BGP aggregate address vs IP route null0

davinci · ‎07-21-2019

these routers are direclty connected via point to point connection. When I try summarization, only ip route x.x.x.x x.x.x.x null0 with network statement works for me. When I use the aggregate address command I dont see summary route in route table. Why?

R3#sh run | s bgp
router bgp 65011
no synchronization
bgp log-neighbor-changes
network 172.16.0.0 mask 255.240.0.0
network 192.168.0.0 mask 255.255.0.0
aggregate-address 176.16.0.0 255.240.0.0
aggregate-address 192.168.0.0 255.255.0.0
neighbor 10.254.28.108 remote-as 65011
neighbor 10.254.28.108 update-source FastEthernet0/0
neighbor 10.254.28.108 next-hop-self
no auto-summary

R4#sh run | s bgp
router bgp 65011
no synchronization
bgp log-neighbor-changes
neighbor 10.254.28.107 remote-as 65011
neighbor 10.254.28.107 update-source FastEthernet0/0
neighbor 10.254.28.107 next-hop-self
no auto-summary

R4#sh version
Cisco IOS Software, 3700 Software (C3725-ADVENTERPRISEK9-M), Version 12.4(15)T7, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2008 by Cisco Systems, Inc.
Compiled Wed 13-Aug-08 21:36 by prod_rel_team

ROM: ROMMON Emulation Microcode
ROM: 3700 Software (C3725-ADVENTERPRISEK9-M), Version 12.4(15)T7, RELEASE SOFTWARE (fc3)

R4 uptime is 22 minutes
System returned to ROM by unknown reload cause - suspect boot_data[BOOT_COUNT] 0x0, BOOT_COUNT 0, BOOTDATA 19
System image file is "tftp://255.255.255.255/unknown"

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco 3725 (R7000) processor (revision 0.1) with 249856K/12288K bytes of memory.
Processor board ID FTX0945W0MY
R7000 CPU at 240MHz, Implementation 39, Rev 2.1, 256KB L2, 512KB L3 Cache
4 FastEthernet interfaces
DRAM configuration is 64 bits wide with parity enabled.
55K bytes of NVRAM.

Configuration register is 0x2102

Giuseppe Larosa · ‎07-21-2019

Hello davinci,

for aggregate-address to work in BGP at least one component route must be in the BGP table.

So if you would like to send an aggregate for IPv4 prefix 192.168.0.0 255.255.0.0 = 192.168.0.0./16 at least one component route like 192.168.1.0/24 should be present in the BGP table by any means either learned by another BGP peer or locally injected using a network command or a redistribution from other protocol (connected, static route or dynamic route from an IGP like OSPF or EIGRP).

To be noted the network command in BGP requires exact match when using no auto-summary (that is now the default).

This means that for advertising component network 192.168.1.0/24 that is a connected route for example you need under router bgp the command

network 192.168.1.0 255.255.255.0

! actually the mask could be omitted because 192.168.1.0/24 is a Class C Major network.

So in order to make the aggregate-address to work you need to add specific network statements for one or more component routes.

It is not enough to have the more specific component route in the IP routing table only. You need to have them in the BGP table too.

On the other hand a static route to null0 is the oldest method to create an aggregate address that is always on regardless of existance of any component in the BGP table, and it requires a matching network statement with same subnet mask as you have configured.

However, note that for all IP addresses not belonging to a known component route packets with this destination will be silently dropped as this is what the nulll0 is supposed to be a waste bin.

The aggregate-address when not using the summary-only allows advertisement of the aggregate and all alive component routes.

Hope to help

Giuseppe

davinci · ‎07-22-2019

thanks, I will have to try that in my lab.

"On the other hand a static route to null0 is the oldest method to create an aggregate address that is always on regardless of existance of any component in the BGP table, and it requires a matching network statement with same subnet mask as you have configured.

However, note that for all IP addresses not belonging to a known component route packets with this destination will be silently dropped as this is what the nulll0 is supposed to be a waste bin."

so in other words, if i have 192.168.10.0/24 and 192.168.11.0/24 in my IP route table and I configure 192.168.0.0/16 as summary/aggregate route but someone send traffic to 192.168.13.1 then that traffic is dropped via null0? I believe that is what you're saying here?

Giuseppe Larosa · ‎07-22-2019

Hello davinci,

yes your understanding is correct but only when you use the static route to null0 method not with the aggregate-address command

>> so in other words, if i have 192.168.10.0/24 and 192.168.11.0/24 in my IP route table and I configure 192.168.0.0/16 as summary/aggregate route but someone send traffic to 192.168.13.1 then that traffic is dropped via null0? I believe that is what you're saying here?

>> thanks, I will have to try that in my lab.

Yes of course.

Hope to help

Giuseppe

yasir.ilyas · ‎03-27-2024

hi,

I know its very old thread. I am in similar situation where i havea static null0 route and i advertising that with aggregate address command like below and not seeing aggregate.

ip route 100.65.240.0/22 Null0
router bgp 4200070001
address-family ipv4 unicast
aggregate-address 100.65.240.0/22 summary-only

whats wrong here doing this way?

Richard Burts · ‎03-27-2024

You have not told us much about your environment and that makes it difficult to give good advice. But based on what is in your post I have these comments:

- you have both a static route to null0 and an aggregate-address command for a network. Use one or the other but not both.

- if you use a static route to null0 then you should see the aggregated address in your routing table. And if you have a correct network statement in your bgp config then the network should be advertised to your neighbors.

- if you use aggregate-address you would not see the aggregated address in your local routing table. If it is properly configured, and if at least one component route is present in your routing table then the aggregate is advertised to your neighbor. You can use show ip bgp neighbor <address> advertised to show the aggregated address.

- if you use a static route to null0 then the aggregate address will always be present in your routing table. Even if you no longer can reach that network it will still be advertised to your neighbors (because it is present in the ip routing table). If you use aggregate-address and that network is no longer reachable (no component routes are in your ip routing table) then the aggregate is NOT advertised to your neighbors.

HTH

Rick

Harold Ritter · ‎03-27-2024

Hi @yasir.ilyas ,

If you want to originate a route in bgp from a static route to null0 (or from any other route in the routing table (RIB)), you need to use the network statement (network 100.65.240.0/22). The network statement mask needs to match the mask in the RIB. It will not work otherwise.

On the other hand, the aggregate-address statement is used to aggregate routes that are already present in bgp table. If the routes are not already present in bgp the aggregate-address statement will not work.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México