Narbik,
No need to apologise mate, your post was absolutely FANTASTIC! Spelling
mistakes or not the value you bring to this group is absolutely impeccable.
Continuing on from your example also, without any aggregation being
performed to begin with as you can see with the output below.
Rack1R2>show ip bgp
BGP table version is 15, local router ID is 192.10.1.2
Status codes: s suppressed, d damped, h history, * valid, > best, i -
internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 100.1.0.0/24 10.1.1.1 0 0 100 i
*> 100.1.1.0/24 10.1.1.1 0 0 100 i
*> 100.1.2.0/24 10.1.1.1 0 0 100 i
*> 100.1.3.0/24 10.1.1.1 0 0 100 i
Let's say I filtered a single out from being advertised to R2 as per the
configuration below-
R1
---
router bgp 100
neighbor 10.1.1.2 route-map filter out
!
ip prefix-list FILTER seq 5 permit 100.1.1.0/24
!
route-map filter deny 20
match ip address prefix-list FILTER
!
route-map filter permit 30
Let's verify on R2
R2
---
Rack1R2#show ip bgp
BGP table version is 4, local router ID is 10.1.1.2
Status codes: s suppressed, d damped, h history, * valid, > best, i -
internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 100.1.0.0/24 10.1.1.1 0 0 100 i
*> 100.1.2.0/24 10.1.1.1 0 0 100 i
*> 100.1.3.0/24 10.1.1.1 0 0 100 i
Okay, what happens if I applied an unsuppress map for that single prefix
also?
R1
---
ip prefix-list UNSUPPRESS seq 5 permit 100.1.1.0/24
route-map unsuppress permit 20
match ip address prefix-list UNSUPPRESS
router bgp 100
neighbor 10.1.1.2 unsuppress-map unsuppress
Verification on R2
R2
---
Rack1R2#show ip bgp
BGP table version is 4, local router ID is 10.1.1.2
Status codes: s suppressed, d damped, h history, * valid, > best, i -
internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 100.1.0.0/24 10.1.1.1 0 0 100 i
*> 100.1.2.0/24 10.1.1.1 0 0 100 i
*> 100.1.3.0/24 10.1.1.1 0 0 100 i
.... No Change!? Okay, lets now apply the aggregate to advertise only the
summary route and leave the route filter and unsuppress map in place.
R1
---
router bgp 100
aggregate-address 100.1.0.0 255.255.252.0 summary-only
Any change on R2?
R2
---
Rack1R2#show ip bgp
BGP table version is 9, local router ID is 10.1.1.2
Status codes: s suppressed, d damped, h history, * valid, > best, i -
internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 100.1.0.0/22 10.1.1.1 0 0 100 i
*> 100.1.1.0/24 10.1.1.1 0 0 100 i
Rack1R2#
Now the route is advertising our aggregate and the unsuppressed route, but
not the rest of the routes!
What does this tell me?
That I was wrong, the unsuppress map DOES only apply to unsuppress
aggregated routes!
So why do we see the behaviour in the last example?
IOS must process the outbound route filter before the aggregation and
unsuppress map, over-riding the route filter???
