p o c e | e n g i n e e r i n g

BGP prefix injection: Aggregation

BGP aggregation is a quite complex item, basically due to the strong scalability requirement for limiting the public Internet table dimensions and to the fact that aggregation means putting together prefixes with potentially completely different attributes on them, including the AS Path basically used to avoid loops. Therefore, whenever aggregation is used, its use means taht a re-policing of the attributes is required. Note: an aggregated route is forwarded only if at least one more specific route exists in the BGP table.

The command line perfmits such re-policing:
aggregate-address <address> <mask>
[as-set]
[summary-only]
[suppress-map <SpM-name>]
[advertise-map <AdM-name>]
[attribute-map <AtM-name>]
as-set: Generates autonomous system set path information.
summary-only: Filters all more-specific routes from updates.
suppress-map map-name: route map used to select the routes to be suppressed.
advertise-map map-name: route map used to select the routes for which the AS Path is used to create the new AS_SET.
attribute-map map-name: route map used to set the attribute of the aggregate route.

2514b(config)#int lo300
2514b(config-if)#ip address 10.32.0.1 255.255.255.0
2514b(config-if)#router bgp 300
2514b(config-router)#network 10.32.0.0 mask 255.255.255.0

2610b#sh ip bgp
BGP table version is 11, local router ID is 192.168.0.1
Status codes: s suppressed, d damped, h history, valid, > best, i – internal,

Origin codes: i – IGP, e – EGP, ? – incomplete

Network Next Hop Metric LocPrf Weight Path
10.32.0.0/24 192.168.107.2 4294967294 0 100 300 i

>i 192.168.102.2 0 100 0 100 300 i

2610b#sh ip bgp 10.32.0.0

BGP routing table entry for 10.32.0.0/24, version 11
Paths: (2 available, best #2, table Default-IP-Routing-Table)
Advertised to non peer-group peers:
192.168.107.2
100 300
192.168.107.2 from 192.168.107.2 (192.168.0.6)
Origin IGP, metric 4294967294, localpref 100, valid, external
100 300
192.168.102.2 (metric 51) from 192.168.0.2 (192.168.0.2)
Origin IGP, metric 0, localpref 100, valid, internal, best

Aggregate with no specific keyword:
2514b(config-router)#aggregate-address 10.32.0.0 255.255.0.0 ?
as-set Generate AS set path information
summary-only Filter more specific routes from updates
suppress-map Conditionally filter more specific routes from updates
advertise-map Set condition to advertise attribute
attribute-map Set attributes of aggregate
<cr>

2514b(config-router)#aggregate-address 10.32.0.0 255.255.0.0
2610b#sh ip bgp
BGP table version is 12, local router ID is 192.168.0.1
Status codes: s suppressed, d damped, h history, valid, > best, i – internal,

Origin codes: i – IGP, e – EGP, ? – incomplete

Network Next Hop Metric LocPrf Weight Path
10.32.0.0/24 192.168.107.2 4294967294 0 100 300 i
>i 192.168.102.2 0 100 0 100 300 i
10.32.0.0/16 192.168.107.2 4294967294 0 100 300 i
>i 192.168.102.2 0 100 0 100 300 i
2610b#sh ip bgp 10.32.0.0
BGP routing table entry for 10.32.0.0/24, version 11
Paths: (2 available, best #2, table Default-IP-Routing-Table)
Advertised to non peer-group peers:
192.168.107.2
100 300
192.168.107.2 from 192.168.107.2 (192.168.0.6)
Origin IGP, metric 4294967294, localpref 100, valid, external
100 300
192.168.102.2 (metric 51) from 192.168.0.2 (192.168.0.2)
Origin IGP, metric 0, localpref 100, valid, internal, best
2610b#sh ip bgp 10.32.0.0/16
BGP routing table entry for 10.32.0.0/16, version 12
Paths: (2 available, best #2, table Default-IP-Routing-Table)
Advertised to non peer-group peers:
192.168.107.2
100 300, (aggregated by 300 192.168.0.7)
192.168.107.2 from 192.168.107.2 (192.168.0.6)
Origin IGP, metric 4294967294, localpref 100, valid, external, atomic-aggregate
100 300, (aggregated by 300 192.168.0.7)
192.168.102.2 (metric 51) from 192.168.0.2 (192.168.0.2)
Origin IGP, metric 0, localpref 100, valid, internal, atomic-aggregate, best

Another more specific route is added on another AS.
The aggregator does not set an AS-SET, because it is not configured to do so.
once configured, it does that. Still all more specific are advertised.

2514a(config)#int loopback 350
2514a(config-if)#ip address 10.32.10.1 255.255.255.0
2514a(config-if)#router bgp 200
2514a(config-router)#network 10.32.10.0 mask 255.255.255.0

2514b#sh ip bgp
BGP table version is 15, local router ID is 192.168.0.7
Status codes: s suppressed, d damped, h history, valid, > best, i – internal,

Origin codes: i – IGP, e – EGP, ? – incomplete

Network Next Hop Metric LocPrf Weight Path

> 10.32.0.0/24 0.0.0.0 0 32768 i

> 10.32.0.0/16 0.0.0.0 32768 i

> 10.32.10.0/24 192.168.111.2 0 0 200 i

2610b#sh ip bgp

BGP table version is 22, local router ID is 192.168.0.1
Status codes: s suppressed, d damped, h history, valid, > best, i – internal,

Origin codes: i – IGP, e – EGP, ? – incomplete

2610b#sh ip bgp 10.32.0.0/16
BGP routing table entry for 10.32.0.0/16, version 24
Paths: (2 available, best #2, table Default-IP-Routing-Table)
Flag: 0x820
Advertised to non peer-group peers:
192.168.107.2
100 300 200, (aggregated by 300 192.168.0.7)
192.168.107.2 from 192.168.107.2 (192.168.0.6)
Origin IGP, metric 4294967294, localpref 100, valid, external
100 300 200, (aggregated by 300 192.168.0.7)
192.168.102.2 (metric 51) from 192.168.0.2 (192.168.0.2)
Origin IGP, metric 0, localpref 100, valid, internal, best

First we remove more specific advertisement from AS200 to AS300.
The no-export community is used, but only internally in AS200.
Then we start to add policing on the aggregation: “summary-only” is used

2514a(config)#router bgp 200
2514a(config-router)#neighbor 192.168.0.9 send-community both
2514a(config)#ip bgp-community new-format

switch02(config)#ip prefix-list TO_not_be_exported seq 10 permit 10.32.10.0/24
switch02(config)#route-map NO_EXPORT
switch02(config-route-map)#match ip add prefix-list TO_not_be_exported
switch02(config-route-map)#set community no-export
switch02(config-route-map)#router bgp 200
switch02(config-router)#neighbor 192.168.0.8 route-map NO_EXPORT in
switch02(config-router)#neighbor 192.168.0.8 send-community both
switch02(config)#ip bgp-community new-format

switch02#sh ip bgp 10.32.10.0
BGP routing table entry for 10.32.10.0/24, version 22
Paths: (1 available, best #1, table Default-IP-Routing-Table, not advertised to EBGP peer)
Flag: 0x880
Not advertised to any peer
Local
192.168.0.8 (metric 130816) from 192.168.0.8 (192.168.0.8)
Origin IGP, metric 0, localpref 100, valid, internal, best
Community: no-export

1600b#sh ip bgp 10.32.10.0
BGP routing table entry for 10.32.10.0/24, version 22
Paths: (1 available, best #1)
Advertised to non peer-group peers:
192.168.104.1 192.168.109.2
300 200
192.168.106.2 (metric 1572) from 192.168.0.3 (192.168.0.3)
Origin IGP, metric 0, localpref 100, valid, internal, best

2610b#sh ip bgp
BGP table version is 30, local router ID is 192.168.0.1
Status codes: s suppressed, d damped, h history, valid, > best, i – internal,

Origin codes: i – IGP, e – EGP, ? – incomplete

Network Next Hop Metric LocPrf Weight Path
10.32.0.0/24 192.168.107.2 4294967294 0 100 300 i
>i 192.168.102.2 0 100 0 100 300 i
10.32.0.0/16 192.168.107.2 4294967294 0 100 300 200 i
>i 192.168.102.2 0 100 0 100 300 200 i
10.32.10.0/24 192.168.107.2 4294967294 0 100 300 200 i
>i 192.168.102.2 0 100 0 100 300 200 i

2610b#sh ip bgp 10.32.10.0
BGP routing table entry for 10.32.10.0/24, version 28
Paths: (2 available, best #2, table Default-IP-Routing-Table)
Advertised to non peer-group peers:
192.168.107.2
100 300 200
192.168.107.2 from 192.168.107.2 (192.168.0.6)
Origin IGP, metric 4294967294, localpref 100, valid, external
100 300 200
192.168.102.2 (metric 51) from 192.168.0.2 (192.168.0.2)
Origin IGP, metric 0, localpref 100, valid, internal, best

2514b(config)#router bgp 300
2514b(config-router)#aggregate-address 10.32.0.0 255.255.0.0 as-set summary-only

1600b#sh ip bgp 10.32.10.0
BGP routing table entry for 10.32.0.0/16, version 23
Paths: (1 available, best #1)
Advertised to non peer-group peers:
192.168.104.1 192.168.109.2
300 200, (aggregated by 300 192.168.0.7)
192.168.106.2 (metric 1572) from 192.168.0.3 (192.168.0.3)
Origin IGP, metric 0, localpref 100, valid, internal, best

2610b#sh ip bgp
BGP table version is 34, local router ID is 192.168.0.1
Status codes: s suppressed, d damped, h history, valid, > best, i – internal,

Origin codes: i – IGP, e – EGP, ? – incomplete

Network Next Hop Metric LocPrf Weight Path
10.32.0.0/16 192.168.107.2 4294967294 0 100 300 200 i
>i 192.168.102.2 0 100 0 100 300 200 i

Policing on the aggregation: “summary-only” is removed, a “suppress map” is used. The two commands are alternative. Using the suppress-map keyword creates the aggregate route but suppresses advertisement of specified routes. You can use the match clauses of route maps to selectively suppress some more-specific routes of the aggregate and leave others unsuppressed. IP access lists and autonomous system path access lists match clauses are supported.

IMPORTANT: it looks like that the bgp aggregate command needs to be diapplied and reapplied if a change is needed!!!!

