Network Migration with BGP Local-AS Feature

I’ve always thought that Cisco introduced the BGP Local-AS feature into IOS to support complex MPLS VPN design scenarios. Obviously I was wrong, the early documentation always describes an ISP AS merging scenario. Unfortunately, all the articles I’ve found skip some important details: they describe the basics and the configuration commands, but forget to mention the impact on the AS paths received by the ISP customers.

I described those details in an article that has disappeared from the Internet sometime in 2019, but fortunately archive.org retained a copy of it.

Would you like me to migrate that article to ipSpace.net? Send me a message and I just might do it...

2 comments:

  1. I got to know the "bgp enforce-first-as" command when studying the BGP Best-Path Selection Algorithm. By looking at the output of the "show ip bgp" command when implementing BGP Local-AS, I said, ahha, this is the time to prove the working of the "bgp enforce-first-as" command.
    So I went conf t, router bgp, bgp enforce, show ip bgp, hmm, still here, this should be the time for me to test out another command - soft-configuration inbound, followed by clear ip bgp x.x.x.x soft in, hmm, the BGP route is still here, clear ip bgp x.x.x.x, aargghhh, still there. >:o

    show run, hey, where is my "bgp enforce-first-as" command? What? It is enabled by default? @_@

    After some thought, another ASN (the local AS) actually being prepended to the AS_SEQUENCE by the local router, the EBGP peer doing its job correctly therefore not being discarded by the "bgp enforce-first-as" command.

    I think I will only able to see the operation of the "bgp enforce-first-as" when reading more about BGP route spoofing attacks in the future, now it is good enough for my ROUTE exam. :)
  2. You can't generate an AS-number mismatch that the "bgp enforce-first-as" would catch with an IOS BGP feed, you need a broken implementation for that.
Add comment
Sidebar