Re: BGP Unsuppress map from karim jamali on 2010-08-22 (Ccielab archives 08/2010)

From: karim jamali <karim.jamali_at_gmail.com>
Date: Sun, 22 Aug 2010 10:18:48 +0300

Never seen something clearer than this!

Thanks Narbik:)

On Sun, Aug 22, 2010 at 1:20 AM, Narbik Kocharians <narbikk_at_gmail.com>wrote:

> Garth,
>
>
> *Sorry for the long post and typos if there are any.*
>
> * *
>
> *Let s say you have the following topology:*
>
>
>
> *R1* (f0/0 = 10.1.1.1/24) ---------------------------------- (f0/0 =
> 10.1.1.2/24) *R2*
>
>
>
> R1 s Lo0 = 100.1.0.1/24
>
> R1 s Lo0 = 100.1.1.1/24
>
> R1 s Lo0 = 100.1.2.1/24
>
> R1 s Lo0 = 100.1.3.1/24
>
>
>
> *R1 is advertising its Loopback interfaces in BGP; here is the
> configuration
> of R1 and R2:*
>
>
>
> *On R1*
>
>
>
> *R1#Show run | S router bgp *
>
> * *
>
> router bgp 100
>
> no synchronization
>
> bgp log-neighbor-changes
>
> * network 100.1.0.0 mask 255.255.255.0*
>
> * network 100.1.1.0 mask 255.255.255.0*
>
> * network 100.1.2.0 mask 255.255.255.0*
>
> * network 100.1.3.0 mask 255.255.255.0*
>
> neighbor 10.1.1.2 remote-as 200
>
> no auto-summary
>
>
>
> *On R2*
>
>
>
> *R2#Sh run | S router bgp*
>
> * *
>
> router bgp 200
>
> no synchronization
>
> bgp log-neighbor-changes
>
> neighbor 10.1.1.1 remote-as 100
>
> no auto-summary
>
>
>
> *Now R1 needs to summarize (Aggregate) its Loopback interfaces:*
>
>
>
> *On R1*
>
>
>
> R1(config)#router bgp 100
>
> R1(config-router)#*aggregate-address 100.1.0.0 255.255.252.0*
>
>
>
> **
>
> *To verify:*
>
> * *
>
> *On R2*
>
>
>
> *R2#Show ip bgp | B Net*
>
> * *
>
> Network Next Hop Metric LocPrf Weight Path
>
> **> 100.1.0.0/24 10.1.1.1 0 0 100 i***
>
> **> 100.1.0.0/22 10.1.1.1 0 0 100 i***
>
> **> 100.1.1.0/24 10.1.1.1 0 0 100 i*
>
> **> 100.1.2.0/24 10.1.1.1 0 0 100 i*
>
> **> 100.1.3.0/24 10.1.1.1 0 0 100 i***
>
>
>
> *Note by default when we aggregate in BGP the aggregate + all the specific
> routes are advertised, there are few ways to suppress a specific prefix(s)
> and advertise the aggregate ONLY; one way to suppress all the specific
> routes is to use the Summary-only keyword:*
>
>
>
> *On R1*
>
>
>
> R1(config)#router bgp 100
>
> R1(config-router)#*aggregate-address 100.1.0.0 255.255.252.0*
> *summary-only*
>
>
>
> *To verify:*
>
> * *
>
> *On R2*
>
>
>
> *R2#Show ip bgp | B Net*
>
> * *
>
> Network Next Hop Metric LocPrf Weight Path
>
> **> 100.1.0.0/22 10.1.1.1 0 0 100 i***
>
>
>
> *Note the output of the above show command reveals that the summary-only
> keyword suppressed all the specific routes and advertised the aggregate
> ONLY; this can be seen on R1 as well:*
>
>
>
> *On R1*
>
>
>
> *R1#Show ip bgp | Inc s*
>
> * *
>
> BGP table version is 10, local router ID is 100.1.3.1
>
> Status codes: s suppressed, d damped, h history, * valid, > best, i -
> internal,
>
> Origin codes: i - IGP, e - EGP, ? - incomplete
>
> *s>* 100.1.0.0/24 0.0.0.0 0 32768 i
>
> *s>* 100.1.1.0/24 0.0.0.0 0 32768 i
>
> *s>* 100.1.2.0/24 0.0.0.0 0 32768 i
>
> *s>* 100.1.3.0/24 0.0.0.0 0 32768 i
>
>
>
> *The letter s to the left of the prefixes identifies the prefixes that
> are
> suppressed: *
>
>
>
> *Now .another way to suppress all the specific routes is to use a
> Suppress-map :*
>
>
>
> *On R1*
>
>
>
> *You configure an access-list identifying the specific prefixes that need
> to
> be suppressed:*
>
>
>
> R1(config)#access-list *1* permit 100.1.0.0 0.0.0.255
>
> R1(config)#access-list *1* permit 100.1.1.0 0.0.0.255
>
> R1(config)#access-list *1* permit 100.1.2.0 0.0.0.255
>
> R1(config)#access-list *1* permit 100.1.3.0 0.0.0.255
>
>
>
> *A route-map is configured to reference the access-list:*
>
>
>
> R1(config)#route-map TST permit 10
>
