BGP Conditional Route Injection

BGP Conditional Route Injection

A common practice with route-aggregation is to group a large address space into a single address prefix. One result of aggregation is that routing accuracy of neighbors is lost. Deaggregation is a feature that reconstructs components from a received aggregated prefix. It is accomplished using BGP Conditional Route Injection feature. It is the creation of more-specific prefixes when an aggregate exists. These prefixes are injected in to local BGP table to provide more specific routing information in local AS than aggregated route.

Conditional route injection is configured as follows-

router bgp 100

 bgp inject-map map1 exist-map map2 [copy-attributes]

BGP tracks the aggregator specified in exist-map map2 to determine whether to inject prefix(es) specified in inject-map map1. The exist-map must have atleast 2 match clauses-

match ip address prefix-list specifies the aggregated route
match ip route-source specifies the source creating the aggregated route (IP address specified with /32 prefix length)

The copy-attributes keyword allows more-specific routes to inherit the attributes of the aggregated route; otherwise they are treated as locally originated routes.

Network topology

In AS 200, R4 router has address block 172.16.1.0/24 and R5 router has 172.16.2.0/24. Both routers summarize their address space to single address 172.16.0.0/16 when advertising to their eBGP peers in AS 100.

It is possible that traffic for 172.16.1.0/24 from R2 router might be exiting the AS via R3. However, through traffic analysis, R2 router determines that the best path for 172.16.1.0/24 is through R4 router. Similarly, R3 router determines that the best path for 172.16.2.0/24 is through R5 router.

Hence, to optimize the exit points, conditional injection is deployed on R2 and R3 routers.

The configuration on R2 router is below. An exist-map FROM_AS200 matches the aggregated route 172.16.0.0/16. If a match is made, more-specific route 172.16.1.0/24 is injected in to the BGP table. To prevent injected route from leaking back out, no-export community is set to the injected route.

R2 configuration

router bgp 100

 neighbor 10.123.1.1 remote-as 100

 neighbor 10.123.1.1 send-community

 neighbor 10.123.1.1 next-hop-self

 neighbor 10.123.1.3 remote-as 100

 neighbor 10.123.1.3 next-hop-self

 neighbor 10.123.1.3 send-community

bgp inject-map SPECIFIC_AS200 exist-map FROM_AS200 copy-attributes

ip prefix-list 10 seq 5 permit 172.16.0.0/16

ip prefix-list 20 seq 5 permit 172.16.1.0/24

ip prefix-list 30 seq 5 permit 10.24.1.2/32

route-map FROM_AS200 permit 10

 match ip address prefix-list 10

 match ip route-source prefix-list 30

route-map SPECIFIC_AS200 permit 10

 set ip address prefix-list 20

 set community no-export

A similar configuration is applied on R3 router. When a match is made to aggregated route 172.16.0.0/16, the inject-map injects more-specific route 172.16.2.0/24.

R3 configuration

router bgp 100

 neighbor 10.123.1.1 remote-as 100

 neighbor 10.123.1.1 send-community

 neighbor 10.123.1.1 next-hop-self

 neighbor 10.123.1.2 remote-as 100

 neighbor 10.123.1.2 send-community

 neighbor 10.123.1.2 next-hop-self

 bgp inject-map SPECIFIC_AS200 exist-map FROM_AS200

ip prefix-list 10 seq 5 permit 172.16.0.0/16

ip prefix-list 20 seq 5 permit 172.16.2.0/24

ip prefix-list 30 seq 5 permit 10.35.1.2/32

route-map FROM_AS200 permit 10

 match ip address prefix-list 10

 match ip route-source prefix-list 30

route-map SPECIFIC_AS200 permit 10

 set ip address prefix-list 20

 set community no-export

When the link between R2 - R4 is operational, R2 receives the aggregated prefix 172.16.0.0/16 from R4. The condition of exist-map becomes true and hence R2 will inject more-specific 172.16.1.0/24 prefix as specified by the inject-map.

