Today’s post is a simple 3 router topology based on a true story when route aggregation didn’t appear to working as expected at first glance and some additional thought was required as to why things were behaving that way and what was required to make it do what I wanted.
I’m using 3 x Nokia VSR-Sims running SROS 14.0R4, and while the concepts discussed here are definitely flavoured through a SROS lens, the concepts will be familiar to different router platforms and their associated operating systems.
R1 and R2 are in BGP AS 12 and use ospf to advertise their respective system addresses which are used for their IBGP peerings
configure system name "R1" exit card 1 card-type iom3-xp-b mda 1 mda-type m5-1gb-sfp-b no shutdown exit no shutdown exit port 1/1/1 ethernet exit no shutdown exit router interface "Loop" address 100.100.100.1/24 loopback no shutdown exit interface "R2" address 10.1.2.1/27 port 1/1/1 no shutdown exit interface "system" address 1.1.1.1/32 no shutdown exit autonomous-system 12 ospf 0 area 0.0.0.0 interface "system" no shutdown exit interface "R2" no shutdown exit exit no shutdown exit policy-options begin prefix-list "PL_LOOP" prefix 100.100.100.0/24 exact exit policy-statement "PS_LOOP_EXP" entry 10 from protocol direct prefix-list "PL_LOOP" exit action accept exit exit exit commit exit bgp group "IBGP" export "PS_LOOP_EXP" peer-as 12 neighbor 2.2.2.2 exit exit no shutdown exit exit exit all
configure system name "R2" exit card 1 card-type iom3-xp-b mda 1 mda-type m5-1gb-sfp-b no shutdown exit no shutdown exit port 1/1/1 ethernet exit no shutdown exit port 1/1/2 ethernet exit no shutdown exit router interface "R1" address 10.1.2.2/27 port 1/1/1 no shutdown exit interface "R3" address 10.2.3.2/27 port 1/1/2 no shutdown exit interface "system" address 2.2.2.2/32 no shutdown exit autonomous-system 12 router-id 2.2.2.2 ospf 0 area 0.0.0.0 interface "system" no shutdown exit interface "R1" no shutdown exit exit no shutdown exit bgp group "IBGP" peer-as 12 neighbor 1.1.1.1 exit exit no shutdown exit exit exit all
R3 which is in BGP AS 3 will be peering with R2. While we can configure R2, as R3 is in a different AS, we cannot touch it nor modify its configuration. R3 is already configured to peer with R2 and is waiting for R2 to come online.
Our configuration for R2 to establish the BGP Session:
A:R2# configure router bgp A:R2>config>router>bgp# group EBGP *A:R2>config>router>bgp>group$ neighbor 10.2.3.3 peer-as 3 *A:R2>config>router>bgp>group$ exit all
Assuming enough time has passed for BGP to come up, lets get a quick state of play with BGP on R2:
*A:R2# show router bgp summary | match "BGP Sum" post-lines 100 BGP Summary =============================================================================== Legend : D - Dynamic Neighbor =============================================================================== Neighbor Description AS PktRcvd InQ Up/Down State|Rcv/Act/Sent (Addr Family) PktSent OutQ ------------------------------------------------------------------------------- 1.1.1.1 12 11 0 00h03m30s 1/1/0 (IPv4) 10 0 10.2.3.3 3 6 0 00h00m34s 8/8/1 (IPv4) 5 0 -------------------------------------------------------------------------------
Right now R2 has active BGP sessions with R1 and R3 – we can see that R2 has received 8 routes from R3 and has sent 1 (from R1). R2 hasn’t yet sent any routes learnt from R3 to R1 however this should happen shortly.
