BGP inject-map allows you to conditionally advertise a component subnet of a larger aggregate route. The component subnet does not have to be in the route table, it is generated by the router applying the inject-map. The route is only advertised if the aggregate route in the exist-map is matched. This feature provides a very powerful way to engineer traffic since it’s control mechanism is based on Longest prefix-matching behavior.
Topology sample for this lab will be.
Make sure R5 is advertising an aggregate route and suppressing the specific prefixes. R5 Config.
Lets verify on R3 and R4 that they are also getting our aggregate.
Now friends come to traffic engineering, we want R2/R1 chose path R4(AS340) for a particular prefix i.e 126.96.36.199/24 and rest of the prefixes will follow default path i.e through R3(AS340) bcz of aggregated route. so, first of all we will check what’s is in BGP table of R2.
Here we can see that we have only aggregate route.
OBJECTIVE : R2 should forward all traffic to R4 for 188.8.131.52/24
Since AS340 is only receiving 184.108.40.206/22, we cannot use traditional methods such as (localpref) to accomplish this without affecting the entire summary route. There are multiple alternative ways we can achieve the stated goal, and ‘bgp inject-map’ is one of them.
The ‘bgp inject-map’ requires two route-maps which indicate what should be advertised and what should be matched.
bgp inject-map [inject-map] exist-map [exist-map]
- The first route-map (inject-map) specifies the route you would like to generate.
- The second route-map (exist-map) specifies the aggregate route to match.
- If the route in the exist-map is matched, the route in the inject-map will be generated.
so, lets start configuration, First you need to define what prefix you want to inject into the BGP table, as i am trying to inject 220.127.116.11/24 prefixes.
R4(config)#ip prefix-list GENERATE_ROUTE seq 5 permit 18.104.22.168/24
Now I will try to catch this list by route map so, my route map will be.
R4(config)#route-map INJECT-MAP permit 10 R4(config-route-map)#match ip address prefix-list GENERATE_ROUTE
and this is called INJECT MAP
Now create 2 prefix-lists & a route-map that match the aggregate route. First prefix-list matches the aggregate route i.e 22.214.171.124/22 and the second matches the route source i.e 126.96.36.199/32. The route source is the IP address of the neighbor we’re receiving the route from. The route source is the neighbor address that is configured with the neighbor remote-as command.
NOTE: You can’t match a route-source that is not part of your neighbor list
R4(config)#ip prefix-list AGGREGATE seq 5 permit 188.8.131.52/22 R4(config)#ip prefix-list SOURCE seq 5 permit 184.108.40.206/32
R4(config)#route-map EXIST_MAP permit 10 R4(config-route-map)#match ip address prefix-list AGGREGATE R4(config-route-map)#match route-source prefix-list SOURCE
and this is called EXIST MAP
R4 Activate BGP inject-map
R4(config-router)#router bgp 340
R4(config-router)#bgp inject-map INJECT_MAP exist-map EXIST_MAP
Route is injected as you an see on router R4. lets verify on router R2
Ok R2 is getting the more specific prefixes, but they are seen them from both R3 and R4, and we don’t want that, we want this device to see the more specific prefix only coming from R4. I’m going to fix it by filtering anything more specific from /22 as its sent to R3
R4(config)#ip prefix-list DENY_TO_R3 seq 5 deny 0.0.0.0/0 ge 22 R4(config)#ip prefix-list DENY_TO_R3 seq 10 permit 0.0.0.0/0 le 32 R4(config)#router bgp 340 R4(config-router)#neighbor 220.127.116.11 prefix-list DENY_TO_R3 out
Now look at the R2 for the changes occur.
It’s done I think so our final step is to verify so, ping 18.104.22.168 from R2 and check the connectivity.
what ? ping fail. Let’s do traceroute
We have a routing loop Packet is going from R4 to R6 this continues till the IP TTL expires. so we definitely have some problems here. Lets take a look at the routing tables on R4 & R6
So it seems that R4 learned the injected route 22.214.171.124/24 from R6, and then advertised it to R2. This route is more specific than the aggregate they have from R3, so it takes precedence.
When R4 injects the route, it suppresses the advertisement to R3 (as it should) because it is the source and next-hop for the injected route. R4 however, advertises the UPDATE to R6 as it would with any other route. R6 accepts the route because it doesn’t see its own AS in the AS_PATH. R6 advertises 126.96.36.199/24 to R4, and a routing loop is formed.
so, What the solution for that we can use COPY-ATTRIBUTES keyword to solve the routing loop issue by including the full AS_PATH in the injected route. This will prevent R6 from accepting the route (188.8.131.52/24) from R4 due to BGP loop prevention rules (R6 will see its own AS in the AS_PATH).
R4(config-router)#router bgp 340
R4(config-router)#bgp inject-map INJECT_MAP exist-map EXIST_MAP copy-attributes
Now you can see that R4 is copying the AS_PATH attribute from the parent route i.e 184.108.40.206/22 to the injected route 220.127.116.11/24
You can also verify R6, is R6 is accepting the 18.104.22.168/24 route or not. I think is doesn’t.
Again try to ping 22.214.171.124 network from R2.