On Fri, 9 Jun 2023, Matthew Petach wrote:
I previously wrote:
Every platform I've used has a knob for turning off / relaxing as-path
loop detection. Note, for some platforms (at least Juniper), you may also
have to have your upstream provider "advertise-peer-as", though I suspect
it's highly unlikely you'd have BGP service from the same upstream in both
CA and PH...so this won't likely be an issue.
I'd recommend this be treated as a "BGP 201" level exercise, not a "BGP 101"
knob to turn.
If you're asking for advice from the NANOG mailing list about how to best set
up your first
"remote" network location, you're in BGP 101 territory, and probably shouldn't
be
disabling as-path loop detection as a general rule. ^_^;
No knock on you, just that it's probably best not to do that until you're a lot
more
comfortable with the potential gotchas that can result from making changes to
the
default BGP protocol behaviour on your border routers.
Funny timing on this. Work somewhat recently opened a few new "island
POPs", each with the same couple of transit providers and no backbone.
While looking into something else, I realized one of our transits is not
advertising any of these sites' routes to the other sites. MAC address
lookup suggests they're running Cisco gear. Googling suggests that IOS XR
has added the functionality I thought was unique to Juniper of not
advertising routes to an eBGP neighbor if those routes were received from
the neighbor's ASN.
Juniper at least had the good sense to make this behavior configurable
down to the individual neighbor. IOS XR apparently only lets you turn off
this behavior at the address-family level. If the provider isn't willing
to make a change like this, we may have to ask APNIC for a few ASNs...and
it may be time to stop the practice of using the same ASN in all our
islands.
----------------------------------------------------------------------
Jon Lewis, MCP :) | I route
StackPath, Sr. Neteng | therefore you are
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________