On Fri, 9 Jun 2023, Matthew Petach wrote:
I previously wrote: Every platform I've used has a knob for turning off / relaxing as-path loop detection. Note, for some platforms (at least Juniper), you may also have to have your upstream provider "advertise-peer-as", though I suspect it's highly unlikely you'd have BGP service from the same upstream in both CA and PH...so this won't likely be an issue.I'd recommend this be treated as a "BGP 201" level exercise, not a "BGP 101" knob to turn. If you're asking for advice from the NANOG mailing list about how to best set up your first "remote" network location, you're in BGP 101 territory, and probably shouldn't be disabling as-path loop detection as a general rule. ^_^; No knock on you, just that it's probably best not to do that until you're a lot more comfortable with the potential gotchas that can result from making changes to the default BGP protocol behaviour on your border routers.
Funny timing on this. Work somewhat recently opened a few new "island POPs", each with the same couple of transit providers and no backbone. While looking into something else, I realized one of our transits is not advertising any of these sites' routes to the other sites. MAC address lookup suggests they're running Cisco gear. Googling suggests that IOS XR has added the functionality I thought was unique to Juniper of not advertising routes to an eBGP neighbor if those routes were received from the neighbor's ASN.
Juniper at least had the good sense to make this behavior configurable down to the individual neighbor. IOS XR apparently only lets you turn off this behavior at the address-family level. If the provider isn't willing to make a change like this, we may have to ask APNIC for a few ASNs...and it may be time to stop the practice of using the same ASN in all our islands.
---------------------------------------------------------------------- Jon Lewis, MCP :) | I route StackPath, Sr. Neteng | therefore you are _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
