Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
adebeer_FTNT
Staff
Staff

Created on ‎07-29-2010 03:17 AM Edited on ‎12-14-2023 05:10 AM By Community Manager

Article Id 197887

Technical Tip: BGP four-byte AS Path (RFC 4893) support in FortiOS

Description

 
This article discusses BGP four-byte AS Path (RFC 4893) has been supported since FortiOS 4.0MR2.
 
Scope
 
FortiGate.


Solution

For more information about BGP 4-byte AS Path Support please refer to the Fortinet Technical Guides available in the Fortinet Document Library:
  • What's new in FortiOS 4.0MR2
  • Dynamic Routing (FortiOS 5.2)
A BGP router defined with a local 4-octect ASN and peering with another (old) router capable of only 2-octect ASN (that is: not supporting RFC-4893) will send an 'Open' message containing the 'My AS' field with the dedicated value "23456" (see RFC).

The impact this will have on the 'old' BGP speaker is that this 'old' BGP speaker believes it is peering with Autonomous System ‘23456’ (a two-byte AS) instead of the real 4-octet AS.  
 

These new 4-byte AS numbers (ranging from 65536 to 4294967295) can be written in three ways:

 

  1. Asplain: 
       All ASNs are written in decimal
       Example:655900, 213141, 429496, 429496729, 429496729
  2. Asdot:
        ASN less than 65536 are represented by Asdot using the asplain notation 
        Example: 200, 3000, 35986, 65412
  3. Asdot+:

    ASN above 65536 is represented by Asdot+
  <high order 16-bit value in decimal>.<low order 16-bit value in decimal>.
  The ASN from 1 to 65535 can be written as follows 0.200, 0.3000, 0.35986, 0.65412, 0.65535

  The ASN above 65536 can written as below:

  Formula to calculate Asdot+:
  high order bit value = asplain / 65536
  low order bit value = asplain - (high order bit value * 65536)
  Asdot+ = high order 16-bit value in decimal>.<low order 16-bit value in decimal

  Example: converting Asplain 429496729 to Asdot+
  high order bit value = 429496729 / 65536 = 6553
  low order bit value  = 429496729 - ( 6553 * 65536) = 39321
  Asdot+ = 6553.39321

Some online tools are available for converting Asplain to Asdot+.

 

The Asdot and  Asdot+ supports in FOS 7.2.1 and above

More information in the RFC
https://datatracker.ietf.org/doc/html/rfc5396  

RFC 5396: Textual Representation of Autonomous System (AS) Numbers

A textual representation for Autonomous System (AS) numbers is defined as the decimal value of the AS number.

This textual representation is to be used by all documents, systems, and user interfaces.

3204
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.