Question about experiences with BGP remote-AS
We have a number of small routers in co-lo sites that peer with B2B partners. As more of our partners move to cloud, we are considering a consolidation effort and putting all of our peering routers in a cloud exchange site on a single HA pair of routers. Now, each existing B2B peering router uses a unique private ASN to EBGP peer with partners and they, in turn, EBGP peer with our extranet perimeter ASNs for security vetting and other stuff. We looked for a medium-density router (or L3-switch) that can replace multiple small routers (b2b-only, no internet), but we need to retain all of our existing ASNs and peerings. As it turns out, there are many routers that can do VRFs but you cannot put a unique ASN on each VRF so replicating the old environment isn't quite that straightforward. The BGP remote-as looks to be a possible alternative solution, but we've never used it in production and we are unsure of the caveats. Taken at face value, it looks like we can mimic the multi-router/unique-ASN environment we have today on a single platform. However, networking is rarely as smooth as that so I'm asking some of the BGP gurus... what are the pros/cons of doing using remote-as? If anyone here uses it extensively, we could really use some feedback if you run into challenges or hidden surprises that we wouldn't normally think of beforehand. Thanks in advance! LFOD
Neighbor x.x.x.x local-as {whateverasn} no-prepend replace-as On Friday, May 5, 2017, LF OD <bz_siege_01@hotmail.com> wrote:
We have a number of small routers in co-lo sites that peer with B2B partners. As more of our partners move to cloud, we are considering a consolidation effort and putting all of our peering routers in a cloud exchange site on a single HA pair of routers. Now, each existing B2B peering router uses a unique private ASN to EBGP peer with partners and they, in turn, EBGP peer with our extranet perimeter ASNs for security vetting and other stuff.
We looked for a medium-density router (or L3-switch) that can replace multiple small routers (b2b-only, no internet), but we need to retain all of our existing ASNs and peerings. As it turns out, there are many routers that can do VRFs but you cannot put a unique ASN on each VRF so replicating the old environment isn't quite that straightforward. The BGP remote-as looks to be a possible alternative solution, but we've never used it in production and we are unsure of the caveats. Taken at face value, it looks like we can mimic the multi-router/unique-ASN environment we have today on a single platform. However, networking is rarely as smooth as that so I'm asking some of the BGP gurus... what are the pros/cons of doing using remote-as? If anyone here uses it extensively, we could really use some feedback if you run into challenges or hidden surprises that we wouldn't normally think of beforehand.
Thanks in advance!
LFOD
On Fri, May 5, 2017, at 18:55, LF OD wrote:
of our existing ASNs and peerings. As it turns out, there are many routers that can do VRFs but you cannot put a unique ASN on each VRF so replicating the old environment isn't quite that straightforward. The BGP remote-as looks to be a possible alternative solution, but we've never
You mean *local-as*, right ? Otherwise, there was a vendor that allowed different ASN per VRF but only with non-MPLS vrfs, and that product line is both end-of-sale and major overkill for your set-up.
JunOS has three different modes for Virtual routers depending on your situation requirements. I would suggest that something in the QFX or ACX range will be able to replicate what you are after. Otherwise the entry level MX will certainly do the job for a little more outlay. -----Original Message----- From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of LF OD Sent: Saturday, 6 May 2017 4:56 AM To: nanog@nanog.org Subject: Question about experiences with BGP remote-AS We have a number of small routers in co-lo sites that peer with B2B partners. As more of our partners move to cloud, we are considering a consolidation effort and putting all of our peering routers in a cloud exchange site on a single HA pair of routers. Now, each existing B2B peering router uses a unique private ASN to EBGP peer with partners and they, in turn, EBGP peer with our extranet perimeter ASNs for security vetting and other stuff. We looked for a medium-density router (or L3-switch) that can replace multiple small routers (b2b-only, no internet), but we need to retain all of our existing ASNs and peerings. As it turns out, there are many routers that can do VRFs but you cannot put a unique ASN on each VRF so replicating the old environment isn't quite that straightforward. The BGP remote-as looks to be a possible alternative solution, but we've never used it in production and we are unsure of the caveats. Taken at face value, it looks like we can mimic the multi-router/unique-ASN environment we have today on a single platform. However, networking is rarely as smooth as that so I'm asking some of the BGP gurus... what are the pros/cons of doing using remote-as? If anyone here uses it extensively, we could really use some feedback if you run into challenges or hidden surprises that we wouldn't normally think of beforehand. Thanks in advance! LFOD
participants (4)
-
LF OD
-
Radu-Adrian Feurdean
-
Tony Wicks
-
Tyler Conrad