Remove-Private-As
Scenario to verify BGP peer-group address-family ipv6-unicast remove-private-as inheritance.
When remove-private-as is configured on a peer-group under address-family ipv6-unicast,
private AS numbers are stripped from the AS-path before advertising IPv6 routes to members
of the group.
Test eBGP IPv6 - Without remove-private-as shows private AS in path
Description
Baseline test showing default behavior where private AS numbers are visible in the AS-path. DUT1 uses private AS 65001 and originates route 2001:db8:100::/64. DUT0 (AS 100) forwards to DUT2 (member of peer-group without remove-private-as).
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address '2001:db8:1::100/64' set interfaces ethernet eth1 address '2001:db8:2::100/64' set protocols bgp 100 neighbor dut1 address-family ipv6-unicast activate set protocols bgp 100 neighbor dut1 address-family ipv6-unicast route-map import PERMIT set protocols bgp 100 neighbor dut1 remote-address '2001:db8:1::200' set protocols bgp 100 neighbor dut1 remote-as 65001 set protocols bgp 100 neighbor dut2 address-family ipv6-unicast activate set protocols bgp 100 neighbor dut2 peer-group MYGROUP set protocols bgp 100 neighbor dut2 remote-address '2001:db8:2::200' set protocols bgp 100 neighbor dut2 remote-as 200 set protocols bgp 100 parameters router-id 1.1.1.100 set protocols bgp 100 peer-group MYGROUP address-family ipv6-unicast route-map export PERMIT set protocols route-map PERMIT rule 1 action permit set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces dummy dum0 address '2001:db8:100::1/64' set interfaces ethernet eth0 address '2001:db8:1::200/64' set protocols bgp 65001 address-family ipv6-unicast redistribute connected set protocols bgp 65001 neighbor peer address-family ipv6-unicast activate set protocols bgp 65001 neighbor peer address-family ipv6-unicast route-map export PERMIT set protocols bgp 65001 neighbor peer remote-address '2001:db8:1::100' set protocols bgp 65001 neighbor peer remote-as 100 set protocols bgp 65001 parameters router-id 1.1.1.200 set protocols route-map PERMIT rule 1 action permit set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth1 address '2001:db8:2::200/64' set protocols bgp 200 neighbor peer address-family ipv6-unicast activate set protocols bgp 200 neighbor peer address-family ipv6-unicast route-map import PERMIT set protocols bgp 200 neighbor peer remote-address '2001:db8:2::100' set protocols bgp 200 neighbor peer remote-as 100 set protocols bgp 200 parameters router-id 1.1.1.201 set protocols route-map PERMIT rule 1 action permit set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Attention
Verify eBGP sessions establish on DUT0.
Step 4: Run command protocols bgp show ipv6 summary at DUT0 and check if output matches the following regular expressions:
2001:db8:2::200.*Established[\s\S]*2001:db8:1::200.*EstablishedShow output
IPv6 Unicast Summary: BGP router identifier 1.1.1.100, local AS number 100 VRF default vrf-id 0 BGP table version 2 RIB entries 3, using 384 bytes of memory Peers 2, using 47 KiB of memory Peer groups 1, using 64 bytes of memory Neighbor LocalAddr V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State PfxRcd PfxSnt Desc 2001:db8:2::200 0.0.0.0 4 200 4 4 0 0 0 00:00:01 Established (Policy) 0 N/A 2001:db8:1::200 0.0.0.0 4 65001 8 5 2 0 0 00:00:02 Established 2 (Policy) N/A Total number of neighbors 2
Attention
Verify DUT2 receives route 2001:db8:100::/64 with private AS 65001 in path.