These are the BGP routes that R2 knows of
*A:R2# show router bgp routes =============================================================================== BGP Router ID:2.2.2.2 AS:12 Local AS:12 =============================================================================== Legend - Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid l - leaked, x - stale, > - best, b - backup, p - purge Origin codes : i - IGP, e - EGP, ? - incomplete =============================================================================== BGP IPv4 Routes =============================================================================== Flag Network LocalPref MED Nexthop (Router) Path-Id Label As-Path ------------------------------------------------------------------------------- u*>i 3.0.0.0/24 None None 10.2.3.3 None - 3 u*>i 3.0.1.0/24 None None 10.2.3.3 None - 3 u*>i 3.0.2.0/24 None None 10.2.3.3 None - 3 u*>i 3.0.3.0/24 None None 10.2.3.3 None - 3 u*>i 3.0.4.0/24 None None 10.2.3.3 None - 3 u*>i 3.0.5.0/24 None None 10.2.3.3 None - 3 u*>i 3.0.6.0/24 None None 10.2.3.3 None - 3 u*>i 3.0.7.0/24 None None 10.2.3.3 None - 3 u*>i 100.100.100.0/24 100 None 1.1.1.1 None - No As-Path ------------------------------------------------------------------------------- Routes : 9 ===============================================================================
As this post is about route aggregation, on R2 we want to send a summary route through to R1 (3.0.0.0/21) instead of all the individual routes. To do this we will create the aggregate route and specify it to be a summary-only route and because we can, we will include the AS-Set in the aggregate so R1 knows these came from AS 3
*A:R2# configure router aggregate 3.0.0.0/21 summary-only as-set description "Aggregate from AS3"
*A:R2# show router aggregate detail =============================================================================== Legend: G - generate-icmp enabled =============================================================================== Aggregate Route Table (Router: Base) =============================================================================== Prefix : 3.0.0.0/21 Description : Aggregate from AS3 Summary : True AS Set : True Aggr AS : 0 Aggr IP-Address : 0.0.0.0 Aggr OperState : Active Nexthop Type : None Nexthop : Community : ------------------------------------------------------------------------------- No. of Aggregate Routes: 1 ==============================================================================="
We can see the aggregate appear in the routing table as a blackhole route from protocol aggregate
*A:R2# show router route-table =============================================================================== Route Table (Router: Base) =============================================================================== Dest Prefix[Flags] Type Proto Age Pref Next Hop[Interface Name] Metric ------------------------------------------------------------------------------- 1.1.1.1/32 Remote OSPF 00h10m16s 10 10.1.2.1 100 2.2.2.2/32 Local Local 00h11m14s 0 system 0 3.0.0.0/21 Blackh* Aggr 00h02m13s 130 Black Hole 0 3.0.0.0/24 Remote BGP 00h05m59s 170 10.2.3.3 0 3.0.1.0/24 Remote BGP 00h05m59s 170 10.2.3.3 0 3.0.2.0/24 Remote BGP 00h05m59s 170 10.2.3.3 0 3.0.3.0/24 Remote BGP 00h05m59s 170 10.2.3.3 0 3.0.4.0/24 Remote BGP 00h05m59s 170 10.2.3.3 0 3.0.5.0/24 Remote BGP 00h06m00s 170 10.2.3.3 0 3.0.6.0/24 Remote BGP 00h06m00s 170 10.2.3.3 0 3.0.7.0/24 Remote BGP 00h06m00s 170 10.2.3.3 0 10.1.2.0/27 Local Local 00h11m00s 0 R1 0 10.2.3.0/27 Local Local 00h11m00s 0 R3 0 100.100.100.0/24 Remote BGP 00h08m53s 170 10.1.2.1 0 ------------------------------------------------------------------------------- No. of Routes: 14 Flags: n = Number of times nexthop is repeated B = BGP backup route available L = LFA nexthop available S = Sticky ECMP requested =============================================================================== * indicates that the corresponding row element may have been truncated.
