Removing Private AS Numbers from the AS Path in BGP
First Published: July 21, 2010
Last Updated: July 30, 2010
Private autonomous system numbers (ASNs) are used by ISPs and customer networks to conserve globally unique AS numbers. Private AS numbers cannot be used to access the global Internet because they are not unique. AS numbers appear in eBGP AS paths in routing updates. Removing private ASNs from the AS path is necessary if you have been using private ASNs and you want to access the global Internet.
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the "Feature Information for Removing and Replacing Private ASNs from the AS Path" section.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Contents
•Restrictions on Removing and Replacing Private ASNs from the AS Path
•Information About Removing and Replacing Private ASNs from the AS Path
•How to Remove and Replace Private ASNs from the AS Path
•Configuration Examples for Removing and Replacing Private ASNs from the AS Path
•Additional References
•Feature Information for Removing and Replacing Private ASNs from the AS Path
Restrictions on Removing and Replacing Private ASNs from the AS Path
•The feature applies to eBGP neighbors only.
•The feature applies to routers in a public AS only. The workaround to this restriction would be to apply the neighbor local-as command on a per-neighbor basis, with the local AS number being a public AS number.
Information About Removing and Replacing Private ASNs from the AS Path
•Public and Private AS Numbers
•Benefit of Removing and Replacing Private ASNs from the AS Path
•Former Restrictions to Removing Private ASNs from the AS Path
•Enhancements to Removing Private ASNs from the AS Path
Public and Private AS Numbers
Public AS numbers are assigned by InterNIC and are globally unique. They range from 1 to 64511. Private AS numbers are used to conserve globally unique AS numbers, and they range from 64512 to 65535. Private AS numbers cannot be leaked to a global BGP routing table because they are not unique, and BGP best path calculations require unique AS numbers. Therefore, it might be necessary to remove private AS numbers from an AS path before the routes are propagated to a BGP peer.
Benefit of Removing and Replacing Private ASNs from the AS Path
External BGP requires that globally unique AS numbers be used when routing to the global Internet. Using private AS numbers (which are not unique) would prevent access to the global Internet. This feature allows routers that belong to a private AS to access the global Internet. A network administrator configures the routers to remove private AS numbers from the AS path contained in outgoing update messages and optionally, to replace those numbers with the ASN of the local router, so that the AS Path length remains unchanged.
Former Restrictions to Removing Private ASNs from the AS Path
The ability to remove private AS numbers from the AS path has been available for a long time. Prior to Cisco IOS Release 15.1(2)T, this feature had the following restrictions:
•If the AS path included both private and public AS numbers, using the neighbor remove-private-as command would not remove the private AS numbers.
•If the AS path contained confederation segments, using the neighbor remove-private-as command would remove private AS numbers only if the private AS numbers followed the confederation portion of the autonomous path.
•If the AS path contained the AS number of the eBGP neighbor, the private AS numbers would not be removed.
Enhancements to Removing Private ASNs from the AS Path
The ability to remove and replace private AS numbers from the AS path is enhanced in the following ways:
•The neighbor remove-private-as command will remove private AS numbers from the AS path even if the path contains both public and private ASNs.
•The neighbor remove-private-as command will remove private AS numbers even if the AS path contains only private AS numbers. There is no likelihood of a 0-length AS path because this command can be applied to eBGP peers only, in which case the AS number of the local router is appended to the AS path.
•The neighbor remove-private-as command will remove private AS numbers even if the private ASNs appear before the confederation segments in the AS path.
•The replace-as keyword is available to replace the private AS numbers being removed from the path with the local AS number, thereby retaining the same AS path length.
•The feature can be applied to neighbors per address family (address family configuration mode). Therefore, you can apply the feature for a neighbor in one address family and not on another, affecting update messages on the outbound side for only the address family for which the feature is configured.
•The feature can be applied in peer group template mode.
•When the feature is configured, output from the show ip bgp update-group and show ip bgp neighbor commands indicates that private AS numbers were removed or replaced.
How to Remove and Replace Private ASNs from the AS Path
•Removing and Replacing Private ASNs from the AS Path (Cisco IOS Release 15.1(2)T and Later) (required)
Removing and Replacing Private ASNs from the AS Path (Cisco IOS Release 15.1(2)T and Later)
To remove private AS numbers from the AS path on the outbound side of an eBGP neighbor, perform the following task. To also replace private AS numbers with the local router's AS number, include the all replace-as keywords in Step 17.
The examples in this task reflect the configuration for Router 2 in the scenario in Figure 1.
