Solved: Re: NXOS BGP route summary per neighbour

chris net · ‎05-18-2022

Hello

I'm trying to summarise bgp routes from a 9k to an individual 3k neighbour in a vrf with additional neighbours that should not get the summaries, ideally summarising down to rfc1918 .

I see the

aggregate-address 10.0.0.0/8 summary-only

command that can be applied in the address family of the vrf bgp config, but that applies to all the vrf neighbours, I can't find an equivalent that can be applied to the vrf's neighbours config.

any suggestions on how I can summarise to a specific bgp neighbour?

I see https://learningnetwork.cisco.com/s/question/0D53i00000KsxJKCAZ/how-to-advertise-bgp-summary-to-specific-neighbor-?t=1652876957196 but the

neighbor distribute-list

does not work on nxos.

looking forward to any responses.

Harold Ritter · ‎05-18-2022

Hi @chris net ,

The

aggregate-address

applies indeed to all neighbors. You will need to use a route-map on other neighbors to filter the aggregate address out.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

View solution in original post

chris net · ‎05-18-2022

thanks @Harold Ritter I was hoping that was not the answer.

I may create a new vrf for this connection and then I know I'm not sending anything to systems unintentionally.

I was hoping there would be some

route-map

or

prefix-list

command I'm not familiar with that was standard in this situation but I just hadn't come across, how do others summarise bgp routes going to ebgp peers?

some sample code to remind me in case I come across this again, remember all neighbours under that vrf will get the aggregates!!

ip prefix-list pl-rfc1918 seq 10 permit 10.0.0.0/8
ip prefix-list pl-rfc1918 seq 20 permit 172.16.0.0/12
ip prefix-list pl-rfc1918 seq 30 permit 192.168.0.0/16

route-map remove-aggregate-address deny 10
  match prefix-list pl-rfc1918

route-map remove-aggregate-address permit 100


route-map add-aggregate-address permit 10
  match prefix-list pl-rfc1918

router bgp 1234
vrf 3k
    timers bgp 1 3
    address-family ipv4 unicast
    redistribute eigrp 1 route-map req-eigrp-routes
    aggregate-address 10.0.0.0/8 as-set
    aggregate-address 172.16.0.0/12 as-set
    aggregate-address 192.168.0.0/16 as-set
    neighbor 10.10.10.1
      remote-as 12345
      description set up eBGP with R1-7K
      password passwordfortest1
      update-source Ethernet1/1
      address-family ipv4 unicast
        route-map rm-remove-aggregate-address out
        route-map R1-R3-statics in
        soft-reconfiguration inbound always
    neighbor 172.16.254.90
      remote-as 12346
      description set up eBGP with R2-7K
      password passwordfortest2
      update-source Ethernet1/2
      address-family ipv4 unicast
        route-map rm-remove-aggregate-address out
        soft-reconfiguration inbound always

    neighbor 192.168.202.101
      remote-as 12347
      description set up eBGP with R3-3k
      password passwordfortest1
      update-source Ethernet1/3

      address-family ipv4 unicast
        route-map add-aggregate-address out
        soft-reconfiguration inbound always

View solution in original post

MHM Cisco World · ‎05-18-2022

https://www.cisco.com/c/en/us/products/collateral/switches/nexus-7000-series-switches/white-paper-c11-733892.html#_Toc411469002

first config the neighbors then under address family you can config

 route-map IN OUT filter

chris net · ‎05-18-2022

@MHM Cisco World wrote:

https://www.cisco.com/c/en/us/products/collateral/switches/nexus-7000-series-switches/white-paper-c11-733892.html#_Toc411469002

first config the neighbors then under address family you can
config
route-map IN OUT filter

that is great but still unable to summarise,

MHM Cisco World · ‎05-18-2022

ok
do neighbor

address family ipv4

? <- use this to show you the available command under the address family if summary is allow use it.

chris net · ‎05-18-2022

"I see the

"aggregate-address 10.0.0.0/8 summary-only"

command that can be applied in the address family of the vrf bgp config, but that applies to all the vrf neighbours, I can't find an equivalent that can be applied to the vrf's neighbours config."

there is nothing equivalent under the neighbour statement, including under the neighbour ..... address family ipv4 unicast section.

