BGP aggregate-address

BGP Aaggregate-address Command

To create an aggregate entry in a Border Gateway Protocol (BGP) database, use the aggregate-address command in address family or router configuration mode. To disable this function, use the no form of this command.

aggregate-address address mask [as-set] [as-confed-set] [summary-only] [ suppress-map map-name ] [ advertise-map map-name ] [ attribute-map map-name ]
no aggregate-address address mask [as-set] [as-confed-set] [summary-only] [ suppress-map map-name ] [ advertise-map map-name ] [ attribute-map map-name ]

Syntax Description

address	Aggregate address.
mask	Aggregate mask.
as-set	(Optional) Generates autonomous system set path information.
as-confed-set	(Optional) Generates autonomous confederation set path information.
summary-only	(Optional) Filters all more-specific routes from updates.
suppress-map map-name	(Optional) Specifies the name of the route map used to select the routes to be suppressed.
advertise-map map-name	(Optional) Specifies the name of the route map used to select the routes to create AS_SET origin communities.
attribute-map map-name	(Optional) Specifies the name of the route map used to set the attribute of the aggregate route.

Command Default

The atomic aggregate attribute is set automatically when an aggregate route is created with this command unless the as-set keyword is specified.

Usage Guidelines

You can implement aggregate routing in BGP and Multiprotocol BGP (mBGP) either by redistributing an aggregate route into BGP or mBGP, or by using the conditional aggregate routing feature.

Using the aggregate-addresscommand with no keywords will create an aggregate entry in the BGP or mBGP routing table if any more-specific BGP or mBGP routes are available that fall within the specified range. (A longer prefix that matches the aggregate must exist in the BGP Routing table.) The aggregate route will be advertised as coming from your autonomous system and will have the atomic aggregate attribute set to show that information might be missing. (By default, the atomic aggregate attribute is set unless you specify the as-set keyword.)

Using the as-setkeyword creates an aggregate entry using the same rules that the command follows without this keyword, but the path advertised for this route will be an AS_SET consisting of all elements contained in all paths that are being summarized. Do not use this form of the aggregate-addresscommandwhen aggregating many paths, because this route must be continually withdrawn and updated as autonomous system path reachability information for the summarized routes changes.

Using the as-confed-set keyword creates an aggregate entry using the same rules that the command follows without this keyword. This keyword performs the same function as the as-set keyword, except that it generates autonomous confed set path information.

Using the summary-onlykeyword not only creates the aggregate route (for example, 192.*.*.*) but also suppresses advertisements of more-specific routes to all neighbors. If you want to suppress only advertisements to certain neighbors, you may use the neighbor distribute-list command, with caution. If a more-specific route leaks out, all BGP or mBGP routers will prefer that route over the less-specific aggregate you are generating (using longest-match routing).

Using the suppress-mapkeyword creates the aggregate route but suppresses advertisement of specified routes. You can use the match clauses of route maps to selectively suppress some more-specific routes of the aggregate and leave others unsuppressed. IP access lists and autonomous system path access lists match clauses are supported.

Using the advertise-mapkeyword selects specific routes that will be used to build different components of the aggregate route, such as AS_SET or community. This form of the aggregate-addresscommand is useful when the components of an aggregate are in separate autonomous systems and you want to create an aggregate with AS_SET, and advertise it back to some of the same autonomous systems. You must remember to omit the specific autonomous system numbers from the AS_SET to prevent the aggregate from being dropped by the BGP loop detection mechanism at the receiving router. IP access lists and autonomous system path access lists match clauses are supported.


Using the attribute-mapkeyword allows attributes of the aggregate route to be changed. This form of the aggregate-addresscommand is useful when one of the routes forming the AS_SET is configured with an attribute such as the community no-export attribute, which would prevent the aggregate route from being exported. An attribute map route map can be created to change the aggregate attributes. 

