If you are using Network Connectivity Center for site-to-site data transfer, use the following best practices for managing autonomous system numbers (ASNs).
ASN assignment
Assign ASNs as described in the following sections.
Google ASNs
All Cloud Routers that are associated with a single hub must use the same Google ASN. To select an ASN, follow the recommendations in the Cloud Router documentation.
Peer ASNs
All non-Google peering routers that are associated with a single spoke must use the same ASN when advertising prefixes to the Cloud Router. This is important because, if two peers advertise the same prefix with different ASNs or AS paths, only one peer's ASN and AS path is readvertised for that prefix. Different spokes must have different ASNs. That is, if two BGP sessions belong to different spokes, they must have different ASNs.Example
Suppose that your Network Connectivity Center setup uses the following spokes:
- Spoke
A-east
includes VPN tunnels1
and2
. It uses Cloud RouterA
. - Spoke
B-west
includes VPN tunnels3
and4
. It uses Cloud RouterB
.
Because all spokes connect to the same hub, Cloud Router A
and
Cloud Router B
must both use the same
number—for example, 65000
—in the bpg.asn
field.
In this same scenario, your setup includes the following on-premises routers:
- Peer router
A1-east
is associated with spokeA-east
and Cloud RouterA
. - Peer router
A2-east
is also associated with spokeA-east
and Cloud RouterA
. - Peer router
B1-west
is associated with spokeB-west
and Cloud RouterB
. - Peer router
B2-west
is also associated with spokeB-west
and Cloud RouterB
.
Because peer router A1-east
and peer router A2-east
are associated with one
spoke (spoke A-east
), they must use the same ASN—for example, 65001
.
Cloud Router A
also uses this number, in the bgpPeers.peerAsn
field for
VPN tunnel 1
and the bgpPeers.peerAsn
field for VPN tunnel 2
.
Similarly, peer router B1-west
and peer router B2-west
are both associated
with one spoke (spoke B-west
), so they must use the same
ASN—for example, 65002
. Cloud Router B
also uses this number, in
the bgpPeers.peerAsn
field for VPN tunnel 3
and in the bgpPeers.peerAsn
field for VPN tunnel 4
.
AS path loop detection
We recommend configuring autonomous system (AS) path loop detection on your peer routers. This feature is almost always on by default, but if it is not, we recommend that you configure it. When AS path loop detection is enabled, if two spokes are configured with the same peer ASN, AS path loop detection on a peer router for one spoke drops all prefix advertisements from the other spoke.
What's next
- To view a sample topology, see Sample topology for site-to-site data transfer.
- To learn more about how Network Connectivity Center enables full mesh connectivity, see Route exchange with site-to-site data transfer.
- To learn about high availability requirements, see High availability requirements for spoke resources.
- To work through a tutorial, see Connecting two sites by using Cloud VPN spokes.
- To view a list of partners whose solutions are integrated with Network Connectivity Center, see Network Connectivity Center partners.