> R1(config-route-map)#match ip addr *1*
>
>
>
> *The access-list is referenced by the suppress-map keyword; note the
> summary-only is no longer configured:*
>
>
>
> R1(config)#router bgp 100
>
> R1(config-router)#*aggregate-address 100.1.0.0 255.255.252.0* *suppress-map
> TST*
>
>
>
> R1#*cle ip bgp * out*
>
>
>
> *To verify:*
>
> * *
>
> *On R2*
>
>
>
> *Note ONLY the aggregate is advertised:*
>
> * *
>
> *R2#Show ip bgp | b Net*
>
> * *
>
> Network Next Hop Metric LocPrf Weight Path
>
> **> 100.1.0.0/22 10.1.1.1 0 0 100 i*
>
> * *
>
> *Once again, this can be seen on R1:*
>
>
>
> *On R1*
>
>
>
> *R1#Show ip bgp | Inc s*
>
> * *
>
> BGP table version is 18, local router ID is 100.1.3.1
>
> Status codes: s suppressed, d damped, h history, * valid, > best, i -
> internal,
>
> Origin codes: i - IGP, e - EGP, ? - incomplete
>
> *s>* 100.1.0.0/24 0.0.0.0 0 32768 i
>
> *s>* 100.1.1.0/24 0.0.0.0 0 32768 i
>
> *s>* 100.1.2.0/24 0.0.0.0 0 32768 i
>
> *s>* 100.1.3.0/24 0.0.0.0 0 32768 i
>
>
>
> *You could also manipulate the access-list to unsuppress a specific prefix
> using the existing suppress-map called TST which is already applied to
> the aggregate command:*
>
>
>
> *On R1*
>
>
>
> *To remove the existing access-list:*
>
>
>
> R1(config)#*no* access-list 1
>
>
>
> *Reconfiguring access-list 1 to include all the prefixes except the one
> that
> needs to be advertised (Let's say 100.1.1.0/24): *
>
>
>
> R1(config)#access-list 1 permit 100.1.0.0 0.0.0.255
>
> R1(config)#access-list 1 permit 100.1.2.0 0.0.0.255
>
> R1(config)#access-list 1 permit 100.1.3.0 0.0.0.255
>
> * *
>
> *Note prefix 100.1.1.0/24 is NOT included in the above access-list.*
>
>
>
> R1#*cle ip bgp **
>
>
>
> *On R2*
>
>
>
> *R2#Show ip bgp | b Net*
>
> * *
>
> Network Next Hop Metric LocPrf Weight Path
>
> **> 100.1.0.0/22 10.1.1.1 0 0 100 i***
>
> **> 100.1.1.0/24 10.1.1.1 0 0 100 i***
>
>
>
> *Note in the above configuration we are using the suppress-map to
> unsuppress a given prefix, basically what we are saying is suppress
> networks
> 100.1.0.0/24, 100.1.2.0/24, 100.1.3.0/24 ONLY, therefore, since prefix
> 100.1.1.0/24 is NOT included in the access-list, it will be denied
> suppression and will be unsuppressed or advertised to R2.*
>
>
>
> *Another way to unsuppress a specific prefix is to use the unsuppress-map
> ,
> I personally like the unsuppress-map because you can control what is
> unsuppressed/suppressed on a per neighbor basis, here is an example of
> unsuppress-map:*
>
>
>
> *On R1*
>
>
>
> *The following aggregate-address suppresses all the specific prefixes for
> all the neighbors: *
>
>
>
> R1(config)#router bgp 100
>
> R1(config-router)#*aggregate-address 100.1.0.0 255.255.252.0 summary-only*
>
>
>
> *But for neighbor 10.1.1.2, we are unsuppressing a prefix based on this
> route-map called TST : *
>
> * *
>
> R1(config-router)#*Neighbor 10.1.1.2 unsuppress-map TST*
>
>
>
> *The following will remove the existing access-list and route-map:*
>
>
>
> R1(config)#*no* access-list 1
>
> R1(config)#*no* route-map TST
>
>
>
> *The following configures an access-list identifying prefix 100.1.1.0/24,
> which needs to be unsuppressed and advertised to R2:*
>
>
>
> R1(config)#access-list 1 permit 100.1.1.0 0.0.0.255
>
>
>
> *A route-map is configured to reference the access-list:*
>
>
>
> R1(config)#route-map TST permit 10
>
> R1(config-route-map)#match ip addr 1
>
>
>
> R1#cle ip bgp *
>
>
>
> *To verify:*
>
> * *
>
> *On R2*
>
>
>
> *R2#Show ip bgp | b Net*
>
> * *
>
> Network Next Hop Metric LocPrf Weight Path
>
> **> 100.1.0.0/22 10.1.1.1 0 0 100 i***
>
> **> 100.1.1.0/24 10.1.1.1 0 0 100 i***
>
>
>
> *So in this case the unsuppress-map unsuppressed prefix 100.1.1.0/24,
> but
