AS-path prepending (technical details)
From CT3
AS-path prepending is the manipulation of the BGP AS-path attribute beyond the insertion of local AS number on outgoing EBGP updates. Extra AS-numbers are inserted (prepended) at the beginning of AS-path, just after the local AS-number.
Cisco IOS supports inbound and outbound AS-path prepending on EBGP sessions. AS-path prepending does not work on IBGP sessions.
Outbound AS-path prepending can be used as the last-resort mechanism to influence global BGP routing policies in BGP multi-homing scenarios where all other methods (Multi-exit Discriminator or Local preference manipulation through BGP communities) don’t work due to lack of upstream ISP’s support or due to the wide difference in upstream ISP’s connectivity to the internet core.
Contents |
Test network diagram
Throughout the article, the test network displayed in Figure 1 will be used to generate router printouts. The initial router configurations are summarized in the Initial router configuration section. The routers were running Cisco IOS release 12.4(20)T.
Cisco IOS configuration
BGP AS-path prepending is configured with the set as-path prepend statement within a route-map. The route-map can then be applied to inbound or outbound updates received or sent to an EBGP peer.
For example, to prepend three copies of the local AS-number to the outbound BGP updates sent from E1 to R2, you could use the following configuration on E1:
router bgp 65000 no synchronization bgp log-neighbor-changes network 10.7.1.0 mask 255.255.255.0 neighbor 10.0.1.2 remote-as 64800 neighbor 10.0.1.6 remote-as 64800 neighbor 10.0.1.6 route-map prepend out ! route-map prepend permit 10 set as-path prepend 65000 65000 65000
After the changed BGP updates have been received by R2, its BGP table reflects the modified AS-path sent by E1. Due to longer AS-path on prefixes received over the E1-R2 link, R2 prefers paths received from R1; you’ve turned the link between E1 and R2 into a backup link.
R2#show ip bgp
BGP table version is 3, local router ID is 10.2.0.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i10.7.1.0/24 10.0.1.1 0 100 0 65000 i
* 10.0.1.5 0 0 65000 65000 65000 65000 i
To append two copies of the remote AS number to inbound updates received from E1, use the following configuration on R1:
router bgp 64800 no synchronization bgp log-neighbor-changes neighbor 10.0.1.1 remote-as 65000 neighbor 10.0.1.1 route-map prependIn in neighbor 10.2.0.2 remote-as 64800 ! route-map prependIn permit 10 set as-path prepend last-as 2
After R1 receives new EBGP update from E1 (for example, triggered by the clear ip bgp neighbor soft in command or by a reset of the BGP session), the AS-path stored in the BGP table on R1 contains three copies of AS 65000:
R1#show ip bgp
BGP table version is 2, local router ID is 10.0.0.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 10.7.1.0/24 10.0.1.1 0 0 65000 65000 65000 i
Troubleshooting AS-path prepending
Outbound AS-path prepending can be reliably observed only in the BGP table of the EBGP peers. The show ip bgp neighbor address advertised-routes command does not display the results of the outbound route-map; it displays the routes in the local BGP table that are advertised to the specified neighbor.
For example, the show ip bgp neighbor 10.0.1.6 advertised command executed on E1 displays empty AS-path even though three copies of AS65000 are prepended to the AS-path in the outgoing EBGP updates.
E1#show ip bgp neighbor 10.0.1.6 advertised-routes
BGP table version is 2, local router ID is 10.7.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 10.7.1.0/24 0.0.0.0 0 32768 i
Total number of prefixes 1
The debug ip bgp updates command is also unreliable. It might (unpredictably) display the results of the outbound route-map or the contents of the local BGP table.
AS-path prepending and AS-path filters
The prepended portion of the AS-path is not used in inbound or outbound AS-path filters; either in the match as-path conditions or in the per-neighbor filter lists. The AS-path filters always match the actual AS-path received from the BGP neighbor (when applied in the inbound direction) or the AS-path of the entry in the BGP table (when applied in the outbound direction).
Outbound prepending and AS-path tests within the route map
The AS-path prepending does not influence the AS-path filters used within the route-map in the match as-path command. These filters are always matched against the original BGP entry in the BGP table. AS numbers specified with the set as-path prepend commands are accumulated and prepended to the AS-path attribute after the route map processing is completed.
To test the IOS behavior, we’ll modify the outbound prepend route map on E1 to include an AS-path filter. The continue 20 statement in the first part of the route map ensures that the whole route map is executed.
ip as-path access-list 100 permit ^$
!
route-map prepend permit 10
set as-path prepend 10
continue 20
!
route-map prepend permit 20
match as-path 100
set as-path prepend 20
If the AS-path filters would match the prepended AS-path, the match as-path 100 test in the route-map prepend permit 20 statement would not succeed and only a single AS-number would be prepended to the AS-path. However, the display of BGP table on R2 verifies that E1 prepended both AS-numbers to the AS-path:
R2#show ip bgp
BGP table version is 17, local router ID is 10.2.0.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* 10.7.1.0/24 10.0.1.5 0 0 65000 20 10 i
*>i 10.0.1.1 0 100 0 65000 i
Outbound prepending and outbound neighbor filter lists
The outbound AS-path prepending does affect the operation of outbound filter lists. The AS-path access list specified in the filter-list out BGP neighbor option matches AS-paths in the BGP table, not the prepended paths generated by outbound route map.
If we modify the BGP router configuration on E1 to include an outbound filter-list on neighbor 10.0.1.6, E1 still sends the same prefix to R1, proving that the outbound filter-list does not test the prepended path.
