thanks.. so how does it gets leaked into the MP-BGP process if the AS numbers are different? 

Hi stcorry,

I am really new in Cisco ACI world., but from this document https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-737909.html, I have had a different understandment.

It looked like we could only configure one ASN for internal (iBGP) and external (eBGP) connections with exterior routers.

"The Cisco ACI fabric supports one Autonomous System (AS) number. The same AS number is used for internal MP-BGP and for the BGP session between the border leaf switches and external routers."

Could you clarify me?

Thanks in advance,

Mauricio Naegele

I believe what this means is that Cisco ACI utilizes a single BGP ASN internally and if you were to peer with the ACI fabric using iBGP, it would be using this ASN. 

There is no issue with using a different BGP ASN for your external routers/switches/firewalls when peering with ACI. This is totally normal. You can also configure "local-as" in the BGP peering under the L3OUT and change your BGP ASN when peering with the Cisco ACI Fabric.

Using a different number in the local-as field will fool the external peer in question, but it does not represent the Actual ASN for the local system. How that looks in the local routing table, is the true AS is still there, but the 'spoofed' local-AS is added to the AS-Path as if it was another router between the 2.