If you're getting public internet via mpls then often the carrier will nat your private networks you advertise on mpls to them at firewalls with your vrf/vlan as the "inside" of this firewall instance.
But back to your original post, I don't see many people advertising public ip space to their carrier on a pure mpls network, then advertising that same ip space to the same carrier (or another carrier) on the global bgp table.
What I have seen a lot (and do) is in cases where we use mpls as our managed extranet (get us to one or more business partners or customers) advertise a public ip block (for inter-organization addressing uniqueness), and use a different network for global bgp multihoming (for websites, mail servers etc)
So my question to you is why do it the kludgey way you were and have to worry about as leakage?
----- Original Message -----
From: Carlos G Mendioroz [mailto:tron_at_huapi.ba.ar]
Sent: Saturday, December 31, 2011 03:10 PM
To: Joseph L. Brunner
Cc: Tom Kacprzynski <tom.kac_at_gmail.com>; Cisco certification <ccielab_at_groupstudy.com>
Subject: Re: As path mangling ?
Would you please elaborate on what is an MPLS ONLY block good for ?
Assuming it is a public bock, i.e., non RFC1918.
That "small organization" thing touched my ego :)
-Carlos
Joseph L. Brunner @ 31/12/2011 12:27 -0300 dixit:
> It's not common Carlos.
>
> Most people who do this have MPLS ONLY Blocks and INTERNET ONLY Blocks.
>
> You're just a small organization that doesn't have the pull to call Arin and demand a /19 on any given day of the week :)
>
> I have worked for companies that have several /16's for their Extranet, WAN, etc. and several more /16's or a /12 or so for their Internet IP Space.
>
> Even in my little version of this we have two /24's for each purpose... we also Glop from our /24 used on the BT Radianz Wan to publish our multicast pricing feeds.
>
> -Joe
>
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of Carlos G Mendioroz
> Sent: Saturday, December 31, 2011 7:57 AM
> To: Tom Kacprzynski
> Cc: Cisco certification
> Subject: Re: As path mangling ?
>
> Well, just in case anyone cares, I found a twisted way to do it.
> (I will be keeping the subnetworks + aggregate though, as it is usually the case that twisted := trouble in the future :)
>
> To recap, my problem boils down to a situation that surprises me it is not common: we have a VPN implemented as MPLS-VPN and our provider is using his public ASN there (100 in example topology). We have some public networks that are reachable via the VPN and that we publish at the central site through some other carrier (300). Problem: our route would be seen as originating in AS 100 (not good) and will be rejected by AS 100 on the Internet (even worse).
>
> Solution ?: Change the CE on central site to a private AS (65001), and pretend the rest of central site is AS 100. That way CE sits between 100 and 100 and I can use as-override to replace
> 100 with 65001 on the way to 200 (central). On Central site, use local-as to fake being 100 to CE. Now remove-private-as takes care of the as-path cleaning.
> Ugly... but works.
> (It comes with another string: as-override only works inside a vrf, so the CE has to be configured with a VRF just to be able to use as-override... makes a neat lab exercise :)
>
> -Carlos
>
> Tom Kacprzynski @ 29/12/2011 20:07 -0300 dixit:
>> Carlos,
>> I'm not sure if i fully understand the issue fully, but would bgp
>> as-override on Central work for you? I thinking that might not work as
>> Internet would detect a loop of 300 200 300 and the only way to fix
>> this is with a allowas-in on the Internet side, but then again you
>> don't have access to that side (just thinking out loud).
>>
>> Tom
>>
>> On Thu, Dec 29, 2011 at 4:53 PM, Carlos G Mendioroz <tron_at_huapi.ba.ar
>> <mailto:tron_at_huapi.ba.ar>> wrote:
>>
>> Hmm, I fail to understand how any of these is useful in my case:
>>
>> Remote -- <MPLS-VPN> -- Central -- Internet -- Carrier
>> 65002 100 200 300 100
>>
>> When I (Central) publish to Internet, as-path ends up being
>> "200 100", which is then rejected by Carrier (100 again).
>>
>> I do have admin access to Central (and Remote).
>> The workaround I'm using is recreating the route at central
>> with an aggregate, publishing subnets at Remote. Not very clean.
>>
>> -Carlos
>>
>> Narbik Kocharians @ 29/12/2011 19:10 -0300 dixit:
>>
>> You can even add a dual-as to the end which can be very
>> useful,
>>
>>
>> Sent from my iPhone
>>
>> On Dec 29, 2011, at 1:48 PM, Christian Hunter
>> <stasis416_at_gmail.com <mailto:stasis416_at_gmail.com>> wrote:
>>
>> neighbor X.X.X.X local-as XX no-prepend replace-as
>>
>>
>>
>> On Thu, Dec 29, 2011 at 3:59 PM, Carlos G Mendioroz
>> <tron_at_huapi.ba.ar <mailto:tron_at_huapi.ba.ar>>wrote:
>>
>> Hi there,
>> question asked many times: is there any way to "edit"
>> the AS-PATH of an
>> update ? Is it easy to prepend, privates can be erased,
>> but is there
>> (an easy) way to remove some AS ?
>>
>> The case in point is a publication at a central site of
>> a remote
>> subnetwork that is linked via MPLS. The carrier is using
>> its public
>> ASN and using BGP to do routing. Central site would then
>> publish
>> with carrier's ASN as origin, and the carrier would not
>> accept the
>> prefix on the public side :(
>>
>> Yuck.
>>
>>
>> --
>> Carlos G Mendioroz <tron_at_huapi.ba.ar
>> <mailto:tron_at_huapi.ba.ar>> LW7 EQI Argentina
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> ________________________________**________________________________**
>> ___________
>> Subscription information may be found at:
>> http://www.groupstudy.com/**
>> list/CCIELab.html
>> <http://www.groupstudy.com/__list/CCIELab.html
>> <http://www.groupstudy.com/list/CCIELab.html>>
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> ___________________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/__list/CCIELab.html
>> <http://www.groupstudy.com/list/CCIELab.html>
>>
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> ___________________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/__list/CCIELab.html
>> <http://www.groupstudy.com/list/CCIELab.html>
>>
>>
>>
>>
>>
>>
>>
>>
>> --
>> Carlos G Mendioroz <tron_at_huapi.ba.ar <mailto:tron_at_huapi.ba.ar>>
>> LW7 EQI Argentina
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> ___________________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/__list/CCIELab.html
>> <http://www.groupstudy.com/list/CCIELab.html>
>>
>>
>>
>>
>>
>>
>>
>>
>
> --
> Carlos G Mendioroz <tron_at_huapi.ba.ar> LW7 EQI Argentina
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
-- Carlos G Mendioroz <tron_at_huapi.ba.ar> LW7 EQI Argentina Blogs and organic groups at http://www.ccie.netReceived on Sun Jan 01 2012 - 11:40:46 ART
This archive was generated by hypermail 2.2.0 : Thu Feb 02 2012 - 11:52:51 ART