Configuring BGP ASN Migration Mechanisms
NetVisor OS release 6.1.0 supports BGP mechanisms for Autonomous System Number (ASN) migration as specified in RFC7705. These mechanisms are leveraged in the scenario of an Internet Service Provider (ISP) merger, acquisition, or divestiture to ensure that internal and external BGP speakers are migrated seamlessly from one ASN to another.
Consider the use case where there are two ISPs, ISP M (AS 65300) and ISP N (AS 65400) directly attached to customer X (AS 65200) and customer Y (AS 65100) respectively. In a scenario where ISP M merges the ASNs of both ISP M and ISP N, AS 65300 becomes the permanently retained ASN used across the consolidated set of both ISPs' network equipment, while AS 65400 is retired. After the ASN migration, there will be only ISP M and all internal BGP speakers are configured to use AS 65300. This is illustrated by the figures below.
Figure 5-6: Before Migration
Figure 5-7: After Migration
During the migration, ISP N changes the global BGP ASN used by a Provider Edge (PE) router, from ASN 65400 to 65300. Immediately after this change, the router is no longer able to establish External BGP (eBGP) sessions toward the existing Customer Edge (CE) routers that are connected to it and still using AS 65400. Here, we make use of the migration mechanisms to enable the router to establish BGP neighbors using the legacy ASN and to modify the AS_PATH advertisement when transmitted toward CE devices to achieve the desired effect of not increasing the length of the AS_PATH.
Configuring "Local AS" Mechanism
The "Local AS" mechanism allows the PE router undergoing the ASN migration to establish eBGP sessions with existing CE devices that are using old ASN. This result is achieved by superceding the globally configured ASN with a locally defined ASN for a BGP neighbor or a group of neighbors. When this feature is used, the local router prepends the old or local ASN to the AS_PATH while installing or advertising routes received from a CE to iBGP neighbors inside the Autonomous System.
In the example illustrated below, when Local AS is configured on PE-Y, CE-X sees an AS_PATH of 65300 65400 65100, with an increased (and hence not desirable) AS_PATH length. The "No Prepend Inbound" mechanism described below solves this issue.
Figure 5-8: Local AS and No Prepend BGP UPDATE Diagram
To configure Local AS mechanism on the PE router which migrates to the new ASN, use the command:
CLI (network-admin@switch) > vrouter-bgp-modify vrouter-name vr1 neighbor-ip 192.168.10.1 local-as 65400
Configuring the "No Prepend Inbound (of Local AS)" Mechanism
The "No Prepend Inbound " mechanism is used in conjunction with the Local AS mechanism. When no-prepend option is configured, the local BGP routers do not prepend the old or local ASN value to the AS_PATH while installing or advertising routes received from the CE. As a result, for the illustrated case above, CE-X sees an AS_PATH of 65100 65300, with a reduced AS_PATH length.
In this case, the no-prepend option has to be configured in the inbound direction on PE-Y, that is, in the direction of reception of routes. Use the command below to enable this option.
CLI (network-admin@switch) > vrouter-bgp-modify vrouter-name vr1 neighbor-ip 192.168.10.1 local-as 65400 no-prepend
If you do not configure the no-prepend option , PE-X may drop the route it receives from PE-Y as the presence of the old ASN in the AS_PATH is perceived as a routing loop.
Table 5-1 - No Prepend Inbound Configuration
AS_PATH as seen by CE-X
65100 65400 65300
Configuring the "Replace Old AS" Mechanism
The "Local AS" and "No Prepend Inbound" configurations do not modify the AS_PATH attribute for BGP UPDATEs that are transmitted by the ISP's PEs to CE devices in the outbound direction. The "Replace Old AS" capability allows ISP M to prevent routers from appending the global or new ASN in outbound BGP UPDATEs toward customer networks that are using the "Local AS" mechanism. Instead, only the old or local AS is prepended in outbound BGP UPDATEs.
Figure 5-9: Replace AS BGP UPDATE Diagram
For example, without the use of "Replace Old AS", CE-Y would see an AS_PATH of 65400 65300 65200, with an unacceptable increase in AS_PATH length. After you configure PE-Y to use "Replace Old AS", CE-Y receives an AS_PATH of 65400 65200, which is the same AS_PATH length prior to AS migration. Therefore, the Replace AS configuration helps retain the same AS_PATH length before and after ISP migration.
To configure this mechanism, use the replace-as option as in this example:
CLI (network-admin@switch) > vrouter-bgp-modify vrouter-name vr1 neighbor-ip 192.168.10.1 local-as 65400 no-prepend replace-as
Table 5-2 - Replace Old AS Configuration
AS_PATH as seen by CE-Y
65400 65300 65200