Description
This article provides a configuration example of eBGP AS prepending.
Scope
FortiGate.
Solution
eBGP AS-path prepending is useful in cases where two sites are announcing the same routes. However, it is required that one site is the primary and the other site is the backup.
eBGP (External BGP): BGP is used between different autonomous systems.
iBGP (Internal BGP): BGP used within the same autonomous system.
The goal of AS-path prepending is to change the announced AS-path by adding more ASes to influence the BGP algorithm to make it less preferable. By adding more ASes, the path becomes longer and hence it will be less preferred.
In the following example, Router ID 10.5.18.68 (AS 65001) has BGP neighborships with 10.5.22.4 (AS 65002) and 10.5.20.173 (AS 65003). Network 10.190.0.0/20 is announced by both FGT-A and FGT-B. However, FGT-B announces the route with multiple AS-path prepend, which makes the route less preferable.
FGT-A Configuration.
config router bgp
set as 65002
set router-id 10.5.22.4
config neighbor
edit "10.5.18.68"
set soft-reconfiguration enable
set remote-as 65001
set route-map-out "to_MPLS_NETWORK"
next
end
config redistribute "connected"
set status enable
end
end
config router route-map
edit "to_MPLS_NETWORK"
config rule
edit 1
set match-ip-address "to_MPLS_NETWORK"
next
end
next
end
config router prefix-list
edit "to_MPLS_NETWORK"
config rule
edit 1
set prefix 10.190.0.0 255.255.240.0
unset ge
unset le
next
end
next
end
FGT-A Output.
FGT-A # get router info bgp summary
VRF 0 BGP router identifier 10.5.22.4, local AS number 65002
BGP table version is 2
1 BGP AS-PATH entries
0 BGP community entries
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.5.18.68 4 65001 117 140 1 0 0 00:11:28 0
Total number of neighbors 1
FGT-A # get router info bgp network
Network Next Hop Metric LocPrf Weight RouteTag Path
*> 10.5.16.0/20 0.0.0.0 32768 0 ? <-/1>
*> 10.190.0.0/20 0.0.0.0 32768 0 ? <-/1>
Total number of prefixes 2
FGT-A # get router info routing-table all
S* 0.0.0.0/0 [10/0] via 10.5.31.254, wan2
C 10.5.16.0/20 is directly connected, wan2
C 10.190.0.0/20 is directly connected, internal1
FGT-B Configuration.
config router bgp
set as 65003
set router-id 10.5.20.173
config neighbor
edit "10.5.18.68"
set remote-as 65001
set route-map-out "to_MPLS_NETWORK"
next
end
config redistribute "connected"
set status enable
end
end
Both FGT-A and FGT-B are announcing the route 10.190.0.0/20. However, FGT-B is announcing with multiple AS-path '65002 65002 65002'.
config router route-map
edit "to_MPLS_NETWORK"
config rule
edit 1
set match-ip-address "to_MPLS_NETWORK"
set set-aspath "65002 65002 65002" <<<<
next
end
next
end
config router prefix-list
edit "to_MPLS_NETWORK"
config rule
edit 1
set prefix 10.190.0.0 255.255.240.0
unset ge
unset le
next
end
next
end
FGT-B Output.
FGT-B # get router info bgp summary
VRF 0 BGP router identifier 10.5.20.173, local AS number 65003
BGP table version is 2
3 BGP AS-PATH entries
0 BGP community entries
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.5.18.68 4 65001 82 103 1 0 0 00:09:41 1
Total number of neighbors 1
FGT-B # get router info bgp network
VRF 0 BGP table version is 2, local router ID is 10.5.20.173
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight RouteTag Path
*> 10.5.16.0/20 0.0.0.0 32768 0 ? <-/1>
* 10.190.0.0/20 10.5.22.4 0 0 0 65001 65002 ? <-/->
Total number of prefixes 2
FGT-B # get router info routing-table all
S* 0.0.0.0/0 [1/0] via 10.5.31.254, port1
C 10.5.16.0/20 is directly connected, port1
C 10.190.0.0/20 is directly connected, port2
FGT-C Configuration.
config router bgp
set as 65001
set router-id 10.5.18.68
config neighbor
edit "10.5.20.173"
set soft-reconfiguration enable
set remote-as 65003
next
edit "10.5.22.4"
set soft-reconfiguration enable
set remote-as 65002
next
end
end
FGT-C Output.
FGT-C # get router info bgp summary
VRF 0 BGP router identifier 10.5.18.68, local AS number 65001
BGP table version is 19
2 BGP AS-PATH entries
0 BGP community entries
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.5.20.173 4 65003 9306 9399 19 0 0 00:15:01 1
10.5.22.4 4 65002 9273 9372 0 0 0 00:15:01 1
Total number of neighbors 2
FGT-C # get router info bgp network
Network Next Hop Metric LocPrf Weight RouteTag Path
*> 10.190.0.0/20 10.5.22.4 0 0 0 65002 ? <-/1>
* 10.5.20.173 0 0 0 65003 65002 65002 65002 ? <-/-> <<<<
Total number of prefixes 1
FGT-C is receiving the route 10.190.0.0/20 from both neighbors. However, it selects the one with lower AS-path and installs it in the routing table.
FGT-C # get router info routing-table all
S* 0.0.0.0/0 [10/0] via 10.5.31.254, port1
C 10.5.16.0/20 is directly connected, port1
C 10.40.66.0/24 is directly connected, port17
C 10.40.87.0/24 is directly connected, port2
B 10.190.0.0/20 [20/0] via 10.5.22.4, port1, 00:15:10 <<<<
The AS_PATH attribute is a well-known mandatory attribute.
The BGP prefers the shortest AS path to get to a destination as the best route.
By using AS path prepending, it is possible to manipulate the path.
AS Path Prepending and iBGP:
In internal BGP (iBGP), AS Path Prepending is not applicable. The BGP protocol does not alter the AS_PATH attribute when
routes are propagated within the same autonomous system. Since all iBGP peers share the same AS number,
the AS_PATH remains unchanged across iBGP advertisements. Consequently, AS Path Prepending has no effect within iBGP environments.
To influence routing decisions within an AS using iBGP, alternative BGP attributes and techniques should be used, including:
Weight, local preference, IGP metrics, etc.
