Anda di halaman 1dari 3

BGP Remove Private AS

Private range AS numbers (64512 65535) should not be used on the


Internet since they are not unique like public AS numbers.
Sometimes, private AS numbers are used for customer networks that are
behind a single ISP. The advantage of doing this is that we will save some
public AS numbers, the disadvantage is that if you ever plan to connect to
another ISP, you should switch to a public AS number.
When the ISP forwards prefixes that it learns from the private AS, it will
remove the private AS number before it forwards the prefix to other
autonomous systems.
Cisco IOS routers support the remove-private-as command to achieve this.
There are some restrictions however:

You can only use this for eBGP neighbors.

The private AS numbers are removed from outbound updates.

You can only have private AS numbers in the AS path, if you have a mix of
public and private AS numbers then the router wont remove anything
(theres a solution for this though that I will demonstrate).

If the AS path contains the AS number of the eBGP neighbor then it wont be
removed.

If there are confederations, BGP only removes private AS numbers after the
confederation part in the AS path.

Lets take a look at the configuration!

Configuration
I will use the following 3 routers for this:

R1 is in a private AS while R2 and R3 use public AS numbers. Well advertise


the loopback interface on R1 in eBGP so that R2 and R3 can learn it. Heres
the BGP configuration of these routers:
R1#show run | section bgp
router bgp 64512
bgp log-neighbor-changes
network 1.1.1.1 mask 255.255.255.255
neighbor 192.168.12.2 remote-as 2
R2#show run | section bgp
router bgp 2
bgp log-neighbor-changes
neighbor 192.168.12.1 remote-as 64512
neighbor 192.168.23.3 remote-as 3
R3#show run | section bgp
router bgp 3
bgp log-neighbor-changes
neighbor 192.168.23.2 remote-as 2

Remove-Private-AS
Lets take a look at R2 and R3, they should have learned about 1.1.1.1/32:
R2#show ip bgp
BGP table version is 2, local router ID is 192.168.23.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, x best-external, f RT-Filter
Origin codes: i - IGP, e - EGP, ? - incomplete
Network
Next Hop
Metric LocPrf Weight Path
*> 1.1.1.1/32
192.168.12.1
0
0 64512 i
R3#show ip bgp
BGP table version is 2, local router ID is 192.168.23.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, x best-external, f RT-Filter
Origin codes: i - IGP, e - EGP, ? - incomplete
Network
*> 1.1.1.1/32

Next Hop
192.168.23.2

Metric LocPrf Weight Path


0 2 64512 i

In the AS path we see AS 2 and 64512, this is as expected. Now lets


configure R2 to remove the private AS number:

R2(config)#router bgp 2
R2(config-router)#neighbor 192.168.23.3 remove-private-as

We use the remove-private-as command for this. Lets clear BGP to speed
things up:
R2#clear ip bgp *

Now take a look at the BGP table of R3:


R3#show ip bgp
BGP table version is 5, local router ID is 192.168.23.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, x best-external, f RT-Filter
Origin codes: i - IGP, e - EGP, ? - incomplete
Network
*> 1.1.1.1/32

Next Hop
192.168.23.2

Metric LocPrf Weight Path


02i

Its only showing AS 2 in the AS path now, the private AS number has been
removed. Thats easy enough, there are a few other things we can try
however
Remove-Private-AS All
Removing the private AS number(s) will only work if there are no public AS
numbers in the AS path. To demonstrate this I will add extra AS numbers on
the update from R1: