Hello all, We are running into an issue transiting a down stream ASN. E.g. Uplink <-> Our ASN <-> Downlink ASN To me it seems we should only need to bgp_path.prepend our outbound filter, however our uplink is dropping the as path when we run it that way. Any suggestions as to what I am missing to carrier a downstream ASN and prefixes to our uplinks? Thanks so much, Mike -- Michael McConnell WINK Streaming; email: michael@winkstreaming.com <mailto:michael@winkstreaming.com> phone: +1 312 281-5433 x 7400 cell: +506 8706-2389 skype: wink-michael web: http://winkstreaming.com <http://winkstreaming.com/>
On 2017/03/26 09:08, Michael McConnell wrote:
Hello all,
We are running into an issue transiting a down stream ASN. E.g. Uplink <-> Our ASN <-> Downlink ASN
To me it seems we should only need to bgp_path.prepend our outbound filter, however our uplink is dropping the as path when we run it that way.
Any suggestions as to what I am missing to carrier a downstream ASN and prefixes to our uplinks?
Have you asked your transit providers to accept your announcements for the downstream AS?
Thanks for your comment. Yes, they see the prefix announcement and we’ve done all the LOA fun, but somehow we are just not getting the route as_path loading correctly. On quagga we just ‘set as-path prepend ASN’ and bgp_path.prepend is pretty much the equivalent but not having any luck. Cheers, Mike -- Michael McConnell WINK Streaming; email: michael@winkstreaming.com <mailto:michael@winkstreaming.com> phone: +1 312 281-5433 x 7400 cell: +506 8706-2389 skype: wink-michael web: http://winkstreaming.com <http://winkstreaming.com/>
On Mar 26, 2017, at 9:48 AM, Stuart Henderson <stu@spacehopper.org> wrote:
On 2017/03/26 09:08, Michael McConnell wrote:
Hello all,
We are running into an issue transiting a down stream ASN. E.g. Uplink <-> Our ASN <-> Downlink ASN
To me it seems we should only need to bgp_path.prepend our outbound filter, however our uplink is dropping the as path when we run it that way.
Any suggestions as to what I am missing to carrier a downstream ASN and prefixes to our uplinks?
Have you asked your transit providers to accept your announcements for the downstream AS?
On dim. 26 mars 09:08:25 2017, Michael McConnell wrote:
Hello all,
We are running into an issue transiting a down stream ASN. E.g. Uplink <-> Our ASN <-> Downlink ASN
To me it seems we should only need to bgp_path.prepend our outbound filter, however our uplink is dropping the as path when we run it that way.
Any suggestions as to what I am missing to carrier a downstream ASN and prefixes to our uplinks?
Thanks so much, Mike
Hi, why do you want to bgp_path.prepend? Your ASN will be automatically added in the path if you act as transit between upstream and downstream AS. Exemple: template bgp DOWNSTREAM { import keep filtered; export all; } function bgp_filter_customer_in (prefix customer_prefix) { if ! (net ~ customer_prefix) then return false; else return true; } filter bgp_filter_customer_petrus_in { if (bgp_filter_customer_in(2001:678:3cc::/48)) then accept; else reject "Prefix filtered for petrus"; } protocol bgp bgp_petrus from DOWNSTREAM { local as 204092; description "BGP for petrus"; neighbor 2a00:5884::25 as 206155; import keep filtered; import filter bgp_filter_customer_petrus_in; } And from another router, we see that: bird> show route all protocol bgp_grifon_nominoe 2a00:5884::/32 via 2001:7f8:b1::a on eth2 [bgp_grifon_nominoe 12:41:15] (100) [AS204092i] Type: BGP unicast univ BGP.origin: IGP BGP.as_path: 204092 BGP.next_hop: 2001:7f8:b1::a fe80::215:17ff:fe39:f01a BGP.local_pref: 100 2001:678:3cc::/48 via 2001:7f8:b1::a on eth2 [bgp_grifon_nominoe 12:41:15] (100) [AS206155i] Type: BGP unicast univ BGP.origin: IGP BGP.as_path: 204092 206155 BGP.next_hop: 2001:7f8:b1::a fe80::215:17ff:fe39:f01a BGP.local_pref: 100 So, we have our prefix with just our ASN, and 2001:678:3cc::/48 with our and the customer ASN. -- alarig
