Well, just in case anyone cares, I found a twisted way to do it.
(I will be keeping the subnetworks + aggregate though, as it is usually
the case that twisted := trouble in the future :)
To recap, my problem boils down to a situation that surprises me it is
not common: we have a VPN implemented as MPLS-VPN and our provider is
using his public ASN there (100 in example topology). We have some
public networks that are reachable via the VPN and that we publish at
the central site through some other carrier (300). Problem: our route
would be seen as originating in AS 100 (not good) and will be rejected
by AS 100 on the Internet (even worse).
Solution ?: Change the CE on central site to a private AS (65001),
and pretend the rest of central site is AS 100. That way CE
sits between 100 and 100 and I can use as-override to replace
100 with 65001 on the way to 200 (central). On Central site,
use local-as to fake being 100 to CE. Now remove-private-as
takes care of the as-path cleaning.
Ugly... but works.
(It comes with another string: as-override only works inside a
vrf, so the CE has to be configured with a VRF just to be
able to use as-override... makes a neat lab exercise :)
-Carlos
Tom Kacprzynski @ 29/12/2011 20:07 -0300 dixit:
> Carlos,
> I'm not sure if i fully understand the issue fully, but would bgp
> as-override on Central work for you? I thinking that might not work as
> Internet would detect a loop of 300 200 300 and the only way to fix this
> is with a allowas-in on the Internet side, but then again you don't have
> access to that side (just thinking out loud).
>
> Tom
>
> On Thu, Dec 29, 2011 at 4:53 PM, Carlos G Mendioroz <tron_at_huapi.ba.ar
> <mailto:tron_at_huapi.ba.ar>> wrote:
>
> Hmm, I fail to understand how any of these is useful in my case:
>
> Remote -- <MPLS-VPN> -- Central -- Internet -- Carrier
> 65002 100 200 300 100
>
> When I (Central) publish to Internet, as-path ends up being
> "200 100", which is then rejected by Carrier (100 again).
>
> I do have admin access to Central (and Remote).
> The workaround I'm using is recreating the route at central
> with an aggregate, publishing subnets at Remote. Not very clean.
>
> -Carlos
>
> Narbik Kocharians @ 29/12/2011 19:10 -0300 dixit:
>
> You can even add a dual-as to the end which can be very useful,
>
>
> Sent from my iPhone
>
> On Dec 29, 2011, at 1:48 PM, Christian Hunter
> <stasis416_at_gmail.com <mailto:stasis416_at_gmail.com>> wrote:
>
> neighbor X.X.X.X local-as XX no-prepend replace-as
>
>
>
> On Thu, Dec 29, 2011 at 3:59 PM, Carlos G Mendioroz
> <tron_at_huapi.ba.ar <mailto:tron_at_huapi.ba.ar>>wrote:
>
> Hi there,
> question asked many times: is there any way to "edit"
> the AS-PATH of an
> update ? Is it easy to prepend, privates can be erased,
> but is there
> (an easy) way to remove some AS ?
>
> The case in point is a publication at a central site of
> a remote
> subnetwork that is linked via MPLS. The carrier is using
> its public
> ASN and using BGP to do routing. Central site would then
> publish
> with carrier's ASN as origin, and the carrier would not
> accept the
> prefix on the public side :(
>
> Yuck.
>
>
> --
> Carlos G Mendioroz <tron_at_huapi.ba.ar
> <mailto:tron_at_huapi.ba.ar>> LW7 EQI Argentina
>
>
> Blogs and organic groups at http://www.ccie.net
>
> ________________________________**________________________________**
> ___________
> Subscription information may be found at:
> http://www.groupstudy.com/**
> list/CCIELab.html
> <http://www.groupstudy.com/__list/CCIELab.html
> <http://www.groupstudy.com/list/CCIELab.html>>
>
>
> Blogs and organic groups at http://www.ccie.net
>
> ___________________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/__list/CCIELab.html
> <http://www.groupstudy.com/list/CCIELab.html>
>
>
>
> Blogs and organic groups at http://www.ccie.net
>
> ___________________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/__list/CCIELab.html
> <http://www.groupstudy.com/list/CCIELab.html>
>
>
>
>
>
>
>
>
> --
> Carlos G Mendioroz <tron_at_huapi.ba.ar <mailto:tron_at_huapi.ba.ar>>
> LW7 EQI Argentina
>
>
> Blogs and organic groups at http://www.ccie.net
>
> ___________________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/__list/CCIELab.html
> <http://www.groupstudy.com/list/CCIELab.html>
>
>
>
>
>
>
>
>
-- Carlos G Mendioroz <tron_at_huapi.ba.ar> LW7 EQI Argentina Blogs and organic groups at http://www.ccie.netReceived on Sat Dec 31 2011 - 09:56:30 ART
This archive was generated by hypermail 2.2.0 : Sun Jan 01 2012 - 08:27:01 ART