NJECT-MAP & EXIST-MAP
With conditional route injection we can insert more specific routes into a BGP table based on the existance of another route which means that now we will combine the inject-map with the exist-map. The exist-map determines if the aggregate is present. Let’s go back on R3 to just a summary-only aggregate
R3(config-router)#aggregate-address 4.4.0.0 255.255.0.0 summary-only
Now we will create an (inject-map) to advertise 4.4.45.44 and 4.4.46.44 to R2 based on the existing aggregate (exist-map)
Before let’s check the BGP table on R1
So on R2 :
R2(config)#ip prefix-list AGGR3 seq 5 permit 4.4.0.0/16
R2(config)#ip prefix-list SOURCER3 seq 5 permit 192.168.23.3/32
R2(config)#ip prefix-list SENDTOR1 seq 5 permit 4.4.45.44/32
R2(config)#ip prefix-list SENDTOR1 seq 10 permit 4.4.46.44/32
R2(config)#ip prefix-list SOURCER3 seq 5 permit 192.168.23.3/32
R2(config)#ip prefix-list SENDTOR1 seq 5 permit 4.4.45.44/32
R2(config)#ip prefix-list SENDTOR1 seq 10 permit 4.4.46.44/32
R2(config)#route-map MUSTEXIST per 10
R2(config-route-map)#match ip add pre AGGR3
R2(config-route-map)#match ip route-source pre SOURCER3
R2(config-route-map)#match ip add pre AGGR3
R2(config-route-map)#match ip route-source pre SOURCER3
R2(config)#route-map INJECTTHIS permit 10
R2(config-route-map)#set ip address prefix-lists SENDTOR1
R2(config-route-map)#set ip address prefix-lists SENDTOR1
R2(config)#router bgp 200
R2(config-router)#bgp inject-map INJECTTHIS exist-map MUSTEXIST
R2(config-router)#bgp inject-map INJECTTHIS exist-map MUSTEXIST
As you can see networks 4.4.45.44/32 and 4.4.46.44/32 have been learned from 192.168.12.2 which is what we expect however if we also check R3 table
Hmm.. This config should not cause a loop but just in case we do not want R3 to learn its own routes back from its neighbors so we can simply on R2 add a keyword “copy-attributes” to this statement
R2(config)#router bgp 200
R2(config-router)#bgp inject-map INJECTTHIS exist-map MUSTEXIST copy-attributes
R2(config-router)#bgp inject-map INJECTTHIS exist-map MUSTEXIST copy-attributes
That way AS-PATH will be included in the advertisement and R3 will not install these routes in its BGP table if it learns them from R2 and R1 in this case , loop prevention.
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Not shown is BB2 connected off of Sw2. BB2 is the source of all the routes you’ll see in the BGP table.
For this example I have an aggregate of 192.168.0.0/21 create on R1, which it in turn is advertising to R2 and Sw3. I also have a suppress-map on the aggregate to suppress the 192.168.3.0/24 route.
R1#sh ip bgp
BGP table version is 12, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 192.168.0.0/21 0.0.0.0 32768 i
*> 192.168.1.0 10.21.12.21 0 100 0 (12) 2122 i
*> 192.168.2.0 10.21.12.21 0 100 0 (12) 2122 i
s> 192.168.3.0 10.21.12.21 0 100 0 (12) 2122 i
*> 192.168.4.0 10.21.12.21 0 100 0 (12) 2122 i
*> 192.168.5.0 10.21.12.21 0 100 0 (12) 2122 i
*> 192.168.6.0 10.21.12.21 0 100 0 (12) 2122 i
*> 192.168.7.0 10.21.12.21 0 100 0 (12) 2122 i
*> 192.168.8.0 10.21.12.21 0 100 0 (12) 2122 i
*> 192.168.9.0 10.21.12.21 0 100 0 (12) 2122 i
R1#sh ip bgp 192.168.0.0/21
BGP routing table entry for 192.168.0.0/21, version 11
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Advertised to update-groups:
1 2
Local, (aggregated by 112 1.1.1.1)
0.0.0.0 from 0.0.0.0 (1.1.1.1)
Origin IGP, localpref 100, weight 32768, valid, aggregated, local, atomic-aggregate, best
And if we look at the BGP table on R2 we’ll see that we have the aggregate, but not the suppressed route.
R2#sh ip bgp
BGP table version is 10, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 192.168.0.0/21 10.1.2.1 0 0 112 i
*> 192.168.1.0 10.1.2.1 0 112 2122 i
*> 192.168.2.0 10.1.2.1 0 112 2122 i
*> 192.168.4.0 10.1.2.1 0 112 2122 i
*> 192.168.5.0 10.1.2.1 0 112 2122 i
*> 192.168.6.0 10.1.2.1 0 112 2122 i
*> 192.168.7.0 10.1.2.1 0 112 2122 i
*> 192.168.8.0 10.1.2.1 0 112 2122 i
*> 192.168.9.0 10.1.2.1 0 112 2122 i
Now the fun stuff starts.