Thanks,
Garth
On Sun, Aug 22, 2010 at 8:20 AM, Narbik Kocharians <narbikk_at_gmail.com>wrote:
> Garth,
>
>
> *Sorry for the long post and typos if there are any.*
>
> * *
>
> *Lets say you have the following topology:*
>
>
>
> *R1* (f0/0 = 10.1.1.1/24) ---------------------------------- (f0/0 =
> 10.1.1.2/24) *R2*
>
>
>
> R1s Lo0 = 100.1.0.1/24
>
> R1s Lo0 = 100.1.1.1/24
>
> R1s Lo0 = 100.1.2.1/24
>
> R1s Lo0 = 100.1.3.1/24
>
>
>
> *R1 is advertising its Loopback interfaces in BGP; here is the
> configuration of R1 and R2:*
>
>
>
> *On R1*
>
>
>
> *R1#Show run | S router bgp *
>
> * *
>
> router bgp 100
>
> no synchronization
>
> bgp log-neighbor-changes
>
> * network 100.1.0.0 mask 255.255.255.0*
>
> * network 100.1.1.0 mask 255.255.255.0*
>
> * network 100.1.2.0 mask 255.255.255.0*
>
> * network 100.1.3.0 mask 255.255.255.0*
>
> neighbor 10.1.1.2 remote-as 200
>
> no auto-summary
>
>
>
> *On R2*
>
>
>
> *R2#Sh run | S router bgp*
>
> * *
>
> router bgp 200
>
> no synchronization
>
> bgp log-neighbor-changes
>
> neighbor 10.1.1.1 remote-as 100
>
> no auto-summary
>
>
>
> *NowR1 needs to summarize (Aggregate) its Loopback interfaces:*
>
>
>
> *On R1*
>
>
>
> R1(config)#router bgp 100
>
> R1(config-router)#*aggregate-address 100.1.0.0 255.255.252.0*
>
>
>
> **
>
> *To verify:*
>
> * *
>
> *On R2*
>
>
>
> *R2#Show ip bgp | B Net*
>
> * *
>
> Network Next Hop Metric LocPrf Weight Path
>
> **> 100.1.0.0/24 10.1.1.1 0 0 100 i***
>
> **> 100.1.0.0/22 10.1.1.1 0 0 100 i***
>
> **> 100.1.1.0/24 10.1.1.1 0 0 100 i*
>
> **> 100.1.2.0/24 10.1.1.1 0 0 100 i*
>
> **> 100.1.3.0/24 10.1.1.1 0 0 100 i***
>
>
>
> *Note by default when we aggregate in BGP the aggregate + all the specific
> routes are advertised, there are few ways to suppress a specific prefix(s)
> and advertise the aggregate ONLY; one way to suppress all the specific
> routes is to use the Summary-only keyword:*
>
>
>
> *On R1*
>
>
>
> R1(config)#router bgp 100
>
> R1(config-router)#*aggregate-address 100.1.0.0 255.255.252.0* *
> summary-only*
>
>
>
> *To verify:*
>
> * *
>
> *On R2*
>
>
>
> *R2#Show ip bgp | B Net*
>
> * *
>
> Network Next Hop Metric LocPrf Weight Path
>
> **> 100.1.0.0/22 10.1.1.1 0 0 100 i***
>
>
>
> *Note the output of the above show command reveals that the summary-only
> keyword suppressed all the specific routes and advertised the aggregate
> ONLY; this can be seen on R1 as well:*
>
>
>
> *On R1*
>
>
>
> *R1#Show ip bgp | Inc s*
>
> * *
>
> BGP table version is 10, local router ID is 100.1.3.1
>
> Status codes: s suppressed, d damped, h history, * valid, > best, i -
> internal,
>
> Origin codes: i - IGP, e - EGP, ? - incomplete
>
> *s>* 100.1.0.0/24 0.0.0.0 0 32768 i
>
> *s>* 100.1.1.0/24 0.0.0.0 0 32768 i
>
> *s>* 100.1.2.0/24 0.0.0.0 0 32768 i
>
> *s>* 100.1.3.0/24 0.0.0.0 0 32768 i
>
>
>
> *The letter s to the left of the prefixes identifies the prefixes that
> are suppressed: *
>
>
>
> *Now.another way to suppress all the specific routes is to use a
> Suppress-map:*
>
>
>
> *On R1*
>
>
>
> *You configure an access-list identifying the specific prefixes that need
> to be suppressed:*
>
>
>
> R1(config)#access-list *1* permit 100.1.0.0 0.0.0.255
>
> R1(config)#access-list *1* permit 100.1.1.0 0.0.0.255
>
> R1(config)#access-list *1* permit 100.1.2.0 0.0.0.255
>
> R1(config)#access-list *1* permit 100.1.3.0 0.0.0.255
>
>
>
> *A route-map is configured to reference the access-list:*
>
>
>
> R1(config)#route-map TST permit 10
>
> R1(config-route-map)#match ip addr *1*
>
>
>
> *The access-list is referenced by the suppress-map keyword; note the
> summary-only is no longer configured:*
>
>
>
> R1(config)#router bgp 100
>
> R1(config-router)#*aggregate-address 100.1.0.0 255.255.252.0* *suppress-map
> TST*
>
>
>
> R1#*cle ip bgp * out*
>
>
>
> *To verify:*
>
> * *
>
> *On R2*
>
>
>
> *Note ONLY the aggregate is advertised:*
>
> * *
>
> *R2#Show ip bgp | b Net*
>
> * *
>
> Network Next Hop Metric LocPrf Weight Path
>
> **> 100.1.0.0/22 10.1.1.1 0 0 100 i*
>
> * *
>
