BGP - remove private AS

BGP has a range of ASNs that are private, which means that they cannot be used on the public Internet. Sometimes, private ASNs are used by enterprises that are behind a single ISP. When the ISP forwards prefixes that it learns from the private AS, it will remove the private AS number before it forwards the prefix to other autonomous systems.

Cisco IOS routers support the remove-private-as command to achieve this. There are some restrictions however:

  • You can only use this for eBGP neighbors.
  • The private AS numbers are removed from outbound updates.
  • You can only have private AS numbers in the AS path, if you have a mix of public and private AS numbers then the router won’t remove anything.
  • If the AS path contains the AS number of the eBGP neighbor then it won’t be removed.
  • If there are BGP Confederations in use, BGP only removes private AS numbers after the confederation part in the AS path.

There are several situations in which you would have both private and public ASes in the AS Path, and you would need to remove the private ASes before advertising to the internet. This is where the remove private AS feature comes in.

In the real world, you might encounter multiple ASes in the AS Path field that are both Private and Public in scenarios where an organization has multiple branches with their own private AS, and they are connected to the internet (public AS) through their ISP.

In such scenarios, the Remove-Private-AS All command can be used when you want to remove all occurrences of private AS numbers from the AS path, irrespective of their position in the path. This is generally done to hide the internal AS path details when advertising routes to external peers.

On the other hand, the Remove-Private-AS All Replace command replaces all occurrences of private AS numbers with the local AS number. This is useful when you want to maintain the length of the AS path while still hiding the private AS numbers.