> > > > > > > Is there a way to make openbgpd strip private ASNs from updates it
> > > > > > > sends to certain neighbors?
> > > > > > > I am using openbgpd on my edge routers and distribute routes generated
> > > > > > > internally to the rest of the world. However, the internal routers use
> > > > > > > private ASNs and this is obviously frowned upon by my peering
> > > > > > > partners.
> > > > > > >
> > > > > > > I can of course have network statements on my edge routers but that
> > > > > > > assumes the prefixes will always be reachable via said edge router,
> > > > > > > something I can never be certain of. I would rather the updates rely
> > > > > > > on the prefix actually being announced from the source.
> > > > > > >
> > > > > >
> > > > > > Perhaps with transparent-as ?
> > > >
> > > > In current (snapshots) there is "as-override":
> > > >
> > > > as-override (yes|no)
> > > > If set to yes, all occurrences of the neighbor AS in the AS
> > > > path will be replaced with the local AS before running the
> > > > filters. The Adj-RIB-In still holds the unmodified AS path.
> > > > The default value is no.
> > > >
> > > > this is a neighbor option and used on the session to a peer that uses a
> > > > private AS.
> > > >
> > > > You dont say much about your network structure, but if your edge router has
> > > > a normal As number, and your internal ebgp peers have private As numbers,
> > > > this option will help.
> > > >
> > > > /Benno
> > > >
> >
>
> --
> :wq Claudio
>
No comments:
Post a Comment