2514b(config)#ip access-list standard NO_smal_prefixes
2514b(config-std-nacl)#permit 10.32.10.0 0.0.0.255
2514b(config-std-nacl)#deny any
2514b(config-std-nacl)#route-map Suppress_Very_Specific
2514b(config-route-map)#match ip address NO_smal_prefixes
2514b(config-std-nacl)#router bgp 300
2514b(config-router)#no aggregate-address 10.32.0.0 255.255.0.0 as-set suppress-map Suppress_Very_Specific
2514b(config-router)#aggregate-address 10.32.0.0 255.255.0.0 as-set suppress-map Suppress_Very_Specific
2514b#so

2514b#sh access-lists
Standard IP access list NO_smal_prefixes
10 permit 10.32.10.0, wildcard bits 0.0.0.255 (2 matches)
20 deny any (2 matches)

2514b#sh ip bgp
BGP table version is 31, local router ID is 192.168.0.7
Status codes: s suppressed, d damped, h history, valid, > best, i – internal,

Origin codes: i – IGP, e – EGP, ? – incomplete

Network Next Hop Metric LocPrf Weight Path
> 10.32.0.0/24 0.0.0.0 0 32768 i
> 10.32.0.0/16 0.0.0.0 100 32768 200 i
s> 10.32.10.0/24 192.168.111.2 0 0 200 i

2514b#sh ip bgp neighbors 192.168.0.4 advertised-routes
BGP table version is 31, local router ID is 192.168.0.7
Status codes: s suppressed, d damped, h history, valid, > best, i – internal,

Origin codes: i – IGP, e – EGP, ? – incomplete

Network Next Hop Metric LocPrf Weight Path
> 0.0.0.0 192.168.111.2 0 200 i
> 10.22.0.0/16 192.168.111.2 0 0 200 i
> 10.32.0.0/24 0.0.0.0 0 32768 i
> 10.32.0.0/16 0.0.0.0 100 32768 200 i

2610a#sh ip bgp
BGP table version is 34, local router ID is 192.168.0.4
Status codes: s suppressed, d damped, h history, valid, > best, i – internal,

Origin codes: i – IGP, e – EGP, ? – incomplete

Network Next Hop Metric LocPrf Weight Path
>i0.0.0.0 192.168.111.2 0 100 0 200 i
> 10.0.0.0 192.168.106.1 0 100 ?
10.22.0.0/16 192.168.106.1 0 100 200 i
>i 192.168.111.2 0 100 0 200 i
>i10.32.0.0/24 192.168.0.7 0 100 0 i
>i10.32.0.0/16 192.168.0.7 0 100 0 200 i
> 10.40.0.0/16 192.168.106.1 0 100 400 i
> 10.41.0.0/16 192.168.106.1 0 100 400 ?

NOTE: in case of an exception (like one specific neighbor or peer-group for which supporession is not wanted), the suppressed route can be selectively announced uing the “neighbor {ip-address | peer-group-name} unsuppress-map map-name” command, where the route-mpa used is identical to the suppress-map used in the aggregation.
NOTE: The “bgp suppress-inactive” command configures BGP to not advertise “inactive” routes to any BGP peer. A route that is not installed into the RIB, but is present in the BGP table, is an inactive route. A BGP routing process can advertise routes that are not installed in the RIB to BGP peers by default, for example, when routes are advertised through route aggregation.

Using the “advertise-map“: the advertise-map keyword selects specific routes that will be used to build different components of the aggregate route, such as AS_SET or community. This form of the aggregate-address command is useful when the components of an aggregate are in separate autonomous systems and you want to create an aggregate with AS_SET, and advertise it back to some of the same autonomous systems. You must remember to omit the specific autonomous system numbers from the AS_SET to prevent the aggregate from being dropped by the BGP loop detection mechanism at the receiving router. IP access lists and autonomous system path access lists match clauses are supported.

I want to create the aggregate and to delectively attributes to create the AS-SET. This would be simple if the AS-SET was remove, but to make use of the advertise map I add an extra more specific route from AS100 to aggregated and sent back to AS100. The route advertised from AS100 is not known by other peers of AS100 or AS400, unless received from AS300, AS200. I used a community in AS100 to make this possible.

1600b(config)#int lo 350
1600b(config-if)#ip address 10.32.11.1 255.255.255.0
1600b(config-router)#route-map Set_Community
1600b(config-route-map)#set community 100:11 additive
1600b(config)#ip community-list 10 permit 100:11
1600b(config)#route-map Prevent_11 deny 10
1600b(config-route-map)#match community 10
1600b(config-route-map)#route-map Prevent_11 permit 20
1600b(config-if)#router bgp 100
1600b(config-router)#network 10.32.11.0 mask 255.255.255.0 route-map Set_Community
1600b(config-router)#neighbor iBGP_peers route-map Prevent_11 out
1600b(config-router)#neighbor 192.168.104.1 route-map Prevent_11 out
1600b#so

1600b#sh ip bgp neighbors 192.168.109.2 advertised-routes
BGP table version is 36, local router ID is 192.168.0.5
Status codes: s suppressed, d damped, h history, valid, > best, i – internal

Origin codes: i – IGP, e – EGP, ? – incomplete

Network Next Hop Metric LocPrf Weight Path
>i0.0.0.0 192.168.106.2 0 100 0 300 200 i
> 10.0.0.0 0.0.0.0 0 32768 ?
>i10.32.0.0/24 192.168.106.2 0 100 0 300 i
> 10.32.11.0/24 0.0.0.0 0 32768 i
> 10.40.0.0/16 192.168.104.1 0 0 400 i
> 10.41.0.0/16 192.168.104.1 0 0 400 ?

