BGP Design Question - Best Practice?

kfarrington · ‎02-04-2005

Hi there,

Hritter, many thx for the advice yesterday. It helps a great deal.

I have one BGP design question.

I have two MPLS CEs and I have a campus site behind these CEs.

All addresses within the campus core and MPLS CEs are 10.196.0.0/16

Now, i want to use BGP to summariswe this network out to the MPLS network.

Problem is, I want to put the two CE-to-CORE interconnect networks under BGP

to generate the aggregate, so if both of these interconnects went down, the

aggregate would not be advertised out of the eBGP peer to the MPLS cloud.

Problem I have is that I have a loopback on the CE within this range and I would

like to be able to advertise it out to the cloud whilst not allowing it to be used

to produce the aggregate address.

I have two ways round the problem.

1. Use EIGRP at the core to generate the summary via an interface summary command

and just put a network statment in BGP (no BGP aggregation)

2. As there are two CE routers, put the network statement in CE1 for the loopback of CE2

and put the loopback of CE2 in the network statment of CE1. This could cause subobtimal

routing to the /32 loopback addresses.

The ideal situation would just to put the CE1 loopback in the network statment of CE1 and

put CE2s loopback in the network statement of CE2 but tell the aggregate address not to be

generated on this network statement.

Is this possible, or do I just work round the problem.

PS. I cannot change the addresses of the loopbacks.

Also, I have had a look at what options are available via the BGP aggregate command, but

cant see a way?

Dual2(config-router)#aggregate-address 1.1.1.1 1.1.1.1 ?

advertise-map Set condition to advertise attribute

as-set Generate AS set path information

attribute-map Set attributes of aggregate

route-map Set parameters of aggregate

summary-only Filter more specific routes from updates

suppress-map Conditionally filter more specific routes from updates

<cr>

Dual2(config-router)#aggregate-address 1.1.1.1 1.1.1.1

Many thx all,

Ken

Harold Ritter · ‎02-04-2005

Ken,

You can use the advertise-map to select the prefixes upon which the aggregate is generated.

Here's an example where the aggregate is generated by any more specific prefix in the bgp table but the loopback address.

router bgp

aggregate-address 10.196.0.0 255.255.0.0 summary-only advertise-map exclude-loopback

neighbor x.x.x.x remote-as 1

!

access-list 1 deny

access-list 1 permit any

!

route-map exclude-loopback permit 10

match ip address 1

For more information on the advertise-map, please refer to the following url:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/iprrp_r/ip2_a1g.htm#wp1037074

Hope this helps,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

kfarrington · ‎02-04-2005

Man, WOW!

I did this, with the following interfaces

Dual2#sh ip route 70.0.0.0

Routing entry for 70.0.0.0/8, 3 known subnets

Attached (1 connections)

Variably subnetted with 2 masks

Redistributing via eigrp 30

D 70.70.70.70/32 [90/409600] via 192.168.31.254, 00:00:05, Ethernet0/0

C 70.70.70.71/32 is directly connected, Loopback77

B 70.0.0.0/8 [200/0] via 0.0.0.0, 00:00:05, Null0

Dual2#

so BGP has generated the aggregate

Dual2#sh ip bgp

*> 70.0.0.0 0.0.0.0 32768 i

s> 70.70.70.70/32 192.168.31.254 409600 32768 i

s> 70.70.70.71/32 0.0.0.0 0 32768 i

*> 99.99.99.0/24 0.0.0.0 0 32768 i

* i155.195.0.0 192.168.1.18 0 100 0 19855 10 ?

so I shut down the eigrp learned route and yes, it stopped advertiseing the aggregate, BUT ...

It still supresses the lo77 that I needed still to send out.

ie,

Dual2#sh ip bgp

BGP table version is 80, local router ID is 192.168.30.2

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

* i69.69.69.69/32 192.168.1.18 0 100 0 19855 10 ?

*> 192.168.2.6 0 12641 10 ?

s> 70.70.70.71/32 0.0.0.0 0 32768 i

*> 99.99.99.0/24 0.0.0.0 0 32768 i

* i155.195.0.0 192.168.1.18 0 100 0 19855 10 ?

*> 192.168.2.6

so I used a supress map with the same ACL on the aggregate and it works.

Is this correct fella? and best pratice? (man, there is gonna be a BIG BIG 5 coming up to score this) :)

so the final config is

router bgp 30

aggregate-address 70.0.0.0 255.0.0.0 summary-only advertise-map exclude-loopback suppress-map send-loopback

!

access-list 1 deny 70.70.70.71

access-list 1 permit any

!

route-map exclude-loopback permit 10

match ip address 1

no route-map send-loopback

route-map send-loopback permit 10

match ip address 1

different route-map names just for clarity on the BGP action.

This is really cool stuff man!

Cheers,

Ken

Harold Ritter · ‎02-04-2005

Ken,

I had indeed forgotten the goal of the exercise was to propagate the loopback interface address ;o) So the answer is yes, in your scenario you need to use the suppress-map to allow the loopback interface address not to be suppressed and the advertise-map to ensure that this loopback address will not generate the aggregate route.

Hope this helps,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

kfarrington · ‎02-05-2005

Brill. Got it all working in the lab.

Many thx indeed,

Ken