cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Bookmark
|
Subscribe
|
716
Views
3
Helpful
10
Replies

CPE

jay_7301
Level 1
Level 1

Hi,

I have a customer CPE on private AS  65520 which has EBGP session to a MPLS PE device.I want to strip/hide the private AS so it uses the public AS of my PE.

On the neighbor facing the CPE i have used the remove-private-as command and as-override however further on in the MPLS/IBGP network i still see 65520.

Any advise would be great.

 

 

10 Replies 10

Can I see what exactly as-path you see in show ip bgp?

MHM

when looking on the PE with the direct BGP session we see. even with AS-override enabled.

*> 192.168.16.0/22 100.64.88.75 0 150 0 65520 i

I think you hit this limitation 

  • You can only use this solution with external BGP (eBGP) peers.

  • If the update has only private AS numbers in the AS_PATH, BGP removes these numbers.

  • If the AS_PATH includes both private and public AS numbers, BGP doesn't remove the private AS numbers. This situation is considered a configuration error.

  • If the AS_PATH contains the AS number of the eBGP neighbor, BGP does not remove the private AS number.<<<- this one

  • If the AS_PATH contains confederations, BGP removes the private AS numbers only if they come after the confederation portion of the AS_PATH.

Hi @MHM Cisco World ,

The issue is that the OP tries to use the "remove-private-as" when receiving from the CE. This command works in the outbound direction only.

As per the documented I provided:

'The neighbor x.x.x.x remove-private-as per-neighbor configuration command forces BGP to drop the private AS numbers. You can configure this command for external BGP neighbors. When the outbound update contains a sequence of private AS numbers, this sequence is dropped."

Regards,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

Is there a way around this at all? what do other people do to remove the private AS? should be config be done on the CPE. All i want to do is remove the customers private AS number. Thanks

Hi @jay_7301 ,

As I mentioned in my original response, you would configure the "remove-private-as" on the PE(s) advertising the prefixes received from the remote CEs towards the Internet,

remote CE with private AS ---- PE ---- P --- PE (remove-private-as) ---- Internet peering router --- Internet

Regardas,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

Totally correct.

Same idea I have.

MHM

Harold Ritter
Spotlight

Hi @jay_7301 ,

The "neighbor remove-private-as" command only works in the outbound direction. If you want to strip the private AS, you need to configure this command on the PE sending the routes towards the Internet.

https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/13756-32.html

Regards,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

thanks, so you would have to apply this on the IBGP session on this PE?

Setup currently;

CE  > PE > MPLS Network > Border device > Internet 

CE to PE is EBGP then PE to Border is IBGP and we need to remove the private-as off the CE.

Thanks

That was I want mention here but you faster than me.

Mpls vpnv4 usually use ibgp

So 

CE1-ebgp-PE1-ibgp-PE2 

We can not use in CE1 (limitations i share) 

We can not use in PE1 (only apply to ebgp)

But try apply it in PE2 which I think also have CE connect to via ebgp' there you can remove CE1 private AS.

Also you can apply it in border router (PE).

MHM