1600b#sh ip bgp neighbors 192.168.104.1 advertised-routes
BGP table version is 36, local router ID is 192.168.0.5
Status codes: s suppressed, d damped, h history, valid, > best, i – internal

Origin codes: i – IGP, e – EGP, ? – incomplete

Network Next Hop Metric LocPrf Weight Path
>i0.0.0.0 192.168.106.2 0 100 0 300 200 i
> 10.0.0.0 0.0.0.0 0 32768 ?
> 10.22.0.0/16 192.168.109.2 130816 0 200 i
>i10.32.0.0/24 192.168.106.2 0 100 0 300 i

1600b#sh ip bgp neighbors 192.168.0.3 advertised-routes
BGP table version is 36, local router ID is 192.168.0.5
Status codes: s suppressed, d damped, h history, valid, > best, i – internal

Origin codes: i – IGP, e – EGP, ? – incomplete

Network Next Hop Metric LocPrf Weight Path
> 10.0.0.0 0.0.0.0 0 32768 ?
> 10.22.0.0/16 192.168.109.2 130816 0 200 i
> 10.40.0.0/16 192.168.104.1 0 0 400 i
> 10.41.0.0/16 192.168.104.1 0 0 400 ?

Note that the AS-SET uses now both AS100 and AS200.
2514b#sh ip bgp
BGP table version is 37, local router ID is 192.168.0.7
Status codes: s suppressed, d damped, h history, valid, > best, i – internal,

Origin codes: i – IGP, e – EGP, ? – incomplete

Network Next Hop Metric LocPrf Weight Path

> 0.0.0.0 192.168.111.2 0 200 i

>i10.0.0.0 192.168.106.1 0 100 0 100 ?

192.168.111.2 0 200 100 ?

> 10.22.0.0/16 192.168.111.2 0 0 200 i

> 10.32.0.0/24 0.0.0.0 0 32768 i

> 10.32.0.0/16 0.0.0.0 100 32768 {200,100} i

s> 10.32.10.0/24 192.168.111.2 0 0 200 i

> 10.32.11.0/24 192.168.111.2 0 200 100 i

10.40.0.0/16 192.168.111.2 0 200 100 400 i

>i 192.168.106.1 0 100 0 100 400 i

10.41.0.0/16 192.168.111.2 0 200 100 400 ?
>i 192.168.106.1 0 100 0 100 400 ?

Actually on the 2610a, border back from AS300 to AS100, there is a RIB failure on the next hop.
2610a#sh ip bgp 10.32.11.0
BGP routing table entry for 10.32.11.0/24, version 41
Paths: (1 available, best #1, table Default-IP-Routing-Table, RIB-failure(17) – next-hop mismatch)
Advertised to non peer-group peers:
192.168.106.1
200 100
192.168.111.2 (metric 20537600) from 192.168.0.7 (192.168.0.7)
Origin IGP, metric 0, localpref 100, valid, internal, best

2610a#sh ip route 192.168.111.2
Routing entry for 192.168.111.0/30
Known via “eigrp 1”, distance 90, metric 20537600, type internal
Redistributing via eigrp 1, ospf 1
Advertised by ospf 1 subnets
Last update from 192.168.108.2 on Serial1/1, 01:28:39 ago
Routing Descriptor Blocks:
192.168.108.2, from 192.168.108.2, 01:28:39 ago, via Serial1/1
Route metric is 20537600, traffic share count is 1
Total delay is 21000 microseconds, minimum bandwidth is 128 Kbit
Reliability 255/255, minimum MTU 1500 bytes
Loading 1/255, Hops 1

The problem occurs because the same prefix is redistributed in an IGP as well!!!!
1600b#sh ip rip database
10.0.0.0/8 auto-summary
10.11.0.0/16 directly connected, Loopback400
10.32.11.0/24 directly connected, Loopback350

1600b#sh run
router ospf 1
router-id 192.168.0.5
log-adjacency-changes
redistribute rip subnets
passive-interface Loopback999
network 192.168.0.5 0.0.0.0 area 101
network 192.168.104.254 0.0.0.0 area 101
default-metric 100
!
router rip
version 2
redistribute ospf 1
passive-interface Loopback400
network 10.0.0.0
network 192.168.105.0
network 192.168.109.0
default-metric 8
no auto-summary
!
end

To solve the issue the route is removed from both RIP advertisements and OSPF distribution (because it is a LSA type 5, this is possible in output).

