BGP 4-Byte AS Numbers
4-Byte Autonomous System Numbers Overview
This Technology Overview describes 4-byte autonomous system (AS) numbers and the operation of BGP in a network with a mix of 2-byte and 4-byte AS numbers.
The 2-byte AS number, also known as a 16-bit AS number or 2-octet AS number, provides a pool of 65,536 AS numbers. The 2-byte AS number range has been exhausted. 4-byte AS numbers are specified in RFC 4893, BGP Support for Four-Octet AS Number Space and provide a pool of 4,294,967,296 AS numbers.
As of January 1, 2009 the Internet Assigned Numbers Authority (IANA) only assigns 4-byte AS numbers, unless a 2-byte AS number is specifically requested. The Internet Engineering Task Force (IETF) RFC 4893 defines a method for smooth transition from 2-byte AS numbers to 4-byte AS numbers and for maintaining backward compatibility.
RFC 4893 introduces two new optional transitive BGP attributes, AS4_PATH and AS4_AGGREGATOR. These new attributes are used to propagate 4-byte AS path information across BGP speakers that do not support 4-byte AS numbers.
RFC 4893 also introduces a reserved, well-known, 2-byte AS number, AS 23456. This reserved AS number is called AS_TRANS in RFC 4893.
RFC 7300, Reservation of Last Autonomous System (AS) Numbers and the Internet draft draft-ietf-idr-as0-06 restrict the use of 2-byte AS number 65535, 4-byte AS number 4294967295UL, and AS number 0 in a configuration. Therefore, when you use these restricted AS numbers, the commit operation fails.
See Also
Implementing 4-Byte Autonomous System Numbers
Junos OS Release 9.1 and later supports 4-byte AS numbers.
If your network is currently using 2-byte AS numbers, you are not required to get new 4-byte AS numbers. The 2-byte AS number range is a subset of the 4-byte AS number range. A Juniper networks router that supports 4-byte AS numbers simply prepends a string of zeros in front of the 2-byte AS number. For example, the 2-byte AS number 65000 becomes the 4-byte AS number 00000.65000.
If your Juniper Networks router supports 4-byte AS numbers and has a peer relationship with a router that does not support 4-byte AS numbers, the following sequence takes place in the adjacent RIB-in routing table after the router that supports 4-byte AS numbers advertises this capability to the new peer:
The router that supports 4-byte AS numbers receives an advertisement from the peer that supports only 2-byte AS numbers.
On the router that supports 4-byte AS numbers, the 2-byte AS path is converted into the 4-byte AS number by prepending a string of zeros in front of the 2-byte AS number.
If a 4-byte AS number is also present in the path, it is merged with the 2-byte AS numbers in the path.
If the AGGREGATOR and AS4_AGGREGATOR attributes are present, these attributes are also merged.
If your Juniper Networks router supports 4-byte AS numbers and has a peer relationship with a router that does not support 4-byte AS numbers, the following sequence takes place in the adjacent RIB-out routing table:
Update message are reformatted before being sent to the router that does not support 4-byte AS numbers.
The router that supports 4-byte AS numbers sends the 4-byte AS number in the AS4_PATH attribute.
The AS_PATH attribute is also sent. It is encoded with the 2-byte AS numbers. Mappable 4-byte AS numbers, below 64537, are sent as 2-byte AS numbers. Non-mappable 4-byte AS numbers, above 64536, are represented by the well-known 2-byte AS number, AS 23456.
A single peer group is used for the routers that support 4-byte AS numbers and the routers that support only 2-byte AS numbers.
See Also
Configuring 4-Byte Autonomous System Numbers
This section describes how to configure a 4-byte AS number and how to verify if the BGP peer supports 4-byte AS numbers.
The AS number can be specified in plain number format or in AS-dot notation format on routers running Junos OS Release 9.2 and later. For example, the 4-byte AS number of 65,546 is represented in plain-number format as 65546. The same AS number is represented in AS-dot notation format as 1.10 on routers running Junos OS Release 9.2 and later.