As we can see in the routing table, an aggregate route is treated as its own routing protocol, so we need to develop a routing policy to advertise the aggregate to R1
*A:R2# configure router policy-options *A:R2>config>router>policy-options# begin *A:R2>config>router>policy-options# policy-statement PS_AGGREGATE *A:R2>config>router>policy-options>policy-statement$ entry 10 from protocol aggregate *A:R2>config>router>policy-options>policy-statement$ entry 10 action accept *A:R2>config>router>policy-options>policy-statement>entry>action$ exit *A:R2>config>router>policy-options>policy-statement$ info ---------------------------------------------- entry 10 from protocol aggregate exit action accept exit exit ---------------------------------------------- *A:R2>config>router>policy-options>policy-statement$ exit *A:R2>config>router>policy-options# commit
We then can use the policy to export to our neighbor (using group IBGP or on the neighbor directly)
*A:R2>config>router>policy-options# /configure router bgp group "IBGP" *A:R2>config>router>bgp>group# export "PS_AGGREGATE"
One thing we haven’t done yet is that the EBGP next-hop 10.2.3.3 will not be visible to R1, so we can either add that interface into OSPF (as a passive interface so we don’t attempt to peer with an external router at the IGP level) or have R2 set next-hop-self (I generally prefer this as it keeps the IGP just for internal core links)
*A:R2>config>router>bgp>group# next-hop-self *A:R2>config>router>bgp>group# info ---------------------------------------------- next-hop-self export "PS_AGGREGATE" peer-as 12 neighbor 1.1.1.1 exit ----------------------------------------------
Okay, so now R1 should have 3.0.0.0/21 and the job is done, so lets verify this is working on R1
A:R1# show router route-table =============================================================================== Route Table (Router: Base) =============================================================================== Dest Prefix[Flags] Type Proto Age Pref Next Hop[Interface Name] Metric ------------------------------------------------------------------------------- 1.1.1.1/32 Local Local 00h18m48s 0 system 0 2.2.2.2/32 Remote OSPF 00h17m57s 10 10.1.2.2 100 10.1.2.0/27 Local Local 00h18m32s 0 R2 0 100.100.100.0/24 Local Local 00h18m48s 0 Loop 0 ------------------------------------------------------------------------------- No. of Routes: 4 Flags: n = Number of times nexthop is repeated B = BGP backup route available L = LFA nexthop available S = Sticky ECMP requested ===============================================================================
3.0.0.0/21 is not present, so something is wrong here. What is R2 sending to R1?
*A:R2>config>router>bgp>group# show router bgp neighbor 1.1.1.1 advertised-routes =============================================================================== BGP Router ID:2.2.2.2 AS:12 Local AS:12 =============================================================================== Legend - Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid l - leaked, x - stale, > - best, b - backup, p - purge Origin codes : i - IGP, e - EGP, ? - incomplete =============================================================================== BGP IPv4 Routes =============================================================================== Flag Network LocalPref MED Nexthop (Router) Path-Id Label As-Path ------------------------------------------------------------------------------- No Matching Entries Found ===============================================================================
Nothing – let’s double check our policy
*A:R2>config>router>bgp>group# show router policy "PS_AGGREGATE" entry 10 from protocol aggregate exit action accept exit exit *A:R2>config>router>bgp>group# show router aggregate =============================================================================== Legend: G - generate-icmp enabled =============================================================================== Aggregates (Router: Base) =============================================================================== Prefix Aggr IP-Address Aggr AS Summary AS Set State NextHop Community NextHopType ------------------------------------------------------------------------------- 3.0.0.0/21 0.0.0.0 0 True True Active None ------------------------------------------------------------------------------- No. of Aggregates: 1 ===============================================================================
Well that looks okay but maybe the aggregate route is wrong
*A:R2>config>router>bgp>group# /admin display-config | match expression "^\ +agg" aggregate 3.0.0.0/21 summary-only as-set description "Aggregate from AS3"
Lets try it without including the summary-only option and see if the contributing routes will get advertised to R1.
*A:R2>config>router>bgp>group# /configure router aggregate 3.0.0.0/21 as-set description "Agg AS3 no summary-only" *A:R2>config>router>bgp>group# show router bgp neighbor 1.1.1.1 advertised-routes =============================================================================== BGP Router ID:2.2.2.2 AS:12 Local AS:12 =============================================================================== Legend - Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid l - leaked, x - stale, > - best, b - backup, p - purge Origin codes : i - IGP, e - EGP, ? - incomplete =============================================================================== BGP IPv4 Routes =============================================================================== Flag Network LocalPref MED Nexthop (Router) Path-Id Label As-Path ------------------------------------------------------------------------------- i 3.0.0.0/24 100 None 2.2.2.2 None - 3 i 3.0.1.0/24 100 None 2.2.2.2 None - 3 i 3.0.3.0/24 100 None 2.2.2.2 None - 3 i 3.0.4.0/24 100 None 2.2.2.2 None - 3 i 3.0.5.0/24 100 None 2.2.2.2 None - 3 i 3.0.6.0/24 100 None 2.2.2.2 None - 3 i 3.0.7.0/24 100 None 2.2.2.2 None - 3 ------------------------------------------------------------------------------- Routes : 7 ===============================================================================
We are only sending 7 routes but we received 8 from R3!