Step 5: Run command protocols bgp show ipv6 2001:db8:100::/64 at DUT2 and check if output matches the following regular expressions:
100 65001Show output
BGP routing table entry for 2001:db8:100::/64, version 2 Paths: (1 available, best #1, table default) Not advertised to any peer 100 65001 2001:db8:2::100 from 2001:db8:2::100 (1.1.1.100) (fe80::dcad:beff:feef:6c01) (used) Origin incomplete, valid, external, best (First path received) Last update: Thu Mar 5 15:49:13 2026
Test eBGP IPv6 - Peer-group remove-private-as strips private AS from path
Description
Test that remove-private-as configured on a peer-group under address-family
ipv6-unicast strips private AS numbers from the AS-path. DUT1 (AS 65001)
originates 2001:db8:100::/64. DUT0 forwards to DUT2 (member of peer-group with
remove-private-as). DUT2 should see only AS 100 in the path.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address '2001:db8:1::100/64' set interfaces ethernet eth1 address '2001:db8:2::100/64' set protocols bgp 100 neighbor dut1 address-family ipv6-unicast activate set protocols bgp 100 neighbor dut1 address-family ipv6-unicast route-map import PERMIT set protocols bgp 100 neighbor dut1 remote-address '2001:db8:1::200' set protocols bgp 100 neighbor dut1 remote-as 65001 set protocols bgp 100 neighbor dut2 address-family ipv6-unicast activate set protocols bgp 100 neighbor dut2 peer-group MYGROUP set protocols bgp 100 neighbor dut2 remote-address '2001:db8:2::200' set protocols bgp 100 neighbor dut2 remote-as 200 set protocols bgp 100 parameters router-id 1.1.1.100 set protocols bgp 100 peer-group MYGROUP address-family ipv6-unicast remove-private-as set protocols bgp 100 peer-group MYGROUP address-family ipv6-unicast route-map export PERMIT set protocols route-map PERMIT rule 1 action permit set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces dummy dum0 address '2001:db8:100::1/64' set interfaces ethernet eth0 address '2001:db8:1::200/64' set protocols bgp 65001 address-family ipv6-unicast redistribute connected set protocols bgp 65001 neighbor peer address-family ipv6-unicast activate set protocols bgp 65001 neighbor peer address-family ipv6-unicast route-map export PERMIT set protocols bgp 65001 neighbor peer remote-address '2001:db8:1::100' set protocols bgp 65001 neighbor peer remote-as 100 set protocols bgp 65001 parameters router-id 1.1.1.200 set protocols route-map PERMIT rule 1 action permit set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth1 address '2001:db8:2::200/64' set protocols bgp 200 neighbor peer address-family ipv6-unicast activate set protocols bgp 200 neighbor peer address-family ipv6-unicast route-map import PERMIT set protocols bgp 200 neighbor peer remote-address '2001:db8:2::100' set protocols bgp 200 neighbor peer remote-as 100 set protocols bgp 200 parameters router-id 1.1.1.201 set protocols route-map PERMIT rule 1 action permit set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Attention
Verify eBGP sessions establish on DUT0.
Step 4: Run command protocols bgp show ipv6 summary at DUT0 and check if output matches the following regular expressions:
2001:db8:2::200.*Established[\s\S]*2001:db8:1::200.*EstablishedShow output
IPv6 Unicast Summary: BGP router identifier 1.1.1.100, local AS number 100 VRF default vrf-id 0 BGP table version 2 RIB entries 3, using 384 bytes of memory Peers 2, using 47 KiB of memory Peer groups 1, using 64 bytes of memory Neighbor LocalAddr V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State PfxRcd PfxSnt Desc 2001:db8:2::200 0.0.0.0 4 200 2 2 0 0 0 00:00:01 Established (Policy) 0 N/A 2001:db8:1::200 0.0.0.0 4 65001 6 6 2 0 0 00:00:02 Established 2 (Policy) N/A Total number of neighbors 2
Attention
Verify DUT2 sees only AS 100 in the path (private AS was removed).
Step 5: Run command protocols bgp show ipv6 2001:db8:100::/64 at DUT2 and check if output matches the following regular expressions:
(?m)^\s+100\s*$Show output
BGP routing table entry for 2001:db8:100::/64, version 2 Paths: (1 available, best #1, table default) Not advertised to any peer 100 2001:db8:2::100 from 2001:db8:2::100 (1.1.1.100) (fe80::dcad:beff:feef:6c01) (used) Origin incomplete, valid, external, best (First path received) Last update: Thu Mar 5 15:49:29 2026