Question on removing Private AS number in AS_PATH

eric_chan · ‎05-25-2006

Have a question on removing Private AS number during BGP operation...

In this article from Cisco IP Journal:

http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_9-1/autonomous_system_numbers.html

it states that the private ASN number in a AS_PATH can be *removed* before a route will propagate via BGP.

------------------------------

Who Needs an AS Number?

Not every network needs to have its own ASN. The guiding principle is that ASNs are used to express distinct interdomain routing policies, and not every network has the requirement to express its own unique set of routing policies.

In the case where a network has a single upstream connection, the routing policies of the network are precisely the same as those of its upstream service provider, and there would normally be no need for the network to use a distinct ASN. Even if the network domain uses BGP for its upstream connection, the originating domain can use a private ASN (from the number range 64,512 – 65,534) to support the BGP session to the upstream network. The upstream network strips off the private ASN when it readvertises the prefix, and the upstream network appears to the rest of the Internet as the originating AS. **Even if the AS has “downstream” networks it can still use a private AS, even when the downstream ASs are using public ASNs. The stripping of the private AS removes only the instances of the private AS from the AS path, and not the public ASNs (Figure 3).**

( http://www.cisco.com/web/about/ac123/ac147/images/ipj/ipj_9-1/91_exp_fig_03_sm.jpg )

Figure 3: Use of Private AS Numbers

In the case where a network has two or more upstream transit connections, it is more likely that the network will use its own unique ASN. It is not always the case that a distinct ASN is required here, and the distinguishing factor is that of the network wanting to express particular routing policies. Where the network has no particular preference as to which of the upstream services should be used for incoming traffic, the network can also use a private ASN for each of its routing sessions. In such a case the external routing view would be that the prefix appears to be originated from multiple ASs.

In the case where there are multiple paths to reach the network, and where these paths need to be distinguished in the routing system by different AS paths that have the same originating AS (that is, there is a need to express a routing policy), then the network needs to use a unique ASN within the interdomain routing system.

---------------------------------

However, it seems like Cisco router only allow removing the private ASN in a AS_PATH if private ASN is the only AS number in the path as stated in the command guideline of “neighbor x.x.x.x remove-private-as” command.

“If the AS_PATH includes both private and public AS numbers, BGP doesn't remove the private AS numbers. This situation is considered a configuration error.”

So my question is … who’s right? Is there another way to strip out AS number from the AS path?

Thanks

Eric

Harold Ritter · ‎05-25-2006

The remove-private-as command removes all the leftmost private ASes. So if you have something like this:

65534 65533 65532 2 1

The result will be

2 1

On the other hand private ASes are interleaved with non private ASes as follow

65534 65533 2 65532 1

the result will be

2 65532 1

Hope this helps,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

eric_chan · ‎05-25-2006

Thanks for the reply..

I understand the remote-private-as command now.

So there is no way to remote private ASN if it's in the middle of an AS_PATH?

Eric

Harold Ritter · ‎05-25-2006

Eric,

I have a correction to make to my previous posting. No private AS removal is performed even for the leftmost private ASes when private and public ASes are interleaved.

The reason I was confused is that I have seen a DDTS to change the behavior to remove the leftmost private ASes both this DDTS has not been implemented.

Sorry about that,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Harold Ritter · ‎05-25-2006

Just to be sure I was clear, remove-private-as will not have any effect if there is a mix of private and public ASes regardless whether they are interleaved or not.

Hope this helps,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

eric_chan · ‎05-25-2006

ah.. i understand...

so besides remove-private-as ... there is no other way to remove private ASN in an AS_PATH? ..

Eric

sundar.palaniappan · ‎05-25-2006

Yes, that's correct. If the AS_Path contais both public and private ASs then it's considered configuration error and private_AS isn't removed.

See the conditions for removing private AS below (quoted from CCO):

To remove the private AS number, use the neighbor x.x.x.x remove-private-as router configuration command.

The neighbor x.x.x.x remove-private-as per-neighbor configuration command forces BGP to drop the private AS numbers. You can configure this command for external BGP neighbors. When the outbound update contains a sequence of private AS numbers, this sequence is dropped.

The following conditions apply:

*

You can only use this solution with external BGP (eBGP) peers.

*

If the update has only private AS numbers in the AS_PATH, BGP removes these numbers.

*

If the AS_PATH includes both private and public AS numbers, BGP doesn't remove the private AS numbers. This situation is considered a configuration error.

*

If the AS_PATH contains the AS number of the eBGP neighbor, BGP does not remove the private AS number.

*

If the AS_PATH contains confederations, BGP removes the private AS numbers only if they come after the confederation portion of the AS_PATH.

HTH,

Sundar

*Please rate all helpful posts.