What we’re going to do is inject the 192.168.3.0/24 route back into our BGP table even though it’s still suppressed on R1. We do this with the BGP inject-map, also known as the title of this post: BGP conditional route injection.
As I stated at the onset this one takes a bit of typing. We need to create a route-map that calls a prefix-list to define the route we want to inject, and we create another route-map that calls a prefix-list that defines the aggregate we want to match, and another prefix-list that defines the source of the aggregate.
That’s 3 prefix lists, and 2 route-maps.
Then with all of that nonsense in hand we define the inject-map within the BGP process itself (or within the BGP address-family if that’s the way you’re doing things).
Let’s get started shall we? We’ll be doing the config on R2.
ip prefix-list ADVERTISE-1 permit 192.168.3.0/24
!
ip prefix-list AGGREGATE-1 permit 192.168.0.0/21
!
ip prefix-list SOURCE-1 permit 10.1.2.1/32
!
route-map ADVERTISE-MAP-1
set ip address prefix ADVERTISE-1
!
route-map EXIST-MAP-1
match ip address prefix-list AGGREGATE-1
match ip route-source prefix-list SOURCE-1
!
router bgp 2313
bgp inject-map ADVERTISE-MAP-1 exist-map EXIST-MAP-1
Before we look at the results of this I want to quickly talk about my aforementioned impromptu troubleshooting fiasco this evening. Please direct your attention to the route-map ADVERTISE-MAP-1. This route-map calls the prefix-list the defines the routes we are going to inject into the BGP table.
Please note, THIS MUST BE A SET AND NOT A MATCH.
I had it as a match and it took a long time for me to see it. Under the stress of the Lab this could really bugger up your day. At least one person in #cciestudy, and one person on Twitter that looks at this also didn’t catch it.
OK, with the nastiness over with for the night, let’s get back to seeing what we actually accomplished with this config.
R2#sh ip bgp
BGP table version is 13, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 192.168.0.0/21 10.1.2.1 0 0 112 i
*> 192.168.1.0 10.1.2.1 0 112 2122 i
*> 192.168.2.0 10.1.2.1 0 112 2122 i
*> 192.168.3.0 10.1.2.1 0 ?
*> 192.168.4.0 10.1.2.1 0 112 2122 i
*> 192.168.5.0 10.1.2.1 0 112 2122 i
*> 192.168.6.0 10.1.2.1 0 112 2122 i
*> 192.168.7.0 10.1.2.1 0 112 2122 i
*> 192.168.8.0 10.1.2.1 0 112 2122 i
*> 192.168.9.0 10.1.2.1 0 112 2122 I
It’s fairly obvious which one of these things is not like the other thing. It’s also fairly obvious that that thing is our previously suppressed route. Excellent.
Al closer look at our injected route:
R2#sh ip bgp 192.168.3.0
BGP routing table entry for 192.168.3.0/24, version 13
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Advertised to update-groups:
1
Local, (aggregated by 112 1.1.1.1), (injected path from 192.168.0.0/21)
10.1.2.1 from 10.1.2.1 (1.1.1.1)
Origin incomplete, localpref 100, valid, external, atomic-aggregate, best
I won’t walk through all of the output, but of note is that it still shows as an aggregate. This seems logical since I could have made it a /23 or a /22, as long as it’s smaller than the original aggregate (a /21 in this example). Because there’s no way to know what the real networks are is should be classified as an aggregate.
If for any reason you need to set different attributes for the injected route there’s 2 ways to go about doing it. The first simply copies all the attributes from the aggregate into the injected route. This is done with the copy-attributes keyword on the inject-map command.
R2(config-router)# bgp inject-map ADVERTISE-MAP-1 exist-map EXIST-MAP-1 ?
copy-attributes Copy attributes from aggregate
<cr>
The second method is to set the desired attributes within the route-map used to specify the injected route(s). In this example this is the ADVERTISE-MAP-1 route-map.
I’ll also toss in one more command on R2 specific to this example:
R2#sh ip bgp injected-paths
BGP table version is 13, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 192.168.3.0 10.1.2.1 0 ?
This command simply shows you any entries in your BGP table that are a result of an inject-map on the local router.
We can also see that the route is being propagated to R3 as it should be.
R3#sh ip bgp 192.168.3.0/24
BGP routing table entry for 192.168.3.0/24, version 226
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Advertised to update-groups:
1 2
Local, (aggregated by 112 1.1.1.1), (Received from a RR-client)
10.1.2.1 (metric 65) from 2.2.2.2 (2.2.2.2)
Origin incomplete, metric 0, localpref 100, valid, internal, atomic-aggregate, best
Hiç yorum yok:
Yorum Gönder