BGP inject-map Conditional Route Injection

BGP inject-map allows you to conditionally advertise a component subnet of a larger aggregate route. The component subnet does not have to be in the route table, it is generated by the router applying the inject-map. The route is only advertised if the aggregate route in the exist-map is matched. This feature provides a very powerful way to engineer traffic since it’s control mechanism is based on Longest prefix-matching behavior.

Topology sample for this lab will be.


R5 Configuration:
Make sure R5 is advertising an aggregate route and suppressing the specific prefixes. R5 Config.

BGP inject-map

BGP inject-map

Lets verify on R3 and R4 that they are also getting our aggregate.

BGP inject-map

Now friends come to traffic engineering, we want R2/R1 chose path R4(AS340) for a particular prefix i.e 33.33.1.0/24 and rest of the prefixes will follow default path i.e through R3(AS340) bcz of aggregated route. so, first of all we will check what’s is in BGP table of R2.

BGP inject-map

Here we can see that we have only aggregate route.

OBJECTIVE : R2 should forward all traffic to R4 for 33.33.1.0/24

Since AS340 is only receiving 33.33.0.0/22, we cannot use traditional methods such as (localpref) to accomplish this without affecting the entire summary route. There are multiple alternative ways we can achieve the stated goal, and ‘bgp inject-map’ is one of them.

The ‘bgp inject-map’ requires two route-maps which indicate what should be advertised and what should be matched.
bgp inject-map [inject-map] exist-map [exist-map]

  • The first route-map (inject-map) specifies the route you would like to generate.
  • The second route-map (exist-map) specifies the aggregate route to match.
  • If the route in the exist-map is matched, the route in the inject-map will be generated.

so, lets start configuration, First you need to define what prefix you want to inject into the BGP table, as i am trying to inject 33.33.1.0/24 prefixes.

R4(config)#ip prefix-list GENERATE_ROUTE seq 5 permit 33.33.1.0/24

Now I will try to catch this list by route map so, my route map will be.

R4(config)#route-map INJECT-MAP permit 10
R4(config-route-map)#match ip address prefix-list GENERATE_ROUTE

and this is called INJECT MAP

Now create 2 prefix-lists & a route-map that match the aggregate route. First prefix-list matches the aggregate route i.e 33.33.0.0/22 and the second matches the route source i.e 172.1.46.6/32. The route source is the IP address of the neighbor we’re receiving the route from. The route source is the neighbor address that is configured with the neighbor remote-as command.
NOTE: You can’t match a route-source that is not part of your neighbor list

R4(config)#ip prefix-list AGGREGATE seq 5 permit 33.33.0.0/22
R4(config)#ip prefix-list SOURCE seq 5 permit 172.1.46.6/32
R4(config)#route-map EXIST_MAP permit 10
R4(config-route-map)#match ip address prefix-list  AGGREGATE
R4(config-route-map)#match route-source prefix-list SOURCE

and this is called EXIST MAP

R4 Activate BGP inject-map

R4(config-router)#router bgp 340

R4(config-router)#bgp inject-map INJECT_MAP exist-map EXIST_MAP

VERIFICATION

BGP inject-map

Route is injected as you an see on router R4. lets verify on router R2

b130427_073906

Ok R2 is getting the more specific prefixes, but they are seen them from both R3 and R4, and we don’t want that, we want this device to see the more specific prefix only coming from R4. I’m going to fix it by filtering anything more specific from /22 as its sent to R3

R4(config)#ip prefix-list DENY_TO_R3 seq 5 deny 0.0.0.0/0 ge 22
R4(config)#ip prefix-list DENY_TO_R3 seq 10 permit 0.0.0.0/0 le 32
R4(config)#router bgp 340
R4(config-router)#neighbor 172.1.34.3 prefix-list DENY_TO_R3 out

Now look at the R2 for the changes occur.

b130427_081933

It’s done I think so our final step is to verify so, ping 33.33.1.1 from R2 and check the connectivity.

b130427_082245

what ? ping fail. Let’s do traceroute

b130427_091311

We have a routing loop Packet is going from R4 to R6 this continues till the IP TTL expires. so we definitely have some problems here. Lets take a look at the routing tables on R4 & R6

b130427_083227.

b130427_083243

So it seems that R4 learned the injected route 33.33.1.0/24 from R6, and then advertised it to R2. This route is more specific than the aggregate they have from R3, so it takes precedence.

When R4 injects the route, it suppresses the advertisement to R3 (as it should) because it is the source and next-hop for the injected route. R4 however, advertises the UPDATE to R6 as it would with any other route. R6 accepts the route because it doesn’t see its own AS in the AS_PATH. R6 advertises 33.33.1.0/24 to R4, and a routing loop is formed.

so, What the solution for that we can use COPY-ATTRIBUTES keyword to solve the routing loop issue by including the full AS_PATH in the injected route. This will prevent R6 from accepting the route (33.33.1.1/24) from R4 due to BGP loop prevention rules (R6 will see its own AS in the AS_PATH).

R4(config-router)#router bgp 340

R4(config-router)#bgp inject-map INJECT_MAP exist-map EXIST_MAP copy-attributes

b130427_085919

Now you can see that R4 is copying the AS_PATH attribute from the parent route i.e 33.33.0.0/22 to the injected route 33.33.1.0/24
You can also verify R6, is R6 is accepting the 33.33.1.0/24 route or not. I think is doesn’t.
Again try to ping 33.33.1.1 network from R2.

b130427_090458

Voilà success..!!

 

Source

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.