Garth,
*Sorry for the long post and typos if there are any.*
* *
*Let�s say you have the following topology:*
*R1* (f0/0 = 10.1.1.1/24) ---------------------------------- (f0/0 =
10.1.1.2/24) *R2*
R1�s Lo0 = 100.1.0.1/24
R1�s Lo0 = 100.1.1.1/24
R1�s Lo0 = 100.1.2.1/24
R1�s Lo0 = 100.1.3.1/24
*R1 is advertising its Loopback interfaces in BGP; here is the configuration
of R1 and R2:*
*On R1*
*R1#Show run | S router bgp *
* *
router bgp 100
no synchronization
bgp log-neighbor-changes
* network 100.1.0.0 mask 255.255.255.0*
* network 100.1.1.0 mask 255.255.255.0*
* network 100.1.2.0 mask 255.255.255.0*
* network 100.1.3.0 mask 255.255.255.0*
neighbor 10.1.1.2 remote-as 200
no auto-summary
*On R2*
*R2#Sh run | S router bgp*
* *
router bgp 200
no synchronization
bgp log-neighbor-changes
neighbor 10.1.1.1 remote-as 100
no auto-summary
*Now��R1 needs to summarize (Aggregate) its Loopback interfaces:*
*On R1*
R1(config)#router bgp 100
R1(config-router)#*aggregate-address 100.1.0.0 255.255.252.0*
**
*To verify:*
* *
*On R2*
*R2#Show ip bgp | B Net*
* *
Network Next Hop Metric LocPrf Weight Path
**> 100.1.0.0/24 10.1.1.1 0 0 100 i***
**> 100.1.0.0/22 10.1.1.1 0 0 100 i***
**> 100.1.1.0/24 10.1.1.1 0 0 100 i*
**> 100.1.2.0/24 10.1.1.1 0 0 100 i*
**> 100.1.3.0/24 10.1.1.1 0 0 100 i***
*Note by default when we aggregate in BGP the aggregate + all the specific
routes are advertised, there are few ways to suppress a specific prefix(s)
and advertise the aggregate ONLY; one way to suppress all the specific
routes is to use the �Summary-only� keyword:*
*On R1*
R1(config)#router bgp 100
R1(config-router)#*aggregate-address 100.1.0.0 255.255.252.0* *summary-only*
*To verify:*
* *
*On R2*
*R2#Show ip bgp | B Net*
* *
Network Next Hop Metric LocPrf Weight Path
**> 100.1.0.0/22 10.1.1.1 0 0 100 i***
*Note the output of the above show command reveals that the �summary-only�
keyword suppressed all the specific routes and advertised the aggregate
ONLY; this can be seen on R1 as well:*
*On R1*
*R1#Show ip bgp | Inc s*
* *
BGP table version is 10, local router ID is 100.1.3.1
Status codes: s suppressed, d damped, h history, * valid, > best, i -
internal,
Origin codes: i - IGP, e - EGP, ? - incomplete
*s>* 100.1.0.0/24 0.0.0.0 0 32768 i
*s>* 100.1.1.0/24 0.0.0.0 0 32768 i
*s>* 100.1.2.0/24 0.0.0.0 0 32768 i
*s>* 100.1.3.0/24 0.0.0.0 0 32768 i
*The letter �s� to the left of the prefixes identifies the prefixes that are
suppressed: *
*Now�.another way to suppress all the specific routes is to use a
�Suppress-map�:*
*On R1*
*You configure an access-list identifying the specific prefixes that need to
be suppressed:*
R1(config)#access-list *1* permit 100.1.0.0 0.0.0.255
R1(config)#access-list *1* permit 100.1.1.0 0.0.0.255
R1(config)#access-list *1* permit 100.1.2.0 0.0.0.255
R1(config)#access-list *1* permit 100.1.3.0 0.0.0.255
*A route-map is configured to reference the access-list:*
R1(config)#route-map TST permit 10
R1(config-route-map)#match ip addr *1*
*The access-list is referenced by the �suppress-map� keyword; note the
�summary-only� is no longer configured:*
R1(config)#router bgp 100
R1(config-router)#*aggregate-address 100.1.0.0 255.255.252.0* *suppress-map
TST*
R1#*cle ip bgp * out*
*To verify:*
* *
*On R2*
*Note ONLY the aggregate is advertised:*
* *
*R2#Show ip bgp | b Net*
* *
Network Next Hop Metric LocPrf Weight Path
**> 100.1.0.0/22 10.1.1.1 0 0 100 i*
* *
*Once again, this can be seen on R1:*
*On R1*
*R1#Show ip bgp | Inc s*
* *
BGP table version is 18, local router ID is 100.1.3.1
Status codes: s suppressed, d damped, h history, * valid, > best, i -
internal,
Origin codes: i - IGP, e - EGP, ? - incomplete
*s>* 100.1.0.0/24 0.0.0.0 0 32768 i
*s>* 100.1.1.0/24 0.0.0.0 0 32768 i
*s>* 100.1.2.0/24 0.0.0.0 0 32768 i
*s>* 100.1.3.0/24 0.0.0.0 0 32768 i
*You could also manipulate the access-list to unsuppress a specific prefix
using the existing �suppress-map� called �TST� which is already applied to
the aggregate command:*
*On R1*
*To remove the existing access-list:*
R1(config)#*no* access-list 1
*Reconfiguring access-list 1 to include all the prefixes except the one that
needs to be advertised (Let's say 100.1.1.0/24): *
R1(config)#access-list 1 permit 100.1.0.0 0.0.0.255
R1(config)#access-list 1 permit 100.1.2.0 0.0.0.255
R1(config)#access-list 1 permit 100.1.3.0 0.0.0.255
* *
*Note prefix 100.1.1.0/24 is NOT included in the above access-list.*
R1#*cle ip bgp **
*On R2*
*R2#Show ip bgp | b Net*
* *
Network Next Hop Metric LocPrf Weight Path
**> 100.1.0.0/22 10.1.1.1 0 0 100 i***
**> 100.1.1.0/24 10.1.1.1 0 0 100 i***
*Note in the above configuration we are using the �suppress-map� to
unsuppress a given prefix, basically what we are saying is suppress networks
