Confusion on BGP Confederation

Answered Question
Jun 1st, 2009
User Badges:
  • Purple, 4500 points or more

All,


I understand that a confederation is a collection of ASs that are presented to an ebgp peer as one AS. I configured this with 4 routers with all of them being in their own AS:


Router1: AS100 (EBGP)

Router2: AS200 -> Presented as 500 to AS100

Router3: AS300 -> Peered with AS200

Router4: AS300 -> Peered with AS200


Okay, so all of my peerings came up correctly, but Router1 is seeing the ASPath to Router4's loopback 4.4.4.4 through AS 500 and AS 300.


Is AS300 supposed to show on Router1's bgp table?


Thanks,

John

Correct Answer by Giuseppe Larosa about 8 years 3 weeks ago

Hello John,

R3 and E4 need to know they have to write their ASN in AS confed attribute and not in main AS path attribute.


once the AS path attribute is "corrupted" R2 cannot fix it.


Hope to help

Giuseppe


Correct Answer by Giuseppe Larosa about 8 years 3 weeks ago

Hello John,

also R3 and R4 need the commands


router bgp xx

bgp confed ident 500

bgp confed peer 200


Hope to help

Giuseppe


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Giuseppe Larosa Mon, 06/01/2009 - 06:34
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello John,


with BGP confederations:


BGP AS number is the mini AS

peer BGP numbers are defined with


bgp confederation peer list of other mini ASN


the public AS (to be seen outside) requires to be defined with

bgp confederation identifier xx


So you may need these commands to achieve BGP confederation scenario.


When correctly configured only public AS should be seen by real eBGP peer.


mini ASN are placed in Confed AS path separated by AS path

public AS is placed in AS path before sending to real eBGP peer, Confed As path is stripped




Hope to help

Giuseppe


John Blakley Mon, 06/01/2009 - 06:42
User Badges:
  • Purple, 4500 points or more

Giuseppe,


The confederation peers fine with the external peer, but the external peer was able to see the other external ASs that weren't peered with it.


For example, I had something like:


Router1:

ip address 192.168.1.1

as 100

neighbor Router2 remote-as 500


Router2:

ip address 192.168.1.2

ip address 192.168.3.1

ip address 192.168.4.1

AS 200

bgp confederation identifier 500

bgp confederation peer 400

bgp confederation peer 300

neighbor 192.168.1.1 remote-as 100

neighbor 192.168.3.1 remote-as 300

neighbor 192.168.4.1 remote-as 400


Router3:

AS 300

network 192.168.3.0 mask 255.255.255.0

neighbor 192.168.3.1 remote-as 200


Router4:

AS400

network 192.168.4.0 mask 255.255.255.0

neighbor 192.168.4.1 remote-as 200



The above is all from memory, so I may be missing something, but this is the gist of it. If you did a "sh ip bgp" on Router 1, you would see something like:


Network Peer AS Path

*>192.168.4.0 192.168.1.2 500 400


Thanks,

John

Correct Answer
Giuseppe Larosa Mon, 06/01/2009 - 08:31
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello John,

also R3 and R4 need the commands


router bgp xx

bgp confed ident 500

bgp confed peer 200


Hope to help

Giuseppe


John Blakley Mon, 06/01/2009 - 08:35
User Badges:
  • Purple, 4500 points or more

Ah. So the peers that are part of the confederation will still go out as their own AS if they're not configured the same way the router is that's peering with the ebgp peer? I guess that makes sense. I'll play with it tonight and let you know tomorrow.


Thanks Giuseppe!


John

Correct Answer
Giuseppe Larosa Mon, 06/01/2009 - 09:05
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello John,

R3 and E4 need to know they have to write their ASN in AS confed attribute and not in main AS path attribute.


once the AS path attribute is "corrupted" R2 cannot fix it.


Hope to help

Giuseppe


John Blakley Tue, 06/02/2009 - 05:37
User Badges:
  • Purple, 4500 points or more

Adding "bgp confederation peers" and "bgp confederation identifiers" to every AS solved the problem Giuseppe. Thanks!


John

Actions

This Discussion