Hour 440: BGP Conditional Route Injection

BGP Conditional Route injection and Conditional Route advertisement are two of the more advanced BGP features that I have encountered in the CCIE R&S Lab. It is important to understand the difference between both of these. The first will INJECT a route based on a condition and the second will ADVERTISE an already existing route based on another condition. Also, the Conditional Route Injection feature is much more dangerous and complex to configure than the Conditional Advertisement one. Today, I will be presenting you a Case on why and how to configure BGP Conditional Route Injection.

Case A:

topo

Let’s pretend you are a customer that has a dual-homed ISP connection. You are currently receiving an aggregated route of 10.0.0.0/16 from both of these. You want to be able to route using BGP to the 10.0.0.0/24 and 10.0.1.0/24 prefixes through ISP1 and 10.0.3.0/24 aswell as 10.0.4.0/24 through ISP2. This would be pretty easy if you would have control over the ISP1 and ISP2 routers as you could ask them to unsupress these networks and receive them without having to change any configuration on your side. Unfortunately, the process of going through the ISP’s and asking them to change configurations takes too long and you need this done today. We will be using the Conditional Route Injection to be able to accomplish this. The configuration can be done in 5 steps:

1. Create a prefix list to match the aggregate subnet:

ip prefix-list AGGREGATE-ROUTE seq 5 permit 10.0.0.0/16

 

2. Create a prefix list to match the ISP’s BGP route source . Do a sh ip bgp <prefix> to see the neighbor address, in this case it would be 192.168.13.1 for ISP1 and 192.168.23.2 for ISP2:

1

ip prefix-list ISP1-RID seq 5 permit 192.168.13.1/32

3. Create a prefix list matching the routes we will inject locally:

ip prefix-list INJECTED-PATHS1 seq 5 permit 10.0.0.0/24

ip prefix-list INJECTED-PATHS1 seq 10 permit 10.0.1.0/24

4. Create a route map that will inject the routes locally. It is important to note that you are setting the route with SET and NOT matching with MATCH. Also, it is very important not to re-advertise these routes back to the ISP as you will create routing loops. I am doing this by using the local-AS community attribute of BGP.

route-map INJECT permit 10
set ip address prefix-list INJECTED-PATHS1
set community local-AS

5. Create a route-map for the route (in this case the aggregate) and source addresses to match (the RID). It is very important that if you are using a prefix-list to match the route-source that you use the prefix-list command, if you do not the match criteria will expect an ACL instead

route-map AGG-EXIST permit 10
match ip address prefix-list AGGREGATE-ROUTE
match ip route-source prefix-list ISP1-RID

6. Apply this to your BGP configuration:

router bgp 65535
bgp inject-map INJECT exist-map AGG-EXIST

Now let’s do the same for ISP2:

  1. The prefix for the aggregate has previously been created for ISP1
  2. Note that I used the sh ip bgp 10.0.0.0/16 command to see what is the route-source for ISP2

ip prefix-list ISP2-RID seq 5 permit 192.168.23.2/32

 

3. Create a prefix list matching the routes we will inject locally:

ip prefix-list INJECTED-PATHS2 seq 5 permit 10.0.3.0/24

ip prefix-list INJECTED-PATHS2 seq 10 permit 10.0.4.0/2

 

4. Create a route map that will inject the routes locally.

route-map INJECT2 permit 10

set ip address prefix-list INJECTED-PATHS2

set community local-AS

 

5. Create a route-map for the route and source addresses to match.

route-map AGG_EXIST2 permit 10

match ip address prefix-list AGGREGATE

match ip route-source prefix-list ISP2-RID

 

6. Apply the configuration

router bgp 65535
bgp inject-map INJECT2 exist-map AGG-EXIST2

 

Let’s see what it looks like after we cleared our BGP filters:

2

Finally make sure you are not advertising these prefixes to the ISP’s to avoid routing loops:

3.pnj

You can also check the injected routes with the “show ip bgp injected-paths” command:

4

In my next blog, I will be explaining Case B where I explain the BGP Conditional Route advertisement feature.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s