Setup Two AS number on NE20

Created: Jan 23, 2020 18:40:36Latest reply: Jan 27, 2020 14:52:33 133 14 0 0
  Rewarded Hi-coins: 0 (problem resolved)

Hi there,


I need to configure a BGP peer between a NE20 router and a mitigation system, and they are supposed to run upon a private AS number.

Since I already have a BGP configuration with another peers, when I type bgp 65510, I got the asnwer: BGP is already running.


Do you know if its possible to setup this second as number?

  • x
  • convention:

Featured Answers
LuizPuppin
MVE Created Jan 23, 2020 19:24:24 Helpful(0) Helpful(0)

Hi @mrod,

You can use the "peer fake-as" command.

Function
The peer fake-as command configures the local device to use a fake AS number to set up a BGP peer relationship with the specified peer.

The undo peer fake-as command cancels the existing configuration.

By default, a peer uses the actual local AS number.

Format
peer { group-name | ipv4-address | ipv6-address } fake-as { as-number-plain | as-number-dot } [ dual-as ] [ prepend-global-as ] [ prepend-fake-as ]

Usage Guidelines
Usage Scenario

The peer fake-as command is used in a scenario where a carrier modifies network deployment. For example, in a carrier merger and acquisition scenario, if the acquirer's network and the acquiree's network belong to different ASs, BGP peers on the acquiree's network need to be shifted from their original AS to the AS of the acquirer's AS. If the customers of the acquiree do not want their BGP configurations to be changed or do not want them to be changed immediately during the shift, BGP peer relationships may be interrupted for a long time.

In Figure 1, the AS number of carrier A is 100, whereas the AS number of carrier B is 200. Device A belongs to carrier B. Then carrier A acquires carrier B. In this case, the AS number of device A needs to be changed from 200 to 100. Because device A already has a BGP peer relationship established with device B in AS 300 using AS 200, device A's AS number used to establish the BGP peer relationship needs to be changed to 100. The carrier of AS 100 and the carrier of AS 300 then need to communicate about the change. In addition, the AS number configured on device A and peer AS number configured on device B may not be changed at the same time, which will lead to a lengthy interruption of the BGP peer relationship between the two devices. To ensure a smooth merger, you can run the peer fake-as command on device A to set AS 200 of carrier B as a fake AS number so that device A's AS number used to establish the BGP peer relationship between devices A and B does not need to be changed.

In addition, the AS number of the original BGP speakers of carrier B may be changed to the actual AS number at any time when BGP peer relationships are established with devices of carrier A after the merger. If carrier B has a large number of BGP speakers and some of the speakers use the actual AS number whereas other speakers use the fake AS number during BGP peer relationship establishment with devices of carrier A, the local configuration on BGP speakers of carrier B needs to be changed based on the configuration of the peer AS number, which increases the workload of maintenance. To address this problem, you can run the peer fake-as command with dual-as specified to allow the local end to use the actual or fake AS number to establish a BGP peer relationship with the specified peer.

Example
# Set a 2-byte fake AS number for a peer.

<HUAWEI> system-view
[~HUAWEI] bgp 100
[*HUAWEI-bgp] peer 1.1.1.2 as-number 200
[*HUAWEI-bgp] peer 1.1.1.2 fake-as 99
# Set a 4-byte fake AS number for a peer.

<HUAWEI> system-view
[~HUAWEI] bgp 100
[*HUAWEI-bgp] peer 1.1.1.2 as-number 200
[*HUAWEI-bgp] peer 1.1.1.2 fake-as 100.200
  • x
  • convention:

