FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
GusZ
Staff
Staff
Article Id 347178
Description This article describes 4-byte AS numbers, BGP AS Path Prepending, and how to configure it in FortiOS.
Scope FortiGate.
Solution

As depicted in the Technical Tip: How to configure BGP AS prepending, BGP AS prepending requires the creation of a 'route-map' object. The prepended AS path - where an AS number (ASN) is repeated multiple times - is then defined in the 'set-aspath' field. ASNs were originally conceived as 2 bytes entities but its format has been extended to 4 bytes. FortiOS supports 4-byte ASNs, as referenced in Technical Tip: BGP four-byte AS Path (RFC 4893) support in FortiOS.

 

For example, to create a 'route-map' object with the prepended AS path '4259970537 4259970537 4259970537' (the 4-byte ASN 4259970537 is repeated 3 times):

 

config router route-map
    edit "to_MPLS_NETWORK"
        config rule
            edit 1
                set set-aspath "4259970537 4259970537 4259970537"
            next
        end
    next
end


However, if the prepended AS path is composed of 8 or more 4-byte AS numbers, the command will fail:

 

config router route-map
    edit "to_MPLS_NETWORK"
        config rule
            edit 1
                set set-aspath "4259970537 4259970537 4259970537 4259970537 4259970537 4259970537 4259970537 4259970537"
string value is too long. the size is 87, the limit is 79

 

value parse error before '4259970537 4259970537 4259970537 4259
Command fail. Return code -1


The 'set-aspath' field is not a string but a table. Therefore, it is possible to set it as below (for example repeating an ASN 10 times):

 

config router route-map
    edit "to_MPLS_NETWORK"
        config rule
            edit 1
                set set-aspath "4259970537" "4259970537" "4259970537" "4259970537" "4259970537" "4259970537" "4259970537" "4259970537" "4259970537" "4259970537"
            next
        end
    next
end


The command above produces no errors. However, the result is not the one expected:

 

show router route-map
config router route-map
    edit "to_MPLS_NETWORK"
        config rule
            edit 1
                set set-aspath "4259970537" <-- 4-byte ASN 4259970537 should be repeated 10 times, not just once.
            next
        end
    next
end


The workaround is to populate the 'set-aspath' field using a sequence of strings, increasing by one the count of repeated 4-byte ASN in each string. For example, the following command successfully creates a prepended AS path composed of 4259970537 repeated 10 times:

 

config router route-map
    edit "to_MPLS_NETWORK"
        config rule
            edit 1
                set set-aspath "4259970537" "4259970537 4259970537" "4259970537 4259970537 4259970537" "4259970537 4259970537 4259970537 4259970537"
            next
        end
    next
end


Below is the verification that the command has been correctly accepted:

 

show router route-map
config router route-map
    edit "to_MPLS_NETWORK"
        config rule
            edit 1
                set set-aspath "4259970537" "4259970537 4259970537" "4259970537 4259970537 4259970537" "4259970537 4259970537 4259970537 4259970537"
            next
        end
    next
end

 

Related articles:

Technical Tip: How to configure BGP AS prepending

Technical Tip: BGP four-byte AS Path (RFC 4893) support in FortiOS

Technical Tip: Configure 4 bytes ASN in BGP

 

Contributors