To configure a 4-byte AS number in AS-dot notation format, include the
autonomous-systemstatement and specify the 4-byte AS number. In the following example the AS number is set to1.10.user@host# set routing-options autonomous-system 1.10
To configure a 4-byte AS number in plain number format, include the
autonomous-systemstatement and specify the 4-byte AS number. In the following example the AS number is set to65546.user@host# set routing-options autonomous-system 65546
After a BGP peer session has been negotiated, you can verify whether the peer supports 4-byte AS numbers or not. To verify whether the peer supports 4-byte AS numbers or not, use the
show bgp neighborcommand. In the following example the peer does not support 4-byte AS numbers.user@host# show bgp neighbor 192.168.1.9 | match "AS" Peer: 192.168.1.9+179 AS 65056 Local: 192.168.1.3+52616 AS 65000 Peer does not support 4 byte AS extension
In the following example the peer does support 4-byte AS numbers.
user@host# show bgp neighbor 192.168.1.9 | match "AS" Peer: 192.168.1.10+52679 AS 1000000000 Local: 192.168.1.3+179 AS 65000 Peer supports 4 byte AS extension (peer-as 1000000000)
See Also
Prepending 4-Byte AS Numbers in an AS Path
When an address prefix advertisement transits a domain, the domain effectively “signs” the prefix advertisement by prepending its autonomous system number (ASN) to the AS path associated with the address prefix. At any point in the network the AS path describes a sequence of connected domains that forms a path from the current point to the originating domain. The left-most number in the AS path list is the ASN of the adjacent AS from which the address prefix advertisement was received. The sequence of numbers indicates the sequence of ASs though which this update was propagated.
This section describes how to prepend one or more AS numbers at the beginning of an AS path. The AS numbers are added at the beginning of the path after the actual AS number from which the route originates has been added to the path. Prepending an AS path makes a shorter AS path look longer and therefore less preferable to BGP.
As of Junos OS Release 15.1, the enforce-first-as statement enforces the first (left-most) autonomous system number
(ASN) in AS-path is the previous neighbor's ASN as the domain is transited.
In Figure 1, Router 2 is configured to prepend AS 1000000000 4 times in front of AS number 65000.
You can display the route details using the show route command on Router 3. In the following example, notice that the prepended AS number displayed in the AS path on Router 3 is the AS_TRANS number, AS 23456. This is because Router 3 does not support 4-byte AS numbers.
user@Router3# show route 1.2.3.4 detail
...
1.2.3.4/32 *[BGP/170] 01:39:55, localpref 100, from 192.168.1.3
AS path: 65000 23456 23456 23456 23456 IYou can display the route details using the show route command on Router 4. In the following example, notice that the prepended AS number displayed in the AS path on Router 4 is AS 1000000000. This is because Router 4 supports 4-byte AS numbers and merges the AS_PATH and AS4_PATH attributes.
user@Router4# show route 1.2.3.4 detail
...
1.2.3.4/32 *[BGP/170] 01:39:55, localpref 100, from 192.168.1.9
AS path: 65056 65000 1000000000 1000000000 1000000000 1000000000 ISee Also
Configuring 4-Byte AS Numbers and BGP Extended Community Attributes
A BGP community is a group of destinations that share a common property. You can configure the standard community attribute and extended community attributes for inclusion in BGP update messages.
For example, when configuring a VPN routing and forwarding (VRF)
instance, you need to configure a route target. A route target is
one type of BGP extended community attribute. To create a named BGP
extended community attribute, include the community statement
and specify the community members:
community name {
members [ community-ids ];
}
To specify the community members, you must specify the community ID. The community ID consists of three components that you specify in the following format:
type:administrator:assigned-number
The administrator field of some
BGP extended community attributes is an AS number. To configure a target extended community, which includes a 4-byte AS number
in the plain-number format, append the letter “L” to the
end of the number.
