Thank you so very much for such a useful post. I believe this one of the
simplest and easy to understood post I have seen in some time. I think,
everybody highly appreciate your effort and time for making it simple.
Thanks once again, you are doing wonderful work for everyone.
Bilal Hansrod
On Sun, Aug 22, 2010 at 8:20 AM, Narbik Kocharians <narbikk_at_gmail.com>wrote:
> Garth,
>
>
> *Sorry for the long post and typos if there are any.*
>
> * *
>
> *Let�s say you have the following topology:*
>
>
>
> *R1* (f0/0 = 10.1.1.1/24) ---------------------------------- (f0/0 =
> 10.1.1.2/24) *R2*
>
>
>
> R1�s Lo0 = 100.1.0.1/24
>
> R1�s Lo0 = 100.1.1.1/24
>
> R1�s Lo0 = 100.1.2.1/24
>
> R1�s Lo0 = 100.1.3.1/24
>
>
>
> *R1 is advertising its Loopback interfaces in BGP; here is the
> configuration of R1 and R2:*
>
>
>
> *On R1*
>
>
>
> *R1#Show run | S router bgp *
>
> * *
>
> router bgp 100
>
> no synchronization
>
> bgp log-neighbor-changes
>
> * network 100.1.0.0 mask 255.255.255.0*
>
> * network 100.1.1.0 mask 255.255.255.0*
>
> * network 100.1.2.0 mask 255.255.255.0*
>
> * network 100.1.3.0 mask 255.255.255.0*
>
> neighbor 10.1.1.2 remote-as 200
>
> no auto-summary
>
>
>
> *On R2*
>
>
>
> *R2#Sh run | S router bgp*
>
> * *
>
> router bgp 200
>
> no synchronization
>
> bgp log-neighbor-changes
>
> neighbor 10.1.1.1 remote-as 100
>
> no auto-summary
>
>
>
> *Now��R1 needs to summarize (Aggregate) its Loopback interfaces:*
>
>
>
> *On R1*
>
>
>
> R1(config)#router bgp 100
>
> R1(config-router)#*aggregate-address 100.1.0.0 255.255.252.0*
>
>
>
> **
>
> *To verify:*
>
> * *
>
> *On R2*
>
>
>
> *R2#Show ip bgp | B Net*
>
> * *
>
> Network Next Hop Metric LocPrf Weight Path
>
> **> 100.1.0.0/24 10.1.1.1 0 0 100 i***
>
> **> 100.1.0.0/22 10.1.1.1 0 0 100 i***
>
> **> 100.1.1.0/24 10.1.1.1 0 0 100 i*
>
> **> 100.1.2.0/24 10.1.1.1 0 0 100 i*
>
> **> 100.1.3.0/24 10.1.1.1 0 0 100 i***
>
>
>
> *Note by default when we aggregate in BGP the aggregate + all the specific
> routes are advertised, there are few ways to suppress a specific prefix(s)
> and advertise the aggregate ONLY; one way to suppress all the specific
> routes is to use the �Summary-only� keyword:*
>
>
>
> *On R1*
>
>
>
> R1(config)#router bgp 100
>
> R1(config-router)#*aggregate-address 100.1.0.0 255.255.252.0* *
> summary-only*
>
>
>
> *To verify:*
>
> * *
>
> *On R2*
>
>
>
> *R2#Show ip bgp | B Net*
>
> * *
>
> Network Next Hop Metric LocPrf Weight Path
>
> **> 100.1.0.0/22 10.1.1.1 0 0 100 i***
>
>
>
> *Note the output of the above show command reveals that the �summary-only�
> keyword suppressed all the specific routes and advertised the aggregate
> ONLY; this can be seen on R1 as well:*
>
>
>
> *On R1*
>
>
>
> *R1#Show ip bgp | Inc s*
>
> * *
>
> BGP table version is 10, local router ID is 100.1.3.1
>
> Status codes: s suppressed, d damped, h history, * valid, > best, i -
> internal,
>
> Origin codes: i - IGP, e - EGP, ? - incomplete
>
> *s>* 100.1.0.0/24 0.0.0.0 0 32768 i
>
> *s>* 100.1.1.0/24 0.0.0.0 0 32768 i
>
> *s>* 100.1.2.0/24 0.0.0.0 0 32768 i
>
> *s>* 100.1.3.0/24 0.0.0.0 0 32768 i
>
>
>
> *The letter �s� to the left of the prefixes identifies the prefixes that
> are suppressed: *
>
>
>
> *Now�.another way to suppress all the specific routes is to use a
> �Suppress-map�:*
>
>
>
> *On R1*
>
>
>
> *You configure an access-list identifying the specific prefixes that need
> to be suppressed:*
>
>
>
> R1(config)#access-list *1* permit 100.1.0.0 0.0.0.255
>
> R1(config)#access-list *1* permit 100.1.1.0 0.0.0.255
>
> R1(config)#access-list *1* permit 100.1.2.0 0.0.0.255
>
> R1(config)#access-list *1* permit 100.1.3.0 0.0.0.255
>
>
>
> *A route-map is configured to reference the access-list:*
