Fake autonomous system

Created: Oct 12, 2019 10:11:39Latest reply: Oct 18, 2019 19:00:43 165 4 0 0
  Rewarded Hi-coins: 0 (problem resolved)

where we use Fack-as , whats its advantage & any alternative method ..Thanks

  • x
  • convention:

Featured Answers
DDSN
Admin Created Oct 12, 2019 12:02:57 Helpful(0) Helpful(0)

The peer fake-as command configures a local device to establish a connection with a specified peer using a pseudo AS number.
  • x
  • convention:

All Answers
DDSN
DDSN Admin Created Oct 12, 2019 12:02:57 Helpful(0) Helpful(0)

The peer fake-as command configures a local device to establish a connection with a specified peer using a pseudo AS number.
  • x
  • convention:

wissal
wissal MVE Created Oct 12, 2019 12:56:11 Helpful(0) Helpful(0)

Hello,

Please find below some details a bout AS

Setting the AS_Path Attribute

The AS_Path attribute is used to prevent routing loops and control route selection.

Procedure

  • Set the AS_Path attribute in the IPv6 address family view.

    Perform the following steps on a BGP4+ device:

    1. Run system-view

      The system view is displayed.

    2. Run bgp as-number

      The BGP view is displayed.

    3. Run ipv6-family unicast

      The IPv6 unicast address family view is displayed.

    4. Run the following commands as required:

      • To allow repeated local AS numbers, run peer { ipv6-address | group-name } allow-as-loop [ number ]

      • To exclude the AS_Path attribute from being used as a route selection rule, run bestroute as-path-ignore

      • To allow the AS_Path attribute to carry only the public AS number, run peer { ipv6-address | group-name } public-as-only [ force [ replace ] [ include-peer-as ] | limited [ replace ] [ include-peer-as ] ]

      The commands in Step 4 are optional and can be used in random order.

    5. Run commit

      The configuration is committed.

  • Configure a fake AS number.

    Perform the following steps on a BGP4+ device:

    1. Run system-view

      The system view is displayed.

    2. Run bgp as-number

      The BGP view is displayed.

    3. Run peer { ipv6-address | group-name } fake-as fake-as-number [ dual-as ] [ prepend-global-as ] [ prepend-fake-as ]

      A fake AS number is configured.

      The actual AS number can be hidden by using this command. EBGP peers in other ASs can only learn this fake AS number of the BGP4+ device. This means that the fake AS number is used for the BGP4+ device when it is being specified on the peers in other ASs.

      imgDownload?uuid=5d81f09392aa4562aed40ed NOTE:

      This command is applicable to EBGP peers only.

    4. Run commit

      The configuration is committed.

  • Replace the AS number in the AS_Path attribute.

    In a BGP/MPLS IP VPN scenario, if the ASs to which two VPN sites belong use private AS numbers, the AS numbers of the two VPN sites may be the same. If a CE in a VPN site sends a VPN route to the connected PE using EBGP and the PE then sends the route to the remote PE, the remote CE will discard the route because the AS number carried by the route is the same as the local AS number. As a result, different sites of the same VPN cannot communicate. The peer substitute-as command can be used on the PE to enable AS number substitution to address this problem. After that, the PE replaces the AS number carried in the VPN route with the local AS number. As a result, the remote CE will not discard the route due to identical AS numbers.

    On a BGP public network, two devices have the same AS number and the same EBGP peer. After one of the two devices learns a route of the other device from the EBGP peer, the route is discarded because it carries an AS number that is the same as the local one. To address this problem, run the peer substitute-as command on the EBGP peer.

    imgDownload?uuid=5539c4e5fda54c3fbfeef96

    Exercise caution when running the peer substitute-as command because improper use of the command may cause routing loops.

    1. Run system-view

      The system view is displayed.

    2. Run bgp as-number

      The BGP view is displayed.

    3. Run ipv6-family { vpn-instance vpn-instance-name | unicast }

      The BGP-VPN instance IPv6 address family view or BGP-IPv6 unicast address family view is displayed.

    4. Run peer { ipv6-address | group-name } substitute-as

      The AS number in the AS_Path attribute is replaced.

    5. Run commit

      The configuration is committed.

  • Enable the device to check or disable the device from checking the first AS number in the AS_Path attribute contained in the update messages received from a specified EBGP peer or peer group.
  1. Run system-view

    The system view is displayed.

  2. Run bgp as-number

    The BGP view is displayed.

  3. Run ipv6-family vpn-instance vpn-instance-name

    The BGP-VPN instance IPv6 address family view is displayed.

  4. Run peer { group-name | ipv6-address } check-first-as { enable | disable }

    The device is enabled to check or disabled from checking the first AS number in the AS_Path attribute contained in the update messages received from a specified EBGP peer or peer group.

    If the peer check-first-as enable command is run, the device checks whether the first AS number in the AS_Path attribute contained in the update messages received from the specified EBGP peer or peer group is the number of the AS where the EBGP peer or peer group resides. If the two AS numbers are different, the local device discards the update messages and disconnects the EBGP connection. If the peer check-first-as disable command is run, the device accepts all update messages received from the specified EBGP peer or peer group, regardless whether the two AS numbers are the same. If the undo peer check-first-as disable command is run, the default configuration takes effect.

    The check function can be configured for a specified EBGP peer, peer group, or for BGP as a whole. If the function is not configured for a specified EBGP peer, the device checks whether the function is configured for the related peer group; if the function is not configured for the peer group, the device checks whether the function is configured in the BGP view.

  5. Run commit

    The configuration is committed.

    After the configuration is complete, run the refresh bgp command to check the received routes again.

For more details:

Thanks
  • x
  • convention:

Telecommunications%20engineer%2C%20currently%20senior%20project%20manager%20at%20an%20operator%2C%20partner%20of%20Huawei%2C%20in%20the%20radio%20access%20network%20department%2C%20for%2020%20years%20I%20managed%20several%20types%20of%20projects%2C%20for%20the%20different%20nodes%20of%20the%20network.
chenhui
chenhui Admin Created Oct 14, 2019 05:35:34 Helpful(0) Helpful(0)

@LSA hello,
fake-as could hidden the real AS number when connecting with other BGP areas, so in some sense, it provides limited security, though we are not take this seriously.
Commonly, the fake-as is used in the network migration.
  • x
  • convention:

manishah
manishah Created Oct 18, 2019 19:00:43 Helpful(0) Helpful(0)

we use this when we migrate a user from a different AS into different AS.
  • x
  • convention:

data%20comm%20%20engineer

Comment

Reply
You need to log in to reply to the post Login | Register

Notice Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Login and enjoy all the member benefits

Login and enjoy all the member benefits

Login