In this blogtorial we will see how we can remove these private AS before sending our update to an ISP.
Consider this simple topology below and let's begin.
Imagine that R2 is your enterprise edge router with a private ASN. R3 is an ISP and R4 is an ISP. According to the BGP rules private ASNs should never be advertised from one ISP to another ISP. Therefore, our objective is to remove the private ASN before R3 advertises the routes to R4.
- Provide a brief overview.
- Configure all of the necessary interfaces.
- Configure BGP on all the devices.
- Verify that private ASNs are not removed.
- Configure removal of the private ASN in the BGP outgoing advertisements from R3 to R4.
- Verify that private ASNs are removed.
Private ASN are 64512 - 65534
Public ASN are 1 - 64511
Remove-private-as will not work between iBGP neighbors and will only work on eBGP neighbors.
Remove-private-as will not work when it is a mix and match of private and public ASN in the AS_PATH. *Thanks to Gary for his comment*
Remove-private-as will not work when the eBGP peer ASN is in the AS_PATH.
Configure all of the necessary interfaces.
- Configure R2 Fast1/0 interface.
- Configure R2 loopback 1.
- Configure R3 Fast1/0 interface.
- Configure R3 Fast1/1 interface.
- Configure R3 loopback 1 interface.
- Configure R4 Fast1/1 interface.
- Configure R4 Loopback 1 interface.
Configure BGP on all the routers
- Create BGP relationship with R3 (remote-as 3)
- Advertise R2 loopback 1.
- Create BGP relationship with R2 and R4.
- Advertise R3 loopback 1.
- Create BGP relationship with R3
- Advertise its loopback 1.
Verify that private ASNs are not removed.
Only real place to check it would be at R4 to see whether it has private ASNs in its routing table. Remember ISPs should not be advertising prefixes with private ASN to other ISPs.
As you can clearly see, R4 has received the private ASN 65002 from ASN 3 (R3). So now let's see how we can prevent advertisement of private ASNs.
The only place we would need to do it is at R3. Because it is the ISPs edge and they cannot update the other ISPs with private ASN.
Configure removal of the private ASN in the BGP outgoing advertisements from R3 to R4.
Under the BGP configuration, 'neighbor <neighbor IP> remove-private-as' will remove any private ASN before sending the update to the neighbor.
Verify that private ASNs are removed.
Notice that the private ASN 65002 is gone from 22.214.171.124/32.
As you can see, instead of manipulating ASPATH with route-maps and such, it is very easy to just 'remove private-as'. Needless to say I have used this plenty of times when I worked at an ISP (CTC). By the way, shout out to all my friends at Champaign Telephone Company (www.ctc.biz).
All of the configurations for the routers in this lab are located here.
Please make sure to subscribe/comment/+1 if you like my posts.