Emphasie

To make the BGP aggregate-address command works, a more specific BGP route that fall within the specified range have to exist in BGP routing table.  there is nothing to do with any IGP route. it just check whether there is  more specific BGP route existing or not.

more specific BGP route means the prefix is longer than aggregated prefix.  equal length of prefix don't count

Compare the  aggregate-address command  with Network X.X.X.X mask Y.Y.Y.Y command

Network X.X.X.X mask Y.Y.Y.Y command needs a exactly matched IGP route which have to exist in the routing table (RIB).  existing exactly matched BGP route don't conut

Blackhole traffic issue related with bad design

To use the BGP aggregate-address, please make sure the existing BGP routes are more specific than aggregated route. if you have existing BGP route which fall to the specified aggregate range but the prefix is same length with the aggregated route, the backhole may happen.

To be safe, we can use the attribute-map to change the aggregated route weight to 0 and local-preference to 90 to make the aggregated route to be less preferred

The below illustrate this issue

R1 and R2 are in AS10, R3 is in AS20
R1 BGP neighbor with R2,    R2 BGP neighbor with R3. 
R1 generate  bgp routes 172.16.1.0/24 and 172.16.0.0/16
R1 interface loopback100 ip address is 172.16.8.1



The basic setup is below. 

___________________________________________________________________
! R1 configuration

interface Loopback0
 ip address 1.1.1.1 255.255.255.255

interface Loopback100

 ip address 172.16.8.1 255.255.255.255
!
interface FastEthernet0/0
 ip address 10.0.0.1 255.255.255.252
 duplex auto
 speed auto
!
router ospf 1
 log-adjacency-changes
 network 1.1.1.1 0.0.0.0 area 0
 network 10.0.0.0 0.0.0.255 area 0
!
router bgp 10
 bgp router-id 1.1.1.1
 bgp log-neighbor-changes
 neighbor 2.2.2.2 remote-as 10
 neighbor 2.2.2.2 update-source Loopback0
 !
 address-family ipv4
  neighbor 2.2.2.2 activate
  no auto-summary
  no synchronization
  network 172.16.0.0
  network 172.16.1.0 mask 255.255.255.0
 exit-address-family
!
ip route 172.16.0.0 255.255.0.0 Null0 10

ip route 172.16.1.0 255.255.255.0 Null0 250

___________________________________________________________________

! R2 configuration

interface Loopback0
 ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
 ip address 10.0.0.2 255.255.255.252
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 10.0.0.5 255.255.255.252
 duplex auto
 speed auto
!
!
router ospf 1
 log-adjacency-changes
 passive-interface FastEthernet0/1
 network 2.2.2.2 0.0.0.0 area 0
 network 10.0.0.0 0.0.0.255 area 0
!
router bgp 10
 bgp router-id 2.2.2.2
 bgp log-neighbor-changes
 neighbor 1.1.1.1 remote-as 10
 neighbor 1.1.1.1 update-source Loopback0
 neighbor 10.0.0.6 remote-as 20
 !
 address-family ipv4
  neighbor 1.1.1.1 activate
  neighbor 10.0.0.6 activate
  no auto-summary
  no synchronization
 exit-address-family
!
________________________________________________________________

! R3 configuration

interface Loopback0
 ip address 3.3.3.3 255.255.255.255
!
interface FastEthernet0/1
 ip address 10.0.0.6 255.255.255.252
 duplex auto
 speed auto
!
router bgp 20
 bgp router-id 3.3.3.3
 bgp log-neighbor-changes
 neighbor 10.0.0.5 remote-as 10
 !
 address-family ipv4
  neighbor 10.0.0.5 activate
  no auto-summary
  no synchronization
 exit-address-family

_________________________________________________________________

Using this basic setup, we can ping 172.16.8.1 from R3

R3#ping 172.16.8.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.8.1, timeout is 2 seconds:
!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 60/63/68 ms

if you add  the aggregate command on R2 like below. you cann't ping 172.16.8.1 from R3

R2(config)#router bgp 10
R2(config-router)#aggregate-address 172.16.0.0 255.255.0.0
R2(config-router)#

R3#ping 172.16.8.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.8.1, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5)

