Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

BGP 4-Byte AS Numbers

4-Byte Autonomous System Numbers Overview

This Technology Overview describes 4-byte autonomous system (AS) numbers and the operation of BGP in a network with a mix of 2-byte and 4-byte AS numbers.

The 2-byte AS number, also known as a 16-bit AS number or 2-octet AS number, provides a pool of 65,536 AS numbers. The 2-byte AS number range has been exhausted. 4-byte AS numbers are specified in RFC 4893, BGP Support for Four-Octet AS Number Space and provide a pool of 4,294,967,296 AS numbers.

As of January 1, 2009 the Internet Assigned Numbers Authority (IANA) only assigns 4-byte AS numbers, unless a 2-byte AS number is specifically requested. The Internet Engineering Task Force (IETF) RFC 4893 defines a method for smooth transition from 2-byte AS numbers to 4-byte AS numbers and for maintaining backward compatibility.

RFC 4893 introduces two new optional transitive BGP attributes, AS4_PATH and AS4_AGGREGATOR. These new attributes are used to propagate 4-byte AS path information across BGP speakers that do not support 4-byte AS numbers.

RFC 4893 also introduces a reserved, well-known, 2-byte AS number, AS 23456. This reserved AS number is called AS_TRANS in RFC 4893.

RFC 7300, Reservation of Last Autonomous System (AS) Numbers and the Internet draft draft-ietf-idr-as0-06 restrict the use of 2-byte AS number 65535, 4-byte AS number 4294967295UL, and AS number 0 in a configuration. Therefore, when you use these restricted AS numbers, the commit operation fails.

Implementing 4-Byte Autonomous System Numbers

Junos OS Release 9.1 and later supports 4-byte AS numbers.

If your network is currently using 2-byte AS numbers, you are not required to get new 4-byte AS numbers. The 2-byte AS number range is a subset of the 4-byte AS number range. A Juniper networks router that supports 4-byte AS numbers simply prepends a string of zeros in front of the 2-byte AS number. For example, the 2-byte AS number 65000 becomes the 4-byte AS number 00000.65000.

If your Juniper Networks router supports 4-byte AS numbers and has a peer relationship with a router that does not support 4-byte AS numbers, the following sequence takes place in the adjacent RIB-in routing table after the router that supports 4-byte AS numbers advertises this capability to the new peer:

  1. The router that supports 4-byte AS numbers receives an advertisement from the peer that supports only 2-byte AS numbers.

  2. On the router that supports 4-byte AS numbers, the 2-byte AS path is converted into the 4-byte AS number by prepending a string of zeros in front of the 2-byte AS number.

  3. If a 4-byte AS number is also present in the path, it is merged with the 2-byte AS numbers in the path.

  4. If the AGGREGATOR and AS4_AGGREGATOR attributes are present, these attributes are also merged.

If your Juniper Networks router supports 4-byte AS numbers and has a peer relationship with a router that does not support 4-byte AS numbers, the following sequence takes place in the adjacent RIB-out routing table:

  1. Update message are reformatted before being sent to the router that does not support 4-byte AS numbers.

  2. The router that supports 4-byte AS numbers sends the 4-byte AS number in the AS4_PATH attribute.

  3. The AS_PATH attribute is also sent. It is encoded with the 2-byte AS numbers. Mappable 4-byte AS numbers, below 64537, are sent as 2-byte AS numbers. Non-mappable 4-byte AS numbers, above 64536, are represented by the well-known 2-byte AS number, AS 23456.

  4. A single peer group is used for the routers that support 4-byte AS numbers and the routers that support only 2-byte AS numbers.

Configuring 4-Byte Autonomous System Numbers

This section describes how to configure a 4-byte AS number and how to verify if the BGP peer supports 4-byte AS numbers.

The AS number can be specified in plain number format or in AS-dot notation format on routers running Junos OS Release 9.2 and later. For example, the 4-byte AS number of 65,546 is represented in plain-number format as 65546. The same AS number is represented in AS-dot notation format as 1.10 on routers running Junos OS Release 9.2 and later.

  • To configure a 4-byte AS number in AS-dot notation format, include the autonomous-system statement and specify the 4-byte AS number. In the following example the AS number is set to 1.10.

