BGP Local-AS feature: the basics

I’ve always thought that Cisco introduced the BGP Local-AS feature into IOS to support complex MPLS VPN design scenarios. Obviously I was wrong, the early documentation always describes an ISP AS merging scenario. Unfortunately, all the articles I’ve found skip some important details: they describe the basics and the configuration commands, but forget to mention the impact on the AS paths received by the ISP customers. Obviously we need a more thorough description of this feature.

Read the whole article in the CT3 wiki

2 comments:

  1. Yap Chin Hoong25 May, 2010 06:14

    I got to know the "bgp enforce-first-as" command when studying the BGP Best-Path Selection Algorithm. By looking at the output of the "show ip bgp" command when implementing BGP Local-AS, I said, ahha, this is the time to prove the working of the "bgp enforce-first-as" command.
    So I went conf t, router bgp, bgp enforce, show ip bgp, hmm, still here, this should be the time for me to test out another command - soft-configuration inbound, followed by clear ip bgp x.x.x.x soft in, hmm, the BGP route is still here, clear ip bgp x.x.x.x, aargghhh, still there. >:o

    show run, hey, where is my "bgp enforce-first-as" command? What? It is enabled by default? @_@

    After some thought, another ASN (the local AS) actually being prepended to the AS_SEQUENCE by the local router, the EBGP peer doing its job correctly therefore not being discarded by the "bgp enforce-first-as" command.

    I think I will only able to see the operation of the "bgp enforce-first-as" when reading more about BGP route spoofing attacks in the future, now it is good enough for my ROUTE exam. :)

    ReplyDelete
  2. Ivan Pepelnjak25 May, 2010 12:53

    You can't generate an AS-number mismatch that the "bgp enforce-first-as" would catch with an IOS BGP feed, you need a broken implementation for that.

    ReplyDelete

You don't have to log in to post a comment, but please do provide your real name/URL. Anonymous comments might get deleted.

Ivan Pepelnjak, CCIE#1354, is the chief technology advisor for NIL Data Communications. He has been designing and implementing large-scale data communications networks as well as teaching and writing books about advanced technologies since 1990. See his full profile, contact him or follow @ioshints on Twitter.