The reason is the below:
R2#sh ip bgp
BGP table version is 6, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 172.16.0.0       0.0.0.0                       100  32768 i
* i                 1.1.1.1                  0    100      0 i
*>i172.16.1.0/24    1.1.1.1                  0    100      0 i

since there is bgp route 172.16.1.0/24, so the aggregate-address command works, it local generate a route which is 172.16.0.0/16 and it become to best BGP route compare to other 172.16.0.0/16 which learned from R1.  since the aggregate route is best, it generate a null route for 172.16.0.0/16 with distance 200.  the traffic to 172.16.8.1 will drop to null interface

The way to fix

 Use the attribute-map to change the aggregated route's weight to 0 and local-preference to 90 to make the aggregated route to be less preferred, this will fix the issue

Configuration is below

_________________________________________________________________

! R1 configuration

interface Loopback0

 ip address 1.1.1.1 255.255.255.255

interface Loopback100

 ip address 172.16.8.1 255.255.255.255

!

interface FastEthernet0/0

 ip address 10.0.0.1 255.255.255.252

 duplex auto

 speed auto

!

router ospf 1

 log-adjacency-changes

 network 1.1.1.1 0.0.0.0 area 0

 network 10.0.0.0 0.0.0.255 area 0

!

router bgp 10

 bgp router-id 1.1.1.1

 bgp log-neighbor-changes

 neighbor 2.2.2.2 remote-as 10

 neighbor 2.2.2.2 update-source Loopback0

 !

 address-family ipv4

  neighbor 2.2.2.2 activate

  no auto-summary

  no synchronization

  network 172.16.0.0

  network 172.16.1.0 mask 255.255.255.0

 exit-address-family

!

ip route 172.16.0.0 255.255.0.0 Null0 10

ip route 172.16.1.0 255.255.255.0 Null0 250

_________________________________________________________________

! R2 configuration

interface Loopback0

 ip address 2.2.2.2 255.255.255.255

!

interface FastEthernet0/0

 ip address 10.0.0.2 255.255.255.252

 duplex auto

 speed auto

!

interface FastEthernet0/1

 ip address 10.0.0.5 255.255.255.252

 duplex auto

 speed auto

!

!

router ospf 1

 log-adjacency-changes

 passive-interface FastEthernet0/1

 network 2.2.2.2 0.0.0.0 area 0

 network 10.0.0.0 0.0.0.255 area 0

!

router bgp 10

 bgp router-id 2.2.2.2

 bgp log-neighbor-changes

 neighbor 1.1.1.1 remote-as 10

 neighbor 1.1.1.1 update-source Loopback0

 neighbor 10.0.0.6 remote-as 20

 !

 address-family ipv4

  neighbor 1.1.1.1 activate

  neighbor 10.0.0.6 activate

  no auto-summary

  no synchronization

  aggregate-address 172.16.0.0 255.255.0.0 attribute-map AT-MAP

 exit-address-family

!

route-map AT-MAP permit 10

 set local-preference 90

 set weight 0

_________________________________________________________________

! R3 configuration

interface Loopback0

 ip address 3.3.3.3 255.255.255.255

!

interface FastEthernet0/0

 no ip address

 shutdown

 duplex auto

 speed auto

!

interface FastEthernet0/1

 ip address 10.0.0.6 255.255.255.252

 duplex auto

 speed auto

!

!

router bgp 20

 bgp router-id 3.3.3.3

 bgp log-neighbor-changes

 neighbor 10.0.0.5 remote-as 10

 !

 address-family ipv4

  neighbor 10.0.0.5 activate

  no auto-summary

  no synchronization

 exit-address-family

_________________________________________________________________

The R2 bgp table looks like below after use the attribute-map

R2#sh ip bgp

BGP table version is 18, local router ID is 2.2.2.2

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

              r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path

*  172.16.0.0       0.0.0.0                        90      0 i

*>i                 1.1.1.1                  0    100      0 i

*>i172.16.1.0/24    1.1.1.1                  0    100      0 i

Now you can ping 172.16.8.1 from R3

R3#ping 172.16.8.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.8.1, timeout is 2 seconds:
!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 60/63/68 ms

For Network Design, Build and Consulting Services, 
please visit:
www.unistreamnetworks.com