Remove-Private-As
Test BGP address-family ipv6-unicast remove-private-as functionality. When a router receives routes from a neighbor using a private AS number (64512-65534), those private AS numbers appear in the AS-path. The remove-private-as command strips these private AS numbers from the AS-path before advertising routes to an eBGP peer.
Test eBGP IPv6 - Without remove-private-as shows private AS in path
Description
Baseline test showing default behavior where private AS numbers are visible in the AS-path. DUT1 uses private AS 65001 and originates route 2001:db8:100::/64. DUT0 (AS 100) receives the route and forwards it to DUT2 (AS 200).
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address '2001:db8:1::100/64' set interfaces ethernet eth1 address '2001:db8:2::100/64' set protocols bgp 100 neighbor dut1 address-family ipv6-unicast activate set protocols bgp 100 neighbor dut1 address-family ipv6-unicast route-map import PERMIT set protocols bgp 100 neighbor dut1 remote-address '2001:db8:1::200' set protocols bgp 100 neighbor dut1 remote-as 65001 set protocols bgp 100 neighbor dut2 address-family ipv6-unicast activate set protocols bgp 100 neighbor dut2 address-family ipv6-unicast route-map export PERMIT set protocols bgp 100 neighbor dut2 remote-address '2001:db8:2::200' set protocols bgp 100 neighbor dut2 remote-as 200 set protocols bgp 100 parameters router-id 1.1.1.100 set protocols route-map PERMIT rule 1 action permit set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces dummy dum0 address '2001:db8:100::1/64' set interfaces ethernet eth0 address '2001:db8:1::200/64' set protocols bgp 65001 address-family ipv6-unicast redistribute connected set protocols bgp 65001 neighbor peer address-family ipv6-unicast activate set protocols bgp 65001 neighbor peer address-family ipv6-unicast route-map export PERMIT set protocols bgp 65001 neighbor peer remote-address '2001:db8:1::100' set protocols bgp 65001 neighbor peer remote-as 100 set protocols bgp 65001 parameters router-id 1.1.1.200 set protocols route-map PERMIT rule 1 action permit set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth1 address '2001:db8:2::200/64' set protocols bgp 200 neighbor peer address-family ipv6-unicast activate set protocols bgp 200 neighbor peer address-family ipv6-unicast route-map import PERMIT set protocols bgp 200 neighbor peer remote-address '2001:db8:2::100' set protocols bgp 200 neighbor peer remote-as 100 set protocols bgp 200 parameters router-id 1.1.1.201 set protocols route-map PERMIT rule 1 action permit set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Attention
Verify eBGP sessions establish on DUT0.
Step 4: Run command protocols bgp show ipv6 summary at DUT0 and check if output matches the following regular expressions:
2001:db8:1::200.*Established.*\n.*2001:db8:2::200.*EstablishedShow output
IPv6 Unicast Summary: BGP router identifier 1.1.1.100, local AS number 100 VRF default vrf-id 0 BGP table version 2 RIB entries 3, using 384 bytes of memory Peers 2, using 47 KiB of memory Neighbor LocalAddr V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State PfxRcd PfxSnt Desc 2001:db8:1::200 0.0.0.0 4 65001 7 7 2 0 0 00:00:03 Established 2 (Policy) N/A 2001:db8:2::200 0.0.0.0 4 200 2 3 0 0 0 00:00:01 Established (Policy) 0 N/A Total number of neighbors 2
Attention
Verify DUT0 receives route 2001:db8:100::/64 from DUT1.
Step 5: Run command protocols bgp show ipv6 at DUT0 and check if output matches the following regular expressions:
2001:db8:100::/64Show output
BGP table version is 2, local router ID is 1.1.1.100, vrf id 0 Default local pref 100, local AS 100 local address - Status codes: s suppressed, d damped, h history, u unsorted, * valid, > best, = multipath, i internal, r RIB-failure, S Stale, R Removed Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *> 2001:db8:1::/64 fe80::dcad:beff:feef:6c10 0 0 65001 ? *> 2001:db8:100::/64 fe80::dcad:beff:feef:6c10 0 0 65001 ? Displayed 2 routes and 2 total paths
Attention
Verify DUT2 receives route 2001:db8:100::/64 with private AS 65001 in path.
