If you are using Network Connectivity Center for site-to-site data transfer, use the following best practices for managing autonomous system numbers (ASNs).
ASN assignment
Assign ASNs as described in the following sections.
Google ASNs
All Cloud Routers that are associated with a single hub must use the same Google ASN. To select an ASN, follow the recommendations in the Cloud Router documentation.
Peer ASNs
All non-Google peering routers that are associated with a single spoke must use the same ASN when advertising prefixes to the Cloud Router. This is important because, if two peers advertise the same prefix with different ASNs or AS paths, only one peer's ASN and AS path is readvertised for that prefix. Different spokes must have different ASNs. That is, if two BGP sessions belong to different spokes, they must have different ASNs.Example
Suppose that your Network Connectivity Center setup uses the following spokes:
- Spoke
A-eastincludes VPN tunnels1and2. It uses Cloud RouterA. - Spoke
B-westincludes VPN tunnels3and4. It uses Cloud RouterB.
Because all spokes connect to the same hub, Cloud Router A and
Cloud Router B must both use the same
number—for example, 65000—in the bpg.asn field.
In this same scenario, your setup includes the following on-premises routers:
- Peer router
A1-eastis associated with spokeA-eastand Cloud RouterA. - Peer router
A2-eastis also associated with spokeA-eastand Cloud RouterA. - Peer router
B1-westis associated with spokeB-westand Cloud RouterB. - Peer router
B2-westis also associated with spokeB-westand Cloud RouterB.
Because peer router A1-east and peer router A2-east are associated with one
spoke (spoke A-east), they must use the same ASN—for example, 65001.
Cloud Router A also uses this number, in the bgpPeers.peerAsn field for
VPN tunnel 1 and the bgpPeers.peerAsn field for VPN tunnel 2.
Similarly, peer router B1-west and peer router B2-west are both associated
with one spoke (spoke B-west), so they must use the same
ASN—for example, 65002. Cloud Router B also uses this number, in
the bgpPeers.peerAsn field for VPN tunnel 3 and in the bgpPeers.peerAsn
field for VPN tunnel 4.
AS path loop detection
We recommend configuring autonomous system (AS) path loop detection on your peer routers. This feature is almost always on by default, but if it is not, we recommend that you configure it. When AS path loop detection is enabled, if two spokes are configured with the same peer ASN, AS path loop detection on a peer router for one spoke drops all prefix advertisements from the other spoke.
What's next
- To view a sample topology, see Sample topology for site-to-site data transfer.
- To learn more about how Network Connectivity Center enables full mesh connectivity, see Route exchange with site-to-site data transfer.
- To learn about high availability requirements, see High availability requirements for spoke resources.
- To work through a tutorial, see Connecting two sites by using Cloud VPN spokes.
- To view a list of partners whose solutions are integrated with Network Connectivity Center, see Network Connectivity Center partners.