  • To configure a 4-byte AS number in plain number format, include the autonomous-system statement and specify the 4-byte AS number. In the following example the AS number is set to 65546.

  • After a BGP peer session has been negotiated, you can verify whether the peer supports 4-byte AS numbers or not. To verify whether the peer supports 4-byte AS numbers or not, use the show bgp neighbor command. In the following example the peer does not support 4-byte AS numbers.

  • In the following example the peer does support 4-byte AS numbers.

Prepending 4-Byte AS Numbers in an AS Path

When an address prefix advertisement transits a domain, the domain effectively “signs” the prefix advertisement by prepending its autonomous system number (ASN) to the AS path associated with the address prefix. At any point in the network the AS path describes a sequence of connected domains that forms a path from the current point to the originating domain. The left-most number in the AS path list is the ASN of the adjacent AS from which the address prefix advertisement was received. The sequence of numbers indicates the sequence of ASs though which this update was propagated.

This section describes how to prepend one or more AS numbers at the beginning of an AS path. The AS numbers are added at the beginning of the path after the actual AS number from which the route originates has been added to the path. Prepending an AS path makes a shorter AS path look longer and therefore less preferable to BGP.

Note:

As of Junos OS Release 15.1, the enforce-first-as statement enforces the first (left-most) autonomous system number (ASN) in AS-path is the previous neighbor's ASN as the domain is transited.

In Figure 1, Router 2 is configured to prepend AS 1000000000 4 times in front of AS number 65000.

Figure 1: EBGP with 4-Byte AS Numbers Prepended to the AS PathEBGP with 4-Byte AS Numbers Prepended to the AS Path

You can display the route details using the show route command on Router 3. In the following example, notice that the prepended AS number displayed in the AS path on Router 3 is the AS_TRANS number, AS 23456. This is because Router 3 does not support 4-byte AS numbers.

You can display the route details using the show route command on Router 4. In the following example, notice that the prepended AS number displayed in the AS path on Router 4 is AS 1000000000. This is because Router 4 supports 4-byte AS numbers and merges the AS_PATH and AS4_PATH attributes.

Configuring 4-Byte AS Numbers and BGP Extended Community Attributes

A BGP community is a group of destinations that share a common property. You can configure the standard community attribute and extended community attributes for inclusion in BGP update messages.

For example, when configuring a VPN routing and forwarding (VRF) instance, you need to configure a route target. A route target is one type of BGP extended community attribute. To create a named BGP extended community attribute, include the community statement and specify the community members:

To specify the community members, you must specify the community ID. The community ID consists of three components that you specify in the following format:

The administrator field of some BGP extended community attributes is an AS number. To configure a target extended community, which includes a 4-byte AS number in the plain-number format, append the letter “L” to the end of the number.

In the following example, a target community with the 4-byte AS number 334324 and an assigned number of 132 is represented as target:334324L:132.

Note:

If you display the target extended community information on a peer router that does not support 4-byte AS numbers, the router displays target:unknown format.

Understanding a 4-Byte Capable Router AS Path Through a 2-Byte Capable Domain

This section describes what happens when a router that supports 4-byte AS numbers sends the AS path statement to a router that only supports 2-byte AS numbers if the first router is configured with an AS number outside the 2-byte AS number range.

In Figure 2 Router 1 supports 4-byte AS numbers. Router 1 is configured to use a 4-byte AS number, AS 1000000000. Router 2 supports 2-byte AS numbers. Router 2 is configured with a 2-byte AS number, AS 65056.

Figure 2: 4-Byte Capable Router AS Path to a 2-Byte Capable Router4-Byte Capable Router AS Path to a 2-Byte Capable Router
  • Router 2 does not accept 4-byte AS numbers in the AS_PATH attribute. You can verify this using the show bgp neighbor command on Router 1.

Figure 3 shows four routers running EBGP. Router 1, Router 2, and Router 4 support 4-byte AS numbers. Router 3 does not support 4-byte AS numbers.

Figure 3: EBGP 4-Byte AS Path Through a 2-Byte AS DomainEBGP 4-Byte AS Path Through a 2-Byte AS Domain

In this case:

  • Router 1 sends the 4-byte AS number, AS 1000000000, in the AS_PATH attribute to Router 2.

  • Router 2 knows that Router 3 does not support 4-byte AS numbers.