*A:R2>config>router>bgp>group# show router bgp neighbor 10.2.3.3 received-routes =============================================================================== BGP Router ID:2.2.2.2 AS:12 Local AS:12 =============================================================================== Legend - Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid l - leaked, x - stale, > - best, b - backup, p - purge Origin codes : i - IGP, e - EGP, ? - incomplete =============================================================================== BGP IPv4 Routes =============================================================================== Flag Network LocalPref MED Nexthop (Router) Path-Id Label As-Path ------------------------------------------------------------------------------- u*>i 3.0.0.0/24 n/a None 10.2.3.3 None - 3 u*>i 3.0.1.0/24 n/a None 10.2.3.3 None - 3 u*>i 3.0.2.0/24 n/a None 10.2.3.3 None - 3 u*>i 3.0.3.0/24 n/a None 10.2.3.3 None - 3 u*>i 3.0.4.0/24 n/a None 10.2.3.3 None - 3 u*>i 3.0.5.0/24 n/a None 10.2.3.3 None - 3 u*>i 3.0.6.0/24 n/a None 10.2.3.3 None - 3 u*>i 3.0.7.0/24 n/a None 10.2.3.3 None - 3 ------------------------------------------------------------------------------- Routes : 8 ===============================================================================
So what is it about 3.0.2.0/24?
*A:R2>config>router>bgp>group# show router bgp routes 3.0.2.0/24 detail =============================================================================== BGP Router ID:2.2.2.2 AS:12 Local AS:12 =============================================================================== Legend - Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid l - leaked, x - stale, > - best, b - backup, p - purge Origin codes : i - IGP, e - EGP, ? - incomplete =============================================================================== BGP IPv4 Routes =============================================================================== Original Attributes Network : 3.0.2.0/24 Nexthop : 10.2.3.3 Path Id : None From : 10.2.3.3 Res. Nexthop : 10.2.3.3 Local Pref. : n/a Interface Name : R3 Aggregator AS : None Aggregator : None Atomic Aggr. : Not Atomic MED : None AIGP Metric : None Connector : None Community : no-advertise Cluster : No Cluster Members Originator Id : None Peer Router Id : 3.3.3.3 Fwd Class : None Priority : None Flags : Used Valid Best IGP Route Source : External AS-Path : 3 Route Tag : 0 Neighbor-AS : 3 Orig Validation: NotFound Source Class : 0 Dest Class : 0 Add Paths Send : Default Last Modified : 03h55m28s Modified Attributes Network : 3.0.2.0/24 Nexthop : 10.2.3.3 Path Id : None From : 10.2.3.3 Res. Nexthop : 10.2.3.3 Local Pref. : None Interface Name : R3 Aggregator AS : None Aggregator : None Atomic Aggr. : Not Atomic MED : None AIGP Metric : None Connector : None Community : no-advertise Cluster : No Cluster Members Originator Id : None Peer Router Id : 3.3.3.3 Fwd Class : None Priority : None Flags : Used Valid Best IGP Route Source : External AS-Path : 3 Route Tag : 0 Neighbor-AS : 3 Orig Validation: NotFound Source Class : 0 Dest Class : 0 Add Paths Send : Default Last Modified : 03h55m30s ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Routes : 1 ===============================================================================
3.0.2.0/24 has no-advertise attached to it!
One of the things about aggregate routes is that they aggregate the associated communities as well, so the aggregate route will have no-advertise attached to it, so it will not be advertised to R1.
Unfortunately this doesn’t appear in the show “show router aggregate detail” – the community there is the one that is manually added during the creation of the aggregate.
So how can we fix this? Well there are two methods that spring to mind and I am sure that there are more.
Option 1 – Create an import policy on R2 that just drops the no-advertise community on imported routes.
I think this is the easiest option to implement because then the normal aggregate configuration will work.