SUMMARY STEPS
1. enable
2. configure terminal
3. interface type number
4. ip address ip-address mask
5. exit
6. interface type number
7. ip address ip-address mask
8. exit
9. interface type number
10. ip address ip-address mask
11. exit
12. router bgp autonomous-system-number
13. network network-number
14. network network-number
15. neighbor {ip-address | ipv6-address[%] | peer-group-name} remote-as autonomous-system-number
16. neighbor {ip-address | ipv6-address[%] | peer-group-name} remote-as autonomous-system-number
17. neighbor {ip-address | peer-group-name} remove-private-as [all [replace-as]]
18. end
19. show ip bgp update-group
20. show ip bgp neighbors
DETAILED STEPS
|
|
|
Step 1 |
enable
Router> enable |
Enables privileged EXEC mode. •Enter your password if prompted. |
Step 2 |
configure terminal
Router# configure terminal |
Enters global configuration mode. |
Step 3 |
interface type number
Router(config)# interface gigabitethernet 0/0 |
Configures an interface. |
Step 4 |
ip address ip-address mask
Router(config-if)# ip address 172.30.1.1 255.255.0.0 |
Sets a primary or secondary IP address for an interface. |
Step 5 |
exit
Router(config-if)# exit |
Returns to the next highest configuration mode. |
Step 6 |
interface type number
Router(config)# interface serial 0/0 |
Configures an interface. |
Step 7 |
ip address ip-address mask
Router(config-if)# ip address 172.16.0.2 255.255.255.0 |
Sets a primary or secondary IP address for an interface. |
Step 8 |
exit
Router(config-if)# exit |
Returns to the next highest configuration mode. |
Step 9 |
interface type number
Router(config)# interface serial 1/0 |
Configures an interface. |
Step 10 |
ip address ip-address mask
Router(config-if)# ip address 192.168.0.1 255.255.255.0 |
Sets a primary or secondary IP address for an interface. |
Step 11 |
exit
Router(config-if)# exit |
Returns to the next highest configuration mode. |
Step 12 |
router bgp autonomous-system-number
Router(config)# router bgp 5 |
Specifies a BGP instance. |
Step 13 |
network network-number
Router(config-router)# network 172.30.0.0 |
Specifies a network to be advertised by BGP. |
Step 14 |
network network-number
Router(config-router)# network 192.168.0.0 |
Specifies a network to be advertised by BGP. |
Step 15 |
neighbor {ip-address | ipv6-address[%]| peer-group-name} remote-as autonomous-system-number
Router(config-router)# neighbor 172.16.0.1 remote-as 65000 |
Adds an entry to the routing table. •This example configures Router 3 as an eBGP neighbor in private AS 65000. |
Step 16 |
neighbor {ip-address | ipv6-address[%]| peer-group-name} remote-as autonomous-system-number
Router(config-router)# neighbor 192.168.0.2 remote-as 1 |
Adds an entry to the routing table. •This example configures Router 1 as an eBGP neighbor in public AS 1. |
Step 17 |
neighbor {ip-address | peer-group-name} remove-private-as [all [replace-as]]
Router(config-router)# neighbor 192.168.0.2 remove-private-as all replace-as |
Removes private AS numbers from the AS Path in outgoing updates. •This example removes the private AS numbers from the AS path in outgoing eBGP updates and replaces them with 5, which is the public AS number of the local router. |
Step 18 |
end
Router(config-router)# end |
Ends the current configuration mode and returns to privileged EXEC mode. |
Step 19 |
show ip bgp update-group
Router# show ip bgp update-group |
(Optional) Displays information about BGP update groups. |
Step 20 |
show ip bgp neighbors
Router# show ip bgp neighbors |
(Optional) Displays information about BGP neighbors. |
Configuration Examples for Removing and Replacing Private ASNs from the AS Path
•Example: Removing Private ASNs (Cisco IOS Release 15.1(2)T)
•Example: Removing and Replacing Private ASNs (Cisco IOS Release 15.1(2)T)
•Example: Removing Private ASNs (Cisco IOS Release 12.2)
Example: Removing Private ASNs (Cisco IOS Release 15.1(2)T)
In the example below, Router A has the neighbor remove-private-as command configured, which removes private AS numbers in updates sent to the neighbor at 172.30.0.7. The subsequent show command asks for information about the route to host 1.1.1.1. The output includes private AS numbers 65200, 65201, 65201 in the AS path of 1001 65200 65201 65201 1002 1003 1003.
To prove that the private AS numbers were removed from the AS path, the show command on Router B also asks for information about the route to host 1.1.1.1. The output indicates a shorter AS path of 100 1001 1002 1003 1003, which excludes private AS numbers 65200, 65201, and 65201. The 100 prepended in the path is Router B's own AS number.
Router A
neighbor 19.0.101.1 remote-as 1001
neighbor 172.30.0.7 remote-as 200
neighbor 172.30.0.7 remove-private-as all
RouterA# show ip bgp 1.1.1.1
BGP routing table entry for 1.1.1.1/32, version 2
Paths: (1 available, best #1, table default)
Advertised to update-groups:
1001 65200 65201 65201 1002 1003 1003
19.0.101.1 from 19.0.101.1 (19.0.101.1)
Origin IGP, localpref 100, valid, external, best RouterA#
Router B (All Private ASNs Have Been Removed)
RouterB# show ip bgp 1.1.1.1
BGP routing table entry for 1.1.1.1/32, version 3
Paths: (1 available, best #1, table default)
Not advertised to any peer
172.30.0.6 from 172.30.0.6 (19.1.0.1)
Origin IGP, localpref 100, valid, external, best RouterB#
Example: Removing and Replacing Private ASNs (Cisco IOS Release 15.1(2)T)
In the following example, when Router A sends prefixes to the peer 172.30.0.7, all private ASNs in the AS path are replaced with the router's own ASN, which is 100.
