One router - Two ASN

Ondrej Zajicek santiago at crfreenet.org
Sun Mar 25 23:20:30 CEST 2012 

On Sat, Mar 24, 2012 at 10:23:37AM -0300, Henrique de Moraes Holschuh wrote:
> On Sat, 24 Mar 2012, Oleg wrote:
> > On Sat, Mar 24, 2012 at 09:00:34AM +0100, Mi??osz Oller wrote:
> > > How can I run two asn on one router?
> > > 
> > > Example:
> > > 
> > >   ISP1 
> > >      |
> > > ---------------
> > > | AS1 - AS2 |
> > > ---------------
> > >                |
> > >             ISP2
> > > 
> > > ISP1 is connected to AS1, ISP2 is connected to AS2. How can I configure
> > > connection AS1-AS2 with bgp protocol on localhost (neighbor ip and
> > > source address)? 
> > 
> >   What about local option of bgp protocol?
> > http://bird.network.cz/?get_doc&f=bird-6.html#ss6.1
> 
> The documentation (or the wiki, I don't recall) mentions that you *may*
> have to handle some AS_PATH details manually.  That means it can be
> done, but the documentation is annoyingly vague about what you have to
> do to get it to work well (and safely).

Running two sessions with different local AS numbers is possible,
but it si definitely an advanced topic and not an expected use case.
Probably the most elegant way would be to have two routing tables,
one for each local AS (BGP sessions with that local AS connected
to that table) and these tables connected with a pipe with filters
like (for direction from A to B):

bgp_path.append(A);
if B ~ bgp_path then reject;

(although B ~ bgp_path -> reject would be perhaps better in import
filter of BGP protocols of A)

Obviously, the issue is a lot simpler if you do not want redistribute
routes from one BGP neighbor to another one.

> Anyway, you already have to handle mostly everything manually anyway as
> far as enforcing route/attribute sanity on BGP import and export. bird
> automates very little as far as eBGP sanity checking goes: it validades
> the BGP wire protocol, handles AS4_PATH transparently (annoyingly still
> documented as "not supported" in one of the bgp protocol headers)

Where? I cannot find that.

> and
> probably a few other details, but that's it.  Look at the BGP filtering
> example in the Wiki, that thing should be part of the official
> documentation, as it ends up documenting stuff that you _must_ always do
> in iBGP/eBGP filters...

This is generally a mechanism / policy split. BIRD as a BGP daemon
implements standard BGP behavior specified by appropriate BGP RFCs,
while things like eBGP sanity checks and usual filtering are more like
best practices for a BGP policy. These BGP practices differ and evolve
regardless of the BGP code/implementation, so it is natural to have such
examples in wiki.

-- 
Elen sila lumenn' omentielvo

Ondrej 'SanTiago' Zajicek (email: santiago at crfreenet.org)
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
"To err is human -- to blame it on a computer is even more so."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20120325/93a63b70/attachment-0001.asc>

More information about the Bird-users mailing list