*A:R2>config>router>bgp>group# /configure router policy-options *A:R2>config>router>policy-options# begin *A:R2>config>router>policy-options# community NO_ADV members no-advertise *A:R2>config>router>policy-options# policy-statement PS_IGNORE_NO_ADV *A:R2>config>router>policy-options>policy-statement$ entry 10 *A:R2>config>router>policy-options>policy-statement>entry$ from community NO_ADV *A:R2>config>router>policy-options>policy-statement>entry$ action accept *A:R2>config>router>policy-options>policy-statement>entry>action$ community remove "NO_ADV" *A:R2>config>router>policy-options>policy-statement>entry>action$ back *A:R2>config>router>policy-options>policy-statement>entry$ back *A:R2>config>router>policy-options>policy-statement$ info ---------------------------------------------- entry 10 from community "NO_ADV" exit action accept community remove "NO_ADV" exit exit ---------------------------------------------- *A:R2>config>router>policy-options>policy-statement$ back *A:R2>config>router>policy-options# commit *A:R2>config>router>policy-options# /configure router bgp group "EBGP" *A:R2>config>router>bgp>group# neighbor 10.2.3.3 import "PS_IGNORE_NO_ADV"
Let’s see if that has resolved things:
*A:R2>config>router>bgp>group# show router bgp neighbor 1.1.1.1 advertised-routes =============================================================================== BGP Router ID:2.2.2.2 AS:12 Local AS:12 =============================================================================== Legend - Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid l - leaked, x - stale, > - best, b - backup, p - purge Origin codes : i - IGP, e - EGP, ? - incomplete =============================================================================== BGP IPv4 Routes =============================================================================== Flag Network LocalPref MED Nexthop (Router) Path-Id Label As-Path ------------------------------------------------------------------------------- i 3.0.0.0/21 100 None 2.2.2.2 None - 3 i 3.0.0.0/24 100 None 2.2.2.2 None - 3 i 3.0.1.0/24 100 None 2.2.2.2 None - 3 i 3.0.2.0/24 100 None 2.2.2.2 None - 3 i 3.0.3.0/24 100 None 2.2.2.2 None - 3 i 3.0.4.0/24 100 None 2.2.2.2 None - 3 i 3.0.5.0/24 100 None 2.2.2.2 None - 3 i 3.0.6.0/24 100 None 2.2.2.2 None - 3 i 3.0.7.0/24 100 None 2.2.2.2 None - 3 ------------------------------------------------------------------------------- Routes : 9 ===============================================================================
Yes, 3.0.2.0/24 is present and because none of the routes that contribute to the aggregate have no-advertise attached, the aggregate is also advertised to R1. So time to change the Aggregate route so it’s back to summary only:
*A:R2>config>router>bgp>group# /configure router aggregate 3.0.0.0/21 summary-only as-set description "Aggregate from AS3" *A:R2>config>router>bgp>group# show router bgp neighbor 1.1.1.1 advertised-routes =============================================================================== BGP Router ID:2.2.2.2 AS:12 Local AS:12 =============================================================================== Legend - Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid l - leaked, x - stale, > - best, b - backup, p - purge Origin codes : i - IGP, e - EGP, ? - incomplete =============================================================================== BGP IPv4 Routes =============================================================================== Flag Network LocalPref MED Nexthop (Router) Path-Id Label As-Path ------------------------------------------------------------------------------- i 3.0.0.0/21 100 None 2.2.2.2 None - 3 ------------------------------------------------------------------------------- Routes : 1 ===============================================================================
Okay sorted.
Option 2 – Using Static Routes for Aggregation
If we wish to respect the no-advertise binding on 3.0.2.0/24, we can simulate some of the behavior of an aggregate route without caring about no-advertise (or no-export if we are concerned about advertisements outside of our AS).
First we need to remove the import policy on R2 facing R3.
*A:R2>config>router>bgp>group# info ---------------------------------------------- neighbor 10.2.3.3 import "PS_IGNORE_NO_ADV" peer-as 3 exit ---------------------------------------------- *A:R2>config>router>bgp>group# neighbor 10.2.3.3 no import
And remove the aggregate for 3.0.0.0/21
*A:R2>config>router>bgp>group# /configure router no aggregate 3.0.0.0/21
Now we create a static black-hole route with BGP community 12:12 attached to it. We’re attaching the community so we can distinguish between regular static routes and our “aggregate”
A:R2>config>router# static-route-entry 3.0.0.0/21 *A:R2>config>router>static-route-entry$ black-hole *A:R2>config>router>static-route-entry>black-hole$ community 12:12 *A:R2>config>router>static-route-entry>black-hole$ no shutdown
As a note, SROS Release 14 changed the specific syntax for creating static routes but the concepts generally remain the same for previous SROS versions.
Now we’ll work on the routing policy to advertise our static aggregate route.
