BGP Private and Public AS Range

This topic is to discuss the following lesson:

Excellent! Thank you Rene!

“Removing the private AS numbers is a bit similar to NAT where we hide private IP addresses behind one or more public IP addresses”
But how are we going to do the mapping from private AS to public AS and back when the private AS number is not advertised by AS2 to AS 3 ?

Hi Nikhil,

We don’t. The only thing we do is remove the private AS number and then advertise the prefix(es). Take a look here:

BGP Remove Private AS

There’s no need to create a mapping between the private/public AS number.


Hey Rene,

In your last diagram in this lesson, suppose we have many private AS behind R2 which needs to go to the Internet, in this case how will R2 handle those sessions ? We all know that in similar situation in IPv4 world we have PAT which maps the private IP with one Public IP using unique port number how does R2 handle this situation? Appreciate if you shed some light on this.



Hi Sahil,

You can see it in this example:

BGP Remove Private AS

R2 will have the private AS paths in its own BGP table so it knows what to do.


Hi guys,

With regards to BGP Confederations and Private AS, if we go back to the Confederations example:

In this case would Sub-ASes be Private ASes e.g. 64512, 54513

Essentially nested inside the Public AS 2 ?

Hello Joseph

Yes, typical best practice is to use a public AS for the confederation ID, which in this case is AS2, and the sub ASs would use private AS numbers. This is possible because sub ASs are only visible within the confederation itself. In the above topology, R1 has no information at all about what resides within AS2, whether it is simply an iBGP topology, or if it contains sub ASs.

Technically speaking, you could use public ASs as sub ASs, but that would be a waste.

I hope this has been helpful!


Hi Rene,
I know we need to create iBGP in the same AS and eBGP between different AS. However, I have some questions.
How do we define the different AS? Does one company have one AS regardless of their branches and location? What if one company has two branches. (Site A and site B. Site A is the headquarter). Does each sites have their own AS? (Two different AS in this case?) Or, are they considered in the same AS even if they are in the different location? If I connect the two sites via BGP, will it be eBGP? or iBGP?
Thank you

Hello Bruce

ISPs of all levels that administrate infrastructure that supports the Internet are assigned specific AS numbers, and they use them as they see fit within their network. Generally speaking, Autonomous Systems within ISPs are clustered together geographically, to a certain extent. You will have a network segmented into various different sections each with its own AS, and they’re interconnected using eBGP. Something like this, but to a much bigger scale:

But geography is not the only thing that affects the way these network sections are clustered. Network traffic patterns, interconnections with other ISPs, and interconnections with customers also play a role.

Now for a private enterprise, where private AS numbers are used, how you distribute your network depends on what you want to do. Typically, in all but the largest private networks, an enterprise will employ a private BGP AS at the connection to the Internet, where an AS is defined, and an eBGP connection is established with the ISP. If you have more than one branch, typically, you would have a different AS number at each branch, but you would still connect to the ISP, so you wouldn’t have direct interaction between the BGP Autonomous Systems.

The accompanying technology used often defines how BGP will be used. For example, MPLS uses MultiProtocol BGP configurations to function. Similarly, you can use BGP with DMVPN in either an iBGP or eBGP arrangement, where each one has its pros and cons.

The specific lesson was created to show how BGP behaves in various situations. As such, it’s rare that you would configure a BGP setup similar to the one in the lesson.

So you see, you can configure all branches to have the same AS, or different AS’es, depending on what you want to do and what accompanying protocols and features are being used.

First of all, if you want to use BGP between the sites, they must be directly connected somehow. But there is usually some infrastructure like MPLS or DMVPN between them. But if they were to be directly connected, then if they use the same AS, by definition, iBGP would be used. If you used a different AS, by definition again, eBGP would be used.

I hope this has been helpful!


1 Like