In the following example, a target community with
the 4-byte AS number 334324 and an assigned number of 132 is represented as target:334324L:132.
[edit policy-options] community vpn_blue members [ target:334324L:132 ];
If you display the target extended community information
on a peer router that does not support 4-byte AS numbers, the router
displays target:unknown format.
See Also
Understanding a 4-Byte Capable Router AS Path Through a 2-Byte Capable Domain
This section describes what happens when a router that supports 4-byte AS numbers sends the AS path statement to a router that only supports 2-byte AS numbers if the first router is configured with an AS number outside the 2-byte AS number range.
In Figure 2 Router 1 supports 4-byte AS numbers. Router 1 is configured to use a 4-byte AS number, AS 1000000000. Router 2 supports 2-byte AS numbers. Router 2 is configured with a 2-byte AS number, AS 65056.
Router 2 does not accept 4-byte AS numbers in the AS_PATH attribute. You can verify this using the
show bgp neighborcommand on Router 1.user@Router1# show bgp neighbor 192.168.1.9 | match "AS" Peer: 192.168.1.9+179 AS 65056 Local: 192.168.1.2+64053 AS 65080 Peer does not support 4 byte AS extension
Figure 3 shows four routers running EBGP. Router 1, Router 2, and Router 4 support 4-byte AS numbers. Router 3 does not support 4-byte AS numbers.
In this case:
Router 1 sends the 4-byte AS number, AS 1000000000, in the AS_PATH attribute to Router 2.
Router 2 knows that Router 3 does not support 4-byte AS numbers.
Router 2 sends the AS_TRANS number, AS 23456, in the AS_PATH attribute in place of the 4-byte AS number to Router 3.
Router 2 sends the 4-byte AS number, AS 1000000000 in the AS4_PATH attribute to Router 3.
Because the AS4_PATH attribute is transitive, Router 3 sends both the AS_PATH attribute and the AS4_PATH attribute to Router 4.
When Router 4 receives the AS_PATH and AS4_PATH attributes, it merges the path statements to create an accurate AS path.
You can display the AS path using the show route command
on Router 3. In the following example, notice that the AS number 23456
appears in the AS path and that the AS4_PATH attribute is Unrecognized. Because the AS4_PATH attribute is a transitive attribute, it is
forwarded to the next router.
user@Router3# show route 1.2.3.4 detail AS path: 65000 23456 I Unrecognized Attributes: 13 bytes
You can display the route details using the show route command on Router 4. In the following example, notice that as the
AS path transitions Router 3, as shown in the AS2 (2-byte AS) path,
the AS number is displayed as AS_TRANS. This means that Router 3 sees
the AS number as 23456. In the AS4 (4-byte AS) path the AS number
is displayed as 1000000000. In the merged AS path the correct AS path
numbers are displayed for AS 65056, AS 65000, and AS 1000000000.
user@Router4# show route 1.2.3.4 detail ... AS path: AS2 PA[3]:65056 65000 AS_TRANS AS path: AS4 PA[2]:65056 1000000000 AS path: Merged[3]:65056 65000 1000000000 I
Figure 4 shows 4 routers running IBGP. Router 1, Router 2, and Router 4 support 4-byte AS numbers. Router 3 does not support 4-byte AS numbers.
In this case:
Router 1 sends the 4-byte AS number, AS 1000000000, in the AS_PATH attribute to Router 2.
Router 2 knows that Router 3 does not support 4-byte AS numbers.
Router 2 sends the AS_TRANS number, AS 23456, in the AS_PATH attribute in place of the 4-byte AS number to Router 3.
Router 3 sends both the AS_PATH attribute and the AS4_PATH attribute to Router 4.
When Router 4 receives the AS_PATH and AS4_PATH attributes, it merges the path statements to create an accurate AS path.
