On Fri, Mar 29, 2019 at 08:36:26AM +0100, open...@kene.nu wrote: > I forgot to add to my previous email. One thing that could be useful > in this case is to mimic the Cisco option "neighbor x.x.x.x > remove-private-as" which removes any private ASes from the path on any > updates to a peer. Just throwing it out there, cant be a very > difficult option to implement I guess?
I think changing the AS PATH is a bad thing, removing elements from your AS path has a major impact on the route selection and opens doors for routing loops. In general I will only add features like 'as-override' when there is a clear reason why it is needed. So my question is, why do you need to use private AS numbers in your internal network? > On Thu, Mar 28, 2019 at 2:55 PM <open...@kene.nu> wrote: > > > > That will indeed help. Will check it out. > > > > How I have solved it now is by having network statements on the edge > > (/24s). To make the internal routing work I announce more specific > > prefixes from the internal router, so externally I announce a /24 > > (from edge to peering partners) but internally I announce two /25s > > (from internal to edge). That way internet knows how to find my /24 > > and edge knows how to find its way internally due to /25 being more > > specific compared to /24. > > > > On Wed, Mar 27, 2019 at 9:33 PM Sebastian Benoit <benoit-li...@fb12.de> > > wrote: > > > > > > open...@kene.nu(open...@kene.nu) on 2019.03.27 12:25:33 +0100: > > > > Hello, > > > > > > > > That would unforunately affect all the prefixes announced to the edge > > > > router from the internal router. I need it to be only prefixes > > > > announced to my peering partners. > > > > > > > > /Oscar > > > > > > > > On Tue, Mar 26, 2019 at 3:50 PM Denis Fondras <open...@ledeuns.net> > > > > wrote: > > > > > > > > > > On Tue, Mar 26, 2019 at 02:54:38PM +0100, open...@kene.nu wrote: > > > > > > Hello, > > > > > > > > > > > > Is there a way to make openbgpd strip private ASNs from updates it > > > > > > sends to certain neighbors? > > > > > > I am using openbgpd on my edge routers and distribute routes > > > > > > generated > > > > > > internally to the rest of the world. However, the internal routers > > > > > > use > > > > > > private ASNs and this is obviously frowned upon by my peering > > > > > > partners. > > > > > > > > > > > > I can of course have network statements on my edge routers but that > > > > > > assumes the prefixes will always be reachable via said edge router, > > > > > > something I can never be certain of. I would rather the updates rely > > > > > > on the prefix actually being announced from the source. > > > > > > > > > > > > > > > > Perhaps with transparent-as ? > > > > > > In current (snapshots) there is "as-override": > > > > > > as-override (yes|no) > > > If set to yes, all occurrences of the neighbor AS in the AS > > > path will be replaced with the local AS before running the > > > filters. The Adj-RIB-In still holds the unmodified AS path. > > > The default value is no. > > > > > > this is a neighbor option and used on the session to a peer that uses a > > > private AS. > > > > > > You dont say much about your network structure, but if your edge router > > > has > > > a normal As number, and your internal ebgp peers have private As numbers, > > > this option will help. > > > > > > /Benno > > > > -- :wq Claudio
