protocols bgp <asn> parameters enforce-first-as
Enables or disables forcing eBGP peers to list AS number at the beginning of the AS_PATH attribute in incoming updates.
Disabled.
- asn
- The number of the AS in which this router resides. The numbers range from 1 through 4294967294. The subrange, 64512 through 65534, is reserved for private AS.
Configuration mode
protocols {
bgp asn {
parameters {
enforce-first-as
}
}
}
When this feature is enabled, the router denies updates received from an external BGP (eBGP) peer unless the AS number is listed at the beginning of the AS_PATH in the incoming update. This prevents “spoof” situations where a misconfigured or unauthorized peer is misdirecting traffic by advertising a route as if it were sourced from another autonomous system.
Use the set form of this command to direct the router to enforce listing of an eBGP peer's AS number at the beginning of the AS_PATH.
Use the delete form of this command to disable this behavior.
Use the show form of this command to view global BGP configuration settings.
When you configure this command and the number of prefixes received in an update message exceeds configured enforce-first-as limit, the session gets reset.
When soft-reconfiguration is enabled and the number of prefixes received exceeds enforce-first-as value, there will not be any corresponding unprocessed entries stored in Adj-RIB-In because the peer-session resets when the number of prefixes received exceeds enforce-first-as value. For more information on soft-reconfiguration, see protocols bgp <asn> neighbor <id> address-family ipv6-unicast soft-reconfiguration inbound.