# route summarization

Jun 1st, 2009

can some one explain to me a route summarization, I did read the topic but was not able to grab the concept and I usually feel that I learn a lot for explained topic in detail then general explanation .. Thanks in advance

I came up /20 because that mask includes exactly 16 /24s (and I made up the example using 16 subnets so that they could be neatly summarized).

The mask for /20 is 255.255.240.0. Some people use a memory shortcut to remember how many subnets can be summarized by subtracting the mask value from 256. So 256 minus 240 is 16.

If you really want to understand summarization and how I chose /20 we need to get into binary. So lets look at the binary value of the third octet of each subnet:

binary subnet

0000 0000 0

0000 0001 1

0000 0010 2

0000 0011 3

0000 0100 4

0000 0101 5

0000 0110 6

0000 0111 7

0000 1000 8

0000 1001 9

0000 1010 10

0000 1011 11

0000 1100 12

0000 1101 13

0000 1110 14

0000 1111 15

If you look at the binary values it becomes clear that the first 4 bits are always the same (0000) and the second 4 bits vary. So to summarize we want a mask with the first 4 bits binary 1 (indicating that these must match) and the second 4 bits binary zero (indicating that the bits do not need to match). So we want a mask of 11110000 and that is 240.

HTH

Rick

Overall Rating: 4.8 (8 ratings)

## Replies

• Gold, 750 points or more

Many advanced books give simple explanations using analogy with postal office. so here is my shot.

When u have many houses on a street, instead of telling your penpals (if u are as old fashioned as me) you live on Nr 70 Cisco street you simply say you live on Cisco street.

basically you are minimizing details to add simplicity and more often stability.

With routing when you advertise a summarized or less specific address you saved on router memory since you have less routes. you also add stability, so if one route flaps it does not require you updating the other router since he is not expecting a specific route. there is a downside ad that is that the other router will keep sending you packets for missing route and since you no longer have it traffic is black holed.

I sincerely hope this had given you an overview.

Sam

cisco steps Mon, 06/01/2009 - 10:20

Sam, Thanks for the explanation. it does make a lot of since of what you said .. I am also looking for expalanation with netwok Id and subnet . almost like to one you see on the router when you do sho ip route .. it mentioned summarization are in effect ,, Thanks for your time again..

Richard Burts Mon, 06/01/2009 - 12:17
• Super Silver, 17500 points or more
• Hall of Fame,

Founding Member

• Cisco Designated VIP,

2017 LAN, WAN

Ok, for an example with networks and subnets lets try this: assume that you have a network that has the following subnets in it:

172.16.0.0/24

172.16.1.0/24

172.16.2.0/24

172.16.3.0/24

172.16.4.0/24

172.16.5.0/24

172.16.6.0/24

172.16.7.0/24

172.16.8.0/24

172.16.9.0/24

172.16.10.0/24

172.16.11.0/24

172.16.12.0/24

172.16.13.0/24

172.16.14.0/24

172.16.15.0/24

and if you were running a dynamic routing protocol like EIGRP there would be 16 entries in your routing table. This maximizes the specific information in the route table assures accuracy in the routing decision.

But you could generate a summary route:

172.16.0.0/20

with the summary route you would have a single entry in the routing table, (less specific information in the routing table) but it would still get you to those 16 subnets.

As Sam points out there are several advantages in using summarization. For one thing it takes less room in the routing table and so you save on memory utilization, and you save on CPU cycles to maintain the routing table. And as Sam points out it can make the routing table more stable with fewer routing table updates. For example in the first method (all subnets in the routing table) if subnet 172.16.3.0 went down then there would be a routing table update to indicate that it was down. And when it came back up there would be another routing table update to indicate that it was back up. But with summarization when the subnet goes down you do not need a routing table update because the summary route is still valid. And when the subnet comes back up you do not need a routing table update because the summary route is still valid.

HTH

Rick

cisco steps Tue, 06/02/2009 - 07:52

rick why did you use /20 as the route summary,, Thank you

Joseph W. Doherty Tue, 06/02/2009 - 04:05
• Super Bronze, 10000 points or more

For another general explanation. . .

First, you must realize routing tends to be resource intensive compared to switching. This when routing uses variable length network IDs (prefixes) compared to switching often using fixed sized IDs.

Assume you have a large Enterprise, which has multiple sites, each site (campus) has multiple buildings, each building has multiple floors, and each floor has several subnets.

You could setup your network such that every L3 network device within the Enterprise knows of every subnet. This also means each routing device needs to process all that information to route a packet. (It also means it has to be passed about.)

However, what if we designed our address space such that each site had a dedicated address block, each building within the site a dedicated address block, and each floor within a building a dedicated address block.

This would allow each site, building, floor to advertize just one summary address to its peers and/or hierarchical parents.

So instead of site A router having to process all the other sites' (all) routes, it might only see one summary address per other site (each which might encompass hundreds of subnets).