You can display the route details using the show route command on Router 2. In the following example, notice that the AS
path is displayed as 1000000000.
user@Router2# show route 1.2.3.4 detail ... AS path: 1000000000
You can display the route details using the show route command on Router 3. In the following example, notice that the AS
path is displayed as 65000 23456.
user@Router3# show route 1.2.3.4 detail ... AS path: 65000 23456 I
You can display the route details using the show route command on Router 4. In the following example, notice that the merged
AS path is displayed as 65000 1000000000.
user@Router4# show route 1.2.3.4 detail ... AS path: 65000 1000000000 I
See Also
Understanding 4-Byte AS Numbers and Route Distinguishers
A route distinguisher (RD) is an 8-byte field prefixed to a service provider customer's IPv4 address. The resulting 12-byte field is a unique VPN-IPv4 address. The RD in BGP messages consists of two major fields, the type field (2 bytes) and value field (6 bytes). The type field determines how the value field should be interpreted.
The route distinguisher is configured as a 6-byte value
that you can specify as as-number:number, where as-number is your assigned AS number and number (also known as an administrative number or assigned number
subfield) is any 2-byte or 4-byte value. The AS number can be in the
range from 1 through 4,294,967,295. If the AS number is a 2-byte value,
the administrative number is a 4-byte value. If the AS number is 4-byte
value, the administrative number is a 2-byte value.
An RD consisting of a 4-byte AS number and a 2-byte administrative number is defined as a type 2 route distinguisher in RFC 4364, BGP/MPLS IP Virtual Private Networks.
To configure an RD using a 4-byte AS number, append the letter “L” to the end of the number. In the following example, the 4-byte AS number is 7765000 and the administrative number is 1000:
user@Router1# set routing-instances 4B route-distinguisher 7765000L:1000
If the router you are configuring is a BGP peer of a router
that does not support 4-byte AS numbers, you also need to configure
a local AS number as discussed in Establishing a Peer Relationship Between a 4-Byte
Capable Router and a 2-Byte Capable Router Using a 4-Byte AS Number. To configure the local AS number, include the local-as statement, specify the 2-byte AS number to use (65001), and include
the private option.
user@Router1# set routing-instances 4B protocols bgp group 4B2Bpeers local-as 65001 private
See Also
Understanding 4-Byte AS Numbers and Route Loop Detection
One of the most important functions in BGP is route loop detection at the autonomous system level using the AS_PATH attribute. A simple way of thinking of the AS_PATH is that it is the list of autonomous systems that a route goes through to reach its destination. Loops are detected and avoided by the router checking for its own AS number in the AS_PATH received from a neighboring AS.
This section describes how route loop detection works with a mix of routers that support and do not support 4-byte AS numbers. Figure 5 shows a small network with the potential for BGP loops.
In the first example, an EBGP route, route 10.1.2.3, is first advertised by Router 1. The first AS in the path is AS 64596 as configured on Router 1. The second AS that is in the path is AS 4200000000 as configured on Router 2. AS 4200000000 is sent in the AS4_path attribute and the AS_TRANS number, AS 23456, is sent in the AS_PATH attribute to Router 3. The third AS in the path is AS 65003, as configured on Router 3.
The show route command output shows the AS path for
route
10.1.2.3
as advertised by Router 3 to Router 4. In the show
route command output, you see AS
64596
first. Because Router 3 does not support 4-byte AS numbers, you
see AS 23456 second. Because Router 2 used a local AS of 65000
to establish a peer relationship with Router 3, you see AS 65000
third.
AS 65003
is not in the show route command output because
the command was entered on the router configured with AS
65003.
user@Router3# show route advertising-protocol bgp 192.168.1.2 ... Prefix Nexthop MED Lclpref AS path 10.2.3.4/32 Self 65000 23456 64596 I
In this case, when Router 4 sees its own AS number, AS 64596, in the path, it detects a routing loop.