> *Once again, this can be seen on R1:*
>
>
>
> *On R1*
>
>
>
> *R1#Show ip bgp | Inc s*
>
> * *
>
> BGP table version is 18, local router ID is 100.1.3.1
>
> Status codes: s suppressed, d damped, h history, * valid, > best, i -
> internal,
>
> Origin codes: i - IGP, e - EGP, ? - incomplete
>
> *s>* 100.1.0.0/24 0.0.0.0 0 32768 i
>
> *s>* 100.1.1.0/24 0.0.0.0 0 32768 i
>
> *s>* 100.1.2.0/24 0.0.0.0 0 32768 i
>
> *s>* 100.1.3.0/24 0.0.0.0 0 32768 i
>
>
>
> *You could also manipulate the access-list to unsuppress a specific prefix
> using the existing suppress-map called TST which is already applied to
> the aggregate command:*
>
>
>
> *On R1*
>
>
>
> *To remove the existing access-list:*
>
>
>
> R1(config)#*no* access-list 1
>
>
>
> *Reconfiguring access-list 1 to include all the prefixes except the one
> that needs to be advertised (Let's say 100.1.1.0/24): *
>
>
>
> R1(config)#access-list 1 permit 100.1.0.0 0.0.0.255
>
> R1(config)#access-list 1 permit 100.1.2.0 0.0.0.255
>
> R1(config)#access-list 1 permit 100.1.3.0 0.0.0.255
>
> * *
>
> *Note prefix 100.1.1.0/24 is NOT included in the above access-list.*
>
>
>
> R1#*cle ip bgp **
>
>
>
> *On R2*
>
>
>
> *R2#Show ip bgp | b Net*
>
> * *
>
> Network Next Hop Metric LocPrf Weight Path
>
> **> 100.1.0.0/22 10.1.1.1 0 0 100 i***
>
> **> 100.1.1.0/24 10.1.1.1 0 0 100 i***
>
>
>
> *Note in the above configuration we are using the suppress-map to
> unsuppress a given prefix, basically what we are saying is suppress
networks
> 100.1.0.0/24, 100.1.2.0/24, 100.1.3.0/24 ONLY, therefore, since prefix
> 100.1.1.0/24 is NOT included in the access-list, it will be denied
> suppression and will be unsuppressed or advertised to R2.*
>
>
>
> *Another way to unsuppress a specific prefix is to use the
> unsuppress-map, I personally like the unsuppress-map because you can
> control what is unsuppressed/suppressed on a per neighbor basis, here is an
> example of unsuppress-map:*
>
>
>
> *On R1*
>
>
>
> *The following aggregate-address suppresses all the specific prefixes for
> all the neighbors: *
>
>
>
> R1(config)#router bgp 100
>
> R1(config-router)#*aggregate-address 100.1.0.0 255.255.252.0 summary-only*
>
>
>
>
> *But for neighbor 10.1.1.2, we are unsuppressing a prefix based on this
> route-map called TST: *
>
> * *
>
> R1(config-router)#*Neighbor 10.1.1.2 unsuppress-map TST*
>
>
>
> *The following will remove the existing access-list and route-map:*
>
>
>
> R1(config)#*no* access-list 1
>
> R1(config)#*no* route-map TST
>
>
>
> *The following configures an access-list identifying prefix 100.1.1.0/24,
> which needs to be unsuppressed and advertised to R2:*
>
>
>
> R1(config)#access-list 1 permit 100.1.1.0 0.0.0.255
>
>
>
> *A route-map is configured to reference the access-list:*
>
>
>
> R1(config)#route-map TST permit 10
>
> R1(config-route-map)#match ip addr 1
>
>
>
> R1#cle ip bgp *
>
>
>
> *To verify:*
>
> * *
>
> *On R2*
>
>
>
> *R2#Show ip bgp | b Net*
>
> * *
>
> Network Next Hop Metric LocPrf Weight Path
>
> **> 100.1.0.0/22 10.1.1.1 0 0 100 i***
>
> **> 100.1.1.0/24 10.1.1.1 0 0 100 i***
>
>
>
> *So in this case the unsuppress-map unsuppressed prefix 100.1.1.0/24,
> but in reality you suppressed the other routes; therefore, the
> unsuppress-map can also be used to suppress certain routes on a per
neighbor
> basis as well. *
>
> **
>
> *I guess it all depends how you look at it. But a good way to confuse a
> candidate*
>
> * *
>
> *So when configuring the suppress-map or unsuppress-map it all depends
> how the access-list and the route-map is configured; its always good to
> know your options/choices, once you know your choices, no matter how the
> question is asked, you will be able to figure out the answer.*
>
> * *
>
> *I hope this helped a little.*
>
>
>
>
>
>
>
>
>
>
> On Fri, Aug 20, 2010 at 7:32 AM, Bilal Hansrod
<bilal.hansrod_at_gmail.com>wrote:
>
>> Good luck for such a expensive lunch:)
>>
>> On Fri, Aug 20, 2010 at 11:59 PM, Garth Bryden <
>> hacked.the.planet.on.28.8k.dialup_at_gmail.com> wrote:
>>
>> > Heya!
