Tonight’s topology is the same as the previous one I used for RIPv2 Distribute lists post, just now with more BGP.
Not shown is BB2 connected off of Sw2. BB2 is the source of all the routes you’ll see in the BGP table.
For this example I have an aggregate of 192.168.0.0/21 create on R1, which it in turn is advertising to R2 and Sw3. I also have a suppress-map on the aggregate to suppress the 192.168.3.0/24 route.
R1#sh ip bgp
BGP table version is 12, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 192.168.0.0/21 0.0.0.0 32768 i
*> 192.168.1.0 10.21.12.21 0 100 0 (12) 2122 i
*> 192.168.2.0 10.21.12.21 0 100 0 (12) 2122 i
s> 192.168.3.0 10.21.12.21 0 100 0 (12) 2122 i
*> 192.168.4.0 10.21.12.21 0 100 0 (12) 2122 i
*> 192.168.5.0 10.21.12.21 0 100 0 (12) 2122 i
*> 192.168.6.0 10.21.12.21 0 100 0 (12) 2122 i
*> 192.168.7.0 10.21.12.21 0 100 0 (12) 2122 i
*> 192.168.8.0 10.21.12.21 0 100 0 (12) 2122 i
*> 192.168.9.0 10.21.12.21 0 100 0 (12) 2122 i
R1#sh ip bgp 192.168.0.0/21
BGP routing table entry for 192.168.0.0/21, version 11
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Advertised to update-groups:
1 2
Local, (aggregated by 112 1.1.1.1)
0.0.0.0 from 0.0.0.0 (1.1.1.1)
Origin IGP, localpref 100, weight 32768, valid, aggregated, local, atomic-aggregate, best
And if we look at the BGP table on R2 we’ll see that we have the aggregate, but not the suppressed route.
R2#sh ip bgp
BGP table version is 10, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 192.168.0.0/21 10.1.2.1 0 0 112 i
*> 192.168.1.0 10.1.2.1 0 112 2122 i
*> 192.168.2.0 10.1.2.1 0 112 2122 i
*> 192.168.4.0 10.1.2.1 0 112 2122 i
*> 192.168.5.0 10.1.2.1 0 112 2122 i
*> 192.168.6.0 10.1.2.1 0 112 2122 i
*> 192.168.7.0 10.1.2.1 0 112 2122 i
*> 192.168.8.0 10.1.2.1 0 112 2122 i
*> 192.168.9.0 10.1.2.1 0 112 2122 i
Now the fun stuff starts.
What we’re going to do is inject the 192.168.3.0/24 route back into our BGP table even though it’s still suppressed on R1. We do this with the BGP inject-map, also known as the title of this post: BGP conditional route injection.
As I stated at the onset this one takes a bit of typing. We need to create a route-map that calls a prefix-list to define the route we want to inject, and we create another route-map that calls a prefix-list that defines the aggregate we want to match, and another prefix-list that defines the source of the aggregate.
That’s 3 prefix lists, and 2 route-maps.
Then with all of that nonsense in hand we define the inject-map within the BGP process itself (or within the BGP address-family if that’s the way you’re doing things).
Let’s get started shall we? We’ll be doing the config on R2.
ip prefix-list ADVERTISE-1 permit 192.168.3.0/24
!
ip prefix-list AGGREGATE-1 permit 192.168.0.0/21
!
ip prefix-list SOURCE-1 permit 10.1.2.1/32
!
route-map ADVERTISE-MAP-1
set ip address prefix ADVERTISE-1
!
route-map EXIST-MAP-1
match ip address prefix-list AGGREGATE-1
match ip route-source prefix-list SOURCE-1
!
router bgp 2313
bgp inject-map ADVERTISE-MAP-1 exist-map EXIST-MAP-1
Before we look at the results of this I want to quickly talk about my aforementioned impromptu troubleshooting fiasco this evening. Please direct your attention to the route-map ADVERTISE-MAP-1. This route-map calls the prefix-list the defines the routes we are going to inject into the BGP table.
Please note, THIS MUST BE A SET AND NOT A MATCH.
I had it as a match and it took a long time for me to see it. Under the stress of the Lab this could really bugger up your day. At least one person in #cciestudy, and one person on Twitter that looks at this also didn’t catch it.
OK, with the nastiness over with for the night, let’s get back to seeing what we actually accomplished with this config.
R2#sh ip bgp
BGP table version is 13, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 192.168.0.0/21 10.1.2.1 0 0 112 i
*> 192.168.1.0 10.1.2.1 0 112 2122 i
*> 192.168.2.0 10.1.2.1 0 112 2122 i
*> 192.168.3.0 10.1.2.1 0 ?
*> 192.168.4.0 10.1.2.1 0 112 2122 i
*> 192.168.5.0 10.1.2.1 0 112 2122 i
*> 192.168.6.0 10.1.2.1 0 112 2122 i
*> 192.168.7.0 10.1.2.1 0 112 2122 i
*> 192.168.8.0 10.1.2.1 0 112 2122 i
*> 192.168.9.0 10.1.2.1 0 112 2122 I
It’s fairly obvious which one of these things is not like the other thing. It’s also fairly obvious that that thing is our previously suppressed route. Excellent.
Al closer look at our injected route:
R2#sh ip bgp 192.168.3.0
BGP routing table entry for 192.168.3.0/24, version 13
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Advertised to update-groups:
1
Local, (aggregated by 112 1.1.1.1), (injected path from 192.168.0.0/21)
10.1.2.1 from 10.1.2.1 (1.1.1.1)
Origin incomplete, localpref 100, valid, external, atomic-aggregate, best
I won’t walk through all of the output, but of note is that it still shows as an aggregate. This seems logical since I could have made it a /23 or a /22, as long as it’s smaller than the original aggregate (a /21 in this example). Because there’s no way to know what the real networks are is should be classified as an aggregate.
If for any reason you need to set different attributes for the injected route there’s 2 ways to go about doing it. The first simply copies all the attributes from the aggregate into the injected route. This is done with the copy-attributes keyword on the inject-map command.
R2(config-router)# bgp inject-map ADVERTISE-MAP-1 exist-map EXIST-MAP-1 ?
copy-attributes Copy attributes from aggregate
<cr>
The second method is to set the desired attributes within the route-map used to specify the injected route(s). In this example this is the ADVERTISE-MAP-1 route-map.
I’ll also toss in one more command on R2 specific to this example:
R2#sh ip bgp injected-paths
BGP table version is 13, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 192.168.3.0 10.1.2.1 0 ?
This command simply shows you any entries in your BGP table that are a result of an inject-map on the local router.
We can also see that the route is being propagated to R3 as it should be.
R3#sh ip bgp 192.168.3.0/24
BGP routing table entry for 192.168.3.0/24, version 226
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Advertised to update-groups:
1 2
Local, (aggregated by 112 1.1.1.1), (Received from a RR-client)
10.1.2.1 (metric 65) from 2.2.2.2 (2.2.2.2)
Origin incomplete, metric 0, localpref 100, valid, internal, atomic-aggregate, best
There you have it. Route == Injected.
Next up is a fun and exciting way to make loops in your network using this wonderful feature.
No comments:
Post a Comment