>
>
>
> R1(config)#route-map TST permit 10
>
> R1(config-route-map)#match ip addr *1*
>
>
>
> *The access-list is referenced by the �suppress-map� keyword; note the
> �summary-only� is no longer configured:*
>
>
>
> R1(config)#router bgp 100
>
> R1(config-router)#*aggregate-address 100.1.0.0 255.255.252.0* *suppress-map
> TST*
>
>
>
> R1#*cle ip bgp * out*
>
>
>
> *To verify:*
>
> * *
>
> *On R2*
>
>
>
> *Note ONLY the aggregate is advertised:*
>
> * *
>
> *R2#Show ip bgp | b Net*
>
> * *
>
> Network Next Hop Metric LocPrf Weight Path
>
> **> 100.1.0.0/22 10.1.1.1 0 0 100 i*
>
> * *
>
> *Once again, this can be seen on R1:*
>
>
>
> *On R1*
>
>
>
> *R1#Show ip bgp | Inc s*
>
> * *
>
> BGP table version is 18, local router ID is 100.1.3.1
>
> Status codes: s suppressed, d damped, h history, * valid, > best, i -
> internal,
>
> Origin codes: i - IGP, e - EGP, ? - incomplete
>
> *s>* 100.1.0.0/24 0.0.0.0 0 32768 i
>
> *s>* 100.1.1.0/24 0.0.0.0 0 32768 i
>
> *s>* 100.1.2.0/24 0.0.0.0 0 32768 i
>
> *s>* 100.1.3.0/24 0.0.0.0 0 32768 i
>
>
>
> *You could also manipulate the access-list to unsuppress a specific prefix
> using the existing �suppress-map� called �TST� which is already applied to
> the aggregate command:*
>
>
>
> *On R1*
>
>
>
> *To remove the existing access-list:*
>
>
>
> R1(config)#*no* access-list 1
>
>
>
> *Reconfiguring access-list 1 to include all the prefixes except the one
> that needs to be advertised (Let's say 100.1.1.0/24): *
>
>
>
> R1(config)#access-list 1 permit 100.1.0.0 0.0.0.255
>
> R1(config)#access-list 1 permit 100.1.2.0 0.0.0.255
>
> R1(config)#access-list 1 permit 100.1.3.0 0.0.0.255
>
> * *
>
> *Note prefix 100.1.1.0/24 is NOT included in the above access-list.*
>
>
>
> R1#*cle ip bgp **
>
>
>
> *On R2*
>
>
>
> *R2#Show ip bgp | b Net*
>
> * *
>
> Network Next Hop Metric LocPrf Weight Path
>
> **> 100.1.0.0/22 10.1.1.1 0 0 100 i***
>
> **> 100.1.1.0/24 10.1.1.1 0 0 100 i***
>
>
>
> *Note in the above configuration we are using the �suppress-map� to
> unsuppress a given prefix, basically what we are saying is suppress
networks
> 100.1.0.0/24, 100.1.2.0/24, 100.1.3.0/24 ONLY, therefore, since prefix
> 100.1.1.0/24 is NOT included in the access-list, it will be denied
> suppression and will be unsuppressed or advertised to R2.*
>
>
>
> *Another way to unsuppress a specific prefix is to use the
> �unsuppress-map�, I personally like the unsuppress-map because you can
> control what is unsuppressed/suppressed on a per neighbor basis, here is an
> example of unsuppress-map:*
>
>
>
> *On R1*
>
>
>
> *The following aggregate-address suppresses all the specific prefixes for
> all the neighbors: *
>
>
>
> R1(config)#router bgp 100
>
> R1(config-router)#*aggregate-address 100.1.0.0 255.255.252.0 summary-only*
>
>
>
>
> *But for neighbor 10.1.1.2, we are unsuppressing a prefix based on this
> route-map called �TST�: *
>
> * *
>
> R1(config-router)#*Neighbor 10.1.1.2 unsuppress-map TST*
>
>
>
> *The following will remove the existing access-list and route-map:*
>
>
>
> R1(config)#*no* access-list 1
>
> R1(config)#*no* route-map TST
>
>
>
> *The following configures an access-list identifying prefix 100.1.1.0/24,
> which needs to be unsuppressed and advertised to R2:*
>
>
>
> R1(config)#access-list 1 permit 100.1.1.0 0.0.0.255
>
>
>
> *A route-map is configured to reference the access-list:*
>
>
>
> R1(config)#route-map TST permit 10
>
> R1(config-route-map)#match ip addr 1
>
>
>
> R1#cle ip bgp *
>
>
>
> *To verify:*
>
> * *
>
> *On R2*
>
>
>
> *R2#Show ip bgp | b Net*
>
> * *
>
> Network Next Hop Metric LocPrf Weight Path
>
> **> 100.1.0.0/22 10.1.1.1 0 0 100 i***
>
> **> 100.1.1.0/24 10.1.1.1 0 0 100 i***
>
>
>