1600b(config)#access-list 10 permit any
1600b(config)#router rip
1600b(config-router)#distribute-list 10 out
1600b(config-router)#router ospf 1
1600b(config-router)#distribute-list 10 out

2610a#sh ip bgp 10.32.11.0
BGP routing table entry for 10.32.11.0/24, version 43
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Advertised to non peer-group peers:
192.168.106.1
200 100
192.168.111.2 (metric 20537600) from 192.168.0.7 (192.168.0.7)
Origin IGP, metric 0, localpref 100, valid, internal, best

2610a#sh ip bgp
BGP table version is 43, local router ID is 192.168.0.4
Status codes: s suppressed, d damped, h history, valid, > best, i – internal,

Origin codes: i – IGP, e – EGP, ? – incomplete

Network Next Hop Metric LocPrf Weight Path
>i10.32.0.0/24 192.168.0.7 0 100 0 i
>i10.32.0.0/16 192.168.0.7 0 100 0 {200,100} i
>i10.32.11.0/24 192.168.111.2 0 100 0 200 100 i

Now we want to force the aggregate NO to list AS100 in the path. This to force AS100 to accept the path from AS300.
2514b#sh ip bgp regexp 200.100$
BGP table version is 37, local router ID is 192.168.0.7
Status codes: s suppressed, d damped, h history, valid, > best, i – internal,

Origin codes: i – IGP, e – EGP, ? – incomplete

Network Next Hop Metric LocPrf Weight Path
10.0.0.0 192.168.111.2 0 200 100 ?
> 10.32.11.0/24 192.168.111.2 0 200 100 i

2514b#sh ip bgp regexp .
BGP table version is 37, local router ID is 192.168.0.7
Status codes: s suppressed, d damped, h history, valid, > best, i – internal,

Origin codes: i – IGP, e – EGP, ? – incomplete

Network Next Hop Metric LocPrf Weight Path

> 0.0.0.0 192.168.111.2 0 200 i

>i10.0.0.0 192.168.106.1 0 100 0 100 ?

192.168.111.2 0 200 100 ?

> 10.22.0.0/16 192.168.111.2 0 0 200 i

> 10.32.0.0/24 0.0.0.0 0 32768 i

> 10.32.0.0/16 0.0.0.0 100 32768 {200,100} i

s> 10.32.10.0/24 192.168.111.2 0 0 200 i

> 10.32.11.0/24 192.168.111.2 0 200 100 i

10.40.0.0/16 192.168.111.2 0 200 100 400 i

>i 192.168.106.1 0 100 0 100 400 i

10.41.0.0/16 192.168.111.2 0 200 100 400 ?
>i 192.168.106.1 0 100 0 100 400 ?

2514b(config)#ip as-path access-list 10 deny 200.100$
2514b(config)#ip as-path access-list 10 permit .
2514b(config)#route-map Advertise-Select-Attribute
2514b(config-route-map)#match as-path 10
2514b(config)#router bgp 300
2514b(config-router)#aggregate-address 10.32.0.0 255.255.0.0 as-set suppress-map Suppress_Very_Specific advertise-map Advertise-Select-Attribute

2514b#sh ip bgp
BGP table version is 41, local router ID is 192.168.0.7
Status codes: s suppressed, d damped, h history, valid, > best, i – internal,

Origin codes: i – IGP, e – EGP, ? – incomplete

Network Next Hop Metric LocPrf Weight Path

> 0.0.0.0 192.168.111.2 0 200 i

>i10.0.0.0 192.168.106.1 0 100 0 100 ?

192.168.111.2 0 200 100 ?

> 10.22.0.0/16 192.168.111.2 0 0 200 i

> 10.32.0.0/24 0.0.0.0 0 32768 i

> 10.32.0.0/16 0.0.0.0 100 32768 200 i

s> 10.32.10.0/24 192.168.111.2 0 0 200 i

> 10.32.11.0/24 192.168.111.2 0 200 100 i

10.40.0.0/16 192.168.111.2 0 200 100 400 i

>i 192.168.106.1 0 100 0 100 400 i

10.41.0.0/16 192.168.111.2 0 200 100 400 ?
>i 192.168.106.1 0 100 0 100 400 ?

2610a#sh ip bgp neighbors 192.168.106.1 advertised-routes
BGP table version is 47, local router ID is 192.168.0.4
Status codes: s suppressed, d damped, h history, valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete

Network Next Hop Metric LocPrf Weight Path
>i0.0.0.0 192.168.111.2 0 100 0 200 i
>i10.22.0.0/16 192.168.111.2 0 100 0 200 i
>i10.32.0.0/24 192.168.0.7 0 100 0 i
>i10.32.0.0/16 192.168.0.7 0 100 0 200 i
>i10.32.11.0/24 192.168.111.2 0 100 0 200 100 i

1720b#sh ip bgp
BGP table version is 42, local router ID is 192.168.0.3
Status codes: s suppressed, d damped, h history, valid, > best, i – internal,

Origin codes: i – IGP, e – EGP, ? – incomplete

Network Next Hop Metric LocPrf Weight Path
> 0.0.0.0 192.168.106.2 0 300 200 i
>i10.0.0.0 192.168.0.5 0 100 0 ?
>i10.22.0.0/16 192.168.109.2 130816 100 0 200 i
192.168.106.2 0 300 200 i
> 10.32.0.0/24 192.168.106.2 0 300 i
> 10.32.0.0/16 192.168.106.2 0 300 200 i
i10.40.0.0/16 192.168.104.1 0 100 0 400 i
i 192.168.103.1 0 100 0 400 i
> 192.168.102.1 0 0 400 i
i10.41.0.0/16 192.168.104.1 0 100 0 400 ?
i 192.168.103.1 0 100 0 400 ?
> 192.168.102.1 0 0 400 ?

