cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
596
Views
30
Helpful
18
Replies
chris net
Beginner

NXOS BGP route summary per neighbour

Hello

I'm trying to summarise bgp routes from a 9k to an individual 3k neighbour in a vrf with additional neighbours that should not get the summaries, ideally summarising down to rfc1918 .

 

I see the

aggregate-address 10.0.0.0/8 summary-only

command that can be applied in the address family of the vrf bgp config, but that applies to all the vrf neighbours, I can't find an equivalent that can be applied to the vrf's neighbours config.

 

any suggestions on how I can summarise to a specific bgp neighbour?

 

I see https://learningnetwork.cisco.com/s/question/0D53i00000KsxJKCAZ/how-to-advertise-bgp-summary-to-specific-neighbor-?t=1652876957196 but the 

neighbor distribute-list

does not work on nxos.

 

looking forward to any responses.

 

 

2 ACCEPTED SOLUTIONS

Accepted Solutions

Hi @chris net ,

 

The

aggregate-address

applies indeed to all neighbors. You will need to use a route-map on other neighbors to filter the aggregate address out.

 

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

View solution in original post

thanks @Harold Ritter I was hoping that was not the answer.

 

I may create a new vrf for this connection and then I know I'm not sending anything to systems unintentionally.

 

I was hoping there would be some

route-map

or

prefix-list 

command I'm not familiar with that was standard in this situation but I just hadn't come across, how do others summarise bgp routes going to ebgp peers?

 

some sample code to remind me in case I come across this again, remember all neighbours under that vrf will get the aggregates!!

 

ip prefix-list pl-rfc1918 seq 10 permit 10.0.0.0/8
ip prefix-list pl-rfc1918 seq 20 permit 172.16.0.0/12
ip prefix-list pl-rfc1918 seq 30 permit 192.168.0.0/16

route-map remove-aggregate-address deny 10
  match prefix-list pl-rfc1918

route-map remove-aggregate-address permit 100


route-map add-aggregate-address permit 10
  match prefix-list pl-rfc1918

router bgp 1234
vrf 3k
    timers bgp 1 3
    address-family ipv4 unicast
    redistribute eigrp 1 route-map req-eigrp-routes
    aggregate-address 10.0.0.0/8 as-set
    aggregate-address 172.16.0.0/12 as-set
    aggregate-address 192.168.0.0/16 as-set
    neighbor 10.10.10.1
      remote-as 12345
      description set up eBGP with R1-7K
      password passwordfortest1
      update-source Ethernet1/1
      address-family ipv4 unicast
        route-map rm-remove-aggregate-address out
        route-map R1-R3-statics in
        soft-reconfiguration inbound always
    neighbor 172.16.254.90
      remote-as 12346
      description set up eBGP with R2-7K
      password passwordfortest2
      update-source Ethernet1/2
      address-family ipv4 unicast
        route-map rm-remove-aggregate-address out
        soft-reconfiguration inbound always

    neighbor 192.168.202.101
      remote-as 12347
      description set up eBGP with R3-3k
      password passwordfortest1
      update-source Ethernet1/3

      address-family ipv4 unicast
        route-map add-aggregate-address out
        soft-reconfiguration inbound always

 

 

 

 

 

 

View solution in original post

18 REPLIES 18
MHM Cisco World
Advisor

https://www.cisco.com/c/en/us/products/collateral/switches/nexus-7000-series-switches/white-paper-c11-733892.html#_Toc411469002

 

first config the neighbors then under address family you can config

 route-map IN OUT filter

 


@MHM Cisco World wrote:

https://www.cisco.com/c/en/us/products/collateral/switches/nexus-7000-series-switches/white-paper-c11-733892.html#_Toc411469002

 

first config the neighbors then under address family you can

config
route-map IN OUT filter

 


that is great but still unable to summarise,

 

ok 
do neighbor 

address family ipv4

 
? <- use this to show you the available command under the address family if summary is allow use it.

"I see the

"aggregate-address 10.0.0.0/8 summary-only" 

command that can be applied in the address family of the vrf bgp config, but that applies to all the vrf neighbours, I can't find an equivalent that can be applied to the vrf's neighbours config."

 

there is nothing equivalent under the neighbour statement, including under the neighbour ..... address family ipv4 unicast section.

