{"id":798,"date":"2021-08-20T03:11:12","date_gmt":"2021-08-20T03:11:12","guid":{"rendered":"http:\/\/feralpacket.org\/?p=798"},"modified":"2021-08-31T21:44:38","modified_gmt":"2021-08-31T21:44:38","slug":"bgp-aggregation-notes","status":"publish","type":"post","link":"https:\/\/feralpacket.org\/?p=798","title":{"rendered":"BGP Aggregation Notes"},"content":{"rendered":"

BGP Aggregation<\/p>\n

<\/b><\/p>\n

<\/p>\n

R1(config)# router bgp 100<\/span><\/strong><\/p>\n

aggregate-address 10.0.0.0 255.255.255.252.0 summary-only<\/p>\n

<\/span><\/strong>summary-only<\/b><\/p>\n

– Optional<\/p>\n

– Suppresses the specific routes and sends the summary route only<\/p>\n

-> Otherwise the specific routes and the summary route will be sent<\/p>\n

suppress-map<\/b><\/p>\n

– Can suppress specific routes and leak other routes<\/p>\n

– Any routes which are permitted in this map will be suppress and any routes that are denied will be leaked<\/p>\n

– Also sends the summary route<\/p>\n

Scenario -> On R1, create a summary route and also leak 10.0.1.0 and 10.0.3.0 specific routes to R2 as well.<\/p>\n

<\/p>\n

R1(config)# access-list 10 permit 10.0.0.0<\/span><\/strong><\/p>\n

access-list 10 permit 10.0.2.0<\/span><\/strong><\/p>\n

route-map SUPPRESS<\/span><\/strong><\/p>\n

match ip add 10<\/span><\/strong><\/p>\n

router bgp 100<\/span><\/strong><\/p>\n

aggregate-address 10.0.0.0 255.255.252.0 summary-only suppress-map SUPPRESS<\/span><\/strong><\/p>\n

-> “summary-only” is optional in this example<\/p>\n

unsurpress-map<\/b><\/p>\n

– Leaks specific routes which are permitted<\/p>\n

– Neighbor specific command<\/p>\n

Scenario -> Summarize 10.0.0.0 network on R1 and make sure R2 always chooses R3 as the next-hop to reach 10.0.2.0 \/24; \u00a0everything else can go directly to R1.<\/p>\n

<\/p>\n

R1(config)# access-list 10 permit 10.0.2.0<\/span><\/strong><\/p>\n

route-map UNSURPRESS<\/span><\/strong><\/p>\n

match ip add 10<\/span><\/strong><\/p>\n

router bgp 100<\/span><\/strong><\/p>\n

\u00a0aggregate-address 10.0.0.0 255.255.252.0 summary-only<\/span><\/strong><\/p>\n

neighbor 13.0.0.3 unsupress-map UNSURPRESS<\/p>\n

<\/span><\/strong><\/p>\n

<\/p>\n

AS-SET<\/b><\/p>\n

– Whenever a router summarizes the specific routes of another router which belongs to a different AS, the path information is lost<\/p>\n

– To retain the path information and add it to the summary route, use as-set.<\/p>\n

If R2 creates a summary address, the summary address will be sent back to R1.<\/p>\n

-> Usually not a good thing<\/p>\n

R2#\u00a0sh ip bgp<\/span><\/strong><\/p>\n

next-hop \u00a0 \u00a0 \u00a0 \u00a0 as-path<\/p>\n

10.0.0.0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a012.0.0.1 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0100 i<\/p>\n

10.0.1.0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a012.0.0.1 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0100 i<\/p>\n

10.0.2.0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a012.0.0.1 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0100 i<\/p>\n

10.0.3.0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a012.0.0.1 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0100 i<\/p>\n

R2(config)#\u00a0router bgp 100<\/span><\/strong><\/p>\n

aggregate-address 10.0.0.0 255.255.252.0 summary-only<\/span><\/strong><\/p>\n

R2#\u00a0sh ip bgp<\/span><\/strong><\/p>\n

next-hop \u00a0 \u00a0 \u00a0 \u00a0 as-path<\/p>\n

10.0.0.0 \/24 \u00a0 \u00a0 \u00a0 \u00a0 \u00a012.0.0.1 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0100 i<\/p>\n

10.0.1.0 \/24 \u00a0 \u00a0 \u00a0 \u00a0 \u00a012.0.0.1 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0100 i<\/p>\n

10.0.2.0 \/24 \u00a0 \u00a0 \u00a0 \u00a0 \u00a012.0.0.1 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0100 i<\/p>\n

10.0.3.0 \/24 \u00a0 \u00a0 \u00a0 \u00a0 \u00a012.0.0.1 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0100 i<\/p>\n

10.0.0.0 \/22 \u00a0 \u00a0 \u00a0 \u00a0 \u00a00.0.0.0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0i<\/p>\n

R3#\u00a0sh ip bgp<\/span><\/strong><\/p>\n

next-hop \u00a0 \u00a0 \u00a0 \u00a0 as-path<\/p>\n

10.0.0.0 \/22 \u00a0 \u00a0 \u00a0 \u00a0 \u00a00.0.0.0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0i<\/p>\n

R1#\u00a0sh ip bgp<\/span><\/strong><\/p>\n

next-hop \u00a0 \u00a0 \u00a0 \u00a0 as-path<\/p>\n

10.0.0.0 \/24 \u00a0 \u00a0 \u00a0 \u00a0 \u00a00.0.0.0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0i<\/p>\n

10.0.1.0 \/24 \u00a0 \u00a0 \u00a0 \u00a0 \u00a00.0.0.0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0i<\/p>\n

10.0.2.0 \/24 \u00a0 \u00a0 \u00a0 \u00a0 \u00a00.0.0.0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0i<\/p>\n

10.0.3.0 \/24 \u00a0 \u00a0 \u00a0 \u00a0 \u00a00.0.0.0 \u00a0\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 i<\/p>\n

10.0.0.0 \/22 \u00a0 \u00a0 \u00a0 \u00a0 \u00a012.0.0.2 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0200 i<\/p>\n

If 10.0.1.0 link goes down, R1 will send traffic for 10.0.1.0 to R2; \u00a0R2 will send traffic back to R1, creating a loop.<\/p>\n

R2(config)#\u00a0router bgp 100<\/span><\/strong><\/p>\n

\u00a0aggregate-address 10.0.0.0 255.255.252.0 summary-only as-set<\/p>\n

<\/span><\/strong><\/p>\n

<\/p>\n

e.g.<\/p>\n

10.0.0.0 \/24 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0500 i<\/p>\n

10.0.1.0 \/24 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0600 i<\/p>\n

10.0.2.0 \/24 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0700 i<\/p>\n

10.0.3.0 \/24 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0800 i<\/p>\n

10.0.0.0 \/22 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0500 600 700 800 i<\/p>\n

-> Combined when as-set is used<\/p>\n

<\/p>\n

Attibute-map<\/b><\/p>\n

– Used to change the path\u00a0attributes\u00a0of the summary<\/p>\n

-> but it cannot AS-PATH<\/p>\n

R2(config)# route-map ATTRIBUTE<\/span><\/strong><\/p>\n

set origin incomplete<\/span><\/strong><\/p>\n

router bgp 100<\/span><\/strong><\/p>\n

aggregate-address 10.0.0.0 255.255.252.0 summary-only attribute-map ATTRIBUTE as-set<\/span><\/strong><\/p>\n

-> as-set used\u00a0in case\u00a0a reflected route is created<\/p>\n

<\/p>\n

Advertise-map<\/b><\/p>\n

R1# sh ip bgp<\/strong><\/p>\n

10.0.0.0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0200<\/p>\n

10.0.1.0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0300<\/p>\n

10.0.2.0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0400<\/p>\n

– aggregate address<\/p>\n

10.0.0.0 \/22 \u00a0 \u00a0 200 300 400 i<\/p>\n

-> Will be dropped by AS 200, 300, and 400<\/p>\n

Scenario -> R1 should create a summary address for 10.0.0.0, 10.0.1.0, and 10.0.2.0 and this summary address should retain the AS-PATH information of AS 200 and AS 300.<\/p>\n