mrod
mrod Created Jan 23, 2020 19:54:44
Hi. Thanks for your reply, in my case both side will run under same AS value. Do you have another suggestion?  
LuizPuppin
LuizPuppin Reply mrod  Created Jan 23, 2020 20:01:28
The only form to use two ASN on the same equipment is this command. Example. If your router uses ASN 300 and needs to establish a session with another router, but simulating that uses ASN 400, you need to configure like this: BGP 300 peer x.x.x.x as-number 400 peer x.x.x.x fake-as 400  
mrod
mrod Reply mrod  Created Jan 23, 2020 20:08:06
When I use this command I got the following answer: Error: The fake AS number cannot be the same as the remote AS number  
LuizPuppin
LuizPuppin Reply mrod  Created Jan 23, 2020 20:12:19
Well, then you cannot do an iBGP session using this feature...  
I%20have%2020%20years%20working%20with%20telecom%20market.%20On%20all%20this%20time%20I%20worked%20always%20in%20great%20projects.%20The%20biggest%20was%20the%202014%20World%20Cup%20Command%20and%20Control%20Centre%2C%20where%20I%20was%20the%20Soluction%20Architect%20and%20Implementation%20Manager%20of%20Network%20and%20security%20Solution.%0AI%20work%20with%20Huawei%20s%20products%20to%20ISP%20Market%20since%202015%20and%20in%202017%20started%20to%20present%20trainnings%20customized%20to%20this%20market%2C%20focused%20in%20BGP%20and%20MPLS%20solution.%20I%20had%20more%20than%20400%20students%20and%20more%20than%20100%20ISP%20on%20my%20classes%20on%20last%2018%20mounths.
All Answers
LuizPuppin
LuizPuppin MVE Created Jan 23, 2020 19:24:24 Helpful(0) Helpful(0)

Hi @mrod,

You can use the "peer fake-as" command.

Function
The peer fake-as command configures the local device to use a fake AS number to set up a BGP peer relationship with the specified peer.

The undo peer fake-as command cancels the existing configuration.

By default, a peer uses the actual local AS number.

Format
peer { group-name | ipv4-address | ipv6-address } fake-as { as-number-plain | as-number-dot } [ dual-as ] [ prepend-global-as ] [ prepend-fake-as ]

Usage Guidelines
Usage Scenario

The peer fake-as command is used in a scenario where a carrier modifies network deployment. For example, in a carrier merger and acquisition scenario, if the acquirer's network and the acquiree's network belong to different ASs, BGP peers on the acquiree's network need to be shifted from their original AS to the AS of the acquirer's AS. If the customers of the acquiree do not want their BGP configurations to be changed or do not want them to be changed immediately during the shift, BGP peer relationships may be interrupted for a long time.

In Figure 1, the AS number of carrier A is 100, whereas the AS number of carrier B is 200. Device A belongs to carrier B. Then carrier A acquires carrier B. In this case, the AS number of device A needs to be changed from 200 to 100. Because device A already has a BGP peer relationship established with device B in AS 300 using AS 200, device A's AS number used to establish the BGP peer relationship needs to be changed to 100. The carrier of AS 100 and the carrier of AS 300 then need to communicate about the change. In addition, the AS number configured on device A and peer AS number configured on device B may not be changed at the same time, which will lead to a lengthy interruption of the BGP peer relationship between the two devices. To ensure a smooth merger, you can run the peer fake-as command on device A to set AS 200 of carrier B as a fake AS number so that device A's AS number used to establish the BGP peer relationship between devices A and B does not need to be changed.

In addition, the AS number of the original BGP speakers of carrier B may be changed to the actual AS number at any time when BGP peer relationships are established with devices of carrier A after the merger. If carrier B has a large number of BGP speakers and some of the speakers use the actual AS number whereas other speakers use the fake AS number during BGP peer relationship establishment with devices of carrier A, the local configuration on BGP speakers of carrier B needs to be changed based on the configuration of the peer AS number, which increases the workload of maintenance. To address this problem, you can run the peer fake-as command with dual-as specified to allow the local end to use the actual or fake AS number to establish a BGP peer relationship with the specified peer.

Example
# Set a 2-byte fake AS number for a peer.

<HUAWEI> system-view
[~HUAWEI] bgp 100
[*HUAWEI-bgp] peer 1.1.1.2 as-number 200
[*HUAWEI-bgp] peer 1.1.1.2 fake-as 99
# Set a 4-byte fake AS number for a peer.

<HUAWEI> system-view
[~HUAWEI] bgp 100
[*HUAWEI-bgp] peer 1.1.1.2 as-number 200
[*HUAWEI-bgp] peer 1.1.1.2 fake-as 100.200
  • x
  • convention:

mrod
mrod Created Jan 23, 2020 19:54:44
Hi. Thanks for your reply, in my case both side will run under same AS value. Do you have another suggestion?  
LuizPuppin
LuizPuppin Reply mrod  Created Jan 23, 2020 20:01:28
The only form to use two ASN on the same equipment is this command. Example. If your router uses ASN 300 and needs to establish a session with another router, but simulating that uses ASN 400, you need to configure like this: BGP 300 peer x.x.x.x as-number 400 peer x.x.x.x fake-as 400  
mrod
mrod Reply mrod  Created Jan 23, 2020 20:08:06
When I use this command I got the following answer: Error: The fake AS number cannot be the same as the remote AS number  
LuizPuppin
LuizPuppin Reply mrod  Created Jan 23, 2020 20:12:19
Well, then you cannot do an iBGP session using this feature...  
I%20have%2020%20years%20working%20with%20telecom%20market.%20On%20all%20this%20time%20I%20worked%20always%20in%20great%20projects.%20The%20biggest%20was%20the%202014%20World%20Cup%20Command%20and%20Control%20Centre%2C%20where%20I%20was%20the%20Soluction%20Architect%20and%20Implementation%20Manager%20of%20Network%20and%20security%20Solution.%0AI%20work%20with%20Huawei%20s%20products%20to%20ISP%20Market%20since%202015%20and%20in%202017%20started%20to%20present%20trainnings%20customized%20to%20this%20market%2C%20focused%20in%20BGP%20and%20MPLS%20solution.%20I%20had%20more%20than%20400%20students%20and%20more%20than%20100%20ISP%20on%20my%20classes%20on%20last%2018%20mounths.
ejcastriver
ejcastriver Created Jan 23, 2020 19:25:13 Helpful(0) Helpful(0)

Hi mrod,

It's not possible to run two BGP process under one router. What you can use instead to configure the bgp session with the mitigation system is "fake-as". The actual AS number can be hidden by using this command. EBGP peers in other ASs can only learn this fake AS number of the BGP4+ device. This means that the fake AS number is used for the BGP4+ device when it is being specified on the peers in other ASs.

https://support.huawei.com/enterprise/es/doc/EDOC1100092920/9e8627e9/fake-as-number
  • x
  • convention:

mrod
mrod Created Jan 23, 2020 19:54:34
Hi. Thanks for your reply, in my case both side will run under same AS value. Do you have another suggestion?  
ejcastriver
ejcastriver Reply mrod  Created Jan 23, 2020 20:46:12
Fake-as can only be used between EBGP peers. Is there a specific reason why you need to have a private IBGP session?  
ejcastriver
ejcastriver Reply mrod  Created Jan 23, 2020 22:08:05
@mrod another option is to use BGP Confederation, it wasn't developed for this purpose but can help you to achieve what you're looking for. *NE20 Config bgp 64513 router-id r.r.r.r confederation id 200 <- Your public AS number peer i.i.i.i as-number 64513 <- Mitigation system IP peer e.e.e.e as-number 100 <- Config for EBGP peers # ipv4-family unicast undo synchronization peer e.e.e.e enable peer i.i.i.i enable peer i.i.i.i next-hop 
ejcastriver
ejcastriver Reply ejcastriver  Created Jan 23, 2020 22:09:38
*Mitigation system config bgp 64513 peer i.i.i.i as-number 64513 *EBGP peers config bgp 100 peer e.e.e.e as-number 200 Although, I think is simpler if you can just run a private BGP session with your mitigation system.  
mrod
mrod Reply mrod  Created Jan 27, 2020 19:59:49
Hi, I talked to developer of mitigation solution and they accepted using the same AS number I have configured on my NE20. Thank you very much.  
HaseebAkhtar
HaseebAkhtar Created Jan 27, 2020 14:52:33 Helpful(0) Helpful(0)

you cannot directly use two AS numbers, but if you tell me your pupose of this requirement then maybe we can find a better solution, as someone mentioned above confidrations can be an option.
  • x
  • convention:

mrod
mrod Created Jan 27, 2020 19:59:57
Hi, I talked to developer of mitigation solution and they accepted using the same AS number I have configured on my NE20. Thank you very much  
mrod
mrod Created Jan 27, 2020 20:05:37
Hi, I talked to developer of the mitigation solution and they accepted using the same AS number I have configured on my NE20. Thank you very much  
An%20enthusiastic%20network%20Engineer%20who%20also%20wants%20to%20be%20a%20programmer

Comment

Reply
You need to log in to reply to the post Login | Register

Notice Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Login and enjoy all the member benefits

Login and enjoy all the member benefits

Login