This document shows sample configurations for the removal of private Autonomous System (AS) numbers from outgoing eBGP updates. AS numbers fall under two categories named private and public. Just like private and public IP addresses, you cannot leak the private AS numbers into the internet. Public AS numbers range between 1 and 64511 and the private AS numbers between 64512 and 65535. You can use private AS numbers to divide large ASs into multiple small ASs connected via eBGP. In addition, if you are connected to a single ISP, the ISP can assign private AS numbers in order to conserve public AS numbers. However, you must remove these private AS numbers before you send the updates to the global BGP mesh (Internet).
Note: The assignment of private AS numbers is not recommended if you connect to multiple ISPs. Private AS numbers can be used if the customer network connects to a single ISP (either single homed or dual homed).
Refer to Removing Private Autonomous System Numbers in BGP for more information on private AS numbers.
There are no specific requirements for this document.
The information in this document applies to these software and hardware versions:
Cisco IOS® Software Release 12.2(27)
Cisco 2501 and Cisco 2503 routers
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Refer to the Cisco Technical Tips Conventions for more information on document conventions.
In this section, you are presented with the information to configure the features described in this document.
This document uses a network setup in which Router 3 uses private AS number 65000, and Router 1 and Router 2 use Public AS numbers AS 1 and AS 5 respectively.
Router 2 is in the Service Provider Cloud with Router 1 (running AS 1) and Router 3 (running AS 65000) as its clients.
This procedure explains the sequence of events that occur when Router 3 advertises a network (10.0.0.0/24 in this case).
Router 3 advertises the network 10.0.0.0/24 with the AS path attribute 65000 to Router 2.
Router 2 receives the update from Router 3 and makes an entry for the network 10.0.0.0 /24 in its routing table with the next hop as 172.16.0.1 (serial interface S0 on Router 3).
Router 2 (Service Provider Device), when configured with the neighbor 192.168.0.2 remove-private-AS command, strips off the private AS number and constructs a new update packet with its own AS number as the AS path attribute for the 10.0.0.0/24 network and sends the same to Router 1 which is in AS1.
Router 1 receives the eBGP update for the network 10.0.0.0/24 and makes an entry in its routing table with the next hop as 192.168.0.1 (serial interface S1 on Router 2). The AS path attribute for this network as seen on Router 1 is AS 5 (Router 2). Thus, the private AS numbers are prevented from entering the BGP tables of the Internet.
This document uses these configurations:
Current configuration : ! interface Ethernet0 ip address 10.0.0.1 255.255.255.0 ! interface Serial0 ip address 172.16.0.1 255.255.255.0 ! router bgp 65000 network 10.0.0.0 mask 255.255.255.0 neighbor 172.16.0.2 remote-as 5 !--- Configures Router 2 as an eBGP neighbor in public AS 5. ! end
Current configuration : ! ! interface Ethernet0 ip address 172.30.1.1 255.255.0.0 ! interface Serial0 ip address 172.16.0.2 255.255.255.0 ! interface Serial1 ip address 192.168.0.1 255.255.255.0 ! router bgp 5 network 172.30.0.0 network 192.168.0.0 neighbor 172.16.0.1 remote-as 65000 !--- Configures Router 3 as an eBGP neighbor in private AS 65000. neighbor 192.168.0.2 remote-as 1 !--- Configures Router 1 as an eBGP neighbor in public AS 1. neighbor 192.168.0.2 remove-private-AS !--- Removes the private AS numbers from outgoing eBGP updates. ! ! end
Current configuration : ! version 12.2 ! ! interface Serial0 ip address 192.168.0.2 255.255.255.0 ! router bgp 1 neighbor 192.168.0.1 remote-as 5 !--- Configures Router 2 as an eBGP neighbor in public AS 5. ! end
This example explains how to convert the AS number greater than 65535 to 4-Byte Autonomous System (ASDOT format).
Before ASDOT configuration
Router#show run | beg router router bgp 131280 no synchronization bgp log-neighbor-changes no auto-summary
Router(config-router)#bgp asnotation dot Router(config-router)#end
Router#show run | beg router bgp router bgp 2.208 <== no synchronization bgp asnotation dot bgp log-neighbor-changes no auto-summary !
This section provides information you can use to confirm your configuration properly works.
The debug messages taken with the debug ip bgp updates command on Router 1 show that the update for the network 10.0.0.0/24 received from Router 2 (18.104.22.168) has an AS path attribute 5 which is the AS number of Router 2. The show ip bgp command on Router 2 and Router 1 also illustrate the same.
Router1# 1w1d: %BGP-5-ADJCHANGE: neighbor 192.168.0.1 Up 1w1d: BGP(0): 192.168.0.1 computing updates, afi 0, neighbor version 0, table version 1, starting at 0.0.0.0 1w1d: BGP(0): 192.168.0.1 update run completed, afi 0, ran for 0ms, neighbor version 0, start version 1, throttled to 1 1w1d: BGP: 192.168.0.1 initial update completed 1w1d: BGP(0): 192.168.0.1 rcvd UPDATE w/ attr: nexthop 192.168.0.1, origin i, path 5 1w1d: BGP(0): 192.168.0.1 rcvd 10.0.0.0/24 1w1d: BGP(0): Revise route installing 10.0.0.0/24 -> 192.168.0.1 to main IP table 1w1d: BGP(0): 192.168.0.1 computing updates, afi 0, neighbor version 1, table version 2, starting at 0.0.0.0 1w1d: BGP(0): 192.168.0.1 update run completed, afi 0, ran for 0ms, neighbor version 1, start version 2, throttled to 2 Router2#show ip bgp BGP table version is 3, local router ID is 192.168.0.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 10.0.0.0/24 172.16.0.2 0 0 65000 i *> 172.30.0.0 0.0.0.0 0 32768 i Router1#show ip bgp BGP table version is 19, local router ID is 192.168.0.2 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 10.0.0.0/24 192.168.0.1 0 5 i *> 172.30.0.0 192.168.0.1 0 0 5 i
The BGP table of Router 2 shows that network 10.0.0.0 originates from AS 65000. The BGP table of Router 1 shows the same network originates from AS 5. This is because of the neighbor 192.168.0.2 remove-private-as command on Router 2, which strips off the private AS number and prevents private AS numbers from reaching the Internet. For this reason, AS 1 (Router 1) has a consistent view of AS 5 as being the originator of network 10.0.0.0/24.
There is currently no specific troubleshooting information available for this configuration.
The Cisco Support Community is a forum for you to ask and answer questions, share suggestions, and collaborate with your peers.
Refer to Cisco Technical Tips Conventions for information on conventions used in this document.