-----------------
Can be applied at any point in the network as long as 1 subnet is in the BGP table (so
either by network,connected,redistributed)
Configure as aggregate-address "network" "mask" [args]
arguments are
-summary-only
-supress-map
-attribute-map
-as-set
-advertise-map
router bgp 200
aggregate-address 150.28.0.0 255.255.255.240
sh ip bgp "150.28.0.0" you will noticed that is listed as atomic aggregate to let other
routes now that this route is been summarized also it will have a originator id of the
router that agregated
when you aggregate it will not suppress the subnets by default we can decide to do this
globally or to suppress on per neighbor basis
router bgp 200
aggregate-address 150.28.0.0 255.255.255.240 summary-only
this will suppress the routes globally
if you do a
sh ip bgp
on the originator router we will see in the table the s (suppressed)
we can blackhole traffic with summarization for example if you summarize on AS 1 to say
155.0.0.0/20 and another AS 150.0.0.0/20 and the specfic subnets are suppressed.
A router in another AS will choose one or the other summary routes say AS1 has specfic
subnets and AS 2 has different specfic subnets this could cause a blackhole of certain
subnets
WE have options how to resolve this basically it revolves specifically sending in longer
match routes
we could use a suppress map gloablly & then on a per neighbor basis use an unsuppress map to
send specfic routes
we could aggregate-address with no summary and use a route-map to filter on per neighbor
basis what gets sent
same as opsf and eigrp when we originate a summary it creates a discard route towards null 0
this can cause issues if you have ip route 0.0.0.0 0.0.0.0 as routes covered by the summary
will never go to the default for failover as it it will have the longer match of /20 route
we could take out the null 0 route
with a table map
a table map is configured undert the router bgp process in conjuction with a routemap is
used to basciaylly filter the bgp table best routes you can filter which of these routes
will go into the routing table
In the case there is less peer that you want to send the specfic subnets that you want to
just send the agregate you could use a unsuppress map
router bgp 100
aggregate address 150.0.0.0/20 summmary-only
neighbor 155.28.13.3 unsupress-map UNSUPPRESS-TO-R3
ip prefix-list r3-loopback permit 150.28.1.0/24
route-map UNSUPPRESS
match ip address prefix-list R3-loopback
THis can be often used for traffic engineering by sending a more specfic routes
LAB
----
links
r1
--
r1(config)#router bgp 100
r1(config-router)#aggregate-address 155.0.0.0 255.255.0.0
r1(config-router)#
r1#sh ip bgp
*Mar 1 04:04:48.855: %SYS-5-CONFIG_I: Configured from console by console
r1#
it is not working as none of the subnets are in the bgp table i will need to generate a
subnet
r1(config)#router bgp 100
r1(config-router)#network 155.0.146.0 mask 255.255.255.0
r1(config-router)#exit
r1(config)#do sh ip bgp
BGP table version is 241, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 155.0.0.0 0.0.0.0 32768 i
*> 155.0.146.0/24 0.0.0.0 0 32768 i
r1(config)#
ok once we generated a route the summary address comes in
Lets take a closer look at the route
r1#sh ip bgp 155.0.0.0
BGP routing table entry for 155.0.0.0/16, version 241
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Flag: 0x820
Advertised to update-groups:
1 2
Local, (aggregated by 100 1.1.1.1)
0.0.0.0 from 0.0.0.0 (1.1.1.1)
Origin IGP, localpref 100, weight 32768, valid, aggregated, local, atomic-aggregate,
best
r1#
we can see it has attribute as atomic agregate it also has the agregated by local address
if we look on r3
r3(config)#do sh ip bgp
BGP table version is 573, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* 155.0.0.0 2.2.2.2 0 200 400 100 i
* 5.5.5.5 0 400 100 i
*> 1.1.1.1 0 0 100 i
* 155.0.146.0/24 2.2.2.2 0 200 400 100 i
* 5.5.5.5 0 400 100 i
*> 1.1.1.1 0 0 100 i
r3(config)#
we are not just recieving the agreegate from r1 we are also recieving the more specfic route
r3#sh ip bgp 155.0.0.0
BGP routing table entry for 155.0.0.0/16, version 573
Paths: (3 available, best #3, table Default-IP-Routing-Table)
Flag: 0x820
Advertised to update-groups:
1 2
200 400 100, (aggregated by 100 1.1.1.1)
2.2.2.2 (metric 20640000) from 2.2.2.2 (12.12.12.12)
Origin IGP, localpref 100, valid, external, atomic-aggregate
400 100, (aggregated by 100 1.1.1.1)
5.5.5.5 (metric 20640000) from 5.5.5.5 (5.5.5.5)
