Hide the Remote AS using the neighbor local-as Command
In a network, an Autonomous System (AS) is available to define a set of IP routing prefixes that are under a common administration policy control. These defined routing policies are used by other connected routers o n the Internet. When an AS is configured in Border Gateway Protocol (BGP), it is used to share routing information to connected peers. The neighbor local-as CLI command configures the AS number to be used with External Border Gateway Protocol (EBGP) peers. By default, the configured AS number is included in the AS-PATH message that is exchanged between the peers.
When a BGP router, configured in one network, connects to another router on the network, it will automatically share routing information with the AS number of both the local and remote routers in the AS-PATH message with other connected, external peers. For example, if a router ISP1-R, accesses services from another router, ISP2-R, ISP1-R router will share routing information with local and remote AS numbers in the AS-PATH message when services are merged. This allows the external peers to learn the AS numbers of remote routers not connected to it (in this case, the AS number of ISP2-R). It is not desirable to disclose the AS number of remote routers to external peers.
To avoid advertising the remote peer’s AS number, OcNOS provides an option in the neighbor local-as CLI to not include (no-prepend) the remote AS number and replace (replace-as) it with alternate AS number. Configuring an alternate AS in the BGP neighbor system, provides the ability to hide the AS number of the remote router that actually shares the services. Thus, the AS number of the BGP router that is actually providing services is unknown to the external peer.
Hence, the existing neighbor local-as CLI command has been modified in this release.
Feature Characteristics
The neighbor local-as CLI is enhanced to hide and replace the AS number of the remote routers not connected to external peer. Two new options ‘no-prepend’ and ‘replace-as’ have been added. These options replace the AS number with an alternate AS number in the AS_PATH and BGP OPEN message. Hence, the AS of the remote router is unknown to the respective neighbor peer.
The actual Autonomous System number is never shared to the external network.
The following configuration assumes the router R1 and R2 is assigned with AS300 and AS100 respectively.

Disparate Autonomous System Number
Perform the following configuration on R1 router.
#configure terminal | Enter configure mode. |
R1(config)#router bgp 300 | Start the BGP process with the Autonomous System number 300 |
R1(config-router)#neighbor remote-as 200 | Establish BGP session with neighbor that has AS number 200 |
R1(config-router)#address-family ipv4 unicast | Enter address-family ipv4 unicast mode |
R1(config-router-af)#neighbor activate | Enable the neighbor router to exchange address family routes |
R1(config-router-af)#redistribute connected | Redistribute information from connected routes |
R1(config-router-af)#exit-address-family | Exit address-family IPv4 unicast mode |
R1(config-router)#commit | Commit the configurations |
Perform the following configuration on R2 router.
#configure terminal | Enter configure mode |
R2(config)#router bgp 100 | Start the BGP process with the Autonomous System number 100 |
R2(config-router)#neighbor remote-as 300 | Establish BGP session with neighbor that has AS number 300 |
R2(config-router)#neighbor local-as 200 no-prepend replace-as | Replace the AS number 300 with AS number 200 that should be used with the neighbor |
R2(config-router)#address-family ipv4 unicast | Enable the neighboring router to exchange address family routes |
R2(config-router-af)#neighbor activate | Enable the neighbor router to exchange address family routes |
R2(config-router-af)#redistribute connected | Redistribute information from the connected routes |
R2(config-router-af)#exit-address-family | Exit address-family ipv4 unicast mode |
R2(config-router)#commit | Commit the configurations |
Check the AS number 300 running on R1. It has established a BGP connection with router that has AS number of 200.
OcNOS#show running-config bgp
router bgp 300
neighbor remote-as 200
address-family ipv4 unicast
redistribute connected
redistribute static
neighbor activate
OcNOS#show ip bgp summary
BGP router identifier, local AS number 300
BGP table version is 4
2 BGP AS-PATH entries
0 BGP community entries
Neighbor V AS MsgRcv MsgSen TblVer InQ OutQ Up/Down State/PfxRcd 4 200 185 181 3 0 0 00:00:28 2
Total number of neighbors 1
Total number of Established sessions 1
OcNOS#show ip route
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
ia - IS-IS inter area, E - EVPN,
v - vrf leaked
* - candidate default
IP Route Table for VRF "default"
C is directly connected, ce1, 1d14h18m
B [20/0] via, ce1, 00:00:18
C is directly connected, xe33, 1d13h40m
C is directly connected, lo, 1d14h23m
Gateway of last resort is not set
Check if the AS number 100 for R2 has been replaced with AS number 200 before sharing the information with R1.
OcNOS#show running-config bgp
router bgp 100
neighbor remote-as 300
neighbor local-as 200
address-family ipv4 unicast
redistribute connected
redistribute static
neighbor activate
OcNOS#show ip bgp summary
BGP router identifier, local AS number 100
BGP table version is 2
2 BGP AS-PATH entries
0 BGP community entries
Neighbor V AS MsgRcv MsgSen TblVer InQ OutQ Up/Down State/PfxRcd 4 300 180 186 2 0 0 00:00:39 2
Total number of neighbors 1
Total number of Established sessions 1
Check if the AS number for R2 is changed to 100 and R1 shares AS 100 in the AS-PATH message.
OcNOS#show ip bgp
BGP table version is 4, local router ID is
Status codes: s suppressed, d damped, h history, a add-path, * valid, > best, i - internal,
l - labeled, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 0 100 32768 ?
* 0 100 0 200 100 ?
*> 0 100 0 200 100 ?
*> 0 100 32768 ?
Total number of prefixes 3
Revised CLI Commands
neighbor local-as
The neighbor local-as CLI is enhanced to hide and replace the AS number of the remote routers not connected to external peer. Two new options ‘no-prepend’ and ‘replace-as’ have been added. These options replace the AS number with an alternate AS number in the AS_PATH and BGP OPEN message. Hence, the AS of the remote router is unknown to the respective neighbor peer.
For the complete command reference, refer to
neighbor local-as CLI in
BGP Commands section.