Migrating to an ASN

Unanswered Question
Apr 29th, 2009
User Badges:

Hello,


We currently have IP's from ARIN routed on our ISP's BGP. We provide them our IP subnet info and they put in their BGP and route them to our interface on their switches...


Now we received our own ASN from ARIN and we want to migrate over to doing the proper routing with our own ASN.


What is the best way to do that and can someone please provide clear instructions on how to do it ?


Very much appreciated


Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Thu, 04/30/2009 - 00:30
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Elazar,

if you have your own public BGP AS number you need to setup eBGP sessions with your upstream providers.


On these eBGP sessions you can and you should advertise your own IP address blocks.

On the eBGP sessions you can receive:

full BGP tables (this require a very powerful router)

only default routes

default routes + some specific routes from each upstream provider.


for examples of BGP multihoming see:


using a single router


http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a008009456d.shtml


using one router or multiple routers


http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a00800945bf.shtml


As a preliminary step you should also verify in ARIN that the ip public address blocks are associated to your ASN.


If you have multilayer switches that can run BGP you should be able to configure BGP multihoming if receiving only default routes or default routes + some routes.

To deal with multiple full Internet BGP tables you need C6500 with at least Sup 720 3BXL on them.


Just to provide some figures a full BGP table is now in the order of 288,000 routes.

You probably don't need it (unless you want to be able to classify traffic using netflow for security reasons).


All these operations require cooperation with ISP people : to setup a BGP session both sides have to configure it.


Hope to help

Giuseppe


interwebmedia Thu, 04/30/2009 - 07:34
User Badges:

Here is what we have.


We want to run BGP with ONE provider for now. So can you provide sample configuration I would need to put in, in order to have BGP running with me getting only the routes from my ISP, I do not want full bgp table routes..


Now they announce our IP's on their network so we need to change that to BGP.


1. What is the different between DEFAULT and DIRECTLY CONNECTED routes and which one should we take?


2. What changes would need to be done on the router in order to have BGP properly setup for that?


3. Can you please provide configuration commands so we can set that up?


Much Appreciated


Thanks

Giuseppe Larosa Thu, 04/30/2009 - 09:05
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Elazar,

the first link I've provided should provide all the necessary information.


However, I try to answer:


1) a default route is 0.0.0.0/0 is a sort a wildcard that represents the whole internet all the ipv4 address space.

Connected routes are simply the ip subnets associated to the router's interfaces.


2)


you need to create the BGP process, to configure an eBGP session with the provider and to advertise your own ip address block.


a possible config template is:


yourASN: is your ASN


router bgp yourASN

neigh provider-ip-address remote-as ISP-ASN


you need a direct ip link between your edge router and the ISP router.


the edge router can advertise an aggregated address of a given prefix len.

This summary route is advertised if there is at least one component route = one subnet present in the BGP table.


the edge router can install routes in the BGP table using the network command


let's say x.y.k.0/24 is one component subnet


router bgp yourASN

network x.y.k.0 mask 255.255.255.0


you add other components for example 7


network x.y.k+1.0 mask 255.255.255.0

...

network x.y.k+7.0 mask 255.255.255.0


to create the aggregate you need to use


router bgp yourASN


aggregate address x.y.k.0 mask 255.255.248.0 summary-only


you can also protect your router from receiving more routes then needed


prefix-list only-default permit 0.0.0.0/0


route-map accept_default_only permit 10

match ip address prefix-list only-default



router bgp yourASN

neigh isp-addr route-map accept_default_only in



you can find more details in the docs I've linked


Hope to help

Giuseppe






interwebmedia Wed, 05/06/2009 - 12:01
User Badges:

In my cisco 6509 with sup 720, the IP ROUTING is enabled by default on these devices.


Do I need to disable ip routing and then enable BGP routing? or simply enable BGP routing and it will take over on BGP and cancel off the static routing or how does it work


Thanks

Giuseppe Larosa Thu, 05/07/2009 - 01:13
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Elazar,

ip routing is required in any case.