Origin IGP, localpref 100, valid, external, atomic-aggregate
100, (aggregated by 100 1.1.1.1)
1.1.1.1 (metric 20640000) from 1.1.1.1 (1.1.1.1)
Origin IGP, metric 0, localpref 100, valid, external, atomic-aggregate, best
if we want to supress the more specfic route we need to use the summary only
r1
---
r1(config)#router bgp 100
r1(config-router)#no aggregate-address 155.0.0.0 255.255.0.0
r1(config-router)#aggregate-address 155.0.0.0 255.255.0.0 summary-only
r1(config-router)#
r1#sh ip bgp
BGP table version is 244, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 155.0.0.0 0.0.0.0 32768 i
s> 155.0.146.0/24 0.0.0.0 0 32768 i
r1#
If we notice s standing for supressed the more specfic route will not be sent out
we are only recieving the summary address on r3 now
r3#sh ip bgp
BGP table version is 580, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* 155.0.0.0 2.2.2.2 0 200 400 100 i
* 5.5.5.5 0 400 100 i
*> 1.1.1.1 0 0 100 i
r3#
I will show the potential of black hole traffic
on r2 we will to the same agregation
r2
---
r2(config)#router bgp 200
r2(config-router)#network 155.0.23.0 mask 255.255.255.0
r2(config-router)#aggregate-address 155.0.0.0 255.255.0.0 summary-only
r2(config-router)#
Lets take a look at this from r5 perspective
R5
---
r5#sh ip bgp
BGP table version is 247, local router ID is 5.5.5.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* 155.0.0.0 2.2.2.2 0 0 200 i
* 3.3.3.3 0 300 100 i
*> 1.1.1.1 0 0 100 i
r5#
is picking 1.1.1.1 as the destination
if we try ping r2 serial interface 155.0.23.2 it will fail as it will go to r1 and get black
holed
Lets look at ways of fixing this
to make interesting we will advertise a few more specfic routes on r2
r2
---
r2(config)#router bgp 200
r2(config-router)#network 155.0.58.0 mask 255.255.255.0
r2(config-router)#network 155.0.67.0 mask 255.255.255.0
r2(config-router)#exit
r2(config)#exit
r2#sh ip bgp
*Mar 1 07:08:27.311: %SYS-5-CONFIG_I: Configured from console by console
BGP table version is 490, local router ID is 12.12.12.12
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 155.0.0.0 0.0.0.0 32768 i
* 3.3.3.3 0 300 100 i
* 5.5.5.5 0 400 100 i
s> 155.0.23.0/24 0.0.0.0 0 32768 i
s> 155.0.58.0/24 155.0.0.5 2172416 32768 i
s> 155.0.67.0/24 155.0.0.1 2174976 32768 i
r2#
say now we want to leak in 155.0.23.0
The first way we could do this
r2(config)#ip prefix-list IBGP permit 155.0.23.0/24
r2(config)#ip prefix-list IBGP permit 155.0.0.0/16
r2(config)#route-map IBGP
r2(config-route-map)#match ip address prefix-list IBGP
r2(config-route-map)#exit
r2(config)#router bgp 400
BGP is already running; AS is 200
r2(config)#router bgp 200
r2(config-router)#neighbor 5.5.5.5 route-map IBGP out
r2(config-router)#
r2(config)#router bgp 200
r2(config-router)#no aggregate-address 155.0.0.0 255.255.0.0 summary-only
r2(config-router)#aggregate-address 155.0.0.0 255.255.0.0
r2(config-router)#exit
r5
---
r5#sh ip bgp
BGP table version is 274, local router ID is 5.5.5.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* 155.0.0.0 2.2.2.2 0 0 200 i
* 3.3.3.3 0 300 100 i
*> 1.1.1.1 0 0 100 i
* 155.0.23.0/24 3.3.3.3 0 300 200 i
*> 2.2.2.2 0 0 200 i
r> 155.0.58.0/24 3.3.3.3 0 300 200 i
*> 155.0.67.0/24 3.3.3.3 0 300 200 i
r5#
ok on r5 we can see are now reciving the specfic route to r3 serial and the 155.0.0.0
network summary we are not getting but we are not getting the other routes been advertised
by r2
so we can do it per neighbor basis filtering
We could do this another way lets change back r2
r2
---
r2(config)#router bgp 200
r2(config-router)#no neighbor 5.5.5.5 route-map IBGP out
r2(config-router)#no aggregate-address 155.0.0.0 255.255.0.0
r2(config-router)#aggregate-address 155.0.0.0 255.255.0.0 summary-only
so we have changed it back to summary only
our previous prefix list and route-map should be ok
ip prefix-list IBGP: 2 entries
seq 5 permit 155.0.23.0/24
seq 10 permit 155.0.0.0/16
r2(config)#do sh route-map
route-map IBGP, permit, sequence 10
Match clauses:
ip address prefix-lists: IBGP
Set clauses:
Policy routing matches: 0 packets, 0 bytes
r2(config)#router bgp 200
r2(config-router)#neighbor 5.5.5.5 unsuppress-map IBGP
r5#sh ip bgp
BGP table version is 280, local router ID is 5.5.5.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* 155.0.0.0 2.2.2.2 0 0 200 i
* 3.3.3.3 0 300 100 i
*> 1.1.1.1 0 0 100 i
*> 155.0.23.0/24 2.2.2.2 0 0 200 i
same result
No comments:
Post a Comment