In the second example, an EBGP route, route 10.3.2.1, is first advertised by Router 4. The first AS in the path is AS 60596 as configured on Router 4. The second AS in the path is AS 65003 as configured on Router 3. The third AS is in the path is AS 4200000000 as configured on Router 2.
The show route command output shows the AS path for
route
10.3.2.1
as advertised by Router 2 to Router 1. In the show
route command output, you see AS
64596
first and
AS 65003
second. AS
4200000000
is not in the show route command output because
the command was entered on the router configured with AS
4200000000.
user@Router2# show route advertising-protocol bgp 192.168.1.10 ... Prefix Nexthop MED Lclpref AS path 10.3.2.1/32 Self 65003 64596 I
When Router 1 sees its own AS number, AS 64596, in the path, it detects a routing loop.
See Also
Establishing a Peer Relationship Between a 4-Byte Capable Router and a 2-Byte Capable Router Using a 2-Byte AS Number
This section describes what happens when a router that supports 4-byte AS numbers establishes a peer relationship with a router that only supports 2-byte AS numbers if both routers are configured with AS numbers in the 2-byte AS number range.
In Figure 6, Router 1 is running Junos OS Release 9.2 that supports 4-byte AS numbers. Router 1 is configured to use a 2-byte AS number, AS 12596. Router 2 is running Junos OS Release 8.5 that supports 2-byte AS numbers. Router 2 is configured with a 2-byte AS number, AS 60000.
The following example shows the relevant portion of the Router 1 configuration.
user@Router1# show configuration … autonomous-system 12596; … local-address 192.168.1.10; export static-to-bgp; peer-as 60000;
To verify that the AS path of route 1.2.3.4 contains AS 12596, use the
show routecommand on Router 2. The following example shows that the BGP peer session is established in the normal way and that the AS path of route 1.2.3.4 contains AS 12596:user@Router2# show route 1.2.3.4 1.2.3.4/32 *[BGP/170] 00:01:29, localpref 100, from 192.168.1.10 AS path: 12596 I > via at-0/1/0.1001To display the session-establishment messages logged on Router 1, use the
show log messagescommand. The following example shows that Router 1 discovers that Router 2 does not support 4-byte AS numbers:user@Router1# show log messages Nov 7 09:41:39.443493 bgp_4byte_aspath_add_cap():153 AS4-Peer 192.168.1.9 (External AS 60000)(SEND): 4 byte AS capability added, AS 12596 Nov 7 09:41:39.443582 bgp_send: sending 67 bytes to 192.168.1.9 (External AS 60000) […] Nov 7 09:41:39.448055 bgp_4byte_aspath_adjust():1279 AS4-Peer 192.168.1.9 (External AS 60000)(SEND): Adjust BGP update to Old/New BGP speaker format Nov 7 09:41:39.448132 bgp_4byte_aspath_adjust():1290 AS4-Peer 192.168.1.9 (External AS 60000)(SEND): Cached information of previous update format is not used Nov 7 09:41:39.448162 bgp_generate_2byte_aspath():422 AS4-Peer 192.168.1.9 (External AS 60000)(SEND): Generating 2 byte AS path from 4 byte as-path Nov 7 09:41:39.448198 bgp_send: sending 64 bytes to 192.168.1.9 (External AS 60000)
See Also
Establishing a Peer Relationship Between a 4-Byte Capable Router and a 2-Byte Capable Router Using a 4-Byte AS Number
This section describes what happens when a router that supports 4-byte AS numbers establishes a peer relationship with a router that only supports 2-byte AS numbers if the first router is configured with an AS number outside the 2-byte AS number range.
In Figure 7, Router 2 is running Junos OS Release 9.2 that supports 4-byte AS numbers. Router 2 is configured to use a 4-byte AS number, AS 1000000. Router 3 is running Junos OS Release 8.5 that supports 2-byte AS numbers. Router 3 is configured with a 2-byte AS number, AS 60000.
