ccie blog

BGP Remove-Private-AS

The BGP private-as numbers range from 64512 – 65535. Because they are private, it means they are not globally unique. This means that ISP’s need to ensure they strip private-as numbers off BGP updates to eBGP peers when announcing routing information across the internet. One way to do that is by using the remove-private-as command.

In the network below, the customer  is using the private as number 64512. We are going to configure the router at the ISP so that it does not advertise the customers AS number out to the internet. This means that all his prefixes will appear as though they came directly from the ISP. Technically the ISP usually owns the customers prefixes anyway (when he is using a private-as).

 

To start, we will check R3’s BGP table.

R3#sh ip bgp
BGP table version is 2, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
r> 23.23.23.0/30    23.23.23.1               0             0 1 i
*> 100.100.100.1/32 23.23.23.1                             0 1 64512 i

Currently, the output shows R3 is receiving the 100.100.100.1/32 prefix from the ISP, but the customers AS has also been included in the AS_PATH. Let’s adjust that now.

R2(config-router)#router bgp 1
R2(config-router)#neighbor 23.23.23.2 remove-private-as
R2(config-router)#end
R2#clear ip bgp * out

 

R3#sh ip bgp
BGP table version is 7, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
r> 23.23.23.0/30    23.23.23.1               0             0 1 i
*> 100.100.100.1/32 23.23.23.1                             0 1 i

And there we have it. The customers AS has been removed.

2 Comments

LimApril 3rd, 2014 at 9:09 am

Just wonder why the route 12.12.12.0/30 will not appear at R3’s routing table.
Before or after issued the “remove-private-as” at R2, the route 12.12.12.0/30 not appear at R3’s routing table even I added “network 12.12.12.0” at R2 bgp 1.

StephenGarbettMay 23rd, 2014 at 9:09 pm

It should appear in the routing table. In my example I didn’t network the 12.12.12.0 route into BGP on R1 or R2. It doesn’t make a difference though in this topology because as long as R3 knows that to get to 100.100.100.1 is via 23.23.23.1, and R2 knows that 100.100.100.1 is via 12.12.12.2 (locally connected), then we don’t have a problem getting there. If you don’t see the route, you should just do a #clear ip bgp * out on R2 to make sure R3 gets the update.

Leave a comment

Your comment