Harold Ritter · ‎05-18-2022

Hi @chris net ,

The

aggregate-address

applies indeed to all neighbors. You will need to use a route-map on other neighbors to filter the aggregate address out.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

chris net · ‎05-18-2022

thanks @Harold Ritter I was hoping that was not the answer.

I may create a new vrf for this connection and then I know I'm not sending anything to systems unintentionally.

I was hoping there would be some

route-map

or

prefix-list

command I'm not familiar with that was standard in this situation but I just hadn't come across, how do others summarise bgp routes going to ebgp peers?

some sample code to remind me in case I come across this again, remember all neighbours under that vrf will get the aggregates!!

ip prefix-list pl-rfc1918 seq 10 permit 10.0.0.0/8
ip prefix-list pl-rfc1918 seq 20 permit 172.16.0.0/12
ip prefix-list pl-rfc1918 seq 30 permit 192.168.0.0/16

route-map remove-aggregate-address deny 10
  match prefix-list pl-rfc1918

route-map remove-aggregate-address permit 100


route-map add-aggregate-address permit 10
  match prefix-list pl-rfc1918

router bgp 1234
vrf 3k
    timers bgp 1 3
    address-family ipv4 unicast
    redistribute eigrp 1 route-map req-eigrp-routes
    aggregate-address 10.0.0.0/8 as-set
    aggregate-address 172.16.0.0/12 as-set
    aggregate-address 192.168.0.0/16 as-set
    neighbor 10.10.10.1
      remote-as 12345
      description set up eBGP with R1-7K
      password passwordfortest1
      update-source Ethernet1/1
      address-family ipv4 unicast
        route-map rm-remove-aggregate-address out
        route-map R1-R3-statics in
        soft-reconfiguration inbound always
    neighbor 172.16.254.90
      remote-as 12346
      description set up eBGP with R2-7K
      password passwordfortest2
      update-source Ethernet1/2
      address-family ipv4 unicast
        route-map rm-remove-aggregate-address out
        soft-reconfiguration inbound always

    neighbor 192.168.202.101
      remote-as 12347
      description set up eBGP with R3-3k
      password passwordfortest1
      update-source Ethernet1/3

      address-family ipv4 unicast
        route-map add-aggregate-address out
        soft-reconfiguration inbound always

Harold Ritter · ‎05-18-2022

Hi @chris net ,

> how do others summarise bgp routes going to ebgp peers?

It depends on the use case. Some use the

aggregate-address

command and some may use a network statement for the aggregate route with a corresponding route to null0. In either case, you would need to filter the aggregate address towards neighbors where it is not required.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

MHM Cisco World · ‎05-18-2022

please can you TRY
Peer Templates

this can give some

route-policy.

chris net · ‎05-18-2022

Thanks @MHM Cisco World

non of the peer template policies contain

aggregate-address

or anything remotely like that.

However I do now know they exist

chris net · ‎05-18-2022

there are some additional considerations to consider if using the as-set attribute, effectively the as-set attribute will add any and all as paths to the summary route, a bgp router seeing the summary with its own as in it will reject the route, a bit more work is needed to ensure the summary is accepted.

https://packetlife.net/blog/2008/sep/20/bgp-route-aggregation-part-2/

care is needed to ensure things do not break.

MHM Cisco World · ‎05-19-2022

friend
I think you miss @Harold Ritter point
instead of apply

aggregate-route

under VRF which apply to all neighbor
you can use
network statement for route to null0
this workaround

aggregate-route

under VRF issue.

chris net · ‎05-19-2022

@MHM Cisco World

I think you miss the point,

there are 2 ways to summarise the routes for BGP in VRF's as @Harold Ritter has explained

use a network statement for the aggregate route with a corresponding route to null0
```
aggregate-address
```
command

>In either case, you would need to filter the aggregate address towards neighbors where it is not required.

this Cisco doc has more info

https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/5441-aggregation.html

also that packet life doc does a great job of explaining some issues and how to get around them.

MHM Cisco World · ‎05-19-2022

I know summary can do with one of two these method,

Aggreate command not found under neighbor > address family ipv4

But

Network command or peer template absolute can found and use.

chris net · ‎05-19-2022

@MHM Cisco World

I checked the peer templates and using the network statement (before I posted this question) but could not find a way to do as I need using either.

I included sample config above for what works using the 2nd way,

if you are so sure of what you state can you include working config & I (and no doubt others) will see if we can use your config in our use cases.

Thank you