> *So in this case the �unsuppress-map� unsuppressed prefix 100.1.1.0/24,
> but in reality you suppressed the other routes; therefore, the
> unsuppress-map can also be used to suppress certain routes on a per
neighbor
> basis as well. *
>
> **
>
> *I guess it all depends how you look at it��. But a good way to confuse a
> candidate�*
>
> * *
>
> *So when configuring the �suppress-map� or unsuppress-map� it all depends
> how the access-list and the route-map is configured; it�s always good to
> know your options/choices, once you know your choices, no matter how the
> question is asked, you will be able to figure out the answer.*
>
> * *
>
> *I hope this helped a little.*
>
>
>
>
>
>
>
>
>
>
> On Fri, Aug 20, 2010 at 7:32 AM, Bilal Hansrod
<bilal.hansrod_at_gmail.com>wrote:
>
>> Good luck for such a expensive lunch:)
>>
>> On Fri, Aug 20, 2010 at 11:59 PM, Garth Bryden <
>> hacked.the.planet.on.28.8k.dialup_at_gmail.com> wrote:
>>
>> > Heya!
>> >
>> > Thankyou for the responses!
>> >
>> > I actually discovered this in a lab before I posted the question, then
>> went
>> > back and played around a bit with very similar to your examples as you
>> have
>> > suggested here and yup as soon as I enabled the unsuppress map on the
>> > neighbor that I had the filtered routes for my router began advertising
>> all
>> > the routes that were aggregated AND the filtered routers :-)
>> >
>> > Ended up specifically denying the routes I wanted filtered from being
>> > matched in the unsuppress map and solved my problem :-)
>> >
>> > Anyhoo I must sleep now, I have a catch a flight to sydney tomorrow so I
>> > can
>> > have my $1500US lunch on monday ;-)
>> >
>> > Cheers,
>> >
>> > Garth
>> >
>> >
>> >
>> > On Fri, Aug 20, 2010 at 7:41 PM, Carlos G Mendioroz <tron_at_huapi.ba.ar
>> > >wrote:
>> >
>> > > Based only on the feature name, I would be surprised of the behaviour
>> > > you describe. I would think this is a bug.
>> > >
>> > > Do you have a small config set that shows this ?
>> > >
>> > > -Carlos
>> > >
>> > > Garth Bryden @ 20/8/2010 6:49 -0300 dixit:
>> > >
>> > >> Hello,
>> > >>
>> > >> I was previously under the impression that an un-suppress map was
>> used
>> > to
>> > >> unsuppress routes suppressed by aggregates but now my view of this
>> has
>> > >> changed, i was just wondering if I can get some clarification.
>> > >>
>> > >> I now believe an unsuppress map will unsuppress ANY routes that have
>> > been
>> > >> suppressed in any way, eg if you configure a route map to filter
>> certain
>> > >> routes then a unsuppress map the filtered routes will be advertised
>> > again?
>> > >>
>> > >> Anyone else seen this behavior?
>> > >>
>> > >> Thanks,
>> > >>
>> > >> Garth
>> > >>
>> > >>
>> > >> Blogs and organic groups at http://www.ccie.net
>> > >>
>> > >>
>> _______________________________________________________________________
>> > >> Subscription information may be found at:
>> > >> http://www.groupstudy.com/list/CCIELab.html
>> > >>
>> > >>
>> > >>
>> > >>
>> > >>
>> > >>
>> > >>
>> > >>
>> > > --
>> > > Carlos G Mendioroz <tron_at_huapi.ba.ar> LW7 EQI Argentina
>> >
>> >
>> > Blogs and organic groups at http://www.ccie.net
>> >
>> > _______________________________________________________________________
>> > Subscription information may be found at:
>> > http://www.groupstudy.com/list/CCIELab.html
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>>
>
>
> --
> Narbik Kocharians
> CCSI#30832, CCIE# 12410 (R&S, SP, Security)
> www.MicronicsTraining.com
> Sr. Technical Instructor
> YES! We take Cisco Learning Credits!
> Training And Remote Racks available
Blogs and organic groups at http://www.ccie.net
Received on Sun Aug 22 2010 - 20:23:37 ART