BGP route aggregation/Suppressing routes

From CT3

Jump to: navigation, search

Continuing from the lab in the parent article, let's assume we want to advertise an aggregate route for 172.16.0.0/21 from R3 to R4, but also advertise certain more-specific routes.

To refresh, we can create an aggregate route on R3 using the aggregate-address command. The as-set keyword is appended here to ensure the AS numbers of the summarized routes are included in the aggregate's AS path.

R3(config-router)# aggregate-address 172.16.0.0 255.255.248.0 as-set

R4 has installed the aggregate route as expected:

R4# show ip bgp
BGP table version is 12, local router ID is 10.0.0.10
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 172.16.0.0/24    10.0.0.9                               0 30 10 ?
*> 172.16.0.0/21    10.0.0.9                 0             0 30 {10,20} ?
*> 172.16.1.0/24    10.0.0.9                               0 30 10 ?
*> 172.16.2.0/24    10.0.0.9                               0 30 10 ?
*> 172.16.3.0/24    10.0.0.9                               0 30 10 ?
*> 172.16.4.0/24    10.0.0.9                               0 30 20 ?
*> 172.16.5.0/24    10.0.0.9                               0 30 20 ?
*> 172.16.6.0/24    10.0.0.9                               0 30 20 ?
*> 172.16.7.0/24    10.0.0.9                               0 30 20 ?

Since we didn't append the summary-only keyword, all of the aggregate's more-specific routes are still advertised independently. Let's assume we want to advertise only the 172.16.0.4.0/24 and 172.16.5.0/24 subnets from AS20 as specific-routes, and rely on the aggregate for routing to the remaining subnets. We can use a suppress map on R3 to suppress the six routes we don't want to advertise independently. First we create a route-map to match the routes to be suppressed, then reference it from the aggregate-address statement.

R3(config)# ip access-list standard Suppressed_Routes
R3(config-std-nacl)# permit 172.16.0.0 0.0.3.255
R3(config-std-nacl)# permit 172.16.6.0 0.0.1.255

R3(config)# route-map MySuppressMap
R3(config-route-map)# match ip address Suppressed_Routes

R3(config-router)# aggregate-address 172.16.0.0 255.255.248.0 as-set suppress-map
 MySuppressMap

On R4, we can verify that R3 is now only advertising the aggregate route and the two /24 routes not matched by our suppress map:

R4# show ip bgp

   Network          Next Hop            Metric LocPrf Weight Path
*> 172.16.0.0/21    10.0.0.9                 0             0 30 {10,20} ?
*> 172.16.4.0/24    10.0.0.9                               0 30 20 ?
*> 172.16.5.0/24    10.0.0.9                               0 30 20 ?

We've accomplished what we wanted on R4, but R1 and R2 are now facing a serious problem: since their AS numbers are included in the aggregate route (we've appended as-set to the command), neither AS 10 or 20 will accept the aggregate route. R1 knows only of its own routes and the two AS 20 routes we didn't suppress into the aggregate:

R1# show ip bgp

   Network          Next Hop            Metric LocPrf Weight Path
*> 172.16.0.0/24    0.0.0.0                  0         32768 ?
*> 172.16.1.0/24    0.0.0.0                  0         32768 ?
*> 172.16.2.0/24    0.0.0.0                  0         32768 ?
*> 172.16.3.0/24    0.0.0.0                  0         32768 ?
*> 172.16.4.0/24    10.0.0.2                               0 30 20 ?
*> 172.16.5.0/24    10.0.0.2                               0 30 20 ?

R2 knows only its own routes, since all routes from AS 10 were suppressed.

R2# show ip bgp

   Network          Next Hop            Metric LocPrf Weight Path
*> 172.16.4.0/24    0.0.0.0                  0         32768 ?
*> 172.16.5.0/24    0.0.0.0                  0         32768 ?
*> 172.16.6.0/24    0.0.0.0                  0         32768 ?
*> 172.16.7.0/24    0.0.0.0                  0         32768 ?

One way to remedy this is to apply an unsuppress map to each of these neighbors on R3. As you might expect, an unsuppress map acts opposite of a suppress map, extracting and advertising more-specific routes from an aggregate. We can create route-maps to match routes from AS 10 and 20, and propagate those routes between the two autonomous systems.

! Match routes based on origin AS
R3(config)# ip as-path access-list 10 permit 10
R3(config)# ip as-path access-list 20 permit 20

R3(config)# route-map AS10_Routes
R3(config-route-map)# match as-path 10
R3(config)# route-map AS20_Routes
R3(config-route-map)# match as-path 20

! Unsuppress AS 20 routes to AS 10 and vice versa
R3(config)# router bgp 30
R3(config-router)# neighbor 10.0.0.1 unsuppress-map AS20_Routes
R3(config-router)# neighbor 10.0.0.5 unsuppress-map AS10_Routes

After completing this configuration, we resend the BGP routes from R3 to all its neighbors (clear ip bgp * soft out on R3) and inspect the BGP tables of R1 and R2. We can see now they both know of all /24 routes.

R1# show ip bgp

   Network          Next Hop            Metric LocPrf Weight Path
*> 172.16.0.0/24    0.0.0.0                  0         32768 ?
*> 172.16.1.0/24    0.0.0.0                  0         32768 ?
*> 172.16.2.0/24    0.0.0.0                  0         32768 ?
*> 172.16.3.0/24    0.0.0.0                  0         32768 ?
*> 172.16.4.0/24    10.0.0.2                               0 30 20 ?
*> 172.16.5.0/24    10.0.0.2                               0 30 20 ?
*> 172.16.6.0/24    10.0.0.2                               0 30 20 ?
*> 172.16.7.0/24    10.0.0.2                               0 30 20 ?
R2# show ip bgp

   Network          Next Hop            Metric LocPrf Weight Path
*> 172.16.0.0/24    10.0.0.6                               0 30 10 ?
*> 172.16.1.0/24    10.0.0.6                               0 30 10 ?
*> 172.16.2.0/24    10.0.0.6                               0 30 10 ?
*> 172.16.3.0/24    10.0.0.6                               0 30 10 ?
*> 172.16.4.0/24    0.0.0.0                  0         32768 ?
*> 172.16.5.0/24    0.0.0.0                  0         32768 ?
*> 172.16.6.0/24    0.0.0.0                  0         32768 ?
*> 172.16.7.0/24    0.0.0.0                  0         32768 ?

R4, in contrast, still knows only the aggregate route and the two /24 routes not matched by our suppress map:

R4# show ip bgp

   Network          Next Hop            Metric LocPrf Weight Path
*> 172.16.0.0/21    10.0.0.9                 0             0 30 {10,20} ?
*> 172.16.4.0/24    10.0.0.9                               0 30 20 ?
*> 172.16.5.0/24    10.0.0.9                               0 30 20 ?
Personal tools

CT3

Main menu