> in reality you suppressed the other routes; therefore, the unsuppress-map
> can also be used to suppress certain routes on a per neighbor basis as
> well.
> *
>
> **
>
> *I guess it all depends how you look at it . But a good way to confuse a
> candidate *
>
> * *
>
> *So when configuring the suppress-map or unsuppress-map it all depends
> how the access-list and the route-map is configured; it s always good to
> know your options/choices, once you know your choices, no matter how the
> question is asked, you will be able to figure out the answer.*
>
> * *
>
> *I hope this helped a little.*
>
>
>
>
>
>
>
>
>
>
> On Fri, Aug 20, 2010 at 7:32 AM, Bilal Hansrod
> <bilal.hansrod_at_gmail.com>wrote:
>
> > Good luck for such a expensive lunch:)
> >
> > On Fri, Aug 20, 2010 at 11:59 PM, Garth Bryden <
> > hacked.the.planet.on.28.8k.dialup_at_gmail.com> wrote:
> >
> > > Heya!
> > >
> > > Thankyou for the responses!
> > >
> > > I actually discovered this in a lab before I posted the question, then
> > went
> > > back and played around a bit with very similar to your examples as you
> > have
> > > suggested here and yup as soon as I enabled the unsuppress map on the
> > > neighbor that I had the filtered routes for my router began advertising
> > all
> > > the routes that were aggregated AND the filtered routers :-)
> > >
> > > Ended up specifically denying the routes I wanted filtered from being
> > > matched in the unsuppress map and solved my problem :-)
> > >
> > > Anyhoo I must sleep now, I have a catch a flight to sydney tomorrow so
> I
> > > can
> > > have my $1500US lunch on monday ;-)
> > >
> > > Cheers,
> > >
> > > Garth
> > >
> > >
> > >
> > > On Fri, Aug 20, 2010 at 7:41 PM, Carlos G Mendioroz <tron_at_huapi.ba.ar
> > > >wrote:
> > >
> > > > Based only on the feature name, I would be surprised of the behaviour
> > > > you describe. I would think this is a bug.
> > > >
> > > > Do you have a small config set that shows this ?
> > > >
> > > > -Carlos
> > > >
> > > > Garth Bryden @ 20/8/2010 6:49 -0300 dixit:
> > > >
> > > >> Hello,
> > > >>
> > > >> I was previously under the impression that an un-suppress map was
> used
> > > to
> > > >> unsuppress routes suppressed by aggregates but now my view of this
> has
> > > >> changed, i was just wondering if I can get some clarification.
> > > >>
> > > >> I now believe an unsuppress map will unsuppress ANY routes that have
> > > been
> > > >> suppressed in any way, eg if you configure a route map to filter
> > certain
> > > >> routes then a unsuppress map the filtered routes will be advertised
> > > again?
> > > >>
> > > >> Anyone else seen this behavior?
> > > >>
> > > >> Thanks,
> > > >>
> > > >> Garth
> > > >>
> > > >>
> > > >> Blogs and organic groups at http://www.ccie.net
> > > >>
> > > >>
> > _______________________________________________________________________
> > > >> Subscription information may be found at:
> > > >> http://www.groupstudy.com/list/CCIELab.html
> > > >>
> > > >>
> > > >>
> > > >>
> > > >>
> > > >>
> > > >>
> > > >>
> > > > --
> > > > Carlos G Mendioroz <tron_at_huapi.ba.ar> LW7 EQI Argentina
> > >
> > >
> > > Blogs and organic groups at http://www.ccie.net
> > >
> > > _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> >
> >
> >
> >
> >
>
>
> --
> Narbik Kocharians
> CCSI#30832, CCIE# 12410 (R&S, SP, Security)
> www.MicronicsTraining.com
> Sr. Technical Instructor
> YES! We take Cisco Learning Credits!
> Training And Remote Racks available
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>

-- 
KJ
Blogs and organic groups at http://www.ccie.net

Received on Sun Aug 22 2010 - 10:18:48 ART

This archive was generated by hypermail 2.2.0 : Wed Sep 01 2010 - 11:20:53 ART