Finally a number of Attributes can be applied as usual on the aggregate route using the “attribute-map“.
Using the attribute-map keyword allows attributes of the aggregate route to be changed. This form of the aggregate-address command is useful when one of the routes forming the AS_SET is configured with an attribute such as the community no-export attribute, which would prevent the aggregate route from being exported. An attribute map route map can be created to change the aggregate attributes.

2514b(config)#route-map Set_attributes
2514b(config-route-map)#set local-preference 900
2514b(config-route-map)#router bgp 300
2514b(config-router)#aggregate-address 10.32.0.0 255.255.0.0 as-set suppress-map Suppress_Very_Specific advertise-map Advertise-Select-Attribute attribute-map Set_attributes

2610a#sh ip bgp
BGP table version is 52, local router ID is 192.168.0.4
Status codes: s suppressed, d damped, h history, valid, > best, i – internal,

Origin codes: i – IGP, e – EGP, ? – incomplete

Network Next Hop Metric LocPrf Weight Path
>i0.0.0.0 192.168.111.2 0 100 0 200 i
> 10.0.0.0 192.168.106.1 0 100 ?
10.22.0.0/16 192.168.106.1 0 100 200 i
>i 192.168.111.2 0 100 0 200 i
>i10.32.0.0/24 192.168.0.7 0 100 0 i
>i10.32.0.0/16 192.168.0.7 0 900 0 200 i
>i10.32.11.0/24 192.168.111.2 0 100 0 200 100 i
> 10.40.0.0/16 192.168.106.1 0 100 400 i
> 10.41.0.0/16 192.168.106.1 0 100 400 ?

hostname 2514b
!
interface Loopback300
ip address 10.32.0.1 255.255.255.0
!
interface Loopback400
ip address 10.31.0.1 255.255.0.0
!
interface Loopback999
ip address 192.168.0.7 255.255.255.255
!
interface Ethernet0
ip address 192.168.111.1 255.255.255.252
!
interface Serial0
ip address 192.168.108.2 255.255.255.252
!
router eigrp 1
passive-interface Loopback999
network 192.168.0.7 0.0.0.0
network 192.168.108.0 0.0.0.3
network 192.168.111.0 0.0.0.3
no auto-summary
!
router bgp 300
no synchronization
bgp router-id 192.168.0.7
bgp log-neighbor-changes
network 10.32.0.0 mask 255.255.255.0
aggregate-address 10.32.0.0 255.255.0.0 as-set attribute-map Set_attributes advertise-map Advertise-Select-Attribute suppress-mapSuppress_Very_Specific
timers bgp 30 90
neighbor 192.168.0.4 remote-as 300
neighbor 192.168.0.4 update-source Loopback999
neighbor 192.168.111.2 remote-as 200
no auto-summary
!
ip as-path access-list 10 deny 200.100$
ip as-path access-list 10 permit .
!
ip access-list standard NO_smal_prefixes
permit 10.32.10.0 0.0.0.255
deny any
!
route-map Set_attributes permit 10
set local-preference 900
!
route-map Suppress_Very_Specific permit 10
match ip address NO_smal_prefixes
!
route-map Advertise-Select-Attribute permit 10
match as-path 10
!
alias exec si clear ip bgp soft in
alias exec so clear ip bgp soft out
!
end

Conditionally Advertising of BGP Routes

Normally, once routes are learned in BGP and considered valid, they are always advertised according to “static” policy definitions. If a policy is satisfied, the routes are advertised. Suppose now you want to inject a prefix (such an aggregate or other) to a neighbor ONLY IF another prefix disappears from the RIB. In this case you can offer a backup to a neighbor, but only if a failure occurs. For instance suppose you have a more specific route you are aggregating and you want to send them only IF a given prefix exists in the RIB. If this fails, keeping the aggregate would create a blackhole, and you want to avoid that.

The routes or prefixes that will be conditionally advertised are defined in two route maps applied to a selected neighbor: an “exist map” (or “nonexist map”) and an “advertise map”. The route map associated with the exist map or nonexist map specifies the prefix that the BGP speaker will track (if present or if absent). The route map associated with the advertise map specifies the prefix that will be advertised to the specified neighbor when the condition is met. Note: routes can be referenced from an access list or an IP prefix list.

To remember: when exist-map is used, the prefix is advertised if both advertise-map and exist-map return the same result (TRUE amd TRUE). When nonexist-map is used, the prefix is advertised if advertise-map and nonexist-map return the different result (TRUE and FALSE), otherwise no prefix is advertised.