Step 6: Run command protocols bgp show ipv6 2001:db8:100::/64 at DUT2 and check if output matches the following regular expressions:
100 65001Show output
BGP routing table entry for 2001:db8:100::/64, version 2 Paths: (1 available, best #1, table default) Not advertised to any peer 100 65001 2001:db8:2::100 from 2001:db8:2::100 (1.1.1.100) (fe80::dcad:beff:feef:6c01) (used) Origin incomplete, valid, external, best (First path received) Last update: Thu Mar 5 14:45:17 2026
Test eBGP IPv6 - Remove-private-as strips private AS from path
Description
Test BGP remove-private-as which strips private AS numbers from the AS-path before advertising to eBGP peers. DUT1 uses private AS 65001 and originates route 2001:db8:100::/64. DUT0 (AS 100) has remove-private-as configured toward DUT2.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address '2001:db8:1::100/64' set interfaces ethernet eth1 address '2001:db8:2::100/64' set protocols bgp 100 neighbor dut1 address-family ipv6-unicast activate set protocols bgp 100 neighbor dut1 address-family ipv6-unicast route-map import PERMIT set protocols bgp 100 neighbor dut1 remote-address '2001:db8:1::200' set protocols bgp 100 neighbor dut1 remote-as 65001 set protocols bgp 100 neighbor dut2 address-family ipv6-unicast activate set protocols bgp 100 neighbor dut2 address-family ipv6-unicast remove-private-as set protocols bgp 100 neighbor dut2 address-family ipv6-unicast route-map export PERMIT set protocols bgp 100 neighbor dut2 remote-address '2001:db8:2::200' set protocols bgp 100 neighbor dut2 remote-as 200 set protocols bgp 100 parameters router-id 1.1.1.100 set protocols route-map PERMIT rule 1 action permit set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces dummy dum0 address '2001:db8:100::1/64' set interfaces ethernet eth0 address '2001:db8:1::200/64' set protocols bgp 65001 address-family ipv6-unicast redistribute connected set protocols bgp 65001 neighbor peer address-family ipv6-unicast activate set protocols bgp 65001 neighbor peer address-family ipv6-unicast route-map export PERMIT set protocols bgp 65001 neighbor peer remote-address '2001:db8:1::100' set protocols bgp 65001 neighbor peer remote-as 100 set protocols bgp 65001 parameters router-id 1.1.1.200 set protocols route-map PERMIT rule 1 action permit set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth1 address '2001:db8:2::200/64' set protocols bgp 200 neighbor peer address-family ipv6-unicast activate set protocols bgp 200 neighbor peer address-family ipv6-unicast route-map import PERMIT set protocols bgp 200 neighbor peer remote-address '2001:db8:2::100' set protocols bgp 200 neighbor peer remote-as 100 set protocols bgp 200 parameters router-id 1.1.1.201 set protocols route-map PERMIT rule 1 action permit set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Attention
Verify eBGP sessions establish on DUT0.
Step 4: Run command protocols bgp show ipv6 summary at DUT0 and check if output matches the following regular expressions:
2001:db8:1::200.*Established.*\n.*2001:db8:2::200.*EstablishedShow output
IPv6 Unicast Summary: BGP router identifier 1.1.1.100, local AS number 100 VRF default vrf-id 0 BGP table version 2 RIB entries 3, using 384 bytes of memory Peers 2, using 47 KiB of memory Neighbor LocalAddr V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State PfxRcd PfxSnt Desc 2001:db8:1::200 0.0.0.0 4 65001 8 6 2 0 0 00:00:04 Established 2 (Policy) N/A 2001:db8:2::200 0.0.0.0 4 200 4 5 2 0 0 00:00:01 Established (Policy) 2 N/A Total number of neighbors 2
Attention
Verify DUT0 receives route 2001:db8:100::/64 from DUT1 with private AS in path.
Step 5: Run command protocols bgp show ipv6 2001:db8:100::/64 at DUT0 and check if output matches the following regular expressions:
65001Show output
BGP routing table entry for 2001:db8:100::/64, version 2 Paths: (1 available, best #1, table default) Advertised to peers: 2001:db8:2::200 65001 2001:db8:1::200 from 2001:db8:1::200 (1.1.1.200) (fe80::dcad:beff:feef:6c10) (used) Origin incomplete, metric 0, valid, external, best (First path received) Last update: Thu Mar 5 14:45:34 2026
Attention
Verify DUT2 sees only AS 100 in the path (private AS was removed by DUT0).
Step 6: Run command protocols bgp show ipv6 2001:db8:100::/64 at DUT2 and check if output matches the following regular expressions:
(?m)^\s+100\s*$Show output
BGP routing table entry for 2001:db8:100::/64, version 2 Paths: (1 available, best #1, table default) Not advertised to any peer 100 2001:db8:2::100 from 2001:db8:2::100 (1.1.1.100) (fe80::dcad:beff:feef:6c01) (used) Origin incomplete, valid, external, best (First path received) Last update: Thu Mar 5 14:45:37 2026