Remove private ASes with BGP

Hello,
I’m receiving some mis-configured routes on IXes with AS-PATH containing private ASes (64512-65534).
Thoses routes should be cleared on level higher that me in a perfect world but we’re in the real world.

I would like to NOT reannounce those routes with such AS-PATH.

Is there a way with routeuros to remove those ASes from the AS-PATH ?
I tried to set remove-private-as to on for a few peers but I’m still getting the private ASes and re-announcing them.

My goal is to have the same behavior as :
https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/13758-36.html

Thanks,
Julien Escario

Yes there is an option who removes the private AS:

remove-private-as (yes | no; Default: no) If set, then BGP AS-PATH attribute is removed before sending out route update if attribute contains only private AS numbers.
removal process happens before routing filters are applied and before local AS

number is prepended to the AS path. Option is available starting from v4.3. Currently works only with 16-bit ASNs.

You can check more information about BGP here:

https://wiki.mikrotik.com/wiki/Manual:Routing/BGP

Thanks for the idea but : “if attribute contains only private AS numbers”

This is not the case here : AS-PATH contains private ASes but there’s public AS before and/or after.

I think this is why my routes aren’t ‘sanitized’.

Finally, I think I’ll just drop those routes instead of trying to remove the private AS from the AS-PATH. They can be considered as bogons and it seems to be a common good practices. (see http://as2914.net/bogon_asns/configuration_examples.txt from Job Snijders - NTT).

Now, I have to find howto filter a route containing a range of AS (64496-64511 for example) without having to specify each AS in the regex.

The following conditions apply for remove-private-as:

• You can only use this solution with external BGP (eBGP) peers.
• If the update has only private AS numbers in the AS_PATH,
  BGP removes these numbers.
• If the AS_PATH includes both private and public AS numbers,
  BGP doesn’t remove the private AS numbers. This situation is
  considered a configuration error.
• If the AS_PATH contains the AS number of the eBGP neighbor,
  BGP does not remove the private AS number.
• If the AS_PATH contains confederations, BGP removes the private
  AS numbers only if they come after the confederation portion of
  the AS_PATH.

Hello,
I finally managed to DISCARD AS-PATH containing private AS with rules behind.
They are directly taken from Cisco’s examples here http://as2914.net/bogon_asns/configuration_examples.txt

This will create a bogons-asn filter that could be used with upsteams and peers to filter those buggy routes (a few Tier1 already filter those routes, you can safely consider them as buggy).

add action=accept bgp-as-path=0 chain=bogons-asn
add action=accept bgp-as-path=23456 chain=bogons-asn
add action=accept bgp-as-path=“(6449[6-9])|(6450[0-9])|(6451[0-1])|(655
3[6-9])|(6554[0-9])|(6555[0-1])” chain=bogons-asn
add action=accept bgp-as-path=“6(4(5(1[2-9]|[2-9][0-9])|[6-9][0-9][0-9])|5([0
-4][0-9][0-9]|5([0-2][0-9]|3[0-5])))” chain=bogons-asn
add action=accept bgp-as-path=
“6555[2-9]|655[6-9][0-9]|65[6-9][0-9][0-9]|6[6-9][0-9][0-9][0-9]”
chain=bogons-asn
add action=accept bgp-as-path=“[7-9][0-9][0-9][0-9][0-9]|1[0-2][0-9][0-9][0
-9][0-9]|130[0-9][0-9][0-9]” chain=bogons-asn
add action=accept bgp-as-path=“1310[0-6][0-9]|13107[0-1]” chain=
bogons-asn
add action=accept bgp-as-path=“42[0-8][0-9][0-9][0-9][0-9][0-9][0-9][0-9]”
chain=bogons-asn
add action=accept bgp-as-path=“(429[0-3][0-9][0-9][0-9][0-9][0-9][0-9])|(42
94[0-8][0-9][0-9][0-9][0-9][0-9])” chain=bogons-asn
add action=accept bgp-as-path=
“(42949[0-5][0-9][0-9][0-9][0-9])|(429496[0-6][0-9][0-9][0-9])”
chain=bogons-asn
add action=accept bgp-as-path=
“(4294967[0-1][0-9][0-9])|(42949672[0-8][0-9])|(429496729[0-4])”
chain=bogons-asn