2610a(config)#route-map IF_EXISTS
2610a(config-route-map)#match ip address prefix-list EXIST_Specific
2610a(config)#route-map ADVERTISE_THIS
2610a(config-route-map)#match ip address prefix-list PREFIX_TO_SEND
2610a(config)#ip prefix-list EXIST_Specific permit 10.32.11.0/24
2610a(config)#ip prefix-list PREFIX_TO_SEND permit 10.32.0.0/16
2610a(config)#router bgp 300
2610a(config-router)#neighbor 192.168.106.1 advertise-map ADVERTISE_THIS ?
exist-map advertise prefix only if prefix is in the condition exists
non-exist-map advertise prefix only if prefix in the condition does not exist
2610a(config-router)#neighbor 192.168.106.1 advertise-map ADVERTISE_THIS exist-map IF_EXISTS

2610a#sh ip bgp neighbors 192.168.106.1 advertised-routes
BGP table version is 53, local router ID is 192.168.0.4
Status codes: s suppressed, d damped, h history, valid, > best, i – internal,

Origin codes: i – IGP, e – EGP, ? – incomplete

Network Next Hop Metric LocPrf Weight Path

>i0.0.0.0 192.168.111.2 0 100 0 200 i

>i10.22.0.0/16 192.168.111.2 0 100 0 200 i

>i10.32.0.0/24 192.168.0.7 0 100 0 i

>i10.32.0.0/16 192.168.0.7 0 900 0 200 i

>i10.32.11.0/24 192.168.111.2 0 100 0 200 100 i

Test:

1600b(config)#int lo350
1600b(config-if)#shut

2610a#sh ip bgp
BGP table version is 56, local router ID is 192.168.0.4
Status codes: s suppressed, d damped, h history, valid, > best, i – internal,

Origin codes: i – IGP, e – EGP, ? – incomplete

Network Next Hop Metric LocPrf Weight Path
>i0.0.0.0 192.168.111.2 0 100 0 200 i
> 10.0.0.0 192.168.106.1 0 100 ?
10.22.0.0/16 192.168.106.1 0 100 200 i
>i 192.168.111.2 0 100 0 200 i
>i10.32.0.0/24 192.168.0.7 0 100 0 i
>i10.32.0.0/16 192.168.0.7 0 900 0 200 i
> 10.40.0.0/16 192.168.106.1 0 100 400 i
> 10.41.0.0/16 192.168.106.1 0 100 400 ?

2610a#sh ip bgp neighbors 192.168.106.1 advertised-routes
BGP table version is 56, local router ID is 192.168.0.4
Status codes: s suppressed, d damped, h history, valid, > best, i – internal,

Origin codes: i – IGP, e – EGP, ? – incomplete

Network Next Hop Metric LocPrf Weight Path
>i0.0.0.0 192.168.111.2 0 100 0 200 i
>i10.22.0.0/16 192.168.111.2 0 100 0 200 i
>i10.32.0.0/24 192.168.0.7 0 100 0 i

hostname 2610a
!
router bgp 300
no synchronization
bgp router-id 192.168.0.4
bgp log-neighbor-changes
timers bgp 30 90
neighbor 192.168.0.7 remote-as 300
neighbor 192.168.0.7 update-source Loopback999
neighbor 192.168.106.1 remote-as 100
neighbor 192.168.106.1 advertise-map ADVERTISE_THIS exist-map IF_EXISTS
no auto-summary
!
!
ip prefix-list EXIST_Specific seq 5 permit 10.32.11.0/24
!
ip prefix-list PREFIX_TO_SEND seq 5 permit 10.32.0.0/16
no cdp run
!
route-map ADVERTISE_THIS permit 10
match ip address prefix-list PREFIX_TO_SEND
!
route-map IF_EXISTS permit 10
match ip address prefix-list EXIST_Specific
!
end

Conditional Injection of BGP Routes

While Aggregation allows suppression of all or some of the existing more specific routes from advertisements and conditional BGP advertisements to neighbor allow conditional advertisements of existing routes depending on an event, conditional “injection” of prefixes THAT ARE NOT AVAILABLE in BGP or RIB table is not allowed by these commands, because they assume a prefix must exist before being advertised. Only default information injection allows the 0.0.0.0/0 to be injected even if not present in RIB and BGP tables.

The new BGP conditional route injection feature allows you to originate a prefix into a BGP routing table WITHOUT the corresponding match in RIB or BGP table, but instead assuming a parent, less specific route exists. This feature allows more specific routes to be generated based on administrative policy or traffic engineering information in order to provide more specific control over the forwarding of packets to these more specific routes, which are injected into the BGP routing table only if the configured conditions are met.

Only prefixes that are equal to or more specific than the original prefix may be injected. BGP conditional route injection is enabled with the “bgp inject-map exist-map” command and uses two route maps (inject map and exist map) to install one (or more) more specific prefixes into a BGP routing table. The exist-map specifies the prefixes that the BGP speaker will track. The inject map defines the prefixes that will be created and installed into the local BGP table.

=> The exist-map specifies the prefix that the BGP speaker will track. This route map MUST contain a “match ip address prefix-list” command statement to specify the aggregate prefix and MUST contain a “match ip route-source prefix-list” command statement to specify the route source. The advertise-map MUST have a “set ip address prefix-list” statement to specify the created prefix.
=> The copy-attributes keyword is used to optionally configure the injected prefix to inherit the same attributes as the aggregate route. If this keyword is not entered, the injected prefix will use the default attributes for locally originated routes.

in our case we have the 1600b peer advertising the 10.32.11.0/24 address only through AS 300. So the path flows from AS400 to AS100, AS300 and AS200 to finally arrive at AS100 again. We want now to inject a more specific 10.32.11.1/32 route from the 1600b peer only if it verifies that the route 10.32.0.0/16 is availble (on 2610a this is conditionally advertise to AS100).