 

Hi @chris net ,

 

The

aggregate-address

applies indeed to all neighbors. You will need to use a route-map on other neighbors to filter the aggregate address out.

 

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

thanks @Harold Ritter I was hoping that was not the answer.

 

I may create a new vrf for this connection and then I know I'm not sending anything to systems unintentionally.

 

I was hoping there would be some

route-map

or

prefix-list 

command I'm not familiar with that was standard in this situation but I just hadn't come across, how do others summarise bgp routes going to ebgp peers?

 

some sample code to remind me in case I come across this again, remember all neighbours under that vrf will get the aggregates!!

 

ip prefix-list pl-rfc1918 seq 10 permit 10.0.0.0/8
ip prefix-list pl-rfc1918 seq 20 permit 172.16.0.0/12
ip prefix-list pl-rfc1918 seq 30 permit 192.168.0.0/16

route-map remove-aggregate-address deny 10
  match prefix-list pl-rfc1918

route-map remove-aggregate-address permit 100


route-map add-aggregate-address permit 10
  match prefix-list pl-rfc1918

router bgp 1234
vrf 3k
    timers bgp 1 3
    address-family ipv4 unicast
    redistribute eigrp 1 route-map req-eigrp-routes
    aggregate-address 10.0.0.0/8 as-set
    aggregate-address 172.16.0.0/12 as-set
    aggregate-address 192.168.0.0/16 as-set
    neighbor 10.10.10.1
      remote-as 12345
      description set up eBGP with R1-7K
      password passwordfortest1
      update-source Ethernet1/1
      address-family ipv4 unicast
        route-map rm-remove-aggregate-address out
        route-map R1-R3-statics in
        soft-reconfiguration inbound always
    neighbor 172.16.254.90
      remote-as 12346
      description set up eBGP with R2-7K
      password passwordfortest2
      update-source Ethernet1/2
      address-family ipv4 unicast
        route-map rm-remove-aggregate-address out
        soft-reconfiguration inbound always

    neighbor 192.168.202.101
      remote-as 12347
      description set up eBGP with R3-3k
      password passwordfortest1
      update-source Ethernet1/3

      address-family ipv4 unicast
        route-map add-aggregate-address out
        soft-reconfiguration inbound always

 

 

 

 

 

 

Hi @chris net ,

 

how do others summarise bgp routes going to ebgp peers?

 

It depends on the use case. Some use the

aggregate-address

command and some may use a network statement for the aggregate route with a corresponding route to null0. In either case, you would need to filter the aggregate address towards neighbors where it is not required.

 

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

please can you TRY 
Peer Templates

this can give some

route-policy.

Thanks @MHM Cisco World 

 

non of the peer template policies contain

aggregate-address

or anything remotely like that.

 

However I do now know they exist

 

 

 

 

there are some additional considerations to consider if using the as-set attribute, effectively the as-set attribute will add any and all as paths to the summary route, a bgp router seeing the summary with its own as in it will reject the route, a bit more work is needed to ensure the summary is accepted.

 

https://packetlife.net/blog/2008/sep/20/bgp-route-aggregation-part-2/

 

care is needed to ensure things do not break.

friend 
I think you miss @Harold Ritter  point 
instead of apply

aggregate-route 

under VRF which apply to all neighbor
you can use 
network statement for route to null0 
this workaround

aggregate-route

under VRF issue.

@MHM Cisco World 

 

I think you miss the point,

 

there are 2 ways to summarise the routes for BGP in VRF's as @Harold Ritter has explained

  1. use a network statement for the aggregate route with a corresponding route to null0
  2. aggregate-address
    command

>In either case, you would need to filter the aggregate address towards neighbors where it is not required.

 

this Cisco doc has more info

https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/5441-aggregation.html

 

also that packet life doc does a great job of explaining some issues and how to get around them.

I know summary can do with one of two these method,

Aggreate command not found under neighbor > address family ipv4

But 

Network command or peer template absolute can found and use. 

@MHM Cisco World 

 

I checked the peer templates and using the network statement (before I posted this question) but could not find a way to do as I need using either.

 

I included sample config above for what works using the 2nd way,

 

if you are so sure of what you state can you include working config & I (and no doubt others) will see if we can use your config in our use cases.

 

Thank you