You can configure a local AS number to be used only during the
establishment of the BGP session with a BGP neighbor, but to be hidden
in the AS path sent to external BGP peers. To configure the local
AS number, include the local-as statement, specify the
2-byte AS number to use, 65530, and include the private option. With this configuration, only the global AS number, 1000000,
is included in the AS path sent to external peers. The following example
shows the relevant portion of the Router 2 configuration:
user@Router2# show configuration
…
autonomous-system 1000000;
…
local-address 192.168.1.9;
export static-to-bgp;
neighbor 192.168.1.3 {
peer-as 60000;
local-as 65530 private;
}
The peer AS number on Router 3 should equal the local AS number on Router 1. The following example shows the relevant portion of the Router 3 configuration:
user@Router3# show configuration
…
autonomous-system 60000;
…
local-address 192.168.1.3;
neighbor 192.168.1.9 {
peer-as 65530;
To verify that the AS path of route 22.1.2.3 contains AS 65530,
use the show route command on Router 3. The following
example shows that the BGP peer session is established and that the
AS path of route 22.1.2.3 contains AS 65530:
user@Router3# show route 22.1.2.3
...
22.1.2.3/32 *[BGP/170] 01:39:55, localpref 100, from 192.168.1.9
AS path: 65530 I
> via so-1/0/3.0
See Also
Example: Enforcing Correct Autonomous System Number in AS-Path in BGP Network
This example shows how the enforce-first-as statement, set at the [edit protocols bgp] hierarchy
level, can be used as a security measure. Configuring this statement
creates a consistency check to ensure a BGP peer is a legitimate sender
of routing information.
Requirements
Before you begin, set up an BGP network of at least three autonomous systems. Three separate routers is sufficient.
Overview
The enforce-first-as statement enforces that the
first (left-most) autonomous system number (ASN) in the AS-path is
consistent with the advertising neighbor's ASN.
The topology is set up with Router C advertising in BGP a static
route to Router B, which then readvertises the route to Router A.
Then an export policy towards Router A to prepend an unrelated ASN
is added to Router B. Lastly, the enforce-first-as statement
is configured on Router A towards Router B. When Router A gets AS-path,
it checks if the left-most ASN in the AS-path is the previous neighbor's
ASN and invalidates the route coming from Router B.
Topology
Configure enforce-first-as Statement to Check Routes
CLI Quick Configuration
To quickly configure the initial configuration
for this example, copy the following commands, paste them into a text
file, remove any line breaks, change any details necessary to match
your network configuration, and then copy and paste the commands into
the CLI at the [edit] hierarchy level.
Initial Configuration on Router A
set interfaces ge-1/0/0 unit 0 family inet address 192.0.2.1/29 set interfaces ge-1/0/0 unit 0 family mpls set interfaces lo0 unit 0 family inet address 10.127.0.1/32 set routing-options router-id 10.127.0.1 set routing-options autonomous-system 65541 set protocols mpls interface ge-1/0/0.0 set protocols bgp group pe type external set protocols bgp group pe peer-as 65542 set protocols bgp group pe neighbor 192.0.2.2 set protocols ospf area 0.0.0.0 interface lo0.0 passive set protocols ospf area 0.0.0.0 interface ge-1/0/0.0 set protocols ldp interface ge-1/0/0.0 set protocols ldp interface lo0.0
Initial Configuration on Router B
set interfaces ge-0/0/0 unit 0 family inet address 192.0.2.2/29 set interfaces ge-0/0/0 unit 0 family mpls set interfaces ge-0/0/1 unit 0 family inet address 198.51.100.1/29 set interfaces ge-0/0/1 unit 0 family mpls set interfaces lo0 unit 0 family inet address 10.127.0.2/32 set routing-options router-id 10.127.0.2 set routing-options autonomous-system 65542 set protocols bgp group pe1 type external set protocols bgp group pe1 peer-as 65541 set protocols bgp group pe1 neighbor 192.0.2.1 set protocols bgp group pe3 type external set protocols bgp group pe3 peer-as 65543 set protocols bgp group pe3 neighbor 198.51.100.2
Initial Configuration on Router C
set interfaces ge-1/0/0 unit 0 family inet address 198.51.100.2/29 set interfaces ge-1/0/0 unit 0 family mpls set interfaces lo0 unit 0 family inet address 10.127.0.3/32 set routing-options router-id 10.127.0.3 set routing-options autonomous-system 65543 set protocols mpls interface ge-1/0/0.0 set protocols bgp group pe type external set protocols bgp group pe peer-as 65542 set protocols bgp group pe neighbor 198.51.100.1 set protocols ospf area 0.0.0.0 interface lo0.0 passive set protocols ospf area 0.0.0.0 interface ge-1/0/0.0 set protocols ldp interface ge-1/0/0.0 set protocols ldp interface lo0.0
Procedure
Step-by-Step Procedure
Configure a static route on Router C.
