|
In an effort to conserve AS numbers,
customers whose routing policies are an extension of the policies of
their provider generally are not assigned a legal AS number. Thus,
if a customer is single-homed or multihomed to the same provider,
the provider generally requests that the customer use an AS number
taken from the private pool (64,512 to 65,535). As such, all BGP
updates that the provider receives from its customer contain private
AS numbers.
Private AS numbers cannot be leaked
to the Internet because they are not unique. For this reason, Cisco
has implemented a feature to strip private AS numbers out of the
AS_Path list before the routes get propagated to the Internet.
In the figure, AS1 is providing
Internet connectivity to its customer AS 65001. Because the customer
connects to only this provider and has no plans to connect to an
additional provider in the near future, the customer has been
allocated a private AS number. If the customer later needs to
connect to another provider, a legal AS number should be assigned.
Prefixes originating from AS65001 in
the figure have an AS_Path of 65001. Note the prefix 172.16.220.0/24
as it leaves AS65001. For AS1 to propagate the prefix to the
Internet, it would have to strip the private AS number. When the
prefix reaches the Internet, it would look like it has originated
from the provider's AS. Note how prefix 172.16.220.0/24 has reached
the network access point (NAP) with AS_Path 1.
BGP will strip private AS numbers
only when propagating updates to the external peers. This means that
the AS stripping would be configured on RTB as part of its neighbor
connection to RTC.
Privately numbered autonomous systems
should be used only when connected to a single provider. If the AS_Path
contains a mixture of private and legal AS numbers, BGP will view
this as an illegal design. BGP will not strip the private AS numbers
from the list, and the update will be treated as usual. Only AS_Path
lists that contain private AS numbers in the range 64,512 to 65,535
are stripped.
The example below demonstrates how
BGP can be configured to prevent the leakage of private AS numbers
into the Internet.
RTB(config)#router bgp 1
RTB(config-router)#neighbor 172.16.20.2 remote-as 65001
RTB(config-router)#neighbor 192.168.6.3 remote-as 7
RTB(config-router)#neighbor 192.168.6.3 remove-private-as
Note how RTB is using the
remove-private-as keyword in its neighbor connection to AS7.
|