Aut inveniam viam aut faciam

BGP Aggregation Notes

BGP Aggregation

R1(config)# router bgp 100

aggregate-address 10.0.0.0 255.255.255.252.0 summary-only

summary-only

– Optional

– Suppresses the specific routes and sends the summary route only

-> Otherwise the specific routes and the summary route will be sent

suppress-map

– Can suppress specific routes and leak other routes

– Any routes which are permitted in this map will be suppress and any routes that are denied will be leaked

– Also sends the summary route

Scenario -> On R1, create a summary route and also leak 10.0.1.0 and 10.0.3.0 specific routes to R2 as well.

R1(config)# access-list 10 permit 10.0.0.0

access-list 10 permit 10.0.2.0

route-map SUPPRESS

match ip add 10

router bgp 100

aggregate-address 10.0.0.0 255.255.252.0 summary-only suppress-map SUPPRESS

-> “summary-only” is optional in this example

unsurpress-map

– Leaks specific routes which are permitted

– Neighbor specific command

Scenario -> Summarize 10.0.0.0 network on R1 and make sure R2 always chooses R3 as the next-hop to reach 10.0.2.0 /24;  everything else can go directly to R1.

R1(config)# access-list 10 permit 10.0.2.0

route-map UNSURPRESS

match ip add 10

router bgp 100

 aggregate-address 10.0.0.0 255.255.252.0 summary-only

neighbor 13.0.0.3 unsupress-map UNSURPRESS

AS-SET

– Whenever a router summarizes the specific routes of another router which belongs to a different AS, the path information is lost

– To retain the path information and add it to the summary route, use as-set.

If R2 creates a summary address, the summary address will be sent back to R1.

-> Usually not a good thing

R2# sh ip bgp

next-hop         as-path

10.0.0.0          12.0.0.1          100 i

10.0.1.0          12.0.0.1          100 i

10.0.2.0          12.0.0.1          100 i

10.0.3.0          12.0.0.1          100 i

R2(config)# router bgp 100

aggregate-address 10.0.0.0 255.255.252.0 summary-only

R2# sh ip bgp

next-hop         as-path

10.0.0.0 /24          12.0.0.1          100 i

10.0.1.0 /24          12.0.0.1          100 i

10.0.2.0 /24          12.0.0.1          100 i

10.0.3.0 /24          12.0.0.1          100 i

10.0.0.0 /22          0.0.0.0            i

R3# sh ip bgp

next-hop         as-path

10.0.0.0 /22          0.0.0.0            i

R1# sh ip bgp

next-hop         as-path

10.0.0.0 /24          0.0.0.0            i

10.0.1.0 /24          0.0.0.0            i

10.0.2.0 /24          0.0.0.0            i

10.0.3.0 /24          0.0.0.0            i

10.0.0.0 /22          12.0.0.2          200 i

If 10.0.1.0 link goes down, R1 will send traffic for 10.0.1.0 to R2;  R2 will send traffic back to R1, creating a loop.

R2(config)# router bgp 100

 aggregate-address 10.0.0.0 255.255.252.0 summary-only as-set

e.g.

10.0.0.0 /24          500 i

10.0.1.0 /24          600 i

10.0.2.0 /24          700 i

10.0.3.0 /24          800 i

10.0.0.0 /22          500 600 700 800 i

-> Combined when as-set is used

Attibute-map

– Used to change the path attributes of the summary

-> but it cannot AS-PATH

R2(config)# route-map ATTRIBUTE

set origin incomplete

router bgp 100

aggregate-address 10.0.0.0 255.255.252.0 summary-only attribute-map ATTRIBUTE as-set

-> as-set used in case a reflected route is created

Advertise-map

R1# sh ip bgp

10.0.0.0          200

10.0.1.0          300

10.0.2.0          400

– aggregate address

10.0.0.0 /22     200 300 400 i

-> Will be dropped by AS 200, 300, and 400

Scenario -> R1 should create a summary address for 10.0.0.0, 10.0.1.0, and 10.0.2.0 and this summary address should retain the AS-PATH information of AS 200 and AS 300.

