Search this Blog

Wednesday, February 29, 2012

Is there added value of having multiple BGP AS# for a single VRF on IP-VPN

Is there any added value of having mutiple private AS numbers for a single VRF, compared to the usual practise of having one single AS for the entire enterprise network of a given customer. The solution provider is presenting a solution, basically connecting branches to Primary Data Center & DRC using 3-AS numbers, one AS for Primary Data Center, and one for Disaster Recovery Center and one for all the 1,000+ branches.

If the provider is using the same AS number for all sites belonging to the cusomer, it's sometimes difficult to troubleshoot possible routing problems from the CE router point of view.
As the provider has to use BGP features like as-override or allowas-in to make a CE router to accept prefixes originated be other sites using the same AS number. And then looking into a CE router BGP table it's not clear which site the prefix was originated from.

Also the use of multiple AS numbers on the customer side allows to build a clear hiearchy of BGP routes from the point of view of branch offices.
By using different AS numbers, as-override feature is not needed on the provider(s) side, and routes originated on the disaster recovery site can be made less preferred by simply using AS path prepending that is reported to every branch site.

If also branch to branch communication should be blocked for any reason it is enough to skip the as-override on the provider site of each branch facing PE node.

Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

No comments :

Post a Comment

/* Google Analytics begin ----------------------------------------------- */ /* Google Analytics end ----------------------------------------------- */