>> >
>> > Thankyou for the responses!
>> >
>> > I actually discovered this in a lab before I posted the question, then
>> went
>> > back and played around a bit with very similar to your examples as you
>> have
>> > suggested here and yup as soon as I enabled the unsuppress map on the
>> > neighbor that I had the filtered routes for my router began advertising
>> all
>> > the routes that were aggregated AND the filtered routers :-)
>> >
>> > Ended up specifically denying the routes I wanted filtered from being
>> > matched in the unsuppress map and solved my problem :-)
>> >
>> > Anyhoo I must sleep now, I have a catch a flight to sydney tomorrow so I
>> > can
>> > have my $1500US lunch on monday ;-)
>> >
>> > Cheers,
>> >
>> > Garth
>> >
>> >
>> >
>> > On Fri, Aug 20, 2010 at 7:41 PM, Carlos G Mendioroz <tron_at_huapi.ba.ar
>> > >wrote:
>> >
>> > > Based only on the feature name, I would be surprised of the behaviour
>> > > you describe. I would think this is a bug.
>> > >
>> > > Do you have a small config set that shows this ?
>> > >
>> > > -Carlos
>> > >
>> > > Garth Bryden @ 20/8/2010 6:49 -0300 dixit:
>> > >
>> > >> Hello,
>> > >>
>> > >> I was previously under the impression that an un-suppress map was
>> used
>> > to
>> > >> unsuppress routes suppressed by aggregates but now my view of this
>> has
>> > >> changed, i was just wondering if I can get some clarification.
>> > >>
>> > >> I now believe an unsuppress map will unsuppress ANY routes that have
>> > been
>> > >> suppressed in any way, eg if you configure a route map to filter
>> certain
>> > >> routes then a unsuppress map the filtered routes will be advertised
>> > again?
>> > >>
>> > >> Anyone else seen this behavior?
>> > >>
>> > >> Thanks,
>> > >>
>> > >> Garth
>> > >>
>> > >>
>> > >> Blogs and organic groups at http://www.ccie.net
>> > >>
>> > >>
>> _______________________________________________________________________
>> > >> Subscription information may be found at:
>> > >> http://www.groupstudy.com/list/CCIELab.html
>> > >>
>> > >>
>> > >>
>> > >>
>> > >>
>> > >>
>> > >>
>> > >>
>> > > --
>> > > Carlos G Mendioroz <tron_at_huapi.ba.ar> LW7 EQI Argentina
>> >
>> >
>> > Blogs and organic groups at http://www.ccie.net
>> >
>> > _______________________________________________________________________
>> > Subscription information may be found at:
>> > http://www.groupstudy.com/list/CCIELab.html
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>>
>
>
> --
> Narbik Kocharians
> CCSI#30832, CCIE# 12410 (R&S, SP, Security)
> www.MicronicsTraining.com
> Sr. Technical Instructor
> YES! We take Cisco Learning Credits!
> Training And Remote Racks available
Blogs and organic groups at http://www.ccie.net
Received on Sun Aug 22 2010 - 13:32:10 ART
This archive was generated by hypermail 2.2.0 : Wed Sep 01 2010 - 11:20:53 ART