With regards to the restrictions, could you elaborate on the last two please?
–> If the AS path contains the AS number of the eBGP neighbor then it won’t be removed.
–> If there are confederations, BGP only removes private AS numbers after the confederation part in the AS path.
Concerning this first restriction, take a look at the following post:
Now having said that, it turns out that in newer versions of IOS such as release 15SY, this is no longer a restriction as you can see from page two of the following Cisco documentation:
When confederations are involved, the AS path will consist of a list of AS’es and sub-AS’es. The sub AS’es are denoted in the path in brackets. Within the BGP packet, these are denoted using the AS_CONFED_SEQUENCE segment type. Here is an example of a Wireshark capture of a BGP advertisement that contains a path attribute of 65000 which is marked as a segment type of AS_CONFED_SEQUENCE, which means it is a sub AS.
What this restriction is saying is that any AS path that contains private AS’es will have those private AS’es removed only if they come after the AS_CONFED_SEQUENCE section of the path (if it exists).
I was wondering why this is the case, but I was unable to find any information about this. I’m sure there’s a reason for it, but I’m not sure what it is . I can share this with Rene, and see if he has any insight as to why…
A quick question about Remove-Private-AS All and Remote-Private-AS All Replace.
Removing the private AS number(s) will only work if there are no public AS numbers in the AS path. To demonstrate this I will add extra AS numbers on the update from R1.
In what kind of situation in the real world would there be multiple ASes in the AS Path field that are both Private and Public? This means that the traffic would have to pass not only a private AS but also a public AS.
If there is a scenario, then when should we use Remove-Private-AS All Replace and when Remove-Private-AS All?
We often think about BGP exclusively as the routing protocol on the Internet. Remember, it is also extensively used on internal enterprise networks as well as on edge networks. As such, there are several situations in which you would have both private and public ASes in the AS Path. Take a look at this post concerning this fact.
Specifically, in the real world, you might encounter multiple ASes in the AS Path field that are both Private and Public in scenarios where an organization has multiple branches with their own private AS, and they are connected to the internet (public AS) through their ISP.
In such scenarios, the Remove-Private-AS All command can be used when you want to remove all occurrences of private AS numbers from the AS path, irrespective of their position in the path. This is generally done to hide the internal AS path details when advertising routes to external peers.
On the other hand, the Remove-Private-AS All Replace command replaces all occurrences of private AS numbers with the local AS number. This is useful when you want to maintain the length of the AS path while still hiding the private AS numbers.
This is an excellent question! I have created a NetworkLessons note that explains the reasoning behind this. Take a look at the note found here for more information. If you have any further questions, let us know!