CPE
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-01-2025 05:27 AM
Hi,
I have a customer CPE on private AS 65520 which has EBGP session to a MPLS PE device.I want to strip/hide the private AS so it uses the public AS of my PE.
On the neighbor facing the CPE i have used the remove-private-as command and as-override however further on in the MPLS/IBGP network i still see 65520.
Any advise would be great.
- Labels:
-
MPLS
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-01-2025 06:12 AM
Can I see what exactly as-path you see in show ip bgp?
MHM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-01-2025 07:10 AM
when looking on the PE with the direct BGP session we see. even with AS-override enabled.
*> 192.168.16.0/22 100.64.88.75 0 150 0 65520 i
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-01-2025 07:14 AM
I think you hit this limitation
-
You can only use this solution with external BGP (eBGP) peers.
-
If the update has only private AS numbers in the AS_PATH, BGP removes these numbers.
-
If the AS_PATH includes both private and public AS numbers, BGP doesn't remove the private AS numbers. This situation is considered a configuration error.
-
If the AS_PATH contains the AS number of the eBGP neighbor, BGP does not remove the private AS number.<<<- this one
-
If the AS_PATH contains confederations, BGP removes the private AS numbers only if they come after the confederation portion of the AS_PATH.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-01-2025 07:45 AM - edited 02-01-2025 07:51 AM
Hi @MHM Cisco World ,
The issue is that the OP tries to use the "remove-private-as" when receiving from the CE. This command works in the outbound direction only.
As per the documented I provided:
'The neighbor x.x.x.x remove-private-as per-neighbor configuration command forces BGP to drop the private AS numbers. You can configure this command for external BGP neighbors. When the outbound update contains a sequence of private AS numbers, this sequence is dropped."
Regards,
Harold Ritter, CCIE #4168 (EI, SP)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-01-2025 08:04 AM
Is there a way around this at all? what do other people do to remove the private AS? should be config be done on the CPE. All i want to do is remove the customers private AS number. Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-01-2025 08:54 AM
Hi @jay_7301 ,
As I mentioned in my original response, you would configure the "remove-private-as" on the PE(s) advertising the prefixes received from the remote CEs towards the Internet,
remote CE with private AS ---- PE ---- P --- PE (remove-private-as) ---- Internet peering router --- Internet
Regardas,
Harold Ritter, CCIE #4168 (EI, SP)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-01-2025 08:57 AM
Totally correct.
Same idea I have.
MHM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-01-2025 06:47 AM - edited 02-01-2025 06:48 AM
Hi @jay_7301 ,
The "neighbor remove-private-as" command only works in the outbound direction. If you want to strip the private AS, you need to configure this command on the PE sending the routes towards the Internet.
https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/13756-32.html
Regards,
Harold Ritter, CCIE #4168 (EI, SP)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-01-2025 08:46 AM
thanks, so you would have to apply this on the IBGP session on this PE?
Setup currently;
CE > PE > MPLS Network > Border device > Internet
CE to PE is EBGP then PE to Border is IBGP and we need to remove the private-as off the CE.
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-01-2025 08:54 AM - edited 02-01-2025 09:01 AM
That was I want mention here but you faster than me.
Mpls vpnv4 usually use ibgp
So
CE1-ebgp-PE1-ibgp-PE2
We can not use in CE1 (limitations i share)
We can not use in PE1 (only apply to ebgp)
But try apply it in PE2 which I think also have CE connect to via ebgp' there you can remove CE1 private AS.
Also you can apply it in border router (PE).
MHM
