BGP conditional advertisement
Posted on April 5, 2010
BGP has a feature called BGP conditional advertisement, the idea of this feature is to have the capability to announce a prefix on specific conditions.
Lets say for example that you are dual homed, but you only want to use a provider in last resort (very expensive for example). You can decide to announce your prefixes to the expensive ISP only when the other one is down.
I used the following topology in dynamips. For this example I preconfigured everything with iBGP between R1 and R2, eBGP between R2 and R4 and between R1 and R4. I also have ISIS configured for the iBGP between the loopbacks and an AS Path to make sure AS10 cannot be a transit AS.
R1 initial configuration
router bgp 10 no synchronization bgp log-neighbor-changes network 1.1.1.1 mask 255.255.255.255 network 10.0.0.0 timers bgp 1 3 neighbor 24.1.2.2 remote-as 10 neighbor 24.1.2.2 update-source Loopback0 neighbor 24.1.2.2 next-hop-self neighbor 24.1.14.4 remote-as 1 neighbor 24.1.14.4 route-map R4-OUT out no auto-summary ! ip route 1.1.1.1 255.255.255.255 Null0 ip route 10.0.0.0 255.0.0.0 Null0 ! ip as-path access-list 1 permit ^$ ! route-map R4-OUT permit 10 match as-path 1 !
R2 initial configuration
router bgp 10 no synchronization bgp log-neighbor-changes network 2.2.2.2 mask 255.255.255.255 network 10.0.0.0 timers bgp 1 3 neighbor 24.1.1.1 remote-as 10 neighbor 24.1.1.1 update-source Loopback0 neighbor 24.1.1.1 next-hop-self neighbor 24.1.23.3 remote-as 2 neighbor 24.1.23.3 route-map R3-OUT out no auto-summary ! ip route 2.2.2.2 255.255.255.255 Null0 ip route 10.0.0.0 255.0.0.0 Null0 ! ip as-path access-list 1 permit ^$ ! route-map R3-OUT permit 10 match as-path 1 !
R3 initial config
router bgp 2 no synchronization bgp log-neighbor-changes network 33.0.0.0 mask 255.255.0.0 neighbor 24.1.23.2 remote-as 10 neighbor 24.1.34.4 remote-as 1 no auto-summary ! ip route 33.0.0.0 255.255.0.0 Null0
R4 initial config
router bgp 1 no synchronization bgp log-neighbor-changes network 44.0.0.0 mask 255.255.0.0 neighbor 24.1.14.1 remote-as 10 neighbor 24.1.34.3 remote-as 2 no auto-summary ! ip route 44.0.0.0 255.255.0.0 Null0
Before we start a last reminder, you can only track routes INSIDE BGP meaning you can’t just decide to track an IGP route. So when configuring your exist or non-exist map don’t forget to have a look in the BGP table.
First step lets have a look at our BGP table :
R1(config-router)#do sh ip bgp
BGP table version is 74, local router ID is 24.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 0.0.0.0 0 32768 i
*>i2.2.2.2/32 24.1.2.2 0 100 0 i
* i10.0.0.0 24.1.2.2 0 100 0 i
*> 0.0.0.0 0 32768 i
*>i33.0.0.0/16 24.1.2.2 0 100 0 2 i
* 24.1.14.4 0 1 2 i
*> 44.0.0.0/16 24.1.14.4 0 0 1 i
We can see our 10.0.0.0 network advertised locally and on our R2.
We’re going to configure a conditional advertisement that says “if I have a route to 2.2.2.2 learned through BGP I will stop advertising my 10.0.0.0”, this means that if we loose our BGP session to R2 we will start advertising 10.0.0.0. This is a quite easy one we’ll just need 2 prefix list and 2 route-maps to do this.
First our prefix list that will match the 10.0.0.0 network and the R2 network (2.2.2.2/32) – remember this must be an exact match and you can only use permits.
ip prefix-list NET-10 seq 5 permit 10.0.0.0/8
ip prefix-list R2 seq 5 permit 2.2.2.2/32
that’s done, now the route maps, we’ll have a route map ADVERTISE and TRACK but they’ll match the same prefix list.
route-map ADVERTISE permit 10 match ip address prefix-list NET-10
route-map TRACK permit 10 match ip address prefix-list R2
The basics are set, now it’s time to enable the advertise-map on our eBGP neighbor (R4).
neighbor 24.1.14.4 advertise-map ADVERTISE non-exist-map TRACK
We’re done! Lets check that we didn’t change anything in the BGP table of R4
R4#sh ip bgp
BGP table version is 44, local router ID is 24.1.14.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* 1.1.1.1/32 24.1.34.3 0 2 10 i
*> 24.1.14.1 0 0 10 i
*> 2.2.2.2/32 24.1.14.1 0 10 i
* 24.1.34.3 0 2 10 i
*> 10.0.0.0 24.1.34.3 0 2 10 i
*> 33.0.0.0/16 24.1.34.3 0 0 2 i
*> 44.0.0.0/16 0.0.0.0 0 32768 i
All good, we stopped advertising 10.0.0.0
Lets shut the link between R1 and R2 and see what happens. I’ll turn on debug ip bgp updates to have a little more details.