R2 injecting 172.16.1.0/24

00:19:08.959: BGP(0): creating injected prefix 172.16.1.0/24, from source prefix 172.16.0.0/16

00:19:08.963: BGP(0): retaining injected prefix 172.16.1.0/24, from source prefix 172.16.0.0/16

00:19:09.727: BGP(0): Revise route installing 1 of 1 routes for 172.16.1.0/24 -> 10.24.1.2(main) to main IP table

00:19:09.731: BGP(0): 10.123.1.1 NEXT_HOP is set to self for net 172.16.1.0/24,

00:19:09.731: BGP(0): 10.123.1.1 send UPDATE (format) 172.16.1.0/24, next 10.123.1.2, metric 0, path 200

00:19:09.831: BGP(0): updgrp 2 - 10.123.1.1 updates replicated for neighbors: 10.123.1.3

The show ip bgp injected-paths command shows the prefixes injected into BGP table when the condition is true. Notice the AS_PATH attribute. This attribute is "copied" from the aggregated prefix due to the copy-attributes keyword added to bgp inject-map command.

show ip bgp injected-paths on R2

R2# show ip bgp injected-paths

BGP table version is 7, local router ID is 10.123.1.2

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

              r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path

*> 172.16.1.0/24    10.24.1.2                0             0 200 i

The following output shows 172.16.1.0/24 prefix as received by R1. The AS_PATH attribute is preserved.

172.16.1.0/24 on R1

R1# show ip bgp 172.16.1.0

BGP routing table entry for 172.16.1.0/24, version 7

Paths: (1 available, best #1, table Default-IP-Routing-Table, not advertised to EBGP peer)

  Not advertised to any peer

    10.123.1.2 from 10.123.1.2 (10.123.1.2)

      Origin IGP, metric 0, localpref 100, valid, internal, best

      Community: no-export

The similar is true for R3 router. If the link between R3 - R5 is operational, R5 advertises aggregated prefix 172.16.0.0/16 to R3. The condition on R3 becomes true and it will advertise 172.16.2.0/24 to its iBGP peers. Notice that the AS_PATH information is lost for 172.16.2.0/24 prefix as the copy-attributes keyword was not used with bgp inject-map command.

R3 injecting 172.16.2.0/24

00:33:52.535: BGP(0): creating injected prefix 172.16.2.0/24, from source prefix 172.16.0.0/16

00:33:52.539: BGP(0): retaining injected prefix 172.16.2.0/24, from source prefix 172.16.0.0/16

00:33:53.363: BGP(0): Revise route installing 1 of 1 routes for 172.16.2.0/24 -> 10.35.1.2(main) to main IP table

00:33:53.367: BGP(0): 10.123.1.1 NEXT_HOP is set to self for net 172.16.2.0/24,

00:33:53.367: BGP(0): 10.123.1.1 send UPDATE (format) 172.16.2.0/24, next 10.123.1.3, metric 0, path Local

00:33:53.367: BGP(0): BGP(0): updgrp 2 - 10.123.1.1 updates replicated for neighbors: 10.123.1.2

R3# show ip bgp injected-paths

BGP table version is 9, local router ID is 10.123.1.3

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

              r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path

*> 172.16.2.0/24    10.35.1.2                              0 ?

R1# show ip bgp 172.16.2.0

BGP routing table entry for 172.16.2.0/24, version 17

Paths: (1 available, best #1, table Default-IP-Routing-Table, not advertised to EBGP peer)

Flag: 0x820

  Not advertised to any peer

  Local

    10.123.1.3 from 10.123.1.3 (10.123.1.3)

      Origin incomplete, metric 0, localpref 100, valid, internal, best

      Community: no-export

R2 - R4 link is down

When the link between R2 - R4 goes down, R2 will not learn about aggregated prefix 172.16.0.0/16 from R4 router. Hence, the condition of exist-map is false, causing R2 to NOT inject 172.16.1.0/24.

Since it 172.16.1.0/24 was advertised when the link was operational, once the link goes down, R2 send UPDATE messages for 172.16.1.0/24 as Unreachable.

172.16.1.0/24 is Unreachable

00:37:42.939: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to down

00:37:42.955: BGP(0): no valid path for 172.16.0.0/16

00:37:42.955: BGP(0): no valid path for 172.16.1.0/24

00:37:42.955: %BGP-5-ADJCHANGE: neighbor 10.24.1.2 Down Interface flap

00:37:42.959: BGP(0): nettable_walker 172.16.0.0/16 no best path

00:37:42.963: BGP(0): nettable_walker 172.16.1.0/24 no best path

00:37:42.963: BGP(0): 10.123.1.1 send unreachable 172.16.1.0/24

00:37:42.963: BGP(0): 10.123.1.1 send UPDATE 172.16.1.0/24 -- unreachable

00:37:42.967: BGP(0): 10.123.1.1 send UPDATE 172.16.0.0/16 -- unreachable

The show ip bgp injected-paths command shows no prefix injected into BGP table by R2 and hence R1 will not receive 172.16.1.0/24.

No prefixes injected on R2

R2# show ip bgp injected-paths

R2#

R1# show ip bgp 172.16.1.0 255.255.255.0

% Network not in table

The similar output holds true for R3 and 172.16.2.0/24.