The disadvantage of summary addresses, remote L3 devices don't really know what's actually present. For example, if all subnets were advertized within your network, your first hop router would immediately know whether the network address you're sending to exists or not. With summaries, a packet could be forwarded to another site's building and floor before it's known the network doesn't exist. Except for DoS attacks, normally this trade-off (summaries vs. detailed) is accepted as a "better" approach.

cisco steps Tue, 06/02/2009 - 07:50

Thank you all for taking the time and explaining in details the role of route summarization. very helpfull info.

cisco steps Tue, 06/02/2009 - 08:19

rick how did you come up w /20 as the route summary,, Thank you

Richard Burts Tue, 06/02/2009 - 08:35
• Super Silver, 17500 points or more
• Hall of Fame,

Founding Member

• Cisco Designated VIP,

2017 LAN, WAN

I came up /20 because that mask includes exactly 16 /24s (and I made up the example using 16 subnets so that they could be neatly summarized).

The mask for /20 is 255.255.240.0. Some people use a memory shortcut to remember how many subnets can be summarized by subtracting the mask value from 256. So 256 minus 240 is 16.

If you really want to understand summarization and how I chose /20 we need to get into binary. So lets look at the binary value of the third octet of each subnet:

binary subnet

0000 0000 0

0000 0001 1

0000 0010 2

0000 0011 3

0000 0100 4

0000 0101 5

0000 0110 6

0000 0111 7

0000 1000 8

0000 1001 9

0000 1010 10

0000 1011 11

0000 1100 12

0000 1101 13

0000 1110 14

0000 1111 15

If you look at the binary values it becomes clear that the first 4 bits are always the same (0000) and the second 4 bits vary. So to summarize we want a mask with the first 4 bits binary 1 (indicating that these must match) and the second 4 bits binary zero (indicating that the bits do not need to match). So we want a mask of 11110000 and that is 240.

HTH

Rick

cisco steps Tue, 06/02/2009 - 08:39

U r d Man, well explained thanks. got it now ..

Richard Burts Tue, 06/02/2009 - 08:50
• Super Silver, 17500 points or more
• Hall of Fame,

Founding Member

• Cisco Designated VIP,

2017 LAN, WAN

I am glad that you got it now. It can become a complex topic and one that is quite important. Thank you for using the rating system to indicate that your question was resolved (and thanks for the rating). It makes the forum more useful when people can read a question and can know that they will read responses which did help to resolve the question.

HTH

Rick

ronbuchalski Fri, 06/05/2009 - 07:27

Rick,

I have a follow-on question to this...

Using your example of summarizing 16 subnets with one summary route, what if the summary covers networks which do not exist, (planned for the future, but not yet implemented)?

If using EIGRP to advertise these specific networks, as well as the summary route, other routers will send traffic destined for any of the networks in the summary to the router advertising the summary. Then, I would assume, the route to null0 on this summarizing router would be used to drop packets destined to the non-existing networks contained in the summary, since a more specific route to the network does not exist. Is this correct? What potential problems could this cause?

I ask because it is troublesome to change the summary route statement(s) every time a new network is added behind the summarizing router. Changing the summary route statement will reset the EIGRP peering, which is disruptive in an active network.

We have active networks which are not all contiguous, but they all conform to an addressing plan per area. For example, all locations in Area 14 use 10.14.xx.xx/24. So, even though there are only 20 networks in Area 14, it would be safe to advertise 10.14.0.0/16 from the border (summary) router, since all 10.14.xx.xx/24 networks are only reachable through this border or summary router. However, there are many subnets implied within the summary which do not exist, and may never exist. So, is this large summary address potentially harmful to the network? Other than routing 10.14.xx.xx/16 traffic to the border router, only for it to drop the traffic, are there any dangers?

Ron Buchalski

Richard Burts Fri, 06/05/2009 - 09:41
• Super Silver, 17500 points or more
• Hall of Fame,

Founding Member

• Cisco Designated VIP,

2017 LAN, WAN

Ron

Your review of how EIGRP deals with summary routes is exactly correct.

As long as you are dealing with a routing protocol that will create the null0 route for the summary (or if you manually create the null0 route), then I do not believe that there is any danger in creating a summary route that includes some subnets that do not exist (and may never exist). Without the null0 route there is a possibility that your router will advertise the summary address block, that some router will forward a packet to you for a subnet that does not exist, that you might forward the packet using your default route (since you do not have a route to that subnet), and the next hop router may forward it back to you (creating a loop). (though since the destination does not exist a loop is just another way to discard the packet and we could argue that the loop here does not damage anything)

In your case I believe that the advantages of summarizing the 10.14.0.0/16 far outweigh any downside of summarizing and advertising subnets that do not exist.

As I see it, the downside of summarizing a block when some subnets in the block do not exist is that some extra traffic will be generated (sending packets to the summarizing router who will drop them rather than dropping the packet at the original router). To me the extra traffic is not a problem and the advantages of summarization make it worth it (smaller routing table, less memory and fewer CPU cycles consumed for the routing table, greater stability in the network, fewer routing updates). Your opinion of what constitutes a problem or danger may vary.

HTH

Rick

ronbuchalski Mon, 06/08/2009 - 05:31

Rick,

Thank you for confirming what I suspected.

Using EIGRP, and having put a summary address statement on the appropriate interfaces of the area aggregation router as a test, I find the following route on the aggregation router:

xxx-MainR#sh ip route 10.14.0.0

Routing entry for 10.14.0.0/16

Known via "eigrp 1234", distance 5, metric 28160, type internal

Redistributing via eigrp 1234

Routing Descriptor Blocks:

* directly connected, via Null0

Route metric is 28160, traffic share count is 1

Total delay is 100 microseconds, minimum bandwidth is 100000 Kbit

Reliability 255/255, minimum MTU 1500 bytes

xxx-MainR#

One hop away, I find:

xxx_WANR#sh ip route 10.14.0.0

Routing entry for 10.14.0.0/16

Known via "eigrp 1234", distance 90, metric 130816, type internal

Redistributing via eigrp 1234

Last update from 10.214.100.2 on GigabitEthernet3/2.250, 13:28:03 ago

Routing Descriptor Blocks:

* 10.214.100.2, from 10.214.100.2, 13:28:03 ago, via GigabitEthernet3/2.250

Route metric is 130816, traffic share count is 1

Total delay is 110 microseconds, minimum bandwidth is 20000 Kbit

Reliability 255/255, minimum MTU 1500 bytes

xxx_WANR#

So, summarization is happening as it should, and traceroute to a non-existent network reveals:

xxx_WANR#trace 10.14.90.254

Type escape sequence to abort.

Tracing the route to 10.14.90.254

1 10.214.100.2 8 msec 12 msec 8 msec

2 10.214.100.2 !H * !H

xxx_WAN#

I understand that this may lead to some additional traffic being routed across the WAN links to the summarizing router, only to be dropped. A better solution would be to have a 10.0.0.0/8 route to null0 in the core of the network, so any traffic passing through the core, destined for non-existent subnets within 10.x.x.x, would be null routed at the core. This would also prevent any traffic destined for non-existent 10.x.x.x networks from following default to our internet edge routers.

I'm a little hesitant to implement these null routes at the core until I can verify that they won't cause any other problems.

Thanks again,

Ron Buchalski

Richard Burts Mon, 06/08/2009 - 06:23
• Super Silver, 17500 points or more
• Hall of Fame,

Founding Member

• Cisco Designated VIP,

2017 LAN, WAN

Ron

Perhaps there is some aspect of your environment that I am not understanding. But your point about configuring a 10.0.0.0/8 null route at the core is not clear to me. Would traffic come across the WAN links to the summarizing router on its way to the core? So I am not clear how the 10.0.0.0/8 helps deal with the issue of extra traffic (consuming bandwidth before it is dropped). But certainly a 10.0.0.0/8 would be effective at preventing unknown subnets of 10.0.0.0 being forwarded toward the default route (assuming that the default route is configured on the core).

Only someone familiar with your network and its topology can determine if the summary route could cause any other problem.

HTH

Rick

ronbuchalski Mon, 06/08/2009 - 06:39

Rick,

The network architecture consists of 12 regions in which regional locations connect to the regional HQ. The regional HQ only advertises a default route to the regional locations, which are configured as EIGRP stubs and only advertise their connected networks to the regional HQ.

The regional HQ locations connect back to the network core, and have alternate paths through other regional HQ to get to the network core.

The regional HQ provides some data and voice services to locations within the region.

At the core are most of the data services, primary voice routing services, as well as the internet gateway. Network default is originated at the internet gateway and propagated across the network via EIGRP.

Currently, without address summarization, any traffic destined for a non-existing network within 10.x.x.x will follow default and be routed to the internet gateway, where it will be dropped.

What I was proposing was to have a 10.0.0.0/8 route to null0 at the core location, so that this traffic would be dropped before reaching the internet gateway.

Of course, if there was a better way to accomplish this, I'm open to suggestions.

By the way, we are preparing to migrate the majority of the network to an MPLS WAN, which will provide any-any connectivity and will eliminate the regional HQ physical topology, although regional HQ data and voice services will still be maintained.

The reason for me researching address summarization is that we are experiencing some EIGRP SIA problems when a regional location drops off the network. Since EIGRP goes active and sends queries to the edge of the network, we occasionally have responses that get lost, resulting in EIGRP neighbor resets outside of the region where the affected location resides.

I am hoping that address summarization will keep the EIGRP queries constrained to the region and will not disrupt the remainder of the network.

Ron Buchalski