Solved: Route Aggregation Advertisement and Discard - Page 3

woogx · ‎03-21-2023

Hi all,

I am going through one of the CCIE BGP lab practices for route aggregation (CCIE Enterprise Infrastructure Foundation by Narbik). There is one particular lab (under BGP lab 6 task 4). Basically, it asked to configure R2 such that only R1 and R4 can accept the aggregate, whereas R3 will receive the aggregate, but it shall discard it. What troubles me is that I do not believe there is any command under route aggregation for such activity. The only thing I can think of is BGP community no-export function. That said, I do not think EBGP neighbor will discard the prefix after receiving it. I'd appreciate some pointers on that. Many thanks.

woogx · ‎03-26-2023

This got my mind twisted so much. First of all, thanks for confirming that I cannot do attributes with different neighbors. Believe me, I was really struggling last night. Today, I looked into this further.

Aggregate-address along will advertise all bgp routes on the aggregator to R1, R3 and R4.

Aggregate-address ... summary-only will block original route on R3 from R4 or vice versa (so 10.1.2.0/24 or 10.1.3.0/24 will not be displayed on R4, whereas 10.1.0.0/24 or 10.1.1.0/24 will not be displayed on R3.).

Aggregate-address ... as-set will block the summary route 10.1.0.0/22 on both R3 and R4

R2(config)#ip bgp-community new-format

R2 (config)#route-map ATT_MAP permit 10

R2 (config-route-map)# set community 100:100

R2 (config)# router bgp 200

R2 (config-router)# neighbor 23.1.1.3 send-community

R2 (config-router)# aggregate-address 10.1.0.0 255.255.252.0 summary-only attribute-map ATT_MAP

R3(config)#ip bgp-community new-format

R3 (config)#ip community-list 1 permit 100:100

R3 (config)#route-map IN deny 10

R3 (config-route-map)#match community 1

R3 (config)#route-map IN permit 20

R3 (config)# router bgp 300

R3 (config-router)# neigbhbor 23.1.1.2 route-map IN in

With the above config, I think this should have worked. But somehow, the denial statement didn't quite pick up that aggregate address to be denied.

If I do add as-set to aggregate-address 10.1.0.0 255.255.252.0 summary-only

attribute-map ATT_MAP

Then this will definitely block 10.1.0.0/22, but that should not be the effect of community tagging (by the way, I can see the community tag on R3 with 10.1.0.0/22.).

Ideally, I think we should use either summary-only or nothing at all with the

aggregate-address

command, but definitely without the as-set. Then we establish a community tag so that the denial statement on R3 or R4 can block the summary route from the aggregator R2, which is exactly the config above. Somehow, it just ain't working. I knew you had been a great mentor on this for me for the past week (I learned so much on bgp aggregate address attribute.), but at this point of time, I'd appreciate a straight answer pointing out what I had done wrong. Many thanks.

MHM Cisco World · ‎03-26-2023

Dont worry I will run same code you enter and check.

MHM Cisco World · ‎03-26-2023

R2 (config-router)#

neighbor 23.1.1.3 send-community both <<- this need only

Also run

Bgp new format in both routers

woogx · ‎03-26-2023

network 13.1.1.0 mask 255.255.255.0
network 23.1.1.0 mask 255.255.255.0
network 24.1.1.0 mask 255.255.255.0
aggregate-address 10.1.0.0 255.255.252.0 summary-only attribute-map ATT_MAP
neighbor 13.1.1.1 remote-as 100
neighbor 23.1.1.3 remote-as 300
neighbor 23.1.1.3 send-community both
neighbor 24.1.1.4 remote-as 400

Still no good. Did it work on yours?

MHM Cisco World · ‎03-26-2023

Yes it work and from first time

Just do

Clear ip bgp x

And check again' some filter need clear ip bgp to take effect

woogx · ‎03-26-2023

Morning, yes, I have done so mulitple times. If you don't mind, can you show me your complete config so that I do a complete comparison?

MHM Cisco World · ‎03-26-2023

Sure when I have time I will share lab

woogx · ‎03-26-2023

Mostly appreciated.