BGP Independent Domain

What Exactly Does This Feature Do?

Imagine a scenario where a service provider has a requirement to peer their PE to a remote device using iBGP, and this remote device could be a customer CE, or a third party router that needs to send traffic across the service provider core to another remote site.

As the customer routes are sent over the provider core, the service providers AS would be added to the AS path of the customer routes, before these routes are announced to the end site.

There are two issues with this setup. Firstly the BGP Split Horizon rule the would prevent the routes from being announced to the remote site, as the customer AS would already exist in the path. The second issue could be that the provider (or customer) may wish for the routes to announced transparently between the two end points, without the provider AS being seen in the path.

How To Implement An Independant Domain

The VRF on the PE router is configured with the CE routers AS number, however this AS is not carried within the AS path attribute when the customer prefixes are carried across the providers core.

The reason for the above is due to the customer AS being removed from the AS path attribute and added into another attribute called ATTRSET; this effectively means that the customer AS is carried independently through the providers core, and does not affect the AS path used within the providers MPLS network.

When the routes arrive at a remote PE that is configured with the BGP independent domain, the original customer AS is taken from the ATTRSET, and replaced back into the AS path.

Configuration Example

The configuration is applied to the customer VRF under the routing-options heirarchy. The “independent-domain” command is appended to the AS number of the VRF, which in this case is 65501.

The command should be applied at all PE routes that are forming part of the VPN, and independent domain.

routing-instances {
vpn-a {
instance-type vrf;
route-distinguisher 172.21.0.2:4;
vrf-import vpn-a-import;
vrf-export vpn-a-export;
routing-options {
autonomous-system 65501 independent-domain;
}
}
}

Wrapping It Up

This feature is a pretty straight forward way of getting around a problem, however in most operational scenario’s it would probably be more wise to use some sort of layer 2 connection and allow the customer to peer directly between the two end points.

If the remote device is a managed CE, then there might be a case to use BGP independent domain, however other methods offer similar solutions such as AS-override, which I’ll be discussing in another article.