BGP inject-map Conditional Route Injection

BGP inject-map allows you to conditionally advertise a component subnet of a larger aggregate route. The component subnet does not have to be in the route table, it is generated by the router applying the inject-map. The route is only advertised if the aggregate route in the exist-map is matched. This feature provides a very powerful way to engineer traffic since it’s control mechanism is based on Longest prefix-matching behavior.

Topology sample for this lab will be.

R5 Configuration:
Make sure R5 is advertising an aggregate route and suppressing the specific prefixes. R5 Config.

BGP inject-map

BGP inject-map

Lets verify on R3 and R4 that they are also getting our aggregate.

BGP inject-map

Now friends come to traffic engineering, we want R2/R1 chose path R4(AS340) for a particular prefix i.e and rest of the prefixes will follow default path i.e through R3(AS340) bcz of aggregated route. so, first of all we will check what’s is in BGP table of R2.

BGP inject-map

Here we can see that we have only aggregate route.

OBJECTIVE : R2 should forward all traffic to R4 for

Since AS340 is only receiving, we cannot use traditional methods such as (localpref) to accomplish this without affecting the entire summary route. There are multiple alternative ways we can achieve the stated goal, and ‘bgp inject-map’ is one of them.

The ‘bgp inject-map’ requires two route-maps which indicate what should be advertised and what should be matched.
bgp inject-map [inject-map] exist-map [exist-map]

  • The first route-map (inject-map) specifies the route you would like to generate.
  • The second route-map (exist-map) specifies the aggregate route to match.
  • If the route in the exist-map is matched, the route in the inject-map will be generated.

so, lets start configuration, First you need to define what prefix you want to inject into the BGP table, as i am trying to inject prefixes.

R4(config)#ip prefix-list GENERATE_ROUTE seq 5 permit

Now I will try to catch this list by route map so, my route map will be.

R4(config)#route-map INJECT-MAP permit 10
R4(config-route-map)#match ip address prefix-list GENERATE_ROUTE

and this is called INJECT MAP

Now create 2 prefix-lists & a route-map that match the aggregate route. First prefix-list matches the aggregate route i.e and the second matches the route source i.e The route source is the IP address of the neighbor we’re receiving the route from. The route source is the neighbor address that is configured with the neighbor remote-as command.
NOTE: You can’t match a route-source that is not part of your neighbor list

R4(config)#ip prefix-list AGGREGATE seq 5 permit
R4(config)#ip prefix-list SOURCE seq 5 permit
R4(config)#route-map EXIST_MAP permit 10
R4(config-route-map)#match ip address prefix-list  AGGREGATE
R4(config-route-map)#match route-source prefix-list SOURCE

and this is called EXIST MAP

R4 Activate BGP inject-map

R4(config-router)#router bgp 340

R4(config-router)#bgp inject-map INJECT_MAP exist-map EXIST_MAP


BGP inject-map

Route is injected as you an see on router R4. lets verify on router R2


Ok R2 is getting the more specific prefixes, but they are seen them from both R3 and R4, and we don’t want that, we want this device to see the more specific prefix only coming from R4. I’m going to fix it by filtering anything more specific from /22 as its sent to R3

R4(config)#ip prefix-list DENY_TO_R3 seq 5 deny ge 22
R4(config)#ip prefix-list DENY_TO_R3 seq 10 permit le 32
R4(config)#router bgp 340
R4(config-router)#neighbor prefix-list DENY_TO_R3 out

Now look at the R2 for the changes occur.


It’s done I think so our final step is to verify so, ping from R2 and check the connectivity.


what ? ping fail. Let’s do traceroute


We have a routing loop Packet is going from R4 to R6 this continues till the IP TTL expires. so we definitely have some problems here. Lets take a look at the routing tables on R4 & R6



So it seems that R4 learned the injected route from R6, and then advertised it to R2. This route is more specific than the aggregate they have from R3, so it takes precedence.

When R4 injects the route, it suppresses the advertisement to R3 (as it should) because it is the source and next-hop for the injected route. R4 however, advertises the UPDATE to R6 as it would with any other route. R6 accepts the route because it doesn’t see its own AS in the AS_PATH. R6 advertises to R4, and a routing loop is formed.

so, What the solution for that we can use COPY-ATTRIBUTES keyword to solve the routing loop issue by including the full AS_PATH in the injected route. This will prevent R6 from accepting the route ( from R4 due to BGP loop prevention rules (R6 will see its own AS in the AS_PATH).

R4(config-router)#router bgp 340

R4(config-router)#bgp inject-map INJECT_MAP exist-map EXIST_MAP copy-attributes


Now you can see that R4 is copying the AS_PATH attribute from the parent route i.e to the injected route
You can also verify R6, is R6 is accepting the route or not. I think is doesn’t.
Again try to ping network from R2.


Voilà success..!!



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s