  • Router 2 sends the AS_TRANS number, AS 23456, in the AS_PATH attribute in place of the 4-byte AS number to Router 3.

  • Router 2 sends the 4-byte AS number, AS 1000000000 in the AS4_PATH attribute to Router 3.

  • Because the AS4_PATH attribute is transitive, Router 3 sends both the AS_PATH attribute and the AS4_PATH attribute to Router 4.

  • When Router 4 receives the AS_PATH and AS4_PATH attributes, it merges the path statements to create an accurate AS path.

You can display the AS path using the show route command on Router 3. In the following example, notice that the AS number 23456 appears in the AS path and that the AS4_PATH attribute is Unrecognized. Because the AS4_PATH attribute is a transitive attribute, it is forwarded to the next router.

You can display the route details using the show route command on Router 4. In the following example, notice that as the AS path transitions Router 3, as shown in the AS2 (2-byte AS) path, the AS number is displayed as AS_TRANS. This means that Router 3 sees the AS number as 23456. In the AS4 (4-byte AS) path the AS number is displayed as 1000000000. In the merged AS path the correct AS path numbers are displayed for AS 65056, AS 65000, and AS 1000000000.

Figure 4 shows 4 routers running IBGP. Router 1, Router 2, and Router 4 support 4-byte AS numbers. Router 3 does not support 4-byte AS numbers.

Figure 4: IBGP 4-Byte AS Path Through a 2-Byte AS DomainIBGP 4-Byte AS Path Through a 2-Byte AS Domain

In this case:

  • Router 1 sends the 4-byte AS number, AS 1000000000, in the AS_PATH attribute to Router 2.

  • Router 2 knows that Router 3 does not support 4-byte AS numbers.

  • Router 2 sends the AS_TRANS number, AS 23456, in the AS_PATH attribute in place of the 4-byte AS number to Router 3.

  • Router 3 sends both the AS_PATH attribute and the AS4_PATH attribute to Router 4.

  • When Router 4 receives the AS_PATH and AS4_PATH attributes, it merges the path statements to create an accurate AS path.

You can display the route details using the show route command on Router 2. In the following example, notice that the AS path is displayed as 1000000000.

You can display the route details using the show route command on Router 3. In the following example, notice that the AS path is displayed as 65000 23456.

You can display the route details using the show route command on Router 4. In the following example, notice that the merged AS path is displayed as 65000 1000000000.

Understanding 4-Byte AS Numbers and Route Distinguishers

A route distinguisher (RD) is an 8-byte field prefixed to a service provider customer's IPv4 address. The resulting 12-byte field is a unique VPN-IPv4 address. The RD in BGP messages consists of two major fields, the type field (2 bytes) and value field (6 bytes). The type field determines how the value field should be interpreted.

The route distinguisher is configured as a 6-byte value that you can specify as as-number:number, where as-number is your assigned AS number and number (also known as an administrative number or assigned number subfield) is any 2-byte or 4-byte value. The AS number can be in the range from 1 through 4,294,967,295. If the AS number is a 2-byte value, the administrative number is a 4-byte value. If the AS number is 4-byte value, the administrative number is a 2-byte value.

An RD consisting of a 4-byte AS number and a 2-byte administrative number is defined as a type 2 route distinguisher in RFC 4364, BGP/MPLS IP Virtual Private Networks.

To configure an RD using a 4-byte AS number, append the letter “L” to the end of the number. In the following example, the 4-byte AS number is 7765000 and the administrative number is 1000:

If the router you are configuring is a BGP peer of a router that does not support 4-byte AS numbers, you also need to configure a local AS number as discussed in Establishing a Peer Relationship Between a 4-Byte Capable Router and a 2-Byte Capable Router Using a 4-Byte AS Number. To configure the local AS number, include the local-as statement, specify the 2-byte AS number to use (65001), and include the private option.

Understanding 4-Byte AS Numbers and Route Loop Detection

One of the most important functions in BGP is route loop detection at the autonomous system level using the AS_PATH attribute. A simple way of thinking of the AS_PATH is that it is the list of autonomous systems that a route goes through to reach its destination. Loops are detected and avoided by the router checking for its own AS number in the AS_PATH received from a neighboring AS.

