BGP Private and Public AS Range

Just like IP addresses, ASNs (Autonomous System Numbers) have to be unique on the Internet. The main reason for this is that BGP uses the AS number for its loop prevention mechanism. When BGP learns about a route that has its own AS number in its path then it will be discarded.

Here’s an example:

BGP Duplicate AS Number

Above we have three routers, R1 and R3 are using the same AS number. Once R1 sends an update, R2 will accept it but R3 will not since the AS number is the same.

To prevent the above from happening, IANA is in control of the AS numbers (similar to public IP addresses). If you want an AS number for the Internet then you’ll have to request one. They started with 16-bit AS numbers (also called 2-octet AS numbers) that were assigned like this:

  • 0: reserved.
  • 1-64.495: public AS numbers.
  • 64.496 – 64.511 – reserved to use in documentation.
  • 64.512 – 65.534 – private AS numbers.
  • 65.535 – reserved.

The 1-64.495 public AS range is pretty small so there are similar issues to the IPv4 public IP addresses, there aren’t enough numbers. Right now (May 2015) there are only 199 AS numbers left that could be assigned. You can see the current status of available AS numbers here.

To get more AS numbers, an extension has been created that supports 32-bit AS numbers (also called 4-octet AS numbers). This means we have about 4.294.967.296 AS numbers that we can use.

When you request an AS number you’ll have to justify why you need a public AS number. For some organizations, using a private AS number should also be a solution.

Private AS numbers can be used when you are connected to a single AS that uses a public AS number. Here’s an example:

We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 660 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

510 Sign Ups in the last 30 days

100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!


Forum Replies

  1. Dear Ahammad,

    You have to configure this on all routers within the sub-AS otherwise they won’t consider themselves part of the confederation. They will be able to establish BGP peerings but they’ll consider other routers in the confederation as regular “external” or “internal” neighbors. They will also drop routes when they see a confederation path in it.

    I tested this, here is the output of some show commands when I removed “bgp confederation identifier 2” on R3, R4 and R5:

    R3#show ip bgp
    BGP routing table entry for, version 19
    ... Continue reading in our forum

  2. Dear Rene,

    Thanks for the information. Yes that is correct.

    However, I simulated a similar lab like yours but I have not connected R4 and R5 that you have done, only to see if those router can communicate with R1. And i found out that if i don’t connect R4 and R5 to each other as redundant link then those two router do not need the “bgp confederation peer” and “bgp confederation identifier” commands. Also I found out that those two commands are mandatory for R2 and R3. Since, R2 is connecting External AS router R1 and Internal “sub-as” router R3 and R3 is con

    ... Continue reading in our forum

  3. Hi Kandhla,
    Yes, you can absolutely use the next-help-self option with iBGP. In fact, in some circumstances you might HAVE to. For example, let’s say you have a router (R1) with an external BGP relationship with an ISP, and your highly available site has been given two separate circuits from that ISP. To ensure that R1’s BGP neighborship with the ISP is also highly available, you have configured R1 to use the ISP’s router’s loopback address (you would also have to use the ebgp-multihop option for this). To do this you would create static routes on R1 to get

    ... Continue reading in our forum

  4. Hi Fabio,

    Your config looks fine, it’s the same as mine:

    R1#show run | section bgp
    router bgp 1
     neighbor remote-as 2
    R2#show run | section bgp
    router bgp 24
     bgp confederation identifier 2
     neighbor remote-as 1

    The error you get is about the BGP router ID:

    BGP identifier wrong

    Any chance you have the same router ID on R1 and R2?


  5. Infact I set up a similar lab and I don’t see any problem. I am able to ping between R1<<>>R8

    R8#ping source lo0
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to, timeout is 2 seconds:
    Packet sent with a source address of 
    Success rate is 100 percent (5/5), round-trip min/avg/max = 76/102/132 ms
    R1#ping source lo0
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to, timeout is 2 seconds:
    Packet sent with a source address of 
    Success rate is 100 percent (5/5), round-tri
    ... Continue reading in our forum

28 more replies! Ask a question or join the discussion by visiting our Community Forum