C-re0# set routing-options static route 198.51.100.17/29 next-hop 198.51.100.20 C-re0# set routing-options static route 198.51.100.17/29 readvertise C-re0# commit
Configure an export policy for the static route.
C-re0# set policy-options policy-statement export-static from protocol bgp C-re0# set policy-options policy-statement export-static then accept C-re0# set protocols bgp group pe export export-static C-re0# commit
Verify that the static route is getting through to Router B and Router A.
B-re0# run show route 198.51.100.17 inet.0: 49 destinations, 49 routes (49 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 198.51.100.17/29 *[BGP/170] 00:11:40, localpref 100 AS path: 65543 I, validation-state: unverified > to 198.51.100.2 via ge-0/0/1.0 A-re0# run show route 198.51.100.17 inet.0: 49 destinations, 49 routes (49 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 198.51.100.17/29 *[BGP/170] 00:10:31, localpref 100 AS path: 65542 65543 I, validation-state: unverified > to 192.0.2.2 via ge-1/0/0.0Notice that on Router A, route is shown with an AS-path of 65542 65543. Route from Router B to Router A has had the ASN for Router A prepended to the AS-path.
Set an export policy to prepend ASN from Router B.
B-re0# set policy-options policy-statement as-prepender from neighbor 198.51.100.2 B-re0# set policy-options policy-statement as-prepender then as-path-prepend 65555 B-re0# set protocols bgp group pe1 export as-prepender B-re0# commit
Verify route 198.51.100.17 on Router A.
A-re0# run show route 198.51.100.17 inet.0: 49 destinations, 49 routes (49 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 198.51.100.17/29 *[BGP/170] 00:00:50, localpref 100 AS path: 65555 65542 65543 I, validation-state: unverified > to 192.0.2.2 via ge-1/0/0.0 [edit] A-re0#Notice that ASN 65555 is prepended to the AS path.
-
Configure the
enforce-first-asstatement on Router A.A-re0# set protocols bgp enforce-first-as A-re0# commit
When you check the route again, you see that route 198.51.100.17 is no longer getting through on Router A.
Verification
- Verify the BGP Session
- Verify the Static Route
- Verify Prepend Export Policy
- Verify the enforce-first-as Statement Is Working
Verify the BGP Session
Purpose
Verify that a BGP session has been established and with which neighbors the router has established a peering session with.
Action
From operational mode, run the show bgp summary command.
B-re0> show bgp summary
Groups: 2 Peers: 2 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0
0 0 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
192.0.2.1 65541 367 369 0 0 2:43:57 0/0/0/0 0/0/0/0
198.51.100.2 65543 369 368 0 0 2:44:00 0/0/0/0 0/0/0/0
Meaning
The first line shows the number of groups configured
and the number of peers that are up or down. This output shows there
are two peers, 192.0.2.1 and 198.51.100.2, up. The table portion shows
that there are no paths in the inet.0 table. We can see that Router
B has two peers, 65541 and 65543. When the State column shows three numbers separated by slashes, the BGP session
is up.
