6 Replies Latest reply: Feb 19, 2011 7:06 PM by Scott Morris - CCDE/4xCCIE/2xJNCIE RSS

    BGP Private ASN numbers vs Public ASN numbers

    Steven Williams

      I was reading the CCNP Route official certification guide and really struggled on the topic of private and public ASN numbers. So I get that we have the same problem with ASN numbers as we "did" with IPv4 addresses. So it talked about private ASN numbers, but the explaination was vague to me. Can someone extend on the difference? Also what is the plan for when they run out of ASN numbers?

        • 1. Re: BGP Private ASN numbers vs Public ASN numbers
          tnewshott

          Public vs private ASN is the same as public vs private IPs.  Private ASNs are set aside for use internally with companies.  Kind of like the RFC1918 of ASNs.

           

          Not sure about the second half of your question.  Not sure it's an issue or not, yet.  Perhaps someone more in tune with the SP side of the house can comment on that.

          • 2. Re: BGP Private ASN numbers vs Public ASN numbers
            Conwyn

            Hi Hollywood

             

            One usage is confederations. You can have a public AS and behind that sits hundreds of private AS. It is a sort of NAT. The outside world sends all traffic to the public AS. Traffic from the confederations appears to come from the single public AS.

             

            Regards Conwyn

            • 3. Re: BGP Private ASN numbers vs Public ASN numbers
              Keith Barker - CCIE RS/Security, CISSP

              Hollywood0728 wrote:

               

              I was reading the CCNP Route official certification guide and really struggled on the topic of private and public ASN numbers. So I get that we have the same problem with ASN numbers as we "did" with IPv4 addresses. So it talked about private ASN numbers, but the explaination was vague to me. Can someone extend on the difference? Also what is the plan for when they run out of ASN numbers?

               

              The original 2 octet ASN numbers are depleting, so they kicked it up a notch to a 4 octet ASN number, with a migration path from 2 to 4.

               

              This is discussed in RFC 5668.

               

              If a customer wants to connect with their service provider via BGP, both the service provider and the customer need to have an ASN.   The service provider will have a real, registered ASN, and the customer will be given a private one in the range  from 64512 to 65535.   These customers are hiding behind there service providers, and as BGP updates come from the customer into the service provider, the service provider will strip off (hide) the private ASN and simply place it's own ASN in the AS_PATH instead, before sending those route updates into other autonomous systems.   This is a lot like NAT, where an RFC 1918 address like 10.0.0.1 is removed as a source address by the NAT device, and replaced with a global (registered) routable address such as 23.0.0.1

               

              Best wishes,

               

              Keith

              • 4. Re: BGP Private ASN numbers vs Public ASN numbers
                tnewshott

                That was actually an interesting read Keith.  Where does the actual migration stand there?  Is this something we're going to see soon? 

                 

                SP is one environment I've got little experience in, outside of the military SP-type realm.

                • 5. Re: BGP Private ASN numbers vs Public ASN numbers
                  Marko Milivojevic

                  Migration is happening, as we speak. Many RIRs (Regional Internet Registries - ARIN, RIPE, APNIC, AfriNIC, LACNIC) have started assigning 32-bit AS numbers to customers almost two years ago.

                   

                  IOS is a bit slow to pick up on the support for them, but in most high-end gear, it's there.

                   

                  --

                  Marko Milivojevic - CCIE #18427 (SP R&S)

                  Senior Technical Instructor - IPexpert

                  • 6. Re: BGP Private ASN numbers vs Public ASN numbers
                    Scott Morris - CCDE/4xCCIE/2xJNCIE

                    The hardest part in the migration will be everyone's router/vendor/software-version actually supporting the 4-byte ASNs.  Even though there's a "compatibility" mode to it (AS23456), there have been several cases of "too many of these" causing issues in interpretation and rejecting routes or even crashing routers.

                     

                    As I understand it, most RIRs will only assign the 4-byte ones by request (or at least that seems to be ARINs mode).  There's a lot of reuse of "standard" ASNs going on.  Anything given up cycles back into the pool.

                     

                    I guess it's all we're doing trying to squeeze the last little bit of life out of it!   Like IPv4! 

                     

                    Scott