I have a doubt , I want to use same ASN number at different sites with different- different ISP.(consider i have public ip range 22.214.171.124/24 )
consider I have a public server with ip 126.96.36.199 at site A and and if i advertise same Public pool at B site , how return traffic know that if it has to come at site A or B.
or if some one from Internet want to access this 188.8.131.52 public server , Is that request will come to on Site A router or Site B router .
Are your two sites connected in any way? Or are they completely separate sites running the same AS?
Now, if you have for examle (184.108.40.206/24), and advertise this network out to the network, you could do AS_PATH prepending to try and equal out AS_PATH lengths for both routes, but I wouldn't recommend doing it this way.
I'm assuming these are Provider Independent addresses, so you could advertise out specific prefixes with a /32, and use AS_PATH prepending as well, for kind of a "double shot" so to speak.
You could also split up the /24 into two /25s, with one /25 being in Site A and another being in Site B.
Thanks for reply
These sites are not connected and they are completly separate sites runing same AS.
Yes my public Pool is From APNIC and it is ISP provider independent .
i have ask my both ISP and they are saying that they can not split /24 pool in /25 ,with one at site A another at site B.
I basically looking for a DR solution and if my site A goes down then my public ip 220.127.116.11 would be UP and work.
any suggestion ?
Thanks for the reply.
If you want to do this as a DR solution, this can be done pretty easy.
You can have the eBGP link going to your ISP that you want to use as backup, configure AS_PATH prepending, so it should never be used, for incoming traffic, unless the primary eBGP link goes down.
So you could do the following for example: (You can configure it out you like, this is jus an example)
access-list 1 permit 18.104.22.168 255.255.255.0
route-map ASPATH_PREPEND permit 10
match ip address 1
set as-path preped ASN ASN ASN
router bgp ASN
As long as your primary ISP eBGP peer doesnt' go down, the 22.214.171.124/24 NLRI information from the Internet should always be taken, since it has a shorter AS_PATH
Feel free to research AS_PATH prepending to make sure this is something you want to implement, but this would be my suggestion.
Thanks a lot for help
i have done some research on As path prepend and i think this will work.
i will let you know as i will complete my testing on test environment.
I had the exact same scenario.
I have my own, provider independent Public AS and a /23 Public IP.
We have 2 DC at 2 different locations with 2 Internet Routers at each site. Each receiving a FULL BGP table. So in a nutshell, I have 2 Datacenters ( San Diego and Phoenix), 4 ISP's (2 per DC),. Each site has redundant ISP's (eBGP to ISP and a iBGP between the 2 routers sharing the full internet routes) and I want to start advertising my new ARIN /23 IP via ANYCAST from the 2 DC's to all 4 ISP's.
DC # 2 is NOT live yet and I was wondering if I can use my same San Diego DC ARIN ASN and advertise my subnet?
Any feedback will be greatly appreciated.
assuming that hte two DC's are interconnected, it is probably best to link the two DC's via iBGP also.
you can advertise your subnet on either border router, but it may be the case that the shortest path through the internet is via DC1 whereas the host to be reached is in DC2. This means that you need to have some link between DC1 and DC2.
If you don't like that, then you need to split the subnet you have and advertise a smaller prefix on either of the border routers of DC1 and DC2, but you'll have to check with your ISP's to see if they can accept your 2 /24's as opposed to a single /23.
Thanks for your response :) The 2 DC have a 1 Gb P2P connection. However, there are firewalls and other stuff in between and having an iBGP between my 2 DC border routers would mean that internet traffic outbound could go either way. We want to avoid this.
DC1 should always be the preffered inbound & outbound route, DC2 will have a 4-6 AS Prepends so that it is never preferred when DC1 is UP.
Will this configuration work , even without having an iBGP between DC's? Thanks!
hey networkcar, yeah that is perfectly doable and possible.
with the as-prepend you will definitely de-prefer the DC2 path,
you only want to make sure that of course it should not be a private AS, but your own AS that is pre-pended, and also check with your ISP's on DC2 whether they can accept that from you (the prepended path) and not strip it, or if else if they can add a few instances of your AS to the path to de-prefer it.
But if I may suggest, just thinking out loud here, you are effectively creating an active/standby design here, which may be "waste" of cost/power etc on DC2 side, possibly, you may consider using them both, but for different sources or different destinations. You can achieve this nicely at some point if you address your DC's well by being concious about the addressing used in each DC.
Or use private addressing and consider NAT on your borders (aik?:), it is an option to consider if you like to change addressing at some point for that orchestration and chnging nat stations and updating dns entries is always easier then re-addressing your hosts.
I just checked from the feeds taht I get from the cisco border routers and the average path length is about 5 AS, so prepending it by 4 to 6 will or should definitely do the trick for you.
if you can share your prefix (privately) with me then I can check what the AS path looks like for me from AS 109 and let you know if there is a potential for more or less prepending.
yes you can hqve the same ASN numbers in different sites providing they are private ASNs
think of them like private and public ipv4 addressing using NAT
your isp could would hide this private address with a public.one or use confederations which utilizes a.public ASN but can have multiple private ASNs behind it
Sent from Cisco Technical Support Android App
Thanks for reply
I am not using private ASN .
My ASN is Public provided by APNIC.
What is your comment on John's Solution ?
"I have a doubt , I want to use same ASN number at different sites with different- different ISP.(consider i have public ip range 126.96.36.199/24 )"
"These sites are not connected and they are completly separate sites runing same AS"
If this is a public ASN as you say it it- then it will not be allowed as no two sites cannot advertise the same public ASN due to the reason I previously stated .
eg -- need to be unique.
Sent from Cisco Technical Support iPad App
Why do you say that he's not allowed to use the same public ASN at different sites? It depends on the region I suppose but it's not unheard of to use ASN assigned from say RIPE in ARIN region or vice versa.
If he advertises same prefix from those sites it will be anycasting service and clients will choose "closest" one depending on what their upstream has as the best path.
I don't know about the other mechanisms to make it work such as DNS and at the application level but from an IP perspective it should work.
Please rate helpful posts.
I would also like to understand this better as well.
I understood it that if two sites advertised prefixes with the same public ASN, then only those two sites couldn't receive each others prefixes due to the AS path loop prevention rule. This would only happen if the two sites received full routes and needed to communicate with each other using the public prefixes. If the two sites only receive a default route from the upstream provider or they didn't need to reach each others public addresses then this wouldn't be a problem
Have I understood this correctly or is there another reason why an ASN cannot be advertised from two sites?
Maybe I could have been a wee bit clearer on what I was trying to say.
Duplicate ASN isn't really applicable between two sites exchanging routes due to Bgp default loop mechanism that an "AS will not accept routes that have it's own ASN in the route"
Now given you have two separate sites but one public ASN - My understanding is the ISPs will usually summarises prefixes and it's this summarisation which could possibly cause issues when two separate sites are using the same ASN.
So wouldn't it be more applicable use a private ASN and let your local ISP filter on this number prior to advertising your routes Into the public domain.
Sent from Cisco Technical Support iPad App
Since this appears to be Provider Independent address space, I wouldn't think the ISP at each end would be able to summarize these networks???
With PI space they would not be able to summarize.
I was assuming that hosts at site1 won't need to reach hosts at site2 unless they have an additional range used for communicating between each other.
Please rate helpful posts.
Sites 1 won't need to reach host at sites 2.(They don't need to communicating with each other)
Sites 2 only need/came up when site1 goes Down .