Verify the Static Route
Purpose
Verify that a static route is being exported to routers B and A from Router C.
Action
From operational mode, run the show bgp neighbor command.
C-re0#> show bgp neighbor Peer: 198.51.100.1+179 AS 65542 Local: 198.51.100.2+62588 AS 65543 Type: External State: Established Flags: <Sync> Last State: OpenConfirm Last Event: RecvKeepAlive Last Error: None Export: [ export-static ]
From operational mode, run the show bgp summary command.
B-re0> show bgp summary
Groups: 2 Peers: 2 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0
1 1 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
192.0.2.1 65541 8 10 0 0 2:59 0/0/0/0 0/0/0/0
198.51.100.2 65543 10 10 0 0 3:02 1/1/1/0 0/0/0/0
From operational mode, run the show route protocol bgp command.
A-re0> show route protocol bgp
inet.0: 49 destinations, 49 routes (49 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
198.51.100.17/29 *[BGP/170] 00:12:35, localpref 100
AS path: 65542 65543 I, validation-state: unverified
> to 192.0.2.2 via ge-1/0/0.0
iso.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)
mpls.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
inet6.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
Meaning
With the show bgp neighbor command you can
see the export policy by name.
With the show bgp summary command you can see that
there is now one route in the inet.0 table, showing that the table
has learned this route.
The show route protocol bgp command confirms that
the router is learning routes. You can see the route and the AS path.
Notice that in Router A we can see the AS path is appended with the
ASNs of Routers C and B (65543 and 65542).
Verify Prepend Export Policy
Purpose
Verify ASNs are in AS path of router receiving from Router B.
show bgp neighbor. Lists the BGP routers to which this router is connected. Shows which neighbors the router has established peering sessions with.
show bgp summary. Lists BGP group, peer, and session state information. Helps determine whether a BGP session has been established.
show route protocol bgp. Lists the routes learned from BGP. Confirms that the router is learning routes only from desired neighbors.
Action
From operational mode, run the show route protocol
bgp command.
A-re0> show route protocol bgp
inet.0: 49 destinations, 49 routes (49 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
198.51.100.17/29 *[BGP/170] 00:00:24, localpref 100
AS path: 65555 65542 65543 I, validation-state: unverified
> to 192.0.2.2 via ge-1/0/0.0
iso.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)
mpls.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
inet6.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
Meaning
You can see that 65555 has been prepended to the AS path.
Verify the enforce-first-as Statement Is Working
Purpose
Verify that the router is learning routes only from desired neighbors.
Action
Verify route 198.51.100.17.
A-re0> show route 198.51.100.17 all detail
inet.0: 49 destinations, 49 routes (48 active, 0 holddown, 1 hidden)
198.51.100.17/29 (1 entry, 0 announced)
BGP /-101
Next hop type: Router, Next hop index: 581
Address: 0x9db5ad0
Next-hop reference count: 1
Source: 192.0.2.2
Next hop: 192.0.2.2 via ge-1/0/0.0, selected
Session Id: 0x141
State: <Hidden Ext>
Local AS: 65541 Peer AS: 65542
Age: 1w2d 23:48:47
Validation State: unverified
Task: BGP_65542.192.0.2.2
AS path: 65555 65542 65543 I
Localpref: 100
Router ID: 10.127.0.2
Hidden reason: fails enforce-first-as checkIf you issue the show route command, the route information
is not displayed.
A-re0> show route 198.51.100.17 A-re0>
Meaning
The static route is hidden because it contained an
unrelated ASN and the enforce-first-as statement was configured.
Change History Table
Feature support is determined by the platform and release you are using. Use Feature Explorer to determine if a feature is supported on your platform.