January 30, 2017 at 07:32BGP Fake-AS
Today I'm talking about BGP. Notes from work - so as not to disappear. There is such a functional as fictitious AS.
The traditional use case is moving from one speaker number to another, for example, when buying a network from one operator to another. At the same time, there are hundreds of neighbors who for some reason cannot take and move with us all at once.
Then for them, we can configure peering as if we were staying in the old speaker. If you specify the fake-as command for a feast , then it will appear in both Open and AS-Path, and not the new (real) one. At tsiska the same functionality is called Local-as .
A handy tool when used for its intended purpose .
Now, conditionally, the customer’s network:
The client wants, cannot sleep, peering with AC3. But he does not want to pay for a VPN. Just asked AC2 to introduce AC3. This intermediate AC2 sets up a dummy speaker on its ASBR, indicating AC3 as its quality.
The problem is that ASBR doesn’t care when the route is announced, such a scoundrel, inserts a fictitious AS into the AS-Path, despite the fact that it already exists there. That is, the AS-Path for the routes that the client receives looks like <AC3, AC3, etc.>
The documentation says that if the neighborhood was established through a dummy AS, then it will appear in AS-Path as well. If through the real - then the real. But so that it does not appear at all - it is impossible. Well this is not accurate, contrary to the ideology of BGP.
In this case, there is no other way on the Huawei equipment, except manually overwrite AS-Path through the root-policy, which is not at all engineering, of course.
In new versions, it became possible to indicate which speaker you want to add - fictitious or real. However, do not add at all - there is no such option.
I also want to say here about tsiska - in the case of a customer, technically on tsiska you can implement his Wishlist.
First, I’ll tell you how the work of this team differs there - the main difference - by default, the tsiska inserts two speakers - both real and fictitious. This is done in order to exclude the formation of a routing loop (this is great).
The local-as command has no-prepend and replace-as attributes. No-prepend will allow not to add to the AS-Path the number of fictitious speakers - only the real one. The replace-as option will replace it with a dummy one.
That is, again, it seems like it is impossible to implement complete deletion. In general, such manipulations with AS-Path do not lead to anything good.
Purely for an example, we can recall a recent story about how recently Iran deprived porn of itself and the neighboring countries when it played with the announcements of GWP.
But the peculiarity is that the customer’s number AC2 is private. And if you use the combination of options local-as no-prepend replace-as , and then add remove-private-as (the tsiskovsky analogue of the huaway command public-as-only) then it still works and the duplicating speaker is deleted.
But again, this is cheating and a crutch.
Hereinafter I speak in Huawei notation.
The traditional use case is moving from one speaker number to another, for example, when buying a network from one operator to another. At the same time, there are hundreds of neighbors who for some reason cannot take and move with us all at once.
Then for them, we can configure peering as if we were staying in the old speaker. If you specify the fake-as command for a feast , then it will appear in both Open and AS-Path, and not the new (real) one. At tsiska the same functionality is called Local-as .
A handy tool when used for its intended purpose .
Now, conditionally, the customer’s network:
The client wants, cannot sleep, peering with AC3. But he does not want to pay for a VPN. Just asked AC2 to introduce AC3. This intermediate AC2 sets up a dummy speaker on its ASBR, indicating AC3 as its quality.
The problem is that ASBR doesn’t care when the route is announced, such a scoundrel, inserts a fictitious AS into the AS-Path, despite the fact that it already exists there. That is, the AS-Path for the routes that the client receives looks like <AC3, AC3, etc.>
The documentation says that if the neighborhood was established through a dummy AS, then it will appear in AS-Path as well. If through the real - then the real. But so that it does not appear at all - it is impossible. Well this is not accurate, contrary to the ideology of BGP.
In this case, there is no other way on the Huawei equipment, except manually overwrite AS-Path through the root-policy, which is not at all engineering, of course.
In new versions, it became possible to indicate which speaker you want to add - fictitious or real. However, do not add at all - there is no such option.
I also want to say here about tsiska - in the case of a customer, technically on tsiska you can implement his Wishlist.
First, I’ll tell you how the work of this team differs there - the main difference - by default, the tsiska inserts two speakers - both real and fictitious. This is done in order to exclude the formation of a routing loop (this is great).
The local-as command has no-prepend and replace-as attributes. No-prepend will allow not to add to the AS-Path the number of fictitious speakers - only the real one. The replace-as option will replace it with a dummy one.
That is, again, it seems like it is impossible to implement complete deletion. In general, such manipulations with AS-Path do not lead to anything good.
Purely for an example, we can recall a recent story about how recently Iran deprived porn of itself and the neighboring countries when it played with the announcements of GWP.
But the peculiarity is that the customer’s number AC2 is private. And if you use the combination of options local-as no-prepend replace-as , and then add remove-private-as (the tsiskovsky analogue of the huaway command public-as-only) then it still works and the duplicating speaker is deleted.
But again, this is cheating and a crutch.