Thank you very much for that example and output. I’ve been leading towards bgp_path.prepend as I am getting BGP.as_path as blank. show route all 10.10.10.10/24 10.10.10.10/24 via 192.168.1.1 on bond0 [border7 20:40:33] * (100) [AS65999i] Type: BGP unicast univ BGP.origin: IGP BGP.as_path: 714 2914 20473 2828 BGP.next_hop: 10.10.10.10 BGP.local_pref: 100 BGP.community: (65000,475) (65050,214) unreachable [edge140 20:45:45 from 192.168.1.120] (100/-) [i] Type: BGP unicast univ BGP.origin: IGP BGP.as_path: BGP.next_hop: 192.168.1.120 BGP.local_pref: 100 To me it seemed like I needed to add a prepend to the path to have the parameter set. Your example now has me thinking i’ve got some more basic routing issue. Thanks again for your comment -- Michael McConnell WINK Streaming; email: michael@winkstreaming.com <mailto:michael@winkstreaming.com> phone: +1 312 281-5433 x 7400 cell: +506 8706-2389 skype: wink-michael web: http://winkstreaming.com <http://winkstreaming.com/>
On Mar 26, 2017, at 10:16 AM, Alarig Le Lay <alarig@swordarmor.fr> wrote:
On dim. 26 mars 09:08:25 2017, Michael McConnell wrote:
Hello all,
We are running into an issue transiting a down stream ASN. E.g. Uplink <-> Our ASN <-> Downlink ASN
To me it seems we should only need to bgp_path.prepend our outbound filter, however our uplink is dropping the as path when we run it that way.
Any suggestions as to what I am missing to carrier a downstream ASN and prefixes to our uplinks?
Thanks so much, Mike
Hi, why do you want to bgp_path.prepend? Your ASN will be automatically added in the path if you act as transit between upstream and downstream AS.
Exemple:
template bgp DOWNSTREAM { import keep filtered; export all; }
function bgp_filter_customer_in (prefix customer_prefix) { if ! (net ~ customer_prefix) then return false; else return true; }
filter bgp_filter_customer_petrus_in { if (bgp_filter_customer_in(2001:678:3cc::/48)) then accept; else reject "Prefix filtered for petrus"; }
protocol bgp bgp_petrus from DOWNSTREAM { local as 204092; description "BGP for petrus"; neighbor 2a00:5884::25 as 206155; import keep filtered; import filter bgp_filter_customer_petrus_in; }
And from another router, we see that: bird> show route all protocol bgp_grifon_nominoe 2a00:5884::/32 via 2001:7f8:b1::a on eth2 [bgp_grifon_nominoe 12:41:15] (100) [AS204092i] Type: BGP unicast univ BGP.origin: IGP BGP.as_path: 204092 BGP.next_hop: 2001:7f8:b1::a fe80::215:17ff:fe39:f01a BGP.local_pref: 100 2001:678:3cc::/48 via 2001:7f8:b1::a on eth2 [bgp_grifon_nominoe 12:41:15] (100) [AS206155i] Type: BGP unicast univ BGP.origin: IGP BGP.as_path: 204092 206155 BGP.next_hop: 2001:7f8:b1::a fe80::215:17ff:fe39:f01a BGP.local_pref: 100
So, we have our prefix with just our ASN, and 2001:678:3cc::/48 with our and the customer ASN.
-- alarig
On 3/26/17 10:08 AM, Michael McConnell wrote:
Hello all,
We are running into an issue transiting a down stream ASN. E.g. Uplink <-> Our ASN <-> Downlink ASN
To me it seems we should only need to bgp_path.prepend our outbound filter, however our uplink is dropping the as path when we run it that way.
Any suggestions as to what I am missing to carrier a downstream ASN and prefixes to our uplinks?
Typically the filters configured on the upstream ASNs router will be based on prior agreement, or derived (by prior agreement) from a RADB object, in either case the resulting filter is minimally permissive to prevent leaks, accidents or hijacking. advertising additional prefixes or providing transit for a downstream ASNs therefore requires either coordination or the update of a route object.
Thanks so much, Mike
*--* *Michael McConnell* *WINK Streaming;* *email:* michael@winkstreaming.com <mailto:michael@winkstreaming.com> *phone:* +1 312 281-5433 *x 7400* *cell:* +506 8706-2389 *skype:* wink-michael *web:* http://winkstreaming.com <http://winkstreaming.com/>
participants (4)
-
Alarig Le Lay -
joel jaeggli -
Michael McConnell -
Stuart Henderson