2610b#traceroute 10.32.11.1
Type escape sequence to abort.
Tracing the route to 10.32.11.1
1 192.168.101.2 [AS 200] 4 msec 4 msec 4 msec
2 192.168.102.2 [AS 200] 0 msec 0 msec 4 msec
3 192.168.106.2 [AS 200] 8 msec 4 msec 8 msec
4 192.168.108.2 [AS 200] 12 msec 12 msec 28 msec
5 192.168.111.2 [AS 200] 20 msec 20 msec 24 msec
6 192.168.110.1 [AS 200] 36 msec 24 msec 20 msec
7 192.168.109.1 [AS 200] 36 msec 28 msec
1600b(config)#ip prefix-list Less_Specific permit 10.32.0.0/16
1600b(config)#ip prefix-list Source_Peer_3 permit 192.168.0.3/32
1600b(config)#ip prefix-list More_Specific permit 10.32.11.1/32
1600b(config)#route-map EXIST_Less_Specific
1600b(config-route-map)#match ip add prefix-list Less_Specific
1600b(config-route-map)#match ip route-source prefix-list Source_Peer_3
1600b(config)#route-map More_Specific_To_Inject
1600b(config-route-map)#set ip address prefix-list More_Specific
1600b(config-route-map)#set origin igp
1600b(config-route-map)#set community 100:999 additive
1600b(config)#router bgp 100
1600b(config-router)#bgp inject-map More_Specific_To_Inject exist-map EXIST_Less_Specific

NOTE: actually I see that the path is injected but not to iBGP peers. Further the path has inheritated all attributes of the parent path it refers to (…. actually the “copy-attributes” keyword is not applied….). Because the 10.32.0.0/16 actually arrives from an iBGP neighbor, the new injected path cannot be reflected back to it. It can be sent to eBGP neighbors though.

1600b#sh ip bgp
Network Next Hop Metric LocPrf Weight Path

>i10.32.11.1/32 192.168.106.2 0 i

1600b#sh ip bgp 10.32.11.1

BGP routing table entry for 10.32.11.1/32, version 46
Paths: (1 available, best #1)
Advertised to non peer-group peers:
192.168.104.1 192.168.109.2 <<<<<<<<<< Here
Local, (aggregated by 300 192.168.0.7), (injected path from 10.32.0.0/16)
192.168.106.2 (metric 1572) from 192.168.0.3 (192.168.0.3)
Origin IGP, localpref 100, valid, internal, atomic-aggregate, best
Community: 100:999

1600b#sh ip bgp 10.32.0.0/16
BGP routing table entry for 10.32.0.0/16, version 45
Paths: (1 available, best #1)
Advertised to non peer-group peers:
192.168.104.1 192.168.109.2
300 200, (aggregated by 300 192.168.0.7)
192.168.106.2 (metric 1572) from 192.168.0.3 (192.168.0.3)
Origin IGP, metric 0, localpref 100, valid, internal, atomic-aggregate, best

2610b#traceroute 10.32.11.1
Type escape sequence to abort.
Tracing the route to 10.32.11.1
1 192.168.101.2 [AS 200] 4 msec 0 msec 0 msec
2 192.168.104.254 [AS 200] 24 msec 24 msec

hostname 1600b
!
router bgp 100
no synchronization
bgp router-id 192.168.0.5
bgp cluster-id 3232263425
bgp inject-map More_Specific_To_Inject exist-map EXIST_Less_Specific
network 10.32.11.0 mask 255.255.255.0 route-map Set_Community
timers bgp 30 90
redistribute rip route-map ALLOW_ONLY_11
neighbor iBGP_peers peer-group
neighbor iBGP_peers remote-as 100
neighbor iBGP_peers update-source Loopback999
neighbor iBGP_peers route-map Prevent_11 out
neighbor 192.168.0.3 peer-group iBGP_peers
neighbor 192.168.0.6 peer-group iBGP_peers
neighbor 192.168.104.1 remote-as 400
neighbor 192.168.104.1 route-map Prevent_11 out
neighbor 192.168.109.2 remote-as 200
!
ip bgp-community new-format
ip community-list 10 permit 100:11
ip prefix-list Less_Specific seq 5 permit 10.32.0.0/16
ip prefix-list More_Specific seq 5 permit 10.32.11.1/32
ip prefix-list ONLY_11 seq 100 permit 10.11.0.0/16
ip prefix-list ONLY_11 seq 500 deny 0.0.0.0/0 ge 1
ip prefix-list Source_Peer_3 seq 5 permit 192.168.0.3/32
access-list 10 deny 10.32.11.0 0.0.0.255
access-list 10 permit any
!
route-map Prevent_11 deny 10
match community 10 exact-match
!
route-map Prevent_11 permit 20
!
route-map ALLOW_ONLY_11 permit 10
match ip address prefix-list ONLY_11
!
route-map Set_Community permit 10
set community 100:11 additive
!
route-map More_Specific_To_Inject permit 10
set ip address prefix-list More_Specific
set origin igp
set community 100:999 additive
!
route-map EXIST_Less_Specific permit 10
match ip address prefix-list Less_Specific
match ip route-source prefix-list Source_Peer_3
!
end