Re: CPE

jay_7301 · ‎02-01-2025

Hi,

I have a customer CPE on private AS 65520 which has EBGP session to a MPLS PE device.I want to strip/hide the private AS so it uses the public AS of my PE.

On the neighbor facing the CPE i have used the remove-private-as command and as-override however further on in the MPLS/IBGP network i still see 65520.

Any advise would be great.

MHM Cisco World · ‎02-01-2025

Can I see what exactly as-path you see in show ip bgp?

MHM

jay_7301 · ‎02-01-2025

when looking on the PE with the direct BGP session we see. even with AS-override enabled.

*> 192.168.16.0/22 100.64.88.75 0 150 0 65520 i

MHM Cisco World · ‎02-01-2025

I think you hit this limitation

You can only use this solution with external BGP (eBGP) peers.
If the update has only private AS numbers in the AS_PATH, BGP removes these numbers.
If the AS_PATH includes both private and public AS numbers, BGP doesn't remove the private AS numbers. This situation is considered a configuration error.
If the AS_PATH contains the AS number of the eBGP neighbor, BGP does not remove the private AS number.<<<- this one
If the AS_PATH contains confederations, BGP removes the private AS numbers only if they come after the confederation portion of the AS_PATH.

Harold Ritter · ‎02-01-2025

Hi @MHM Cisco World ,

The issue is that the OP tries to use the "remove-private-as" when receiving from the CE. This command works in the outbound direction only.

As per the documented I provided:

'The neighbor x.x.x.x remove-private-as per-neighbor configuration command forces BGP to drop the private AS numbers. You can configure this command for external BGP neighbors. When the outbound update contains a sequence of private AS numbers, this sequence is dropped."

Regards,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

jay_7301 · ‎02-01-2025

Is there a way around this at all? what do other people do to remove the private AS? should be config be done on the CPE. All i want to do is remove the customers private AS number. Thanks

Harold Ritter · ‎02-01-2025

Hi @jay_7301 ,

As I mentioned in my original response, you would configure the "remove-private-as" on the PE(s) advertising the prefixes received from the remote CEs towards the Internet,

remote CE with private AS ---- PE ---- P --- PE (remove-private-as) ---- Internet peering router --- Internet

Regardas,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

MHM Cisco World · ‎02-01-2025

Totally correct.

Same idea I have.

MHM

Harold Ritter · ‎02-01-2025

Hi @jay_7301 ,

The "neighbor remove-private-as" command only works in the outbound direction. If you want to strip the private AS, you need to configure this command on the PE sending the routes towards the Internet.

https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/13756-32.html

Regards,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

jay_7301 · ‎02-01-2025

thanks, so you would have to apply this on the IBGP session on this PE?

Setup currently;

CE > PE > MPLS Network > Border device > Internet

CE to PE is EBGP then PE to Border is IBGP and we need to remove the private-as off the CE.

Thanks

MHM Cisco World · ‎02-01-2025

That was I want mention here but you faster than me.

Mpls vpnv4 usually use ibgp

So

CE1-ebgp-PE1-ibgp-PE2

We can not use in CE1 (limitations i share)

We can not use in PE1 (only apply to ebgp)

But try apply it in PE2 which I think also have CE connect to via ebgp' there you can remove CE1 private AS.

Also you can apply it in border router (PE).

MHM