Within BGP, there are sometimes situations where it is better to send a summary address advertisement instead of advertisements for multiple subnets. This is the same with BGP as it is with other routing protocols. This all comes back to basic routing table optimization and in this case, bgp table optimization. The topic I am studying over today and beginning to use is around the idea of BGP aggregation and suppress maps.
First and foremost BGP aggregation is a way to send summary advertisements for prefixes within the BGP table. There are a few ways to do this as well:
This method under the bgp process in the cli will advertise the summary prefix. It will not do anything to the sub-prefixes that are covered by this summary. All prefixes will still be advertised as normal.
aggregate-address 188.8.131.52 255.255.252.0
The next method is very similar in configuration, but adds a very important detail. For this case, let’s say we have the prefixes 184.108.40.206/24, 220.127.116.11/24, 18.104.22.168/24, and 22.214.171.124/24. We want to advertise the summary prefix of 126.96.36.199/22 with would include all four of these subnets :
aggregate-address 188.8.131.52 255.255.252.0 summary-only
This, by default, will advertise ONLY the summary prefix into BGP AND will suppress the other prefixes that make up the summary. Now when we look at the BGP table on R2, it will look a bit like this:
Network Next Hop Metric LocPrf Weight Path *> 184.108.40.206/22 0.0.0.0 32768 i s> 220.127.116.11/32 10.0.0.1 11 32768 ? s> 18.104.22.168/32 10.0.0.1 11 32768 ? s> 22.214.171.124/32 10.0.0.1 11 32768 ? s> 126.96.36.199/32 10.0.0.1 11 32768 ?
You can see the summary prefix there as well as the other prefixes that are shown as being suppressed. (I used /32 loopbacks for this example to represent each /24 network, FYI)
So what happens if we want the prefix for 188.8.131.52 to be shared along with the summary prefix, but still suppress the other three? That is where the suppress map comes in. A suppress map allows for even more control when using a BGP aggregate address on a Cisco device. In short terms, you can specify a specific prefix or host with an ACL (or prefix list) and route-map and then either suppress or unsuppress that BGP advertisement. In our case with this example, we will unsuppress the prefix 184.108.40.206/32 and suppress the others.
First let’s create the route-map and a prefix list to select the prefix 220.127.116.11/32:
ip prefix-list unfilter seq 5 permit 18.104.22.168/32 ! route-map unfilter deny 1 match ip address prefix-list unfilter ! route-map unfilter permit 2
Notice in my example, when I matched the prefix I wanted to unsuppress, I did so with a deny on the route-map sequence. I try to think of it this way: In this case I want to DENY that specific prefix from being suppressed, so I use a deny. If I want to PERMIT it to be suppressed, I’d use the permit statement. Simple, but makes sense when I say it in my head that way.
Now we just need to apply our (un)suppress map to our aggregate address command under the BGP process:
aggregate-address 22.214.171.124 255.255.252.0 suppress-map unfilter
Now what will happen is the deny sequence that matches the prefix we want to unsuppress will be first and will not suppress the advertisement of 126.96.36.199/32. The next sequence is a permit with no match clause, so it will apply to all addresses. This means all remaining prefixes will be suppressed.
On R2 now, we can verify that this works by viewing the BGP table:
Network Next Hop Metric LocPrf Weight Path *> 188.8.131.52/22 0.0.0.0 32768 i s> 184.108.40.206/32 10.0.0.1 11 32768 ? *> 220.127.116.11/32 10.0.0.1 11 32768 ? s> 18.104.22.168/32 10.0.0.1 11 32768 ? s> 22.214.171.124/32 10.0.0.1 11 32768 ?
Not much else to this one, but it’s another valuable resource to have in your arsenal. As with many things with Cisco devices, the goal is to have all the tools to customize your environment to fit your specific needs. This is just one more of those things.