[194527] in North American Network Operators' Group
Question about experiences with BGP remote-AS
daemon@ATHENA.MIT.EDU (LF OD)
Fri May 5 12:55:42 2017
X-Original-To: nanog@nanog.org
From: LF OD <bz_siege_01@hotmail.com>
To: "nanog@nanog.org" <nanog@nanog.org>
Date: Fri, 5 May 2017 16:55:36 +0000
Errors-To: nanog-bounces@nanog.org
We have a number of small routers in co-lo sites that peer with B2B partner=
s. As more of our partners move to cloud, we are considering a consolidatio=
n effort and putting all of our peering routers in a cloud exchange site o=
n a single HA pair of routers. Now, each existing B2B peering router uses a=
unique private ASN to EBGP peer with partners and they, in turn, EBGP peer=
with our extranet perimeter ASNs for security vetting and other stuff.
We looked for a medium-density router (or L3-switch) that can replace multi=
ple small routers (b2b-only, no internet), but we need to retain all of our=
existing ASNs and peerings. As it turns out, there are many routers that c=
an do VRFs but you cannot put a unique ASN on each VRF so replicating the o=
ld environment isn't quite that straightforward. The BGP remote-as looks to=
be a possible alternative solution, but we've never used it in production =
and we are unsure of the caveats. Taken at face value, it looks like we can=
mimic the multi-router/unique-ASN environment we have today on a single pl=
atform. However, networking is rarely as smooth as that so I'm asking some =
of the BGP gurus... what are the pros/cons of doing using remote-as? If any=
one here uses it extensively, we could really use some feedback if you run =
into challenges or hidden surprises that we wouldn't normally think of befo=
rehand.
Thanks in advance!
LFOD
