Removing Private AS Numbers

Syntax:

router(config-router)# neighbor {ip-addressl peer-group-name} remove-private-as

• Private AS numbers should not be leaked into the Internet

To overcome this limitation, the BGP spec specifies the use of private AS numbers, which range from 64152 to 65535. Your Internet Service Provider (ISP) can assign you a private AS, but that AS should not be advertised to the Internet community (other ISPs). To remove the private AS from updates, your ISP would issue the following command on peer statements to other ISPs.

neighbor {ip-address | peer-group-name} remove-private-as

Here is a simple scenario where R3 is your ISP's border router. The ISP has assigned you a private AS number of 65500, which is configured on R2. R2 is advertising network 2.2.2.0/24 to R3. In turn, R3 is advertising this network to R4, which is a different ISP.

When normal BGP peering is established you see the following in R4's BGP table.

R4# show ip bgp

BGP table version is 4, local router ID is 4.4.4.4

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal

Network Next Hop Metric LocPrf Weight Path

Notice the path 300 65500. R3 should not advertise a private AS (65500) to R4. You need to add the following configuration command to R3.

R3(config)# router bgp 300

R3(config-router)# neighbor 172.16.134.4 remove-private-as

After clearing the BGP session to R4, view the BGP table on R4.

R4# show ip bgp

BGP table version is 6, local router ID is 4.4.4.4

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

The private AS has been removed from the AS path.

0 0

Post a comment