R1(config)# access-list 1 deny 10.0.2.0

access-list 1 permit any

route-map ADV

match ip add 1

router bgp 100

aggregate-address 10.0.0.0 255.255.252.0 summary-only as-set advertise-map ADV

R1# sh ip bgp

10.0.0.0          200

10.0.1.0          300

10.0.2.0          400

– aggregate address

10.0.0.0 /22     200 300 i

Conditional Advertising

– Advertise a route when a condition is true

Condition #1

– R2 would advertise loopback 0 of R3 only if the link between R1 <-> R4 is down

– non-exist-map

Condition #2

– R2 would advertise loopback 0 of R3 only if the link between R1 <-> R4 is up

– exist-map


router bgp 100

neighbor <IP address> advertise-map <map> exist-map <map2>

router bgp 100

neighbor <IP address> advertise-map <map> non-exist-map <map2>

R2(config)# access-list 1 permit 3.3.3.3

access-list 2 permit 14.0.0.0

route-map MAP1

match ip add 1

route-map MAP2

match ip add 2

router bgp 100

neighbor 25.0.0.5 advertise-map MAP1 non-exist-map MAP2

MAP1 – The route (3.3.3.3)

MAP2 – Link between R1 <-> R4

BGP Backdoor Link

– How could you prefer EIGRP over eBGP for traffic between R1 <-> R3?

-> You can lower the AD of EIGRP, but that can have devastating consequences.

– If two organizations have a backdoor connection over an IGP, BGP can be configured to make it’s own routes less desirable for some destinations by increasing the AD selectively from 20 to 200

R3(config)# router bgp 300

network 1.1.1.1 mask 255.255.255.255 backdoor

The network statement does not advertise the network

– When the network is received in an update, the AD is increased to 200

– The EIGRP route gets added to the routing table

Peer Groups

– Allows a BGP router to group it’s neighbors who have similar configurations and require similar treatment

– Benefits

-> Less configuration

-> Outgoing updates to these neighbors do need separate processing

– Drawback

-> Cannot have customized filtering or route-map (processing) on outgoing updates

R1(config)# router bgp 100

neighbor GROUP1 peer-group

neighbor GROUP1 remote-as 100

neighbor GROUP1 update-source lo0

neighbor 2.2.2.2 peer-group GROUP1

neighbor 3.3.3.3 peer-group GROUP1

neighbor 4.4.4.4 peer-group GROUP1

neighbor 5.5.5.5 peer-group GROUP1


MAXAS-LIMIT

– Feature limits the incoming updates according to the AS-PATH

– Can be used to only accept routes from a directly connected organization

– Can appear in the troubleshooting portion of the R&S lab


router bgp 100

bgp maxas-limit 1

Unequal-cost Load Balancing in BGP

– DMZ Link Bandwidth

maximum-paths ibgp 2

– Default is 1

1. DMZ Link

– Exit interface of edge routers

-> Towards eBGP neighbor

2. DMZ Link Bandwidth

– Bandwidth configured on exit interface

3. Any internal router which has an iBGP neighbor with more than one edge router can use DMZ Link feature to load-balance according to the DMZ Link Bandwidth

4. DMZ Link Bandwidth information is sent to the iBGP neighbor by using “extended community”

Configuration

– On the edge routers, activate the DMZ Link feature and then capture the exit link bandwidth in the DMZ Link extended  community

– Send the extended community to the iBGP neighbor

– On the iBGP neighbor, activate the DMZ Link feature and enable multi-path selection

R1(config)# router bgp 100

bgp dmzlink-bw

neighbor 14.0.0.4 dmzlink-bw

neighbor 13.0.0.3 send-community extended

R3(config)# router bgp 100

bgp dmzlink-bw

maximum-paths ibgp 2

R3# clear ip bgp *

-> Or wait up to 60 seconds


sh ip bgp 50.0.0.0

Route1 -> via R1 -> multipath, DMZ bandwidth

Route2 -> via R2 -> multipath, DMZ bandwidth

Outbound Route Filtering

1. Activate ORF on both sides

2. Apply the prefix-list incoming direction on receiving router

3. Because of ORF, the prefix-list will be sent to the other router to be applied outbound

R1(config)# router bgp

neighbor 12.0.0.2 capability orf prefix-list receive

R3(config)# router bgp 200

neighbor 12.0.0.1 capability orf prefix-list send

neighbor 12.0.0.1 prefix-list ABC in


sh ip bgp neighbor 12.0.0.1

Comments are closed.

This entry was posted on Friday, August 20th, 2021 at 3:11 am and is filed under CCIE. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.