Fake autonomous system

Procedure

• Set the AS_Path attribute in the IPv6 address family view.

  Perform the following steps on a BGP4+ device:

  1. Run system-view

     The system view is displayed.

  2. Run bgp as-number

     The BGP view is displayed.

  3. Run ipv6-family unicast

     The IPv6 unicast address family view is displayed.

  4. Run the following commands as required:

     • To allow repeated local AS numbers, run peer { ipv6-address | group-name } allow-as-loop [ number ]

     • To exclude the AS_Path attribute from being used as a route selection rule, run bestroute as-path-ignore

     • To allow the AS_Path attribute to carry only the public AS number, run peer { ipv6-address | group-name } public-as-only [ force [ replace ] [ include-peer-as ] | limited [ replace ] [ include-peer-as ] ]

     The commands in Step 4 are optional and can be used in random order.

  5. Run commit

     The configuration is committed.

• Configure a fake AS number.

  Perform the following steps on a BGP4+ device:

  1. Run system-view

     The system view is displayed.

  2. Run bgp as-number

     The BGP view is displayed.

  3. Run peer { ipv6-address | group-name } fake-as fake-as-number [ dual-as ] [ prepend-global-as ] [ prepend-fake-as ]

     A fake AS number is configured.

     The actual AS number can be hidden by using this command. EBGP peers in other ASs can only learn this fake AS number of the BGP4+ device. This means that the fake AS number is used for the BGP4+ device when it is being specified on the peers in other ASs.

      NOTE:

     This command is applicable to EBGP peers only.

  4. Run commit

     The configuration is committed.

• Replace the AS number in the AS_Path attribute.

  In a BGP/MPLS IP VPN scenario, if the ASs to which two VPN sites belong use private AS numbers, the AS numbers of the two VPN sites may be the same. If a CE in a VPN site sends a VPN route to the connected PE using EBGP and the PE then sends the route to the remote PE, the remote CE will discard the route because the AS number carried by the route is the same as the local AS number. As a result, different sites of the same VPN cannot communicate. The peer substitute-as command can be used on the PE to enable AS number substitution to address this problem. After that, the PE replaces the AS number carried in the VPN route with the local AS number. As a result, the remote CE will not discard the route due to identical AS numbers.

  On a BGP public network, two devices have the same AS number and the same EBGP peer. After one of the two devices learns a route of the other device from the EBGP peer, the route is discarded because it carries an AS number that is the same as the local one. To address this problem, run the peer substitute-as command on the EBGP peer.

  

  Exercise caution when running the peer substitute-as command because improper use of the command may cause routing loops.

  1. Run system-view

     The system view is displayed.

  2. Run bgp as-number

     The BGP view is displayed.

  3. Run ipv6-family { vpn-instance vpn-instance-name | unicast }

     The BGP-VPN instance IPv6 address family view or BGP-IPv6 unicast address family view is displayed.

  4. Run peer { ipv6-address | group-name } substitute-as

     The AS number in the AS_Path attribute is replaced.

  5. Run commit

     The configuration is committed.

• Enable the device to check or disable the device from checking the first AS number in the AS_Path attribute contained in the update messages received from a specified EBGP peer or peer group.

1. Run system-view

   The system view is displayed.

2. Run bgp as-number

   The BGP view is displayed.

3. Run ipv6-family vpn-instance vpn-instance-name

   The BGP-VPN instance IPv6 address family view is displayed.

4. Run peer { group-name | ipv6-address } check-first-as { enable | disable }

   The device is enabled to check or disabled from checking the first AS number in the AS_Path attribute contained in the update messages received from a specified EBGP peer or peer group.

   If the peer check-first-as enable command is run, the device checks whether the first AS number in the AS_Path attribute contained in the update messages received from the specified EBGP peer or peer group is the number of the AS where the EBGP peer or peer group resides. If the two AS numbers are different, the local device discards the update messages and disconnects the EBGP connection. If the peer check-first-as disable command is run, the device accepts all update messages received from the specified EBGP peer or peer group, regardless whether the two AS numbers are the same. If the undo peer check-first-as disable command is run, the default configuration takes effect.

   The check function can be configured for a specified EBGP peer, peer group, or for BGP as a whole. If the function is not configured for a specified EBGP peer, the device checks whether the function is configured for the related peer group; if the function is not configured for the peer group, the device checks whether the function is configured in the BGP view.

5. Run commit

   The configuration is committed.

   After the configuration is complete, run the refresh bgp command to check the received routes again.