First we’ll create a named community that was used for our aggregate:
*A:R2>config>router>static-route-entry$ /configure router policy-options *A:R2>config>router>policy-options# begin *A:R2>config>router>policy-options# community STATIC_AGG members 12:12
Now we create a prefix list to match the routes that contribute to our aggregate
*A:R2>config>router>policy-options# prefix-list PL_R3_CONTRIB *A:R2>config>router>policy-options>prefix-list$ prefix 3.0.0.0/21 longer *A:R2>config>router>policy-options>prefix-list$ exit
Finally we take the existing PS_AGGREGATE and modify it to work with our static aggregate and drop the contributing routes:
*A:R2>config>router>policy-options# policy-statement "PS_AGGREGATE" *A:R2>config>router>policy-options>policy-statement# info ---------------------------------------------- entry 10 from protocol aggregate exit action accept exit exit *A:R2>config>router>policy-options>policy-statement# entry 10 *A:R2>config>router>policy-options>policy-statement>entry# from protocol static *A:R2>config>router>policy-options>policy-statement>entry# from community "STATIC_AGG" *A:R2>config>router>policy-options>policy-statement>entry# back *A:R2>config>router>policy-options>policy-statement# entry 20 *A:R2>config>router>policy-options>policy-statement>entry$ from prefix-list "PL_R3_CONTRIB" *A:R2>config>router>policy-options>policy-statement>entry$ action drop *A:R2>config>router>policy-options>policy-statement>entry>action$ exit *A:R2>config>router>policy-options>policy-statement>entry$ exit *A:R2>config>router>policy-options>policy-statement# info ---------------------------------------------- entry 10 from protocol static community "STATIC_AGG" exit action accept exit exit entry 20 from prefix-list "PL_R3_CONTRIB" exit action drop exit exit *A:R2>config>router>policy-options>policy-statement# back *A:R2>config>router>policy-options# commit
Lets check what R2 is advertising to R1:
*A:R2>config>router>bgp>group# show router bgp neighbor 1.1.1.1 advertised-routes =============================================================================== BGP Router ID:2.2.2.2 AS:12 Local AS:12 =============================================================================== Legend - Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid l - leaked, x - stale, > - best, b - backup, p - purge Origin codes : i - IGP, e - EGP, ? - incomplete =============================================================================== BGP IPv4 Routes =============================================================================== Flag Network LocalPref MED Nexthop (Router) Path-Id Label As-Path ------------------------------------------------------------------------------- ? 3.0.0.0/21 100 None 2.2.2.2 None - No As-Path ------------------------------------------------------------------------------- Routes : 1 ===============================================================================
There are a couple of issues with this implementation the AS-Path information is lost (nothing we can do about that) but more importantly, this “aggregate” will stay up even if the contributing routes are not present. To overcome this issue, the static route can be associated with a prefix-list which will be used to determine if the static route can become active. It should be noted that although we already have PL_R3_CONTRIB, it cannot be used here as the prefix list in the static route requires specific prefixes to match against. While matching all possible prefixes could be problematic, in most instances simply matching against a few key prefixes will be sufficient:
*A:R2>config>router>bgp>group# /configure router policy-options *A:R2>config>router>policy-options# begin *A:R2>config>router>policy-options# prefix-list PL_R3_STATIC_AGG_OK *A:R2>config>router>policy-options>prefix-list$ prefix 3.0.0.0/24 *A:R2>config>router>policy-options>prefix-list$ prefix 3.0.7.0/24 *A:R2>config>router>policy-options>prefix-list$ exit *A:R2>config>router>policy-options# commit
Modify the static route to be up when any of the prefixes in PL_R3_STATIC_AGG_OK are in the routing table:
*A:R2>config>router>policy-options# /configure router static-route-entry 3.0.0.0/21 black-hole prefix-list "PL_R3_STATIC_AGG_OK" any
We can see the route is active and the prefix-list being used to validate:
*A:R2>config>router>policy-options# show router static-route detail =============================================================================== Static Route Table (Router: Base) Family: IPv4 =============================================================================== Prefix : 3.0.0.0/21 Nexthop : n/a Type : Blackhole Dynamic BGP : disabled Generate ICMP : disabled Interface : n/a Active : Y Prefix List : PL_R3_STATIC_AGG_OK Prefix List Type : Any Metric : 1 Preference : 5 Source Class : 0 Dest Class : 0 Admin State : Up Tag : 0 Creation Origin : manual BFD : disabled Community : 12:12 CPE-check : disabled ------------------------------------------------------------------------------- No. of Static Routes: 1 ===============================================================================
If we shutdown our BGP session to R3, the routes in PL_R3_STATIC_AGG_OK will disappear from the routing table and the static route will be brought out of service
