cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
11037
Views
1
Helpful
5
Replies

BGP: remove-private-as vs remove-private-as all

johnnylingo
Level 5
Level 5

I'm using the BGP option "remove-private-as" to strip out our private AS numbers for routes sent via the WAN.  This works well.  However, some paths are from Amazon VPCs end with their ASNs (usually 7224 or 9059).  In this case the advertised route still ends up looking like this:

*>  172.31.0.0/16    169.254.254.2          100    100      0 1234 65441 65442 65443 1234 7224 i

I was hoping the command "remove-private-as all" would change this path to "1234 1234 7224", but reading thru the document it's not clear to me what exactly this does. 

1 Accepted Solution

Accepted Solutions

Hello,

prior to IOS 15.1(2)T, the remove-private-as feature had the following restriction:

If the AS path included both private and public AS numbers, using the neighbor remove-private-as command would not remove the private AS numbers.

That is why the optional keyword 'all' was added, which should remove private AS numbers even when there are public AS numbers in the path.

View solution in original post

5 Replies 5

Not sure what your config looks like, but the private AS numbers are only removed if your AS is public. If it is not, you need to configure:

neighbor x.x.x.x local-as 200 (or anything else in the public AS domain)

The AS on the last hop router is public (1234). Private ASes are stripped out if the path is entirely private.  So a path like this:

65441 65442 65443

Gets changed to this:

1234

But if I already have 1234 in the path, it doesn't fully work. 

Hello,

prior to IOS 15.1(2)T, the remove-private-as feature had the following restriction:

If the AS path included both private and public AS numbers, using the neighbor remove-private-as command would not remove the private AS numbers.

That is why the optional keyword 'all' was added, which should remove private AS numbers even when there are public AS numbers in the path.

remove-private-as all is what I wanted.  The documentation wasn't very clear on what the "all" vs. "all inherit-as" options did.  I wrote a blog post with some path examples.

The keyword "all" doesn't work either if the local BGP ASN is a private ASN.  You will get an error.  

Review Cisco Networking for a $25 gift card