Wednesday, May 29, 2013

Sample Configuration for Removing Private AS Numbers in BGP

Introduction

This document shows sample configurations for the removal of private Autonomous System (AS) numbers from outgoing eBGP updates. AS numbers fall under two categories named private and public. Just like private and public IP addresses, you cannot leak the private AS numbers into the internet. Public AS numbers range between 1 and 64511 and the private AS numbers between 64512 and 65535. You can use private AS numbers to divide large ASs into multiple small ASs connected via eBGP. In addition, if you are connected to a single ISP, the ISP can assign private AS numbers in order to conserve public AS numbers. However, you must remove these private AS numbers before you send the updates to the global BGP mesh (Internet).
Note: The assignment of private AS numbers is not recommended if you connect to multiple ISPs. Private AS numbers can be used if the customer network connects to a single ISP (either single homed or dual homed).
Refer to Removing Private Autonomous System Numbers in BGP for more information on private AS numbers.

Prerequisites

Requirements

There are no specific requirements for this document.

Components Used

The information in this document applies to these software and hardware versions:
  • Cisco IOS® Software Release 12.2(27)
  • Cisco 2501 and Cisco 2503 routers
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Conventions

Refer to the Cisco Technical Tips Conventions for more information on document conventions.

Configure

In this section, you are presented with the information to configure the features described in this document.
Note: Use the Command Lookup Tool (registered customers only) to find more information on the commands used in this document.

Network Diagram

This document uses a network setup in which Router 3 uses private AS number 65000, and Router 1 and Router 2 use Public AS numbers AS 1 and AS 5 respectively.
Router 2 is in the Service Provider Cloud with Router 1 (running AS 1) and Router 3 (running AS 65000) as its clients.
36-1.gif

Send and Receive Updates

This procedure explains the sequence of events that occur when Router 3 advertises a network (10.0.0.0/24 in this case).
  1. Router 3 advertises the network 10.0.0.0/24 with the AS path attribute 65000 to Router 2.
  2. Router 2 receives the update from Router 3 and makes an entry for the network 10.0.0.0 /24 in its routing table with the next hop as 172.16.0.1 (serial interface S0 on Router 3).
  3. Router 2 (Service Provider Device), when configured with the neighbor 192.168.0.2 remove-private-AS command, strips off the private AS number and constructs a new update packet with its own AS number as the AS path attribute for the 10.0.0.0/24 network and sends the same to Router 1 which is in AS1.
  4. Router 1 receives the eBGP update for the network 10.0.0.0/24 and makes an entry in its routing table with the next hop as 192.168.0.1 (serial interface S1 on Router 2). The AS path attribute for this network as seen on Router 1 is AS 5 (Router 2). Thus, the private AS numbers are prevented from entering the BGP tables of the Internet.

Configurations

This document uses these configurations:
Router 3
Current configuration :
!
interface Ethernet0
 ip address 10.0.0.1 255.255.255.0
!
interface Serial0
 ip address 172.16.0.1 255.255.255.0
!
router bgp 65000
 network 10.0.0.0 mask 255.255.255.0
 neighbor 172.16.0.2 remote-as 5
!--- Configures Router 2 as an eBGP neighbor in public AS 5. 
!
end

Router 2
Current configuration :
!
!
interface Ethernet0
 ip address 172.30.1.1 255.255.0.0
!
interface Serial0
 ip address 172.16.0.2 255.255.255.0
!
interface Serial1
 ip address 192.168.0.1 255.255.255.0
!
router bgp 5
 network 172.30.0.0
 network 192.168.0.0
 neighbor 172.16.0.1 remote-as 65000
!--- Configures Router 3 as an eBGP neighbor in private AS 65000.
 neighbor 192.168.0.2 remote-as 1
!--- Configures Router 1 as an eBGP neighbor in public AS 1. 
 neighbor 192.168.0.2 remove-private-AS
!--- Removes the private AS numbers from outgoing eBGP updates.
!
!
end

Router 1
Current configuration :
!
version 12.2
!
!
interface Serial0
 ip address 192.168.0.2 255.255.255.0
 !
router bgp 1
 neighbor 192.168.0.1 remote-as 5
!--- Configures Router 2 as an eBGP neighbor in public AS 5.
!
end

Autonomous System DOT Format

This example explains how to convert the AS number greater than 65535 to 4-Byte Autonomous System (ASDOT format).
Before ASDOT configuration
Router#show run | beg router 
router bgp 131280
no synchronization 
bgp log-neighbor-changes 
no auto-summary
ASDOT Configuration
Router(config-router)#bgp asnotation dot 
Router(config-router)#end
After configuration
Router#show run | beg router bgp 
router bgp 2.208  <== 
no synchronization 
bgp asnotation dot 
bgp log-neighbor-changes 
no auto-summary !

Verify

This section provides information you can use to confirm your configuration properly works.
The Output Interpreter Tool (registered customers only) (OIT) supports certain show commands. Use the OIT to view an analysis of show command output.
The debug messages taken with the debug ip bgp updates command on Router 1 show that the update for the network 10.0.0.0/24 received from Router 2 (192.68.0.1) has an AS path attribute 5 which is the AS number of Router 2. The show ip bgpcommand on Router 2 and Router 1 also illustrate the same.
Router1#
1w1d: %BGP-5-ADJCHANGE: neighbor 192.168.0.1 Up
1w1d: BGP(0): 192.168.0.1 computing updates, afi 0, 
       neighbor version 0, table version 1, starting at 0.0.0.0
1w1d: BGP(0): 192.168.0.1 update run completed, afi 0, 
       ran for 0ms, neighbor version 0, start version 1, throttled to 1
1w1d: BGP: 192.168.0.1 initial update completed
1w1d: BGP(0): 192.168.0.1 rcvd UPDATE w/ attr: nexthop 
       192.168.0.1, origin i, path 5
1w1d: BGP(0): 192.168.0.1 rcvd 10.0.0.0/24
1w1d: BGP(0): Revise route installing 10.0.0.0/24 -> 192.168.0.1 
      to main IP table
1w1d: BGP(0): 192.168.0.1 computing updates, afi 0, neighbor 
      version 1, table version 2, starting at 0.0.0.0
1w1d: BGP(0): 192.168.0.1 update run completed, afi 0, ran for 0ms,
      neighbor version 1, start version 2, throttled to 2

Router2#show ip bgp
BGP table version is 3, local router ID is 192.168.0.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
    Network         Next Hop      Metric  LocPrf Weight   Path
 *> 10.0.0.0/24     172.16.0.2         0              0   65000 i
 *> 172.30.0.0      0.0.0.0            0         32768    i
 

Router1#show ip bgp
BGP table version is 19, local router ID is 192.168.0.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
    Network          Next Hop      Metric  LocPrf  Weight  Path
 *> 10.0.0.0/24      192.168.0.1                        0  5 i
 *> 172.30.0.0       192.168.0.1        0               0  5 i
The BGP table of Router 2 shows that network 10.0.0.0 originates from AS 65000. The BGP table of Router 1 shows the same network originates from AS 5. This is because of the neighbor 192.168.0.2 remove-private-as command on Router 2, which strips off the private AS number and prevents private AS numbers from reaching the Internet. For this reason, AS 1 (Router 1) has a consistent view of AS 5 as being the originator of network 10.0.0.0/24.

Troubleshoot

There is currently no specific troubleshooting information available for this configuration.

Related Information

Posted by TOF at 11:25 PM
Labels:
Related Posts Plugin for WordPress, Blogger...