Description
This article provides a configuration example of BGP AS prepending.
Scope
FortiGate.
Solution
BGP AS-path prepending is useful in cases where there are two sites announcing the same routes. However, it is required that one site is the primary and the other site is the backup.
The goal of AS-path prepending is to change the announced AS-path by adding more ASes to influence the BGP algorithm to make it less preferable. By adding more ASes, the path becomes longer and hence it will be less preferred.
In the following example, Router ID 10.5.18.68 (AS 65001) has BGP neighborship with 10.5.22.4 (AS 65002) and 10.5.20.173 (AS 65003). Network 10.190.0.0/20 is announced by both FGT-A and FGT-B. However, FGT-B announces the route with multiple AS-path prepend, which makes the route less preferable.
The goal of AS-path prepending is to change the announced AS-path by adding more ASes to influence the BGP algorithm to make it less preferable. By adding more ASes, the path becomes longer and hence it will be less preferred.
In the following example, Router ID 10.5.18.68 (AS 65001) has BGP neighborship with 10.5.22.4 (AS 65002) and 10.5.20.173 (AS 65003). Network 10.190.0.0/20 is announced by both FGT-A and FGT-B. However, FGT-B announces the route with multiple AS-path prepend, which makes the route less preferable.
FGT-A Configuration.
config router bgp
set as 65002
set router-id 10.5.22.4
config neighbor
edit "10.5.18.68"
set soft-reconfiguration enable
set remote-as 65001
set route-map-out "to_MPLS_NETWORK"
next
end
config redistribute "connected"
set status enable
end
end
config router route-map
edit "to_MPLS_NETWORK"
config rule
edit 1
set match-ip-address "to_MPLS_NETWORK"
next
end
next
end
config router prefix-list
edit "to_MPLS_NETWORK"
config rule
edit 1
set prefix 10.190.0.0 255.255.240.0
unset ge
unset le
next
end
next
end
FGT-A Output.
FGT-A # get router info bgp summary
VRF 0 BGP router identifier 10.5.22.4, local AS number 65002
BGP table version is 2
1 BGP AS-PATH entries
0 BGP community entries
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.5.18.68 4 65001 117 140 1 0 0 00:11:28 0
Total number of neighbors 1
FGT-A # get router info bgp network
Network Next Hop Metric LocPrf Weight RouteTag Path
*> 10.5.16.0/20 0.0.0.0 32768 0 ? <-/1>
*> 10.190.0.0/20 0.0.0.0 32768 0 ? <-/1>
Total number of prefixes 2
FGT-A # get router info routing-table all
S* 0.0.0.0/0 [10/0] via 10.5.31.254, wan2
C 10.5.16.0/20 is directly connected, wan2
C 10.190.0.0/20 is directly connected, internal1
FGT-B Configuration.
config router bgp
set as 65003
set router-id 10.5.20.173
config neighbor
edit "10.5.18.68"
set remote-as 65001
set route-map-out "to_MPLS_NETWORK"
next
end
config redistribute "connected"
set status enable
end
end
Both FGT-A and FGT-B are announcing the route 10.190.0.0/20. However, FGT-B is announcing with multiple AS-path '65002 65002 65002'.
config router route-map
edit "to_MPLS_NETWORK"
config rule
edit 1
set match-ip-address "to_MPLS_NETWORK"
set set-aspath "65002 65002 65002" <<<<
next
end
next
end
config router prefix-list
edit "to_MPLS_NETWORK"
config rule
edit 1
set prefix 10.190.0.0 255.255.240.0
unset ge
unset le
next
end
next
end
FGT-B Output.
FGT-B # get router info bgp summary
VRF 0 BGP router identifier 10.5.20.173, local AS number 65003
BGP table version is 2
3 BGP AS-PATH entries
0 BGP community entries
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.5.18.68 4 65001 82 103 1 0 0 00:09:41 1
Total number of neighbors 1
FGT-B # get router info bgp network
VRF 0 BGP table version is 2, local router ID is 10.5.20.173
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight RouteTag Path
*> 10.5.16.0/20 0.0.0.0 32768 0 ? <-/1>
* 10.190.0.0/20 10.5.22.4 0 0 0 65001 65002 ? <-/->
Total number of prefixes 2
FGT-B # get router info routing-table all
S* 0.0.0.0/0 [1/0] via 10.5.31.254, port1
C 10.5.16.0/20 is directly connected, port1
C 10.190.0.0/20 is directly connected, port2
FGT-C Configuration.
config router bgp
set as 65001
set router-id 10.5.18.68
config neighbor
edit "10.5.20.173"
set soft-reconfiguration enable
set remote-as 65003
next
edit "10.5.22.4"
set soft-reconfiguration enable
set remote-as 65002
next
end
end
FGT-C Output.
FGT-C # get router info bgp summary
VRF 0 BGP router identifier 10.5.18.68, local AS number 65001
BGP table version is 19
2 BGP AS-PATH entries
0 BGP community entries
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.5.20.173 4 65003 9306 9399 19 0 0 00:15:01 1
10.5.22.4 4 65002 9273 9372 0 0 0 00:15:01 1
Total number of neighbors 2
FGT-C # get router info bgp network
Network Next Hop Metric LocPrf Weight RouteTag Path
*> 10.190.0.0/20 10.5.22.4 0 0 0 65002 ? <-/1>
* 10.5.20.173 0 0 0 65003 65002 65002 65002 ? <-/-> <<<<
Total number of prefixes 1
FGT-C is receiving the route 10.190.0.0/20 from both neighbors. However, it selects the one with lower AS-path and installs it in the routing table.
FGT-C # get router info routing-table all
S* 0.0.0.0/0 [10/0] via 10.5.31.254, port1
C 10.5.16.0/20 is directly connected, port1
C 10.40.66.0/24 is directly connected, port17
C 10.40.87.0/24 is directly connected, port2
B 10.190.0.0/20 [20/0] via 10.5.22.4, port1, 00:15:10 <<<<
The AS_PATH attribute is a well-known mandatory attribute.
The BGP prefers the shortest AS path to get to a destination as the best route.
By using AS path prepending, it is possible to manipulate the path.
