BGP : Blocking a route entry to the Aggregating Address

Posted in NETWORKING/IP ROUTING by edeguzman on October 8, 2007

Suppose that there’s a route entry that has a community attribute of no_export or should I say that there’s a route entry that you don’t want to be part of the aggregating address. There’s a lot of reason on why you might consider a route entry to be not a part of the aggregating address. One reason is a route entry can have a different attribute that you want to preserve, like in an instant a route entry can have a community attribute of no_export in which this attribute is essential because it tells the router that a route entry having no_export should not be advertise in different AS. That’s why its not a good idea having that route entry to be part of the aggregating address.

Below is the sample configuration during my laboratory. I also observed the packet in the wire.

router bgp 200

aggregate-address 192.168.192.0 255.255.248.0 as-set summary-only advertise-map AllowRoute

neighbor 192.168.1.10 remote-as 500

neighbor 192.168.1.230 remote-as 400

neighbor 192.168.1.250 remote-as 300

neighbor 192.168.1.254 remote-as 100

!

ip classless

no ip http server

!

access-list 1 deny 192.168.197.0

access-list 1 permit any

route-map AllowRoute permit 10

match ip address 1

!

Observe that in my configuration there is an access-list in which it denies the route entry of 192.168.197.0 and permit any route entry other than 192.168.197.0. Basically this is the route entry 192.168.197.0 is the one that I don’t want to be part of the aggregating address.

There is also a route-map in my configuration, because this route-map is being called in the BGP process, if you see the advertise-map AllowRoute that is the calling function for the route-map. Basically in the route-map it just matches the access-list for all the routes that is being advertised for the neighboring peer. Now if there’s a route entry for 192.168.197.0 this will be blocked in access-list and not be advertised. This is just a simple way of doing it. There is a lot of ways of doing it especially to a large scale network.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: