BGP Aggregation / exclusions

2colin-cant · ‎01-23-2012

Hi NG,

i have following setup:

R1 1.0.0.0/24

R2 1.1.0.0/24

R3 1.2.0.0/24

R4 1.3.0.0/24

R5 5.0.0.0/24

R6 6.0.0.0/24

R3 is connected to R1 / R2 / R4.

R3 is also connected to R6.

R5 is connected to R1 / R2 / R3 / R4 as well as to R6

R3 and R5 should advertise the same summary to R6, but only if R3/R6 actually receive a detailed prefixes from either R1,R2,R4.

My problem is, that R3 has its ip range within the summary address of 1.0.0.0/8 and always will advertise the /8, even in the case where it would have lost the connection to R1/R2/R4.

how do i solve this? R3 will always have its management Loopback up and running as this resides in 1.2.0.0/24

----------------------------------

R3:

IP Range 1.2.0.0/24 used!

aggregate-address 1.0.0.0 255.0.0.0 as-set summary-only

route-map out: set as-path prepend 3 3

R5:

aggregate-address 1.0.0.0 255.0.0.0 as-set summary-only

advertising to R6

thank you for your inputs!

colin

milan.kulik · ‎01-23-2012

Hi,

I see two chances:

a) remove the Loopback from BGP table

router bgp ...

no network 1.2.0.0 mask 255.255.255.0

b) using a different IP range for your Loopback.

HTH,

Milan

ebarticel · ‎01-23-2012

Hi,

I think R3 advertises the 1.0.0.0/8 even when it is loosing connection to because it gets updates from R5. Try to filter the 1.0.0.0/8 to be advertised between R3 and R5.

Hope this helps

Eugen

2colin-cant · ‎01-23-2012

hi milan/eugen,

thx for your answers.

@milan:

i thought of something like BGP Conditional Advertisement in order to ignore its own loopback which resides in the summary, regarding the bgp updates outbound.

i'm not quite sure on how to achieve this. so i guess the easiest way will be re-addressing that site!

In this case we will have following:

R1 1.0.0.0/24

R2 1.1.0.0/24

R4 1.3.0.0/24

-----------------------> Summary 1.0.0.0/8

R3 7.0.0.0/24 advertising 1.0.0.0/8 to R6

R5 5.0.0.0/24 advertising 1.0.0.0/8 to R6

R6 6.0.0.0/24

THX guys

milan.kulik · ‎01-24-2012

Hi,

in fact, the BGP Conditional Advertisement might work!

Something like

neighbor R6_ip_address advertise-map ADVERTISE exist-map EXIST

!--- Advertises the routes matched in the route-map ADVERTISE (1.0.0.0/8)
!--- only if the routes matched in route-map EXIST (1.0.0.0/24)
!--- does exist in the BGP table.
!

ip prefix-list aggregated seq 5 permit 1.0.0.0/8

ip prefix-list specific seq 5 1.0.0.0/24

!

route-map EXIST permit 10

match ip address prefix-list specific

!

route-map ADVERTISE permit 10

match ip address prefix-list aggregated

!

See http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a0080094309.shtml

for details.

I'm not sure though if the 1.0.0.0/24 subnet supperssed by the

aggregate-address 1.0.0.0 255.0.0.0 as-set summary-only

would match.

If I have some free time, I'll test in my lab.

HTH,

Milan

2colin-cant · ‎01-24-2012

hi milan,

by the way, this now is only a informational topic for now, as i have change the addressing schema in my problem.

R3 has been re-address, out of 1.0.0.0/8 in order to make life easier.

So this discussion is now "only" curiosity..... as well to learn how this could potentially be done... share info with others who may face this problem in future.

ok, but in my case the logics i guess should cover the following:

R3: ADVERTISE (1.0.0.0/8) no matter if 1.2.0.0/24 exists or not in its routing/bgp table.

(ignore 1.2.0.0 as this is R3 local)

This in order to ignore that 1.2.0.0's loopback is part of the 1.0.0.0/8 summary, correct?

ebarticel · ‎01-24-2012

Maybe this extract will help:

In the following example, a route map called map-one is created matching on an as-path access list. The path advertised for this route will be an AS_SET consisting of elements contained in paths that are matched in the route map.

ip as-path access-list 1 deny ^1234_

ip as-path access-list 1 permit .*

route-map map-one

match ip as-path 1

router bgp 65000

aggregate-address 10.0.0.0 255.0.0.0 as-set advertise-map map-one

Eugen

milan.kulik · ‎01-25-2012

Hi,

AFAIK, there is no way how to say a Cisco router:

Ignore this subnet when creating an aggregate prefix!"

So at the moment the loopback prefix is in the BGP table, the aggregate prefix is created.

The only chance is to prevent the router to advertise the aggregate prefix to a neighbour in a case there is no other more specific prefix available.

I made a test of my conditional advertisement original proposal in my lab and realised:

The 1.0.0.0/24 subnet supperssed by the

aggregate-address 1.0.0.0 255.0.0.0 as-set summary-only

would not match.

So the summary-only keyword is not useful here.

There is necessery to filter the outgoing prefixes by a route-map and then the conditional advertisement works.

But there is another restriction: The exist-map must be matching only one particular prefix :-(

So here is the working config:

router bgp 65000

network 1.0.0.0 mask 255.255.255.0

network 1.2.0.0 mask 255.255.255.0

aggregate-address 1.0.0.0 255.0.0.0

neighbor 10.1.1.2 remote-as 65001

neighbor 10.1.1.2 route-map to-r6 out

neighbor 10.1.1.2 advertise-map ADVERTISE exist-map EXIST

no auto-summary

!

ip prefix-list aggregated seq 5 permit 1.0.0.0/8

!

ip prefix-list specific seq 5 permit 1.0.0.0/24

!

ip prefix-list summ-only seq 5 deny 1.0.0.0/8 ge 9

ip prefix-list summ-only seq 10 permit 0.0.0.0/0 le 32

!

route-map ADVERTISE permit 10

match ip address prefix-list aggregated

!

route-map EXIST permit 10

match ip address prefix-list specific

!

route-map to-r6 permit 10

match ip address prefix-list summ-only

!

The router is advertising the aggregate prefix 1.0.0.0/8 to the neighbour only in a case the 1.0.0.0/24 is received, no matter of other 1.0.0.0/8 more specific prefixes (all of them are not advertised).

I know this is not exactly what you requested but it's the maximum I'm able to configure.

BR,

Milan