100.1.0.0/24, 100.1.2.0/24, 100.1.3.0/24 ONLY, therefore, since prefix
100.1.1.0/24 is NOT included in the access-list, it will be denied
suppression and will be unsuppressed or advertised to R2.*
*Another way to unsuppress a specific prefix is to use the �unsuppress-map�,
I personally like the unsuppress-map because you can control what is
unsuppressed/suppressed on a per neighbor basis, here is an example of
unsuppress-map:*
*On R1*
*The following aggregate-address suppresses all the specific prefixes for
all the neighbors: *
R1(config)#router bgp 100
R1(config-router)#*aggregate-address 100.1.0.0 255.255.252.0 summary-only*
*But for neighbor 10.1.1.2, we are unsuppressing a prefix based on this
route-map called �TST�: *
* *
R1(config-router)#*Neighbor 10.1.1.2 unsuppress-map TST*
*The following will remove the existing access-list and route-map:*
R1(config)#*no* access-list 1
R1(config)#*no* route-map TST
*The following configures an access-list identifying prefix 100.1.1.0/24,
which needs to be unsuppressed and advertised to R2:*
R1(config)#access-list 1 permit 100.1.1.0 0.0.0.255
*A route-map is configured to reference the access-list:*
R1(config)#route-map TST permit 10
R1(config-route-map)#match ip addr 1
R1#cle ip bgp *
*To verify:*
* *
*On R2*
*R2#Show ip bgp | b Net*
* *
Network Next Hop Metric LocPrf Weight Path
**> 100.1.0.0/22 10.1.1.1 0 0 100 i***
**> 100.1.1.0/24 10.1.1.1 0 0 100 i***
*So in this case the �unsuppress-map� unsuppressed prefix 100.1.1.0/24, but
in reality you suppressed the other routes; therefore, the unsuppress-map
can also be used to suppress certain routes on a per neighbor basis as well.
*
**
*I guess it all depends how you look at it��. But a good way to confuse a
candidate�*
* *
*So when configuring the �suppress-map� or unsuppress-map� it all depends
how the access-list and the route-map is configured; it�s always good to
know your options/choices, once you know your choices, no matter how the
question is asked, you will be able to figure out the answer.*
* *
*I hope this helped a little.*
On Fri, Aug 20, 2010 at 7:32 AM, Bilal Hansrod
<bilal.hansrod_at_gmail.com>wrote:
> Good luck for such a expensive lunch:)
>
> On Fri, Aug 20, 2010 at 11:59 PM, Garth Bryden <
> hacked.the.planet.on.28.8k.dialup_at_gmail.com> wrote:
>
> > Heya!
> >
> > Thankyou for the responses!
> >
> > I actually discovered this in a lab before I posted the question, then
> went
> > back and played around a bit with very similar to your examples as you
> have
> > suggested here and yup as soon as I enabled the unsuppress map on the
> > neighbor that I had the filtered routes for my router began advertising
> all
> > the routes that were aggregated AND the filtered routers :-)
> >
> > Ended up specifically denying the routes I wanted filtered from being
> > matched in the unsuppress map and solved my problem :-)
> >
> > Anyhoo I must sleep now, I have a catch a flight to sydney tomorrow so I
> > can
> > have my $1500US lunch on monday ;-)
> >
> > Cheers,
> >
> > Garth
> >
> >
> >
> > On Fri, Aug 20, 2010 at 7:41 PM, Carlos G Mendioroz <tron_at_huapi.ba.ar
> > >wrote:
> >
> > > Based only on the feature name, I would be surprised of the behaviour
> > > you describe. I would think this is a bug.
> > >
> > > Do you have a small config set that shows this ?
> > >
> > > -Carlos
> > >
> > > Garth Bryden @ 20/8/2010 6:49 -0300 dixit:
> > >
> > >> Hello,
> > >>
> > >> I was previously under the impression that an un-suppress map was used
> > to
> > >> unsuppress routes suppressed by aggregates but now my view of this has
> > >> changed, i was just wondering if I can get some clarification.
> > >>
> > >> I now believe an unsuppress map will unsuppress ANY routes that have
> > been
> > >> suppressed in any way, eg if you configure a route map to filter
> certain
> > >> routes then a unsuppress map the filtered routes will be advertised
> > again?
> > >>
> > >> Anyone else seen this behavior?
> > >>
> > >> Thanks,
> > >>
> > >> Garth
> > >>
> > >>
> > >> Blogs and organic groups at http://www.ccie.net
> > >>
> > >>
> _______________________________________________________________________
> > >> Subscription information may be found at:
> > >> http://www.groupstudy.com/list/CCIELab.html
> > >>
> > >>
> > >>
> > >>
> > >>
> > >>
> > >>
> > >>
> > > --
> > > Carlos G Mendioroz <tron_at_huapi.ba.ar> LW7 EQI Argentina
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
--
Narbik Kocharians
CCSI#30832, CCIE# 12410 (R&S, SP, Security)
www.MicronicsTraining.com
Sr. Technical Instructor
YES! We take Cisco Learning Credits!
Training And Remote Racks available
Blogs and organic groups at http://www.ccie.net
Received on Sat Aug 21 2010 - 15:20:28 ART