You can use one AS and communities to seperate your traffic/policies.
-jim
You can use one AS and communities to seperate your traffic/policies.
Or other iBGP means of internal separation, like BGP confederations (in
order to avoid iBGP session hacks).
mh
Or just have disparate networks using the same ASN. Works fine.
Why waste ASNs and try to explain to others how asX,Y,Z, etc., are all the same company?
I dislike the problem of routes not being accepted with my ASN in it. There's workarounds, but they are all ugly.
Jack
Having islands which point default is not ugly. They are probably pointing default anyway.
If not, typing "nei $FOO allowas-in" is also not ugly, IMHO.
But your network, your decision. Mine runs fine like that.
Having islands which point default is not ugly. They are probably pointing default anyway.
If all sites strictly do default, fine. However, one could say static routing would work fine there too; and then you don't need an ASN. If each site is multihomed (the usual reason to run BGP), you might want to see the routes to apply appropriate traffic policies to them.
If not, typing "nei $FOO allowas-in" is also not ugly, IMHO.
Works, but you usually need to be careful when utilizing that method to prevent loops.
But your network, your decision. Mine runs fine like that.
I'm surprised that you left out the obvious workaround and depending on the traffic, the most appropriate model (leaving workaround status), create an encrypted channel between the networks and run iBGP over it.
Jack
Having islands which point default is not ugly. They are probably pointing default anyway.
If all sites strictly do default, fine. However, one could say static routing would work fine there too; and then you don't need an ASN. If each site is multihomed (the usual reason to run BGP), you might want to see the routes to apply appropriate traffic policies to them.
Just because you have one transit doesn't mean you shouldn't do BGP. Consider the router at an exchange point with 100+ peers and one transit, for instance.
If not, typing "nei $FOO allowas-in" is also not ugly, IMHO.
Works, but you usually need to be careful when utilizing that method to prevent loops.
There is always a "you usually need to be careful" with any implementation, including a network without islands.
If this is, for instance, a bunch of remote offices with a single router & two upstreams each, there is zero risk of routing loops. Otherwise, there are always considerations, whatever your topology choice.
But your network, your decision. Mine runs fine like that.
I'm surprised that you left out the obvious workaround and depending on the traffic, the most appropriate model (leaving workaround status), create an encrypted channel between the networks and run iBGP over it.
If you think you need to be careful with allowas-in, you need to be an order of magnitude more careful with tunnels.
Plus I don't like GRE. 