This section describes how route loop detection works with a mix of routers that support and do not support 4-byte AS numbers. Figure 5 shows a small network with the potential for BGP loops.

Figure 5: 4-Byte AS Numbers and Loop Detection4-Byte AS Numbers and Loop Detection

In the first example, an EBGP route, route 1.2.3.4, is first advertised by Router 1. The first AS in the path is AS 12596 as configured on Router 1. The second AS that is in the path is AS 1000000 as configured on Router 2. AS 1000000 is sent in the AS4_path attribute and the AS_TRANS number, AS 23456, is sent in the AS_PATH attribute to Router 3. The third AS that is in the path is AS 60000, as configured on Router 3.

The show route command output shows the AS path for route 1.2.3.4 as advertised by Router 3 to Router 4. In the show route command output, you see AS 12596 first. Because Router 3 does not support 4-byte AS numbers, you see AS 23456 second. Because Router 2 used a local AS of 65000 to establish a peer relationship with Router 3, you see AS 65000 third. AS 60000 is not in the show route command output because the command was entered on the router configured with AS 60000.

In this case, when Router 4 sees its own AS number, AS 12596, in the path, it detects a routing loop.

In the second example, an EBGP route, route 4.3.2.1, is first advertised by Router 4. The first AS in the path is AS 12596 as configured on Router 4. The second AS in the path is AS 60000 as configured on Router 3. The third AS is in the path is AS 1000000 as configured on Router 2.

The show route command output shows the AS path for route 4.3.2.1 as advertised by Router 2 to Router 1. In the show route command output, you see AS 12596 first and AS 60000 second. AS 1000000 is not in the show route command output because the command was entered on the router configured with AS 1000000.

When Router 1 sees its own AS number, AS 12596, in the path, it detects a routing loop.

Establishing a Peer Relationship Between a 4-Byte Capable Router and a 2-Byte Capable Router Using a 2-Byte AS Number

This section describes what happens when a router that supports 4-byte AS numbers establishes a peer relationship with a router that only supports 2-byte AS numbers if both routers are configured with AS numbers in the 2-byte AS number range.

In Figure 6, Router 1 is running Junos OS Release 9.2 that supports 4-byte AS numbers. Router 1 is configured to use a 2-byte AS number, AS 12596. Router 2 is running Junos OS Release 8.5 that supports 2-byte AS numbers. Router 2 is configured with a 2-byte AS number, AS 60000.

Figure 6: 4-Byte Capable Router Having a Peer Relationship with a 2-Byte Capable Router Using a 2-Byte AS Number4-Byte Capable Router Having a Peer Relationship with a 2-Byte Capable Router Using a 2-Byte AS Number
  • The following example shows the relevant portion of the Router 1 configuration.

  • To verify that the AS path of route 1.2.3.4 contains AS 12596, use the show route command on Router 2. The following example shows that the BGP peer session is established in the normal way and that the AS path of route 1.2.3.4 contains AS 12596:

  • To display the session-establishment messages logged on Router 1, use the show log messages command. The following example shows that Router 1 discovers that Router 2 does not support 4-byte AS numbers:

Establishing a Peer Relationship Between a 4-Byte Capable Router and a 2-Byte Capable Router Using a 4-Byte AS Number

This section describes what happens when a router that supports 4-byte AS numbers establishes a peer relationship with a router that only supports 2-byte AS numbers if the first router is configured with an AS number outside the 2-byte AS number range.

In Figure 7, Router 2 is running Junos OS Release 9.2 that supports 4-byte AS numbers. Router 2 is configured to use a 4-byte AS number, AS 1000000. Router 3 is running Junos OS Release 8.5 that supports 2-byte AS numbers. Router 3 is configured with a 2-byte AS number, AS 60000.

