Monday, June 9, 2008

BGP aggregation with suppress-map

This scenario involves use of the suppress-map with BGP aggregate-address command. It is fairly simple to understand but I could use the practice.

R1 is getting the following routes from R2 in AS 200:

R1#show ip bgp | Begin Network
Network Next Hop Metric LocPrf Weight Path
*> 2.2.2.2/32 172.12.12.22 0 0 200 i
r> 2.2.2.3/32 172.12.12.22 0 0 200 i
*> 200.1.1.2/32 172.12.12.22 0 0 200 i
*> 200.2.2.2/32 172.12.12.22 0 0 200 i
*> 200.3.3.2/32 172.12.12.22 0 0 200 i

On R2 we can configure aggregation with the following command:

R2(config-router)#aggregate-address 200.0.0.0 255.0.0.0

Without clearing BGP, here is R1's BGP table with the aggregate 200.0.0.0/8:

R1#show ip bgp | Begin Network
Network Next Hop Metric LocPrf Weight Path
*> 2.2.2.2/32 172.12.12.22 0 0 200 i
r> 2.2.2.3/32 172.12.12.22 0 0 200 i
*> 200.0.0.0/8 172.12.12.22 0 0 200 i
*> 200.1.1.2/32 172.12.12.22 0 0 200 i
*> 200.2.2.2/32 172.12.12.22 0 0 200 i
*> 200.3.3.2/32 172.12.12.22 0 0 200 i

Suppose we wanted to suppress only some of the "component routes", but not all. With the summary-only keyword we would suppress all, but with a suppress-map we can supress a few.

on R2 we add the following:

access-list 50 permit 200.1.1.2
access-list 50 permit 200.3.3.2
!
route-map BLOCK permit 10
match ip address 50
!
router bgp 200
aggregate-address 200.0.0.0 255.0.0.0 suppress-map BLOCK
!

Note that the access-list "permits" the networks and the supress-map matches whatever networks are permitted by the ACL and suppresses them.

Now on R1 we have:

R1#show ip bgp | Begin Network
Network Next Hop Metric LocPrf Weight Path
*> 2.2.2.2/32 172.12.12.22 0 0 200 i
r> 2.2.2.3/32 172.12.12.22 0 0 200 i
*> 200.0.0.0/8 172.12.12.22 0 0 200 i
*> 200.2.2.2/32 172.12.12.22 0 0 200 i

3 comments:

  1. Um I think that I really need to have a deep understanding to these codes. In due time I can make your post as my notes.

    Sheila from carrelage extérieur terrasse 

    ReplyDelete
  2. Jac
    result does not match the command.
    should be :
    access-list 50 deny 200.1.1.2
    access-list 50 deny 200.3.3.2
    not permit.

    ReplyDelete
    Replies
    1. Jac
      small correction
      I work only with the prefix list
      because of the 32 bit on the loopback , tomorrow Checking ?

      aggregate-address 200.0.0.0 255.0.0.0 summary-only suppress-map block

      ip prefix-list bb seq 5 permit 200.1.2.0/24

      route-map block deny 10
      match ip address bb

      Delete

Note: Only a member of this blog may post a comment.