Re: HIDE BGP AS

Hi Petr,

But over here If I try L3 - Please see below option marked with <<<<<<<<<<<<

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080093f27.
shtml

To remove the private AS number, use the *neighbor x.x.x.x remove-private-as
* router configuration command.

The *neighbor x.x.x.x remove-private-as* per-neighbor configuration command
forces BGP to drop the private AS numbers. You can configure this command
for external BGP neighbors. When the outbound update contains a sequence of
private AS numbers, this sequence is dropped.

The following conditions apply:

7 You can only use this solution with external BGP (eBGP) peers.

7 If the update has only private AS numbers in the AS_PATH, BGP
removes these numbers.

7 If the AS_PATH includes both private and public AS numbers, BGP
doesn't remove the private AS numbers. This situation is considered a
configuration error.<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

7 If the AS_PATH contains the AS number of the eBGP neighbor, BGP
does not remove the private AS number.

7 If the AS_PATH contains confederations, BGP removes the private AS
numbers only if they come after the confederation portion of the AS_PATH.
Regards
J.Daniels

On 8/10/09, Petr Lapukhov <petr_at_internetworkexpert.com> wrote:
>
> Hey Jack,
>
> Nice to see that idea popping up again :) This is what i've been
> actually using in production to hide an intermediate ISP (ISP1 below)
> from showing in the path between Customer/ISP2.
>
> Customer---ISP1---ISP2---Internet
>
> Like you said, using "local-as no-prepend replace-as" (Cisco commands)
> configured for ISP1 BGP peering sessions with "Customer" and "ISP2"
> would do the trick of hiding ISP1's AS#. ISP1 will pretend to look
> like "Customer" to ISP2, and look like "ISP2" to "Customer".
> Furthermore, you may use tunneling in ISP1 (e.g. deploy MPLS) and make
> it look almost completely transparent to "Customer".
>
> An alternative to this would be using a Layer 2 VPN solution like you
> mentioned. However, using this pure L3 solution has added benefits of
> controlling the prefixes advertised by customer/upstream ISP and more
> granular control of the traffic entering ISP1 at the edge.
>
> HTH,
>
> --
> Petr Lapukhov, petr_at_INE.com
> CCIE #16379 (R&S/Security/SP/Voice)
>
> Internetwork Expert, Inc.
> http://www.INE.com
> Toll Free: 877-224-8987
> Outside US: 775-826-4344
>
> 2009/8/9 jack daniels <jckdaniels12_at_gmail.com>:
> > Hi All,
> >
> > We had a requirement in which customer wants that the ISP- AS should not
> be
> > visible when route are advertised to internet via a upstream(L2 VPN
> > solution).
> > Can we use BGP command no-prepend with Replace AS attribute to hide ISP
> AS
> > in internet. ------------
> >
> > Can we peer with customer using local AS which will be private AS.We will
> > use no prepend command along with Replace AS which will replace ISP AS
> with
> > the private AS which is used for Peering.While going out to any
> > international Peer we will remove private AS . On internet only customer
> AS
> > and Peer AS will be visible.
> >
> > Please advise is this solution will work . Also advise if any better
> > solution for this scenario.
> >
> > Thanks and Regards
> > J.Daniels
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Mon Aug 10 2009 - 12:19:54 ART