Router A
neighbor 172.16.101.1 remote-as 1001
neighbor 172.16.101.1 update-source Loopback0
neighbor 172.30.0.7 remote-as 200
neighbor 172.30.0.7 remove-private-as all replace-as
Router A receives 1.1.1.1 from peer 172.16.101.1 which has some private ASNs (65200, 65201, and 65201) in the AS path list, as shown in the following output:
RouterA# show ip bgp 1.1.1.1
BGP routing table entry for 1.1.1.1/32, version 2
Paths: (1 available, best #1, table default)
Advertised to update-groups:
1001 65200 65201 65201 1002 1003 1003
172.16.101.1 from 172.16.101.1 (172.16.101.1)
Origin IGP, localpref 100, valid, external, best RouterA#
Because Router A is configured with neighbor 172.30.0.7 remove-private-as all replace-as, Router A sends prefix 1.1.1.1 with all private ASNs replaced with 100:
Router B
RouterB# show ip bgp 1.1.1.1
BGP routing table entry for 1.1.1.1/32, version 3
Paths: (1 available, best #1, table default)
Not advertised to any peer
100 1001 100 100 100 1002 1003 1003
172.30.0.6 from 172.30.0.6 (192.168.1.2)
Origin IGP, localpref 100, valid, external, best RouterB#
Router B
neighbor 172.30.0.6 remote-as 100
Example: Removing Private ASNs (Cisco IOS Release 12.2)
In this example, Router 3 uses private ASN 65000. Router 1 and Router 2 use public ASNs AS 1 and AS 5 respectively.
Figure 1 illustrates Router 2 belonging to a service provider, with Router 1 and Router 3 as its clients.
Figure 1 Removing Private AS Numbers
In this example, Router 2, belonging to the Service Provider, removes private AS numbers as follows.
Step 1 Router 3 advertises the network 10.0.0.0/24 with the AS path attribute 65000 to Router 2.
Step 2 Router 2 receives the update from Router 3 and makes an entry for the network 10.0.0.0/24 in its routing table with the next hop as 172.16.0.1 (serial interface S0 on Router 3).
Step 3 Router 2 (service provider device), when configured with the neighbor 192.168.0.2 remove-private-as command, strips off the private AS number and constructs a new update packet with its own AS number as the AS path attribute for the 10.0.0.0/24 network and sends the packet to Router 1.
Step 4 Router 1 receives the eBGP update for network 10.0.0.0/24 and makes an entry in its routing table with the next hop as 192.168.0.1 (serial interface S1 on Router 2). The AS path attribute for this network as seen on Router 1 is AS 5 (Router 2). Thus, the private AS numbers are prevented from entering the BGP tables of the Internet.
The configurations of Router 3, Router 2, and Router 1 follow.
Router 3
interface gigabitethernet 0/0
ip address 10.0.0.1 255.255.255.0
ip address 172.16.0.1 255.255.255.0
network 10.0.0.0 mask 255.255.255.0
neighbor 172.16.0.2 remote-as 5
!---Configures Router 2 as an eBGP neighbor in public AS 5.
Router 2
interface gigabitethernet 0/0
ip address 172.30.1.1 255.255.0.0
ip address 172.16.0.2 255.255.255.0
ip address 192.168.0.1 255.255.255.0
neighbor 172.16.0.1 remote-as 65000
!---Configures Router 3 as an eBGP neighbor in private AS 65000.
neighbor 192.168.0.2 remote-as 1
!---Configures Router 1 as an eBGP neighbor in public AS 1.
neighbor 192.168.0.2 remove-private-as
!---Removes the private AS numbers from outgoing eBGP updates.
Router 1
ip address 192.168.0.2 255.255.255.0
neighbor 192.168.0.1 remote-as 5
!---Configures Router 2 as an eBGP neighbor in public AS 5.
Additional References
Related Documents
Standards
MIBs
|
|
None |
To locate and download MIBs for selected platforms, Cisco software releases, and feature sets, use Cisco MIB Locator found at the following URL: http://www.cisco.com/go/mibs |
Technical Assistance
|
|
The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies. To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds. Access to most tools on the Cisco Support website requires a Cisco.com user ID and password. |
http://www.cisco.com/cisco/web/support/index.html |
Feature Information for Removing and Replacing Private ASNs from the AS Path
Table 1 lists the release history for this feature.
Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Note Table 1 lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Table 1 Feature Information for BGP—Remove/Replace Private AS
|
|
|
BGP—Remove/Replace Private AS |
15.1(2)T, 15.0(1)S |
Private autonomous system (AS) numbers are used by ISPs and customer networks to conserve globally unique AS numbers. Private AS numbers cannot be used to access the globalInternet because they are not unique. AS numbers appear in eBGP AS paths in routing tables. Removing private AS numbers from the AS path is necessary if you have been using private AS numbers and you want to access the global Internet. The following command is modified: •neighbor remove-private-as |
Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
© 2010 Cisco Systems, Inc. All rights reserved.