Figure 7: 4-Byte Capable Router Having a Peer Relationship with a 2-Byte Capable Router Using a 4-Byte AS Number4-Byte Capable Router Having a Peer Relationship with a 2-Byte Capable Router Using a 4-Byte AS Number

You can configure a local AS number to be used only during the establishment of the BGP session with a BGP neighbor, but to be hidden in the AS path sent to external BGP peers. To configure the local AS number, include the local-as statement, specify the 2-byte AS number to use, 65530, and include the private option. With this configuration, only the global AS number, 1000000, is included in the AS path sent to external peers. The following example shows the relevant portion of the Router 2 configuration:

The peer AS number on Router 3 should equal the local AS number on Router 1. The following example shows the relevant portion of the Router 3 configuration:

To verify that the AS path of route 22.1.2.3 contains AS 65530, use the show route command on Router 3. The following example shows that the BGP peer session is established and that the AS path of route 22.1.2.3 contains AS 65530:

Example: Enforcing Correct Autonomous System Number in AS-Path in BGP Network

This example shows how the enforce-first-as statement, set at the [edit protocols bgp] hierarchy level, can be used as a security measure. Configuring this statement creates a consistency check to ensure a BGP peer is a legitimate sender of routing information.

Requirements

Before you begin, set up an BGP network of at least three autonomous systems. Three separate routers is sufficient.

Overview

The enforce-first-as statement enforces that the first (left-most) autonomous system number (ASN) in the AS-path is consistent with the advertising neighbor's ASN.

The topology is set up with Router C advertising in BGP a static route to Router B, which then readvertises the route to Router A. Then an export policy towards Router A to prepend an unrelated ASN is added to Router B. Lastly, the enforce-first-as statement is configured on Router A towards Router B. When Router A gets AS-path, it checks if the left-most ASN in the AS-path is the previous neighbor's ASN and invalidates the route coming from Router B.

Topology

Configure enforce-first-as Statement to Check Routes

CLI Quick Configuration

To quickly configure the initial configuration for this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

Initial Configuration on Router A

Initial Configuration on Router B

Initial Configuration on Router C

Procedure

Step-by-Step Procedure
  1. Configure a static route on Router C.

  2. Configure an export policy for the static route.

  3. Verify that the static route is getting through to Router B and Router A.

    Notice that on Router A, route is shown with an AS-path of 65542 65543. Route from Router B to Router A has had the ASN for Router A prepended to the AS-path.

  4. Set an export policy to prepend ASN from Router B.

  5. Verify route 198.51.100.17 on Router A.

    Notice that ASN 65555 is prepended to the AS path.

  6. Configure the enforce-first-as statement on Router A.

    When you check the route again, you see that route 198.51.100.17 in no longer getting through on Router A.

Verification

Verify the BGP Session

Purpose

Verify that a BGP session has been established and with which neighbors the router has established a peering session with.

Action

From operational mode, run the show bgp summary command.

Meaning

The first line shows the number of groups configured and the number of peers that are up or down. This output shows there are two peers, 192.0.2.1 and 198.51.100.2, up. The table portion shows that there are no paths in the inet.0 table. We can see that Router B has two peers, 65541 and 65543. When the State column shows three numbers separated by slashes, the BGP session is up.

Verify the Static Route

Purpose

Verify that a static route is being exported to routers B and A from Router C.

Action

From operational mode, run the show bgp neighbor command.

From operational mode, run the show bgp summary command.

From operational mode, run the show route protocol bgp command.

Meaning

With the show bgp neighbor command you can see the export policy by name.

With the show bgp summary command you can see that there is now one route in the inet.0 table, showing that the table has learned this route.

The show route protocol bgp command confirms that the router is learning routes. You can see the route and the AS path. Notice that in Router A we can see the AS path is appended with the ASNs of Routers C and B (65543 and 65542).

Verify Prepend Export Policy

Purpose

Verify ASNs are in AS path of router receiving from Router B.

show bgp neighbor. Lists the BGP routers to which this router is connected. Shows which neighbors the router has established peering sessions with.

show bgp summary. Lists BGP group, peer, and session state information. Helps determine whether a BGP session has been established.

show route protocol bgp. Lists the routes learned from BGP. Confirms that the router is learning routes only from desired neighbors.

Action

From operational mode, run the show route protocol bgp command.

Meaning

You can see that 65555 has been prepended to the AS path.

Verify the enforce-first-as Statement Is Working

Purpose

Verify that the router is learning routes only from desired neighbors.

Action

Verify route 198.51.100.17.

If you issue the show route command, the route information is not displayed.

Meaning

The static route is hidden because it contained an unrelated ASN and the enforce-first-as statement was configured.

Release History Table
Release
Description
9.1
Junos OS Release 9.1 and later supports 4-byte AS numbers.