R1(config)# access-list 1 deny 10.0.2.0<\/strong><\/p>\n

access-list 1 permit any<\/strong><\/p>\n

route-map ADV<\/strong><\/p>\n

match ip add 1<\/strong><\/p>\n

router bgp 100<\/strong><\/p>\n

aggregate-address 10.0.0.0 255.255.252.0 summary-only as-set advertise-map ADV<\/strong><\/p>\n

R1# sh ip bgp<\/strong><\/p>\n

10.0.0.0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0200<\/p>\n

10.0.1.0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0300<\/p>\n

10.0.2.0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0400<\/p>\n

– aggregate address<\/p>\n

10.0.0.0 \/22 \u00a0 \u00a0 200 300 i<\/p>\n

<\/p>\n

Conditional Advertising<\/b><\/p>\n

– Advertise a route when a condition is true<\/p>\n

Condition #1<\/p>\n

– R2 would advertise loopback 0 of R3 only if the link between R1 <-> R4 is down<\/p>\n

– non-exist-map<\/p>\n

Condition #2<\/p>\n

– R2 would advertise loopback 0 of R3 only if the link between R1 <-> R4 is up<\/p>\n

– exist-map<\/p>\n


\nrouter bgp 100<\/strong><\/span><\/p>\n

neighbor <IP address> advertise-map <map> exist-map <map2><\/span><\/strong><\/p>\n

router bgp 100<\/span><\/strong><\/p>\n

neighbor <IP address> advertise-map <map> non-exist-map <map2><\/span><\/strong><\/p>\n

R2(config)# access-list 1 permit 3.3.3.3<\/span><\/strong><\/p>\n

access-list 2 permit 14.0.0.0<\/span><\/strong><\/p>\n

route-map MAP1<\/span><\/strong><\/p>\n

match ip add 1<\/span><\/strong><\/p>\n

route-map MAP2<\/span><\/strong><\/p>\n

match ip add 2<\/span><\/strong><\/p>\n

router bgp 100<\/span><\/strong><\/p>\n

neighbor 25.0.0.5 advertise-map MAP1 non-exist-map MAP2<\/span><\/strong><\/p>\n

MAP1 – The route (3.3.3.3)<\/p>\n

MAP2 – Link between R1 <-> R4<\/p>\n

<\/p>\n

BGP Backdoor Link<\/b><\/p>\n

– How could you prefer EIGRP over eBGP for traffic between R1 <-> R3?<\/p>\n

-> You can lower the AD of EIGRP, but that can have devastating consequences.<\/p>\n

– If two organizations have a backdoor connection over an IGP, BGP can be configured to make it’s own routes less desirable for some destinations by increasing the AD selectively from 20 to 200<\/p>\n

R3(config)# router bgp 300<\/span><\/strong><\/p>\n

network 1.1.1.1 mask 255.255.255.255 backdoor<\/span><\/strong><\/p>\n

The network statement does not advertise the network<\/p>\n

– When the network is received in an update, the AD is increased to 200<\/p>\n

– The EIGRP route gets added to the routing table<\/p>\n

<\/p>\n

Peer Groups<\/b><\/p>\n

– Allows a BGP router to group it’s neighbors who have similar configurations and require similar treatment<\/p>\n

– Benefits<\/p>\n

-> Less configuration<\/p>\n

-> Outgoing updates to these neighbors do need separate processing<\/p>\n

– Drawback<\/p>\n

-> Cannot have customized filtering or route-map (processing) on outgoing updates<\/p>\n

R1(config)# router bgp 100<\/span><\/strong><\/p>\n

neighbor GROUP1 peer-group<\/span><\/strong><\/p>\n

neighbor GROUP1 remote-as 100<\/span><\/strong><\/p>\n

neighbor GROUP1 update-source lo0<\/span><\/strong><\/p>\n

neighbor 2.2.2.2 peer-group GROUP1<\/span><\/strong><\/p>\n

neighbor 3.3.3.3 peer-group GROUP1<\/span><\/strong><\/p>\n

neighbor 4.4.4.4 peer-group GROUP1<\/span><\/strong><\/p>\n

neighbor 5.5.5.5 peer-group GROUP1<\/span><\/strong><\/p>\n


\nMAXAS-LIMIT<\/b><\/p>\n

– Feature limits the incoming updates according to the AS-PATH<\/p>\n

– Can be used to only accept routes from a directly connected organization<\/p>\n

– Can appear in the troubleshooting portion of the R&S lab<\/p>\n


\nrouter bgp 100<\/strong><\/span><\/p>\n

bgp maxas-limit 1<\/p>\n

<\/span><\/strong><\/p>\n

<\/p>\n

Unequal-cost Load Balancing in BGP<\/b><\/p>\n

– DMZ Link Bandwidth<\/p>\n

maximum-paths ibgp 2<\/strong><\/p>\n

– Default is 1<\/p>\n

1. DMZ Link<\/p>\n

– Exit interface of edge routers<\/p>\n

-> Towards eBGP neighbor<\/p>\n

2. DMZ Link Bandwidth<\/p>\n

– Bandwidth configured on exit interface<\/p>\n

3. Any internal router which has an iBGP neighbor with more than one edge router can use DMZ Link feature to load-balance according to the DMZ Link Bandwidth<\/p>\n

4. DMZ Link Bandwidth information is sent to the iBGP neighbor by using “extended community”<\/p>\n

Configuration<\/p>\n

– On the edge routers, activate the DMZ Link feature and\u00a0then capture\u00a0the exit link bandwidth in the DMZ Link extended \u00a0community<\/p>\n

– Send the extended community to the iBGP neighbor<\/p>\n

– On the iBGP neighbor, activate the DMZ Link feature and enable multi-path selection<\/p>\n

R1(config)# router bgp 100<\/span><\/strong><\/p>\n

bgp dmzlink-bw<\/span><\/strong><\/p>\n

neighbor 14.0.0.4 dmzlink-bw<\/span><\/strong><\/p>\n

neighbor 13.0.0.3 send-community extended<\/span><\/strong><\/p>\n

R3(config)# router bgp 100<\/span><\/strong><\/p>\n

bgp dmzlink-bw<\/span><\/strong><\/p>\n

maximum-paths ibgp 2<\/span><\/strong><\/p>\n

R3# clear ip bgp *<\/span><\/strong><\/p>\n

-> Or wait up to 60 seconds<\/p>\n


\nsh ip bgp 50.0.0.0<\/strong><\/span><\/p>\n

Route1 -> via R1 -> multipath, DMZ bandwidth<\/p>\n

Route2 -> via R2 -> multipath, DMZ bandwidth<\/p>\n

<\/p>\n

Outbound Route Filtering<\/b><\/p>\n

1. Activate ORF on both sides<\/p>\n

2. Apply the prefix-list incoming direction on receiving router<\/p>\n

3. Because of ORF, the prefix-list will be sent to the other router to be applied outbound<\/p>\n

R1(config)# router bgp<\/span><\/strong><\/p>\n

neighbor 12.0.0.2 capability orf prefix-list receive<\/span><\/strong><\/p>\n

R3(config)# router bgp 200<\/span><\/strong><\/p>\n

neighbor 12.0.0.1 capability orf prefix-list send<\/span><\/strong><\/p>\n

neighbor 12.0.0.1 prefix-list ABC in<\/span><\/strong><\/p>\n


\nsh ip bgp neighbor 12.0.0.1<\/span><\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"

BGP Aggregation<\/p>\n","protected":false},"author":1,"featured_media":786,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[39,31,10,57],"class_list":["post-798","post","type-post","status-publish","format-standard","hentry","category-ccie","tag-bgp","tag-published","tag-service-provider","tag-share"],"_links":{"self":[{"href":"https:\/\/feralpacket.org\/index.php?rest_route=\/wp\/v2\/posts\/798","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/feralpacket.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/feralpacket.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/feralpacket.org\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/feralpacket.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=798"}],"version-history":[{"count":3,"href":"https:\/\/feralpacket.org\/index.php?rest_route=\/wp\/v2\/posts\/798\/revisions"}],"predecessor-version":[{"id":992,"href":"https:\/\/feralpacket.org\/index.php?rest_route=\/wp\/v2\/posts\/798\/revisions\/992"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/feralpacket.org\/index.php?rest_route=\/wp\/v2\/media\/786"}],"wp:attachment":[{"href":"https:\/\/feralpacket.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=798"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/feralpacket.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=798"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/feralpacket.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=798"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}