Technical Tip: Replace as path chain in BGP advertisement

This article describes the additional steps required to replace the AS-PATH for any received BGP prefix for redistribution to another BGP peer.

As a general practice, BGP provides the capability of using AS-OVERRIDE in situations where there is a need to accept a prefix even though the AS-PATH of that prefix contains the local AS number of the receiving unit.

In this given topology, AS65512 has two geographically separated sites and prefix 9.7.3.8/32 is being advertised to AS65514(R3 FGT) from AS65513(R2). R2 has received this prefix from HQ AS65512(R1).

Note, AS65512 at the branch side(Juniper device) is a VRF, let's call it router R4(vrf) for understanding.

In an MSP environment especially when the same device acting as a PE and CE device, route exchange occurs in a non-standard manner.

The use of the 'as-override' option works a little bit differently in FortiGate.

Once use for any neighbor, this command will not replace the whole AS-PATH for the advertised prefix with its local AS number but will replace the AS number of the receiving neighbor only, and rest of the AS number remains intact as below:

R4#get router info bgp neighbors 10.56.242.61 received-routes
VRF 0 BGP table version is 15, local router ID is 9.7.3.9
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight RouteTag Path

*> 9.7.3.8/32 10.56.242.61 0 0 64512  64514  65513  65512 i <-/-> <----- Behavior after allowas-in at R4 side, however, this solution still will not work in Juniper device as Juniper can still see 64513 AS number as its one of the vrf and will drop the route.

R4#get router info bgp neighbors 10.56.242.61 received-routes
VRF 0 BGP table version is 14, local router ID is 9.7.3.9
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight RouteTag Path
*> 6.4.5.12/32 10.56.242.61 0 0 64512 i <-/->
*> 9.7.3.8/32 10.56.242.61 0 0 64512  64514  65513  65513i <-/-> <----- Behavior after as-override at R2 side, only the conflict as 65512  got replaced with 64513  but not the whole chain, however, this solution still won’t work in Juniper device as Juniper can still see 64513 AS number as its one of the vrf and will drop the route.
Total number of prefixes 3

Configuration Change at FortiGate:

R3# config router route-map

    edit "aspath-test"

# config rule

    edit 1

    set match-as-path "path-test"

    set set-aspath-action replace    <-----

    set set-aspath "10000"

        unset set-ip-nexthop

        unset set-ip6-nexthop

        unset set-ip6-nexthop-local

        unset set-originator-id

    next

end

next

end

!

R3# config router aspath-list

    edit "path-test"

# config rule

    edit 1

        set action permit

        set regexp ".*"

    next

end

next

end

R3#config router bgp

R3(bgp) # config neighbor

R3(neighbor) edit 10.56.240.77

    set advertisement-interval 1

    set bfd enable

    set link-down-failover enable

    set next-hop-self enable

    set soft-reconfiguration enable

    set remote-as 65512

    set route-map-out "aspath-test"  <-----

next

end

Test:

R4#get router info bgp neighbors 10.56.242.61 received-routes | grep 9.7
VRF 0 BGP table version is 29, local router ID is 9.7.3.9
*> 9.7.3.8/32 10.56.242.61 0 0 64512 10000 i <-/->   <---- Whole AS-PATH is now replaced with 10000.