cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
690
Views
0
Helpful
9
Replies

Migrating to an ASN

interwebmedia
Level 1
Level 1

Hello,

We currently have IP's from ARIN routed on our ISP's BGP. We provide them our IP subnet info and they put in their BGP and route them to our interface on their switches...

Now we received our own ASN from ARIN and we want to migrate over to doing the proper routing with our own ASN.

What is the best way to do that and can someone please provide clear instructions on how to do it ?

Very much appreciated

Thanks

9 Replies 9

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Elazar,

if you have your own public BGP AS number you need to setup eBGP sessions with your upstream providers.

On these eBGP sessions you can and you should advertise your own IP address blocks.

On the eBGP sessions you can receive:

full BGP tables (this require a very powerful router)

only default routes

default routes + some specific routes from each upstream provider.

for examples of BGP multihoming see:

using a single router

http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a008009456d.shtml

using one router or multiple routers

http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a00800945bf.shtml

As a preliminary step you should also verify in ARIN that the ip public address blocks are associated to your ASN.

If you have multilayer switches that can run BGP you should be able to configure BGP multihoming if receiving only default routes or default routes + some routes.

To deal with multiple full Internet BGP tables you need C6500 with at least Sup 720 3BXL on them.

Just to provide some figures a full BGP table is now in the order of 288,000 routes.

You probably don't need it (unless you want to be able to classify traffic using netflow for security reasons).

All these operations require cooperation with ISP people : to setup a BGP session both sides have to configure it.

Hope to help

Giuseppe

Here is what we have.

We want to run BGP with ONE provider for now. So can you provide sample configuration I would need to put in, in order to have BGP running with me getting only the routes from my ISP, I do not want full bgp table routes..

Now they announce our IP's on their network so we need to change that to BGP.

1. What is the different between DEFAULT and DIRECTLY CONNECTED routes and which one should we take?

2. What changes would need to be done on the router in order to have BGP properly setup for that?

3. Can you please provide configuration commands so we can set that up?

Much Appreciated

Thanks

Hello Elazar,

the first link I've provided should provide all the necessary information.

However, I try to answer:

1) a default route is 0.0.0.0/0 is a sort a wildcard that represents the whole internet all the ipv4 address space.

Connected routes are simply the ip subnets associated to the router's interfaces.

2)

you need to create the BGP process, to configure an eBGP session with the provider and to advertise your own ip address block.

a possible config template is:

yourASN: is your ASN

router bgp yourASN

neigh provider-ip-address remote-as ISP-ASN

you need a direct ip link between your edge router and the ISP router.

the edge router can advertise an aggregated address of a given prefix len.

This summary route is advertised if there is at least one component route = one subnet present in the BGP table.

the edge router can install routes in the BGP table using the network command

let's say x.y.k.0/24 is one component subnet

router bgp yourASN

network x.y.k.0 mask 255.255.255.0

you add other components for example 7

network x.y.k+1.0 mask 255.255.255.0

...

network x.y.k+7.0 mask 255.255.255.0

to create the aggregate you need to use

router bgp yourASN

aggregate address x.y.k.0 mask 255.255.248.0 summary-only

you can also protect your router from receiving more routes then needed

prefix-list only-default permit 0.0.0.0/0

route-map accept_default_only permit 10

match ip address prefix-list only-default

router bgp yourASN

neigh isp-addr route-map accept_default_only in

you can find more details in the docs I've linked

Hope to help

Giuseppe

In my cisco 6509 with sup 720, the IP ROUTING is enabled by default on these devices.

Do I need to disable ip routing and then enable BGP routing? or simply enable BGP routing and it will take over on BGP and cancel off the static routing or how does it work

Thanks

Hello Elazar,

ip routing is required in any case.

BGP is a routin protocol that can be used for exchanging IP routes with other devices.

You need to enable the bgp process with

router bgp your.ASN

to really use the BGP route(s) you need to remove the default static route otherwise they will be used for their lower Administrative Distance AD

when the BGP default route is installed you should see:

B 0.0.0.0/0 [20/0]

Hope to help

Giuseppe

Ok we will have to implement it very soon. I wanted to post exactly what we have now and exactly what we are looking to do, if someone can post the EXACT and COMPLETE config commands to change it over it would be MUCH appreciated.

What we have now:

1 ISP which announces our networks on their BGP and we have a:

ip route 0.0.0.0 0.0.0.0 ISP-IP

on our end to send back the non local traffic back to our ISP.

Our ISP provided us with a /30 for communication between US and THEM.

So on our end it is XXX.XXX.XXX.10 and on theirs XXX.XXX.XXX.9

WHAT WE WANT TO DO:

We want to have the SAME provider but with BGP. We have our own ASN already.

We want to get only default routes from our ISP since we only have one ISP.

What would be the complete configuration to put in, in order to do this... We need to remove the static routing back to our ISP and move it over to BGP.

Can someone please let us know exactly what needs to be ADDED and REMOVED from the current configuration ??

Very much appreciated.

Thanks

Hello Elazar,

even I think I provided already all the needed information I understand that you would like to see a cleaner template and a procedure.

I try to use the same variables I provided before using the last details you have provided

yourASN = the AS number you have received from an authority like RIPE or ARIN

ISP.ASN = the ASN of your ISP (they need to provided it to you)

create a prefix-list to accept only default

conf t

ip prefix-list only-default permit 5 0.0.0.0/0

route-map filter-in permit 10

match ip address prefix only-default

!this is used to filter routes sent by ISP to you

!then you need to advertise your own ip address block

!network yourIPblock mask yourIPblock.mask

!Now you have all the objects to start BGP config

router bgp yourASN

neighbor XXX.XXX.XXX.9 remote-as ISP.ASN

neighbor XXX.XXX.XXX.9 route-map filter-in in

network yourIPblock mask yourIPblock.mask

!

!Notes about network command:

!your public ip address block has to be present in the ip routing table to be advertised to the ISP router.

!if you have multiple blocks you need multiple network commands one for each of them.

end

b) Checks

sh ip bgp

you should see

0.0.0.0 with next-hop XXX.XXX.XXX.9

this to verify reception of BGP route

use

sh ip bgp neigh XXX.XXX.XXX.9 advertised-routes

verify that you see your public network(s) here in the output

c)

if all checks are fine you can remove the default route

conf t

no ip route 0.0.0.0 0.0.0.0 ISP-IP

do sh ip route 0.0.0.0

you should see now a B route in your routing table

verify internet connectivity.

If everything is fine you have migrated to BGP successfully

e)

save config (very important)

write memory

Hope to help

Giuseppe

Hello,

ok thank you SO MUCH for this.

1) Now when you say yourIPblock.mask

Can you give a true example with a fake IP address. Does it mean 333.333.333.333.255.255.255.0 for example?

where 333.333.333.333 is the IP and 255.255.255.0 is the mask? thats the way to write it ???

2) when you say this "

!your public ip address block has to be present in the ip routing table to be advertised to the ISP router"

this is done by this command "network yourIPblock mask yourIPblock.mask" and I right? or does it mean I have to do something else...

Thank You

We have successfully implemented BGP. :) many thanks

How long before all websites like DNSSTUFF etc.. etc.. updates the AS number associated with our IP's to our own AS number ??

Thank you so much.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco