Introduction
So far in the BGP Attributes series, I’ve covered three traffic control mechanisms:
- Weight: Router-local outbound control (Cisco proprietary, never propagates)
- Local Preference: AS-wide outbound control (propagates via iBGP)
- MED: Inbound influence to neighboring AS (limited scope)
Now it’s time for the most versatile BGP traffic engineering tool: AS-Path manipulation, specifically AS-Path prepending.
AS-Path prepending is unique because it:
- Controls both inbound AND outbound traffic
- Works across multiple AS hops (not just directly connected neighbors)
- Is universally recognized (part of BGP standard, works on all vendors)
- Uses BGP’s core loop-prevention mechanism (AS-Path length) for traffic engineering
The concept is deceptively simple: make a path look artificially longer by repeating AS numbers, and BGP will naturally avoid it in favor of shorter paths.
Understanding AS-Path
What is AS-Path?
AS-Path is a fundamental BGP path attribute:
- Purpose: Lists all AS numbers a route has traversed (for loop prevention)
- Format: Sequence of AS numbers read right-to-left (rightmost = origin AS)
- Evaluation: Shorter AS-Path is preferred (step 4 in best-path algorithm)
- Universal: Every BGP implementation uses AS-Path
Example AS-Path:
Path: 2000 1000 12 100
Reading right-to-left:
Origin AS: 100
Traversed: 12 → 1000 → 2000
Announced by: AS 2000
AS-Path in Best Path Selection
AS-Path length is evaluated at step 4:
- Weight (highest wins) – Cisco-proprietary
- Local Preference (highest wins) – AS-wide
- Locally originated – Prefer local routes
- AS-Path length (shortest wins) ← AS-Path prepending affects this
- Origin type (IGP > EGP > Incomplete)
- MED (lowest wins)
- eBGP over iBGP
- IGP metric to next-hop
- …additional tie-breakers
Since AS-Path is at step 4, it’s evaluated after Weight and Local Preference but before MED. This positioning makes it powerful for traffic engineering while still allowing higher-priority attributes to override it when needed.
AS-Path Prepending: The Concept
AS-Path prepending artificially lengthens the AS-Path by repeating AS numbers:
Normal AS-Path: 2000 1000 12
Prepended AS-Path: 2000 2000 2000 1000 12
Length: 3 → 5 (looks less attractive)
When comparing two paths to the same destination, BGP prefers the shorter AS-Path. By prepending, you make one path intentionally less attractive, steering traffic toward the alternative path.
Lab Topology
Same topology from previous BGP attributes posts:
- AS 2000: R7, R8, R9 (iBGP mesh)
- R7 has eBGP connection to R4 (AS 1000) via 192.1.47.0/24
- R8 has eBGP connection to R4 (AS 1000) via 192.1.48.0/24
AS 2000 has two connections to AS 1000 via R4. By default, routing decisions are split or unpredictable. AS-Path prepending allows AS 2000 to engineer traffic flows in both directions.
Example 1: AS-Path Prepending for Outbound Traffic Control
Requirement
AS 2000 would like to use the link between R4-R7 as the preferred outbound link toward AS 1000.
Translation: All routers in AS 2000 (R7, R8, R9) should prefer exiting via R7 to reach AS 1000 networks.
Initial State (Before Configuration)
Let’s examine each router’s BGP table before any AS-Path manipulation.
R7 (direct eBGP connection to R4):
R7#sh ip bgp
Network Next Hop Metric LocPrf Weight Path
*> 1.0.0.0 192.1.47.4 0 1000 12 i
*> 2.0.0.0 192.1.47.4 0 1000 12 i
*> 3.0.0.0 192.1.47.4 0 1000 i
*> 4.0.0.0 192.1.47.4 0 0 1000 i
R7 prefers its direct eBGP path (obvious - it’s the only path R7 sees directly).
R8 (direct eBGP connection to R4):
R8#sh ip bgp
Network Next Hop Metric LocPrf Weight Path
* i 1.0.0.0 10.7.7.7 0 100 0 1000 12 i
*> 192.1.48.4 0 1000 12 i
* i 2.0.0.0 10.7.7.7 0 100 0 1000 12 i
*> 192.1.48.4 0 1000 12 i
* i 3.0.0.0 10.7.7.7 0 100 0 1000 i
*> 192.1.48.4 0 1000 i
* i 4.0.0.0 10.7.7.7 0 100 0 1000 i
*> 192.1.48.4 0 0 1000 i
R8 has two paths:
- Via iBGP from R7: Path =
1000 12(AS-Path length = 2) - Via direct eBGP: Path =
1000 12(AS-Path length = 2)
Both paths have the same AS-Path length (2). R8 chooses the eBGP path over iBGP path because eBGP is preferred over iBGP (step 7 in best-path selection, after AS-Path comparison at step 4).
R9 (no direct connection to AS 1000):
R9#sh ip bgp
Network Next Hop Metric LocPrf Weight Path
* i 1.0.0.0 10.8.8.8 0 100 0 1000 12 i
*>i 10.7.7.7 0 100 0 1000 12 i
* i 2.0.0.0 10.8.8.8 0 100 0 1000 12 i
*>i 10.7.7.7 0 100 0 1000 12 i
* i 3.0.0.0 10.8.8.8 0 100 0 1000 i
*>i 10.7.7.7 0 100 0 1000 i
R9 has two paths, both via iBGP:
- Via R8 (10.8.8.8): Path =
1000 12(AS-Path length = 2) - Via R7 (10.7.7.7): Path =
1000 12(AS-Path length = 2)
Both have the same AS-Path length. R9 chooses R7’s path due to oldest route tie-breaker (or router ID, depending on when routes were received).
Summary of initial state:
- R7: Uses its direct path (expected)
- R8: Uses its direct path (eBGP > iBGP tie-breaker)
- R9: Uses R7’s path (oldest route tie-breaker)
Result: Traffic is split between R7 and R8 connections. Not coordinated.
Configuration: Prepend on R8’s Inbound
To make all routers prefer R7’s path, we make R8’s path look less attractive by prepending AS numbers to routes R8 receives from R4.
On R8:
route-map ABC permit 10
set as-path prepend 1000 1000
router bgp 2000
neighbor 192.1.48.4 route-map ABC in
Breaking it down:
- Route-map
ABCprepends1000 1000(repeats AS 1000 twice) - Applied inbound on the eBGP neighbor 192.1.48.4 (R4)
- This affects all routes R8 receives from R4
Critical direction: Applied inbound (not outbound). We’re modifying routes as R8 receives them, before R8 makes best-path decisions or advertises them to iBGP neighbors.
Why prepend 1000? We prepend the adjacent AS number (AS 1000) because we want the path to look like it went through AS 1000 multiple extra times. This is the standard practice for outbound traffic control.
Results After Configuration
R7 (unchanged):
R7#sh ip bgp
Network Next Hop Metric LocPrf Weight Path
*> 1.0.0.0 192.1.47.4 0 1000 12 i
*> 2.0.0.0 192.1.47.4 0 1000 12 i
*> 3.0.0.0 192.1.47.4 0 1000 i
*> 4.0.0.0 192.1.47.4 0 0 1000 i
R7 still uses its direct path (nothing changed for R7).
R8 (AS-Path now longer):
R8#sh ip bgp
Network Next Hop Metric LocPrf Weight Path
*>i 1.0.0.0 10.7.7.7 0 100 0 1000 12 i
* 192.1.48.4 0 1000 1000 1000 12 i
*>i 2.0.0.0 10.7.7.7 0 100 0 1000 12 i
* 192.1.48.4 0 1000 1000 1000 12 i
*>i 3.0.0.0 10.7.7.7 0 100 0 1000 i
* 192.1.48.4 0 1000 1000 1000 i
*>i 4.0.0.0 10.7.7.7 0 100 0 1000 i
* 192.1.48.4 0 0 1000 1000 1000 i
Major changes:
- Path via iBGP from R7:
1000 12(length = 2) – unchanged - Path via direct eBGP from R4:
1000 1000 1000 12(length = 4) – prepended! - Best path
>moved from eBGP to iBGP
R8 now compares:
- iBGP path: AS-Path length = 2
- eBGP path: AS-Path length = 4
Shorter AS-Path wins (step 4), so R8 now prefers the iBGP path via R7, even though eBGP is normally preferred over iBGP (step 7). AS-Path length (step 4) is evaluated before the eBGP vs iBGP preference (step 7).
R9 (no change in best path, but sees prepending):
R9#sh ip bgp
Network Next Hop Metric LocPrf Weight Path
*>i 1.0.0.0 10.7.7.7 0 100 0 1000 12 i
*>i 2.0.0.0 10.7.7.7 0 100 0 1000 12 i
*>i 3.0.0.0 10.7.7.7 0 100 0 1000 i
*>i 4.0.0.0 10.7.7.7 0 100 0 1000 i
Wait - R9’s output only shows one path per route (via R7). Where’s the path via R8?
R9 is not seeing the path via R8 because R8 no longer considers it the best path. When R8 advertises routes to R9 via iBGP, R8 only advertises the best path (via R7), not the backup eBGP path. This is normal iBGP behavior.
Even if R9 could see both paths, it would prefer R7’s path (AS-Path length 2) over R8’s path (AS-Path length 4).
Result: All three routers in AS 2000 now prefer exiting via R7 to reach AS 1000 networks. Mission accomplished!
Traffic Flow After Outbound Prepending
Outbound traffic from AS 2000 → AS 1000:
R7 → Uses its direct link to R4 ✓
R8 → Uses R7's link (via iBGP) ✓
R9 → Uses R7's link (via iBGP) ✓
All traffic exits via R7-R4 link.
R8-R4 link is backup only.
Example 2: AS-Path Prepending for Inbound Traffic Control
Requirement
AS 2000 would like to use the link between R4-R8 as the preferred inbound link from AS 1000 to AS 2000.
Translation: When R4 (in AS 1000) sends traffic to AS 2000’s networks, it should prefer entering via R8 instead of R7.
This is the opposite direction from Example 1. Now we need to influence AS 1000’s routing decisions.
Initial State (Before Configuration)
R4 (in AS 1000):
R4#sh ip bgp
Network Next Hop Metric LocPrf Weight Path
*> 7.0.0.0 192.1.48.8 0 2000 i
* 192.1.47.7 0 0 2000 i
* 8.0.0.0 192.1.47.7 0 2000 i
*> 192.1.48.8 0 0 2000 i
*> 9.0.0.0 192.1.48.8 0 2000 i
* 192.1.47.7 0 2000 i
R4 has two paths to reach AS 2000’s networks:
- Via 192.1.48.8 (R8): Path =
2000(length = 1) - Via 192.1.47.7 (R7): Path =
2000(length = 1)
Both paths have the same AS-Path length. R4’s best-path selection for some routes favors R8, for others favors R7, based on tie-breakers (MED, router-ID, etc.). The result is inconsistent.
Goal: Make R4 consistently prefer the R8 entry point for all AS 2000 networks.
Configuration: Prepend on R7’s Outbound
To make R4 prefer entering via R8, we make R7’s advertisements less attractive by prepending when R7 advertises to R4.
On R7:
route-map ABC permit 10
set as-path prepend 2000 2000 2000
router bgp 2000
neighbor 192.1.47.4 route-map ABC out
Breaking it down:
- Route-map
ABCprepends2000 2000 2000(repeats AS 2000 three times) - Applied outbound on the eBGP neighbor 192.1.47.4 (R4)
- This affects all routes R7 advertises to R4
Critical direction: Applied outbound (not inbound). We’re modifying routes as R7 advertises them to R4, making them look less attractive to AS 1000.
Why prepend 2000? We prepend our own AS number (AS 2000) because we’re advertising routes outbound. From R4’s perspective, the path will show AS 2000 repeated multiple times, making it look longer.
Key insight:
- Inbound prepending (Example 1): Prepend the adjacent AS number → Controls outbound traffic
- Outbound prepending (Example 2): Prepend your own AS number → Controls inbound traffic
Results After Configuration
R4 (in AS 1000):
R4#sh ip bgp
Network Next Hop Metric LocPrf Weight Path
*> 7.0.0.0 192.1.48.8 0 2000 i
* 192.1.47.7 0 0 2000 2000 2000 2000 i
* 8.0.0.0 192.1.47.7 0 2000 2000 2000 2000 i
*> 192.1.48.8 0 0 2000 i
*> 9.0.0.0 192.1.48.8 0 2000 i
* 192.1.47.7 0 2000 2000 2000 2000 i
Dramatic changes:
- Path via 192.1.48.8 (R8):
2000(length = 1) – unchanged - Path via 192.1.47.7 (R7):
2000 2000 2000 2000(length = 4) – prepended! - Best path
>: all routes now prefer R8
R4 compares:
- Path via R8: AS-Path length = 1
- Path via R7: AS-Path length = 4
Shorter wins, so R4 now consistently prefers entering AS 2000 via R8 for all networks.
Result: All inbound traffic from AS 1000 to AS 2000 now enters via the R4-R8 link.
Traffic Flow After Inbound Prepending
Inbound traffic from AS 1000 → AS 2000:
R4 → Prefers sending to R8 for all AS 2000 networks ✓
All traffic enters via R8-R4 link.
R7-R4 link is backup only.