Combination of AS-path prepending and outbound filter-list on E1
router bgp 65000 no synchronization bgp log-neighbor-changes network 10.7.1.0 mask 255.255.255.0 neighbor 10.0.1.2 remote-as 64800 neighbor 10.0.1.6 remote-as 64800 neighbor 10.0.1.6 route-map prepend out neighbor 10.0.1.6 filter-list 100 out no auto-summary ! ip as-path access-list 100 permit ^$ ! route-map prepend permit 10 set as-path prepend 65000 65000 65000
Outbound updates are still sent to R2
E1#debug ip bgp 10.0.1.6 updates BGP updates debugging is on for neighbor 10.0.1.6 for address family: IPv4 Unicast E1#clear ip bgp * soft out E1# BGP(0): 10.0.1.6 send UPDATE (format) 10.7.1.0/24, next 10.0.1.5, metric 0, path Local
Inbound prepending and inbound neighbor filter lists
The inbound AS-path filter-list is applied before the inbound route-map. The AS-path attribute tested by the inbound AS-path access-list is thus the original AS-path sent by the EBGP neighbor, not the AS-path modified by inbound prepending.
You can use modified configuration of R1 to test this behavior.
router bgp 64800 no synchronization bgp log-neighbor-changes neighbor 10.0.1.1 remote-as 65000 neighbor 10.0.1.1 route-map prependIn in neighbor 10.0.1.1 filter-list 100 in neighbor 10.2.0.2 remote-as 64800 no auto-summary ! ip as-path access-list 100 permit ^65000$ ! route-map prependIn permit 10 set as-path prepend last-as 2
The inbound filter-list matches the expected AS-path (65000) and the BGP debugging confirms the inbound EBGP update is accepted.
R1#clear ip bgp * soft in
R1#
BGP(0): 10.0.1.1 rcvd UPDATE w/ attr: nexthop 10.0.1.1, origin i, metric 0, path 65000
BGP(0): 10.0.1.1 rcvd 10.7.1.0/24
The AS-path in the BGP table on R1 contains the received AS-path as well as the results of the inbound prepending:
R1#show ip bgp
BGP table version is 5, local router ID is 10.0.0.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 10.7.1.0/24 10.0.1.1 0 0 65000 65000 65000 i
Initial router configurations
Initial configuration of R1
version 12.4 no service timestamps debug service timestamps log datetime msec no service password-encryption ! hostname R1 ! logging message-counter syslog ! no aaa new-model ip source-route ip cef ! archive log config hidekeys ! interface Loopback0 ip address 10.0.0.1 255.255.255.255 ip ospf 1 area 0 ! interface FastEthernet0/0 ip address 10.2.0.1 255.255.255.0 ip ospf 1 area 0 ! interface Serial1/0 ip address 10.0.1.2 255.255.255.252 encapsulation ppp ip ospf 1 area 255 no peer neighbor-route serial restart-delay 0 ! router ospf 1 log-adjacency-changes passive-interface default no passive-interface FastEthernet0/0 ! router bgp 64800 no synchronization bgp log-neighbor-changes neighbor 10.0.1.1 remote-as 65000 neighbor 10.0.1.1 route-map prependIn in neighbor 10.2.0.2 remote-as 64800 no auto-summary ! ip forward-protocol nd no ip http server no ip http secure-server ! control-plane ! line con 0 stopbits 1 line aux 0 stopbits 1 line vty 0 4 login ! end
Initial configuration of R2
version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R2 ! logging message-counter syslog ! no aaa new-model ip source-route ip cef ! archive log config hidekeys ! interface Loopback0 ip address 10.0.0.2 255.255.255.255 ip ospf 1 area 0 ! interface FastEthernet0/0 ip address 10.2.0.2 255.255.255.0 ip ospf 1 area 0 ! interface Serial1/0 ip address 10.0.1.6 255.255.255.252 encapsulation ppp ip ospf 1 area 255 no peer neighbor-route serial restart-delay 0 ! router ospf 1 log-adjacency-changes passive-interface default no passive-interface FastEthernet0/0 ! router bgp 64800 no synchronization bgp log-neighbor-changes neighbor 10.0.1.5 remote-as 65000 neighbor 10.2.0.1 remote-as 64800 no auto-summary ! ip forward-protocol nd no ip http server no ip http secure-server ! control-plane ! line con 0 stopbits 1 line aux 0 stopbits 1 line vty 0 4 login ! end
Initial configuration of E1
version 12.4 no service timestamps debug uptime service timestamps log datetime msec no service password-encryption ! hostname E1 ! logging message-counter syslog ! no aaa new-model ip source-route ip cef ! archive log config hidekeys ! interface Loopback0 ip address 10.7.1.1 255.255.255.0 ! interface Serial1/0 ip address 10.0.1.1 255.255.255.252 encapsulation ppp no peer neighbor-route ! interface Serial1/1 ip address 10.0.1.5 255.255.255.252 encapsulation ppp no peer neighbor-route ! router bgp 65000 no synchronization bgp log-neighbor-changes network 10.7.1.0 mask 255.255.255.0 neighbor 10.0.1.2 remote-as 64800 neighbor 10.0.1.6 remote-as 64800 no auto-summary ! ip forward-protocol nd no ip http server no ip http secure-server ! control-plane ! line con 0 stopbits 1 line aux 0 stopbits 1 line vty 0 4 login ! end
BlogMarks
del.icio.us
digg
Facebook
LinkedIn
Newsvine
reddit
Slashdot