Removal of the private autonomous system numbers
Private autonomous system (AS) numbers which range from 64512 to 65535 are used to conserve globally unique AS numbers. These private AS number cannot be leaked to a global Border Gateway Protocol (BGP) table because they are not unique.
Large Enterprise customers are using BGP protocol to peer with their ISPs and they get assigned an IP space of prefixes that is unique to the world. To peer with their ISP neighbors they use a prive AS Number because of the shortage of global AS numbers.
One of many tasks that include ISP day to day activities is to filter these private AS numbers, and prevent them to be advertised to the global BGP table of the Internet.
If we look at the scenario above the enterprise customer is peering with the AS 100 using a private AS number of 65501. One must use several Cisco or Juniper scripts to prevent this private AS to be announced outside the AS 100 and not imported to the AS 999.
After configuring the initial BGP setup between the routers using their Autonomous systems we can see some prefixes advertised to the UPSTREAM router.
UPSTREAM#sh ip bgp
BGP table version is 3, local router ID is 172.16.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 172.16.1.2 0 100 65501 i
*> 11.11.11.11/32 172.16.1.2 0 100 65501 i
*> 12.12.12.12/32 172.16.1.2 0 0 100 i
As we can see in the FIB table of the Upstream router we can find that the advertised prefixes from the customer Enterprise router are showing up with the private AS number of 65501.
We do not want that!!!
ISP(config)#router bgp 100
ISP(config-router)#neighbor 172.17.1.2 remove-private-as
Now, under the neighbor statement we can use a remove-private-as command that will ensure us that any customer neighbor connected to the ISP with a private AS will not be shown in the as path. This will affect the Upstream router with prefixes pointing to the AS of the ISP.
UPSTREAM#sh ip bgp
BGP table version is 3, local router ID is 172.16.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 172.16.1.2 0 100 i
*> 11.11.11.11/32 172.16.1.2 0 100 i
*> 12.12.12.12/32 172.16.1.2 0 0 100 i
The prefixes from AS 65501 that are seen in the FIB table of the UPSTREAM router now can be interpreted as originated in AS 100. This is a must be scenario in every ISP design.
Kind regards.
Kind regards.
No comments:
Post a Comment