*A:R2>config>router>policy-options# /configure router bgp group "EBGP" *A:R2>config>router>bgp>group# shutdown *A:R2>config>router>bgp>group# show router static-route detail =============================================================================== Static Route Table (Router: Base) Family: IPv4 =============================================================================== Prefix : 3.0.0.0/21 Nexthop : n/a Type : Blackhole Dynamic BGP : disabled Generate ICMP : disabled Interface : n/a Active : N Prefix List : PL_R3_STATIC_AGG_OK Prefix List Type : Any Metric : 1 Preference : 5 Source Class : 0 Dest Class : 0 Admin State : Up Tag : 0 Creation Origin : manual BFD : disabled Community : 12:12 CPE-check : disabled Inactive Reason : prefix-list match failed ------------------------------------------------------------------------------- No. of Static Routes: 1 ===============================================================================
We can see the static route is down because the prefix-list match has failed and we can confirm that we aren’t advertising this to R1:
*A:R2>config>router>bgp>group# show router bgp neighbor 1.1.1.1 advertised-routes =============================================================================== BGP Router ID:2.2.2.2 AS:12 Local AS:12 =============================================================================== Legend - Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid l - leaked, x - stale, > - best, b - backup, p - purge Origin codes : i - IGP, e - EGP, ? - incomplete =============================================================================== BGP IPv4 Routes =============================================================================== Flag Network LocalPref MED Nexthop (Router) Path-Id Label As-Path ------------------------------------------------------------------------------- No Matching Entries Found ===============================================================================
So we’ll restore the EBGP session between R2 and R3 and give it enough time to exchange routes again:
*A:R2>config>router>bgp>group# no shutdown *A:R2>config>router>bgp>group# show router bgp routes =============================================================================== BGP Router ID:2.2.2.2 AS:12 Local AS:12 =============================================================================== Legend - Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid l - leaked, x - stale, > - best, b - backup, p - purge Origin codes : i - IGP, e - EGP, ? - incomplete =============================================================================== BGP IPv4 Routes =============================================================================== Flag Network LocalPref MED Nexthop (Router) Path-Id Label As-Path ------------------------------------------------------------------------------- u*>i 3.0.0.0/24 None None 10.2.3.3 None - 3 u*>i 3.0.1.0/24 None None 10.2.3.3 None - 3 u*>i 3.0.2.0/24 None None 10.2.3.3 None - 3 u*>i 3.0.3.0/24 None None 10.2.3.3 None - 3 u*>i 3.0.4.0/24 None None 10.2.3.3 None - 3 u*>i 3.0.5.0/24 None None 10.2.3.3 None - 3 u*>i 3.0.6.0/24 None None 10.2.3.3 None - 3 u*>i 3.0.7.0/24 None None 10.2.3.3 None - 3 u*>i 100.100.100.0/24 100 None 1.1.1.1 None - No As-Path ------------------------------------------------------------------------------- Routes : 9 ===============================================================================
The routes from R3 are back, lets confirm the static blackhole is back in service:
*A:R2>config>router>bgp>group# show router static-route detail =============================================================================== Static Route Table (Router: Base) Family: IPv4 =============================================================================== Prefix : 3.0.0.0/21 Nexthop : n/a Type : Blackhole Dynamic BGP : disabled Generate ICMP : disabled Interface : n/a Active : Y Prefix List : PL_R3_STATIC_AGG_OK Prefix List Type : Any Metric : 1 Preference : 5 Source Class : 0 Dest Class : 0 Admin State : Up Tag : 0 Creation Origin : manual BFD : disabled Community : 12:12 CPE-check : disabled ------------------------------------------------------------------------------- No. of Static Routes: 1 ===============================================================================
Yes, so we should be offering this to R3 again:
*A:R2>config>router>bgp>group# show router bgp neighbor 1.1.1.1 advertised-routes =============================================================================== BGP Router ID:2.2.2.2 AS:12 Local AS:12 =============================================================================== Legend - Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid l - leaked, x - stale, > - best, b - backup, p - purge Origin codes : i - IGP, e - EGP, ? - incomplete =============================================================================== BGP IPv4 Routes =============================================================================== Flag Network LocalPref MED Nexthop (Router) Path-Id Label As-Path ------------------------------------------------------------------------------- ? 3.0.0.0/21 100 None 2.2.2.2 None - No As-Path ------------------------------------------------------------------------------- Routes : 1 ===============================================================================
Yes, the aggregate route is now conditionally advertised.
While this scenario isn’t likely to occur all the time, based on my experience it is something to consider if things are not working quite as expected.
Recent Comments