Question about experiences with BGP remote-AS

LF OD bz_siege_01 at hotmail.com
Fri May 5 16:55:36 UTC 2017


We have a number of small routers in co-lo sites that peer with B2B partners. As more of our partners move to cloud, we are considering a consolidation effort and putting all of  our peering routers in a cloud exchange site on a single HA pair of routers. Now, each existing B2B peering router uses a unique private ASN to EBGP peer with partners and they, in turn, EBGP peer with our extranet perimeter ASNs for security vetting and other stuff.


We looked for a medium-density router (or L3-switch) that can replace multiple small routers (b2b-only, no internet), but we need to retain all of our existing ASNs and peerings. As it turns out, there are many routers that can do VRFs but you cannot put a unique ASN on each VRF so replicating the old environment isn't quite that straightforward. The BGP remote-as looks to be a possible alternative solution, but we've never used it in production and we are unsure of the caveats. Taken at face value, it looks like we can mimic the multi-router/unique-ASN environment we have today on a single platform. However, networking is rarely as smooth as that so I'm asking some of the BGP gurus... what are the pros/cons of doing using remote-as? If anyone here uses it extensively, we could really use some feedback if you run into challenges or hidden surprises that we wouldn't normally think of beforehand.


Thanks in advance!


LFOD


More information about the NANOG mailing list