Technical Tip: 4Byte BGP ASN Usage on FortiOS

BGP 4-byte ASN (Autonomous System Number) is the 32-bit version of ASN values used to identify networks on the internet. Originally, ASNs were 2-byte (16-bit) which can represent the range: 0–65535. But this space became insufficient as the internet grew.

So, 4-byte (32-bit) ASNs were introduced as a standard defined in RFC 6793 since 4 bytes can provide a much larger pool of unique AS numbers in the range 0 - 4294967295. 4-byte ASN usage is supported on FortiOS 4.0 MR2 and above.

This article shows an example BGP neighborship configuration using 4-byte ASN in Asplain and Asdot(+) notations, which are fully supported in FortiOS 7.2.1 and above. Prior FortiOS 7.2.1, Asplain should be used for BGP ASN configurations.

FortiGate01 config (Asdot) and outputs:

config router bgp

    set as 65001.1001

    set router-id 10.254.254.1

        config neighbor

            edit "192.168.1.254"

                set capability-graceful-restart enable

                set soft-reconfiguration enable

                set remote-as 65001.65001

            next

        end

        config network

            edit 1

                set prefix 172.16.1.0 255.255.255.0

            next

        end

    end 

FortiGate01 # get router info bgp summary <----- Shows the BGP status of the router and all its neighbors, including: the AS, packet counters, and the length of time the neighbor has been up.

VRF 0 BGP router identifier 10.254.254.1, local AS number 65001.1001

BGP table version is 2

2 BGP AS-PATH entries

0 BGP community entries

Neighbor      V         AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd

192.168.1.254 4 65001.65001    4678    4692        1    0    0 00:01:53        1

Total number of neighbors 1

FortiGate01 # get router info bgp network

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

              S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

VRF 0 BGP table version is 2, local router ID is 10.254.254.1

   Network          Next Hop            Metric     LocPrf Weight RouteTag Path

*> 172.16.1.0/24    0.0.0.0                       100  32768        0 i <-/1>

*> 172.16.2.0/24    192.168.1.254   0                      0        0 4259970537 i <-/1>

Total number of prefixes 2

Note:

Configured AS Number: 65001.1001.

AS seen in the BGP table: 4259970537 (65001x65536 + 1001).

FortiGate02 Config (AS Plain) & outputs:

FortiGate02 # show router bgp

config router bgp

    set as 4259970537

    set router-id 10.254.254.2

        config neighbor

            edit "192.168.1.1"

                set capability-graceful-restart enable

                set soft-reconfiguration enable

                set remote-as 4259906537

            next

        end

        config network

            edit 1

                set prefix 172.16.2.0 255.255.255.0

            next

        end

    end

FortiGate02 # get router info bgp summary

VRF 0 BGP router identifier 10.254.254.2, local AS number 4259970537

BGP table version is 2

2 BGP AS-PATH entries

0 BGP community entries

Neighbor    V         AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd

192.168.1.1 4 4259906537    4695    4692        2    0    0 00:00:48        1

Total number of neighbors 1

FortiGate02 # get router info bgp network

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

              S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

VRF 0 BGP table version is 2, local router ID is 10.254.254.2

   Network          Next Hop            Metric     LocPrf Weight RouteTag Path

*> 172.16.1.0/24    192.168.1.1     0                      0        0 4259906537 i <-/1>

*> 172.16.2.0/24    0.0.0.0                       100  32768        0 i <-/1>

Total number of prefixes 2

Note: While debugging BGP, MyAS can be seen like -35060759 as shown below. This is due to the AS number representation being interpreted as a signed integer. The configured AS value should be considered as 4294967296 (The max 4-byte integer) - 35060759 = 4259906537.

FortiGate01 #

[root] BGP: [NETWORK] Accept Thread: Incoming conn from host 192.168.1.254 (FD=27 VRF=0)

[root] BGP: 192.168.1.254-Outgoing [FSM] State: Idle Event: 14

[root] BGP: 192.168.1.254-Outgoing [FSM] State: Idle Event: 3

[root] BGP: 192.168.1.254-Outgoing [NETWORK] FD=27, Sock Status: 0-Success

[root] BGP: 192.168.1.254-Outgoing [FSM] State: Connect Event: 17

[root] BGP: 192.168.1.254-Outgoing [ENCODE] Msg-Hdr: Type 1

[root] BGP: 192.168.1.254-Outgoing [ENCODE] Open: Ver 4 MyAS -35060759 Holdtime 180

[root] BGP: 192.168.1.254-Outgoing [ENCODE] Open: Msg-Size 95

[root] BGP: 192.168.1.254-Outgoing [DECODE] Msg-Hdr: type 1, length 95

[root] BGP: 192.168.1.254-Outgoing [DECODE] Open: Optional param len 66

[root] BGP: 192.168.1.254-Outgoing [DECODE] Open Opt: Option Type 2, Option Len 6

Related articles:

• Technical Tip: BGP four-byte AS Path (RFC 4893) support in FortiOS
• Technical Tip: Configure 4 bytes ASN in BGP