[NE40E-X3A] BGP - Fake AS on iBGP Peering

Hello,

Please find below the answers for your questions

The peer fake-as command configures the local device to use a fake AS number to set up a BGP peer relationship with the specified peer.

The undo peer fake-as command cancels the existing configuration.

By default, a peer uses the actual local AS number.

Format

peer { group-name | ipv4-address | ipv6-address } fake-as { as-number-plain | as-number-dot } [ dual-as ] [ prepend-global-as ] [ prepend-fake-as ]

undo peer { group-name | ipv4-address | ipv6-address } fake-as

Parameters

 NOTE:

• ipv4-address is valid only in the BGP view, BGP-VPN instance view and BGP-VPN instance IPv4 address family view.

• ipv6-address is valid only in the BGP view, BGP-VPN instance view and BGP-VPN instance IPv6 address family view.

Views

BGP view, BGP-VPN instance IPv4 address family view, BGP-VPN instance view, BGP-VPN instance IPv6 address family view

Default Level

2: Configuration level

Task Name and Operations

Usage Guidelines

Usage Scenario

The peer fake-as command is used in a scenario where a carrier modifies network deployment. For example, in a carrier merger and acquisition scenario, if the acquirer's network and the acquiree's network belong to different ASs, BGP peers on the acquiree's network need to be shifted from their original AS to the AS of the acquirer's AS. If the customers of the acquiree do not want their BGP configurations to be changed or do not want them to be changed immediately during the shift, BGP peer relationships may be interrupted for a long time.

In Figure 1, the AS number of carrier A is 100, whereas the AS number of carrier B is 200. Device A belongs to carrier B. Then carrier A acquires carrier B. In this case, the AS number of device A needs to be changed from 200 to 100. Because device A already has a BGP peer relationship established with device B in AS 300 using AS 200, device A's AS number used to establish the BGP peer relationship needs to be changed to 100. The carrier of AS 100 and the carrier of AS 300 then need to communicate about the change. In addition, the AS number configured on device A and peer AS number configured on device B may not be changed at the same time, which will lead to a lengthy interruption of the BGP peer relationship between the two devices. To ensure a smooth merger, you can run the peer fake-as command on device A to set AS 200 of carrier B as a fake AS number so that device A's AS number used to establish the BGP peer relationship between devices A and B does not need to be changed.

Figure 1 Carrier merger networking 1

In addition, the AS number of the original BGP speakers of carrier B may be changed to the actual AS number at any time when BGP peer relationships are established with devices of carrier A after the merger. If carrier B has a large number of BGP speakers and some of the speakers use the actual AS number whereas other speakers use the fake AS number during BGP peer relationship establishment with devices of carrier A, the local configuration on BGP speakers of carrier B needs to be changed based on the configuration of the peer AS number, which increases the workload of maintenance. To address this problem, you can run the peer fake-as command with dual-as specified to allow the local end to use the actual or fake AS number to establish a BGP peer relationship with the specified peer.

In Figure 2, the AS number of carrier A is 100, whereas the AS number of carrier B is 200; devices A, B, C, and D belong to carrier B, and device A establishes an IBGP peer relationship with device B, device C, and device D each. Then carrier A acquires carrier B. In this case, the AS number of device A needs to be changed from 200 to 100. Because the AS number used by device A to establish the IBGP peer relationship with devices B, C, and D is 200, the AS number needs to be changed to 100. In this case, carrier A and carrier B need to communicate about the change. In addition, the AS number configured on device A and peer AS number configured on devices B, C, and D may not be changed at the same time, which will lead to a lengthy interruption of the IBGP peer relationships. To ensure a smooth merger, you can run the peer fake-as command on device A to set AS 200 of carrier B as a fake AS number so that device A's AS number used to establish the IBGP peer relationships with devices B, C, and D does not need to be changed.

Figure 2 Carrier merger networking 2

 NOTE:

If the peer fake-as command is run, without dual-as, prepend-global-as, or prepend-fake-as specified, the local end uses only the fake AS number to establish a BGP peer relationship with the specified peer and adds only the fake AS number to the AS_Path of the routes to be advertised to the peer.

If a device uses a fake AS number to establish a BGP peer relationship with an EBGP peer or confederation EBGP peer, it performs the following actions before sending routes to the EBGP peer or confederation EBGP peer:

• If prepend-global-as is not specified in the command, the device adds only the fake AS number to the AS_Path of the routes that match a specified export policy.

• If prepend-global-as is specified in the command, the device adds the fake AS number followed by the global AS number to the AS_Path of the routes that match a specified export policy.

If a device uses a fake AS number to establish a BGP peer relationship with an EBGP peer or confederation EBGP peer, it performs the following actions after receiving routes from the EBGP peer or confederation EBGP peer:

• If prepend-fake-as is not specified in the command, the device does not change the AS_Path of the received routes.

• If prepend-fake-as is specified in the command, the device adds the fake AS number to the AS_Path of the received routes before filtering them using the specified import policy.

The peer fake-as command is valid only for EBGP peers. If the local device uses the actual AS number to establish an EBGP peer relationship with a remote device, the actual AS number is carried in the AS_Path of the route to be sent to the remote device. If the local device uses the fake AS number to establish the EBGP peer relationship, the fake AS number is carried in the AS_Path of the route to be sent to the remote device.

Prerequisites

Peers have been created using the peer as-number command.

Configuration Impact

If the peer fake-as command is run several times for a peer or a peer group, the latest configuration will overwrite the previous one.

Precautions

After the 4-byte AS number capability is disabled on a peer, configuring a 4-byte fake AS number for the peer may cause a failure to establish a BGP session.

If the fake AS number configured on a peer is the same as the peer's actual AS number, the peer cannot be added to a peer group. In this case, the fake AS number configured for any peer in a peer group must be different from the peer's actual AS number.

The fake AS number configured for any confederation EBGP peer must be different from the peer's actual AS number.

If the fake AS number configured for a peer is the same as the peer's actual AS number, the configurations that are applicable only to EBGP peers are not allowed on the peer. If the configuration of the fake AS number is deleted, the configurations that are applicable only to IBGP peers are not allowed on the peer.

If the fake AS number configured for a peer is the same as the peer's actual AS number and the dual-as parameter is configured, the type of the peer relationship that is established may be EBGP or IBGP. If the peer type is EBGP, the configurations that are applicable only to IBGP peers may become invalid. If the peer type is IBGP, the configurations that are applicable only to EBGP peers may become invalid.

If the value of prepend-global-as or prepend-fake-as is changed again after the command is run, the peer relationship may be reestablished.

Example

# Set a 2-byte fake AS number for a peer.

<HUAWEI> system-view

[~HUAWEI] bgp 100

[*HUAWEI-bgp] peer 1.1.1.2 as-number 200

[*HUAWEI-bgp] peer 1.1.1.2 fake-as 99

# Set a 4-byte fake AS number for a peer.

<HUAWEI> system-view

[~HUAWEI] bgp 100

[*HUAWEI-bgp] peer 1.1.1.2 as-number 200

[*HUAWEI-bgp] peer 1.1.1.2 fake-as 100.200

For details

https://support.huawei.com/hedex/hdx.do?lib=EDOC1100038601AEI0313G&docid=EDOC1100038601&lang=en&v=11&tocLib=EDOC1100038601AEI0313G&tocV=11&id=peer_fake-as&tocURL=resources/software/nev8r10_vrpv8r16/user/vrp/peer_fake-as.html&p=t&fe=1&ui=3&keyword=Fake%2BAS%2Bon%2BiBGP%2BPeering

Thanks