BGP is a routin protocol that can be used for exchanging IP routes with other devices.


You need to enable the bgp process with


router bgp your.ASN


to really use the BGP route(s) you need to remove the default static route otherwise they will be used for their lower Administrative Distance AD


when the BGP default route is installed you should see:


B 0.0.0.0/0 [20/0]


Hope to help

Giuseppe

interwebmedia Thu, 05/07/2009 - 06:32
User Badges:

Ok we will have to implement it very soon. I wanted to post exactly what we have now and exactly what we are looking to do, if someone can post the EXACT and COMPLETE config commands to change it over it would be MUCH appreciated.


What we have now:


1 ISP which announces our networks on their BGP and we have a:


ip route 0.0.0.0 0.0.0.0 ISP-IP


on our end to send back the non local traffic back to our ISP.


Our ISP provided us with a /30 for communication between US and THEM.


So on our end it is XXX.XXX.XXX.10 and on theirs XXX.XXX.XXX.9


WHAT WE WANT TO DO:


We want to have the SAME provider but with BGP. We have our own ASN already.


We want to get only default routes from our ISP since we only have one ISP.


What would be the complete configuration to put in, in order to do this... We need to remove the static routing back to our ISP and move it over to BGP.


Can someone please let us know exactly what needs to be ADDED and REMOVED from the current configuration ??


Very much appreciated.


Thanks

Giuseppe Larosa Thu, 05/07/2009 - 08:15
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Elazar,


even I think I provided already all the needed information I understand that you would like to see a cleaner template and a procedure.


I try to use the same variables I provided before using the last details you have provided



yourASN = the AS number you have received from an authority like RIPE or ARIN


ISP.ASN = the ASN of your ISP (they need to provided it to you)




create a prefix-list to accept only default

conf t

ip prefix-list only-default permit 5 0.0.0.0/0


route-map filter-in permit 10

match ip address prefix only-default


!this is used to filter routes sent by ISP to you


!then you need to advertise your own ip address block

!network yourIPblock mask yourIPblock.mask


!Now you have all the objects to start BGP config


router bgp yourASN

neighbor XXX.XXX.XXX.9 remote-as ISP.ASN

neighbor XXX.XXX.XXX.9 route-map filter-in in

network yourIPblock mask yourIPblock.mask

!


!Notes about network command:


!your public ip address block has to be present in the ip routing table to be advertised to the ISP router.


!if you have multiple blocks you need multiple network commands one for each of them.


end




b) Checks


sh ip bgp


you should see

0.0.0.0 with next-hop XXX.XXX.XXX.9


this to verify reception of BGP route


use


sh ip bgp neigh XXX.XXX.XXX.9 advertised-routes


verify that you see your public network(s) here in the output


c)

if all checks are fine you can remove the default route

conf t

no ip route 0.0.0.0 0.0.0.0 ISP-IP



do sh ip route 0.0.0.0

you should see now a B route in your routing table


verify internet connectivity.


If everything is fine you have migrated to BGP successfully


e)

save config (very important)


write memory



Hope to help

Giuseppe



interwebmedia Thu, 05/07/2009 - 09:11
User Badges:

Hello,


ok thank you SO MUCH for this.


1) Now when you say yourIPblock.mask


Can you give a true example with a fake IP address. Does it mean 333.333.333.333.255.255.255.0 for example?


where 333.333.333.333 is the IP and 255.255.255.0 is the mask? thats the way to write it ???


2) when you say this "

!your public ip address block has to be present in the ip routing table to be advertised to the ISP router"


this is done by this command "network yourIPblock mask yourIPblock.mask" and I right? or does it mean I have to do something else...


Thank You

interwebmedia Thu, 05/07/2009 - 14:50
User Badges:

We have successfully implemented BGP. :) many thanks


How long before all websites like DNSSTUFF etc.. etc.. updates the AS number associated with our IP's to our own AS number ??


Thank you so much.

Actions

This Discussion