[135072] in North American Network Operators' Group
Re: Single AS Number for multiple prefixes in different country
daemon@ATHENA.MIT.EDU (Patrick W. Gilmore)
Mon Jan 17 03:20:49 2011
From: "Patrick W. Gilmore" <patrick@ianai.net>
In-Reply-To: <AANLkTikwo35c+iVjzpZS7p2Fum4DRbmUOHfa6kbvHq+a@mail.gmail.com>
Date: Mon, 17 Jan 2011 03:20:32 -0500
To: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Jan 17, 2011, at 12:32 AM, Michel de Nostredame wrote:
> On Fri, Jan 14, 2011 at 12:30 PM, Patrick W. Gilmore =
<patrick@ianai.net> wrote:
>> On Jan 14, 2011, at 11:03 AM, Michel de Nostredame wrote:
>>> On Fri, Jan 14, 2011 at 3:33 AM, Bogdan <shoshon@shoshon.ro> wrote:
>>>> allowas-in will do the trick
>>> Provided your uplink ISP does not filter out that.
>> Why would your upstream filter that out?
>> I would get a new upstream if they do.
>=20
> According to Juniper junos document,
>=20
> "BGP checks whether the neighboring AS matches the AS of the external
> peer to which the router is advertising. If there is a match, the
> route advertisement is suppressed. Advertisement suppression is
> enabled by default for BGP peers configured in non-VPN routing and
> forwarding (VRF) instances, including the master instance."
I do not think that paragraph means what you think it means.
I've seen my own AS in full tables from upstreams using Juniper routers =
many times.
--=20
TTFN,
patrick
> We may not able to assume all ISP willing to or by-default add
> "advertise-peer-as" into configuration if they use a Juniper router.
> Also we may not able to assume ISP will not put a policy/route-map to
> prevent route been advertised to the same AS.
>=20
> If there is a need to use single-AS in multiple sites and these sites
> need to communicate each other via Internet ISP, statically route
> traffic to Internet (or a default route to Internet) would be safer.
>=20
> If there is a need on this kind of communication, or the communication
> been done via a tunnel with both sides using ISP's IP (interface IP)
> as tunnel source, then there should have no risk to use single-AS in
> multiple sites in terms of connectivity.
>=20
> --
> Michel~
>=20
