Prerequisites: CCNP level skills.
Personal Note!
"Power corrupts; absolute power corrupts absolutely".
Last week blows because I couldn't practice anything. All because of these in power! Today, I'm getting back on track which feels really gooood!
Note!
R4 advertises loopbacks as per Task 1 in lab 108. Changes in the lab "equipment". Pay attention to port numbers in the topology.
Topology
Task 1
Configure R4 so that it advertises prefix 40.1.0.0/16 with 'no-advertise' value.
Task 2
Configure R1 and R2 so that they aggregate prefixes 40.x.x.x/16 and 44.4.0.0/19 to two prefixes 40.0.0./14 and 44.4.0.0/17 (as per lab 111). Make sure that R5 receives the two summary routes and they show AS 40 in the path. Do NOT remove the community 'no-advertise' assigned in the task 1.
Solution
Task 1
Configure R4 so that it advertises prefix 40.1.0.0/16 with 'no-advertise' value.
R4 Configuration:
!
ip prefix-list NET_40.1.0.0 seq 5 permit 40.1.0.0/16
!
!
route-map SET_COMMUNITY permit 10
match ip address prefix-list NET_40.1.0.0
set community no-advertise
!
route-map SET_COMMUNITY permit 999
!
match ip address prefix-list NET_40.1.0.0
set community no-advertise
!
route-map SET_COMMUNITY permit 999
!
router bgp 40
no synchronization
bgp router-id 172.16.104.4
bgp log-neighbor-changes
network 172.16.104.0 mask 255.255.255.0
redistribute connected route-map CONN_TO_BGP
neighbor 10.1.14.1 remote-as 10
neighbor 10.1.14.1 send-community
neighbor 10.1.14.1 route-map SET_COMMUNITY out
neighbor 10.1.24.2 remote-as 20
neighbor 10.1.24.2 send-community
neighbor 10.1.24.2 route-map SET_COMMUNITY out
no auto-summary
no synchronization
bgp router-id 172.16.104.4
bgp log-neighbor-changes
network 172.16.104.0 mask 255.255.255.0
redistribute connected route-map CONN_TO_BGP
neighbor 10.1.14.1 remote-as 10
neighbor 10.1.14.1 send-community
neighbor 10.1.14.1 route-map SET_COMMUNITY out
neighbor 10.1.24.2 remote-as 20
neighbor 10.1.24.2 send-community
neighbor 10.1.24.2 route-map SET_COMMUNITY out
no auto-summary
!
Verification:
Pic. 2 - Prefixes Detail on R1.
The community 'no-advertise' prevents R1 and R2 from advertising it out to R3. Other prefixes (here one example: 40.0.0.0) gets advertised.
Task 2
Configure R1 and R2 so that they aggregate prefixes 40.x.x.x/16 and 44.4.0.0/19 to two prefixes 40.0.0./14 and 44.4.0.0/17 (as per lab 111). Make sure that R5 receives the two summary routes and they show AS 40 in the path. Do NOT remove the community 'no-advertise' assigned in the Task 1.
R1 Configuration:
!
ip access-list standard TO_AGGREGATE
deny 40.1.0.0 0.0.255.255
permit 40.0.0.0 0.0.255.255
permit 40.2.0.0 0.0.255.255
permit 40.3.0.0 0.0.255.255
!
deny 40.1.0.0 0.0.255.255
permit 40.0.0.0 0.0.255.255
permit 40.2.0.0 0.0.255.255
permit 40.3.0.0 0.0.255.255
!
route-map AGGREGATE permit 10
match ip address TO_AGGREGATE
!
router bgp 10
no synchronization
bgp router-id 172.16.101.1
bgp log-neighbor-changes
network 172.16.101.0 mask 255.255.255.0
aggregate-address 44.4.0.0 255.255.128.0 as-set summary-only
aggregate-address 40.0.0.0 255.252.0.0 as-set summary-only advertise-map AGGREGATE
neighbor 10.1.13.3 remote-as 30
neighbor 10.1.14.4 remote-as 40
no auto-summary
match ip address TO_AGGREGATE
!
router bgp 10
no synchronization
bgp router-id 172.16.101.1
bgp log-neighbor-changes
network 172.16.101.0 mask 255.255.255.0
aggregate-address 44.4.0.0 255.255.128.0 as-set summary-only
aggregate-address 40.0.0.0 255.252.0.0 as-set summary-only advertise-map AGGREGATE
neighbor 10.1.13.3 remote-as 30
neighbor 10.1.14.4 remote-as 40
no auto-summary
!
R2 Configuration:
!
ip access-list standard TO_AGGREGATE
deny 40.1.0.0 0.0.255.255
permit 40.0.0.0 0.0.255.255
permit 40.2.0.0 0.0.255.255
permit 40.3.0.0 0.0.255.255
!
deny 40.1.0.0 0.0.255.255
permit 40.0.0.0 0.0.255.255
permit 40.2.0.0 0.0.255.255
permit 40.3.0.0 0.0.255.255
!
route-map AGGREGATE permit 10
match ip address TO_AGGREGATE
!
router bgp 20
no synchronization
bgp router-id 172.16.102.2
bgp log-neighbor-changes
network 172.16.102.0 mask 255.255.255.0
aggregate-address 44.4.0.0 255.255.128.0 as-set summary-only
aggregate-address 40.0.0.0 255.252.0.0 as-set summary-only advertise-map AGGREGATE
neighbor 10.1.23.3 remote-as 30
neighbor 10.1.24.4 remote-as 40
no auto-summary
match ip address TO_AGGREGATE
!
router bgp 20
no synchronization
bgp router-id 172.16.102.2
bgp log-neighbor-changes
network 172.16.102.0 mask 255.255.255.0
aggregate-address 44.4.0.0 255.255.128.0 as-set summary-only
aggregate-address 40.0.0.0 255.252.0.0 as-set summary-only advertise-map AGGREGATE
neighbor 10.1.23.3 remote-as 30
neighbor 10.1.24.4 remote-as 40
no auto-summary
!
Notice!
The prefix 40.1.0.0/16 has been marked with 'no-advertise' community. R1 and R2 CANNOT advertise it. Since the 'as-set' option allows a mixture of attributes to be advertised (R5 is supposed to receive AS 40 in the path of the summarized routes) this community prevents them from sending 40.0.0.0/14 out to R3 (look at the lab 112). Task 2 stipulates that this community should not be removed (could be done with the 'attribute-map' option of the aggregate-address command), but the aggregate should be advertised nevertheless.
The solution is to use the 'advertise-map' keyword while doing aggregation. This keyword references the route-map which decides which prefixes are going to be considered as the candidates for summarization. Here, I deny 40.1.0.0/16 from being summarized and allowing all the rest to be included in the summary route. As a result of that the community 'no-advertise' will NOT be factored in. This way, R5 receives both aggregates and they DO show AS 40 in the path.
Verification:
Pic. 3 - BGP Table on R5.