Got it

Workaround for "check-first-as disable" on a peer level

Created: Mar 31, 2020 09:28:26Latest reply: Apr 1, 2020 02:56:02 178 4 0 0
  Rewarded HiCoins: 0 (problem resolved)

The question relates to HUAWEI NE20E-S8 with VRP NE20E V800R008C10SPC500.


We're in a need to define the command "check-first-as disable" on a peer level, ex:


bgp XXX
  peer X.X.X.X check-first-as disable


The command is only available on bgp level, which is not acceptable for us.


The newer VRP versions, namely V800R010 support the command "check-first-as disable" on a peer level, but the downtime for VRP upgrade will be very costly.


Is there a workaround to this command in order to have the same effect on a per peer level?


Thank you.

  • x
  • convention:

Featured Answers
Admin Created Apr 1, 2020 02:56:02 Helpful(1) Helpful(1)

Hi @ispace,
I didn't find such command which only check the first AS for only one BGP peer.
But I thought out a indirect way to do that.
We can use the route-policy to filter the BGP update those first AS is same with the BGP peer's AS.
Kindly check the example below:
Topology: R1(AS 100)-----------R2(AS 200)----------R3(AS 200)

On R3, configure the route-policy as below to filter the BGP updates learned on R2 from R1.

R3:
#
route-policy chcek_as permit node 5
 if-match as-path-filter 10
#
ip as-path-filter 10 permit ^100
#


This route-policy allows only the BGP updates those AS start with 100.

View more
  • x
  • convention:

Recommended answer

Admin Created Mar 31, 2020 09:48:48 Helpful(1) Helpful(1)

Hi,
According to the product documentation, the NE20E of V800R008 supports the check-first-as command but doesn't support the peer check-first-as command.

You can use the undo check-first-as command to disable the function for all peers.

https://support.huawei.com/hedex/hdx.do?docid=EDOC1000142113&id=check-first-as&lang=en


View more
  • x
  • convention:

ispace
ispace Created Mar 31, 2020 14:30:42
Disabling it for all peers with "undo check-first-as" is not accetable, we only need per peer. Any other command that mimics the same function, available in NE20E of V800R008?  
All Answers
Steelblue Created Mar 31, 2020 09:34:47 Helpful(0) Helpful(0)

Good question, waiting for replies. Workaround for
View more
  • x
  • convention:

Popeye_Wang Admin Created Mar 31, 2020 09:48:48 Helpful(1) Helpful(1)

Hi,
According to the product documentation, the NE20E of V800R008 supports the check-first-as command but doesn't support the peer check-first-as command.

You can use the undo check-first-as command to disable the function for all peers.

https://support.huawei.com/hedex/hdx.do?docid=EDOC1000142113&id=check-first-as&lang=en


View more
  • x
  • convention:

ispace
ispace Created Mar 31, 2020 14:30:42
Disabling it for all peers with "undo check-first-as" is not accetable, we only need per peer. Any other command that mimics the same function, available in NE20E of V800R008?  
chenhui Admin Created Apr 1, 2020 02:56:02 Helpful(1) Helpful(1)

Hi @ispace,
I didn't find such command which only check the first AS for only one BGP peer.
But I thought out a indirect way to do that.
We can use the route-policy to filter the BGP update those first AS is same with the BGP peer's AS.
Kindly check the example below:
Topology: R1(AS 100)-----------R2(AS 200)----------R3(AS 200)

On R3, configure the route-policy as below to filter the BGP updates learned on R2 from R1.

R3:
#
route-policy chcek_as permit node 5
 if-match as-path-filter 10
#
ip as-path-filter 10 permit ^100
#


This route-policy allows only the BGP updates those AS start with 100.

View more
  • x
  • convention:

Comment

Comment
You need to log in to comment to the post Login | Register

Notice Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!

My Followers

Login and enjoy all the member benefits

Login

Huawei Enterprise Support Community
Huawei Enterprise Support Community
Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.