Re: HIDE BGP AS from Petr Lapukhov on 2009-08-10 (Ccielab archives 08/2009)

From: Petr Lapukhov <petr_at_internetworkexpert.com>
Date: Sun, 9 Aug 2009 22:29:00 -0700

Hey Jack,

Nice to see that idea popping up again :) This is what i've been
actually using in production to hide an intermediate ISP (ISP1 below)
from showing in the path between Customer/ISP2.

Customer---ISP1---ISP2---Internet

Like you said, using "local-as no-prepend replace-as" (Cisco commands)
configured for ISP1 BGP peering sessions with "Customer" and "ISP2"
would do the trick of hiding ISP1's AS#. ISP1 will pretend to look
like "Customer" to ISP2, and look like "ISP2" to "Customer".
Furthermore, you may use tunneling in ISP1 (e.g. deploy MPLS) and make
it look almost completely transparent to "Customer".

An alternative to this would be using a Layer 2 VPN solution like you
mentioned. However, using this pure L3 solution has added benefits of
controlling the prefixes advertised by customer/upstream ISP and more
granular control of the traffic entering ISP1 at the edge.

HTH,

-- 
Petr Lapukhov, petr_at_INE.com
CCIE #16379 (R&S/Security/SP/Voice)
Internetwork Expert, Inc.
http://www.INE.com
Toll Free: 877-224-8987
Outside US: 775-826-4344
2009/8/9 jack daniels <jckdaniels12_at_gmail.com>:
> Hi All,
>
> We had a requirement in which customer wants that the ISP- AS should not be
> visible when route are advertised to internet via a upstream(L2 VPN
> solution).
> Can we use BGP command no-prepend with Replace AS attribute to hide ISP AS
> in internet. ------------
>
> Can we peer with customer using local AS which will be private AS.We will
> use no prepend command along with Replace AS which will replace ISP AS with
> the private AS which is used for Peering.While going out to any
> international Peer we will remove private AS . On internet only customer AS
> and Peer AS will be visible.
>
> Please advise is this solution will work . Also advise if any better
> solution for this scenario.
>
> Thanks and Regards
> J.Daniels
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net

Received on Sun Aug 09 2009 - 22:29:00 ART

This archive was generated by hypermail 2.2.0 : Tue Sep 01 2009 - 05:43:56 ART