Table of Contents

Cisco CCDE v3 Training

71:39:25 Hours
226 Lectures


BGP Training

22:46:48 Hours
22 Lectures


Routing Protocols Design and Deployment Course

47:00:55 Hours
51 Lectures


BGP Private and Public AS Range

BGP Private and Public AS Range: On the internet, we have 2byte AS Numbers and 4 Byte AS Numbers. In this post, we will explain what are the BGP Private and Public AS Range for 2 byte AS and 4 byte AS numbers. Where Private BGP AS number is used and should be used and where Public AS Numbers in BGP is used and should be used. Not just where they should be used but also we will discuss where they shouldn't be used too.

BGP Private AS Range for 2 Byte AS Numbers

A 2 byte AS number is a 16-bit number. This format provides for 65536 ASNs (0 to 65535). From these ASNs, the Internet Assigned Numbers Authority (IANA) reserved 1,023 of them (64512 to 65534) for private/internal usage.

BGP Private AS Range for 2-byte AS Number is between 64512 to 65535.

So we have 1023 BGP AS Numbers to use in a 2-byte ASN schema. Private AS numbers, similar to the Private IP address range (RFC 1918), should be used internally in the networks.

Not, external networks, such as the Internet. On Internet, in the Global Routing table, which is also known as Default Free Zone, only Public IP Addresses should be seen.

Thus, Private AS numbers only is used internally. They shouldn't be leaked to the Global Internet, intentionally or unintentionally.

BGP Private AS Range for 4 Byte AS Numbers

A 4 byte AS number is a 32-bit number. This format provides for 232 or 4,294,967,296 ASNs (0 to 4294967295).

IANA reserved 94,967,295 ASNs (4200000000 to 4294967294) for private/internal usage.

Similar to 2-byte Private ASNs, the 4-byte Private BGP AS range shouldn't be leaked to the Global Internet.

BGP Public AS Range for 2 Byte AS Numbers

IANA reserved AS 1 to AS 64512 for Public AS usage. Public Autonomous Systems are used on the Internet. Common usage is between the networks on the Internet and Internet Exchange Points. IXPs mandate participants to use Public AS numbers to peer with each other.

Private ASNs are removed at the edge of the networks, commonly known as IGW (Internet Gateways), and only Public AS is used on the Internet.

BGP Public AS Range for 4 Byte AS Numbers

IANA reserved AS 0 to 4200000000 for Public 4-Byte AS usage. If BGP AS will be used on the Global Internet, and if 2-Byte AS is not available, we are seeing BGP 4-byte ASNs.

Today, there are thousands of 4-Byte AS numbers announcing prefixes to the Global Internet.

Where Private BGP AS Range is used?

Private BGP AS numbers is used internally. Your internal prefixes in the network should be carried with Private BGP ASN. Prefixes that you may want to announce to the internet should be carried within the Autonomous System is carried with BGP Private ASN numbers but at the Internet Gateway they should be removed.

But what is an Enterprise company receiving a service from Internet Service Provider?. In this case, Enterprise can use the Private BGP AS number to peer with its upstream Internet Service Provider(ISP).

But ISP, when it announces the prefixes to its transit ISPs or Settlement Free Peers, they need to remove Private BGP ASN.

Another usage for the Private ASN range is Massively Scale Datacenters.

As you can understand from RFC 7938, which is explaining the usage of BGP inside the Massively-Scale Datacenters, Private BGP ASNs are used in these networks to avoid accidental BGP Route leaking with someone else's BGP Public ASNs.

Where Private BGP AS Range shouldn't be used?

As we explained in this post earlier, the BGP Private AS range shouldn't be used on the Global Internet. Can Internet Gateway Routers announce the prefixes to their BGP peer on the Internet, if it is BGP Private AS range?. Yes, of course, it can.

You can advertise Private/Internal RFC 1918 IP Addresses to your peer on the Global Internet as well. So, BGP doesn't stop this.

Your job is to remove those private IP addresses and private BGP AS numbers before advertising to the Global Internet.

Of course, in order to avoid problems, neighboring ASNs should filter the Private IP addresses or Private ASNs, if they shouldn't come as Private. As we mentioned before, if it is Enterprise to ISP connection, ISP might be allowing Private advertisement, but in turn, they remove those private IP addresses and private ASNs before advertising to their neighbors on the Global Internet.

Created by
Orhan Ergun

Orhan Ergun, CCIE/CCDE Trainer, Author of Many Networking Books, Network Design Advisor, and Cisco Champion 2019/2020/2021

He created OrhanErgun.Net 10 years ago and has been serving the IT industry with his renowned and awarded training.

Wrote many books, mostly on Network Design, joined many IETF RFCs, gave Public talks at many Forums, and mentored thousands of his students.  

Today, with his carefully selected instructors, OrhanErgun.Net is providing IT courses to tens of thousands of IT engineers. 

View profile