On R1
R1(config-if)#
*Apr 5 14:36:50.679: BPG(0): Condition R2 changes to Withdraw
*Apr 5 14:36:50.679: BPG(0): Condition R2 changes to Advertise
*Apr 5 14:36:50.683: BGP(0): net 10.0.0.0/8 matches ADV MAP R2-NET: bump version to 78
*Apr 5 14:36:50.723: BGP(0): nettable_walker 10.0.0.0/8 route sourced locally
*Apr 5 14:36:50.723: BGP: topo global:IPv4 Unicast:base Remove_fwdroute for 10.0.0.0/8
*Apr 5 14:37:06.083: BGP(0): 24.1.14.4 session 1 10.0.0.0/8 matches advertise map R2-NET, state: Advertise
*Apr 5 14:37:06.087: BGP(0): 24.1.14.4 send UPDATE (format) 10.0.0.0/8, next 24.1.14.1, metric 0, path Local
*Apr 5 14:37:06.103: BGP(0): 24.1.14.4 rcv UPDATE w/ attr: nexthop 24.1.14.4, origin i, originator 0.0.0.0, path 1 10, community , extended community , SSA attribute
*Apr 5 14:37:06.107: BGPSSA ssacount is 0
*Apr 5 14:37:06.107: BGP(0): 24.1.14.4 rcv UPDATE about 10.0.0.0/8 -- DENIED due to: AS-PATH contains our own AS;
R1(config-if)#do sh ip bgp
BGP table version is 78, local router ID is 24.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 0.0.0.0 0 32768 i
*> 10.0.0.0 0.0.0.0 0 32768 i
*> 33.0.0.0/16 24.1.14.4 0 1 2 i
*> 44.0.0.0/16 24.1.14.4 0 0 1 i
And on R4
*Apr 5 14:36:44.475: BGP(0): 24.1.34.3 rcv UPDATE w/ attr: nexthop 24.1.34.3, origin i, originator 0.0.0.0, path 2 1 10, community , extended community , SSA attribute
*Apr 5 14:36:44.475: BGPSSA ssacount is 0
*Apr 5 14:36:44.475: BGP(0): 24.1.34.3 rcv UPDATE about 1.1.1.1/32 -- DENIED due to: AS-PATH contains our own AS;
*Apr 5 14:36:45.415: BGP(0): 24.1.14.1 rcv UPDATE about 2.2.2.2/32 -- withdrawn
*Apr 5 14:36:45.419: BGP(0): Revise route installing 1 of 1 routes for 2.2.2.2/32 -> 24.1.34.3(global) to main IP table
*Apr 5 14:36:45.423: BGP(0): 24.1.14.1 send UPDATE (format) 2.2.2.2/32, next 24.1.14.4, metric 0, path 2 10
*Apr 5 14:36:45.427: BGP(0): updgrp 1 - 24.1.14.1 updates replicated for neighbors: 24.1.34.3
*Apr 5 14:37:16.195: BGP(0): 24.1.14.1 rcvd UPDATE w/ attr: nexthop 24.1.14.1, origin i, metric 0, path 10
*Apr 5 14:37:16.199: BGP(0): 24.1.14.1 rcvd 10.0.0.0/8
*Apr 5 14:37:16.203: BGP(0): Revise route installing 1 of 1 routes for 10.0.0.0/8 -> 24.1.14.1(global) to main IP table
*Apr 5 14:37:16.203: BGP(0): 24.1.14.1 NEXT_HOP is on same subnet as the bgp peer and set to 24.1.14.1 for net 10.0.0.0/8
*Apr 5 14:37:16.203: BGP(0): 24.1.14.1 send UPDATE (format) 10.0.0.0/8, next 24.1.14.1, metric 0, path 10
*Apr 5 14:37:16.203: BGP(0): updgrp 1 - 24.1.14.1 updates replicated for neighbors: 24.1.34.3
R4#sh ip bgp
BGP table version is 46, local router ID is 24.1.14.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 24.1.14.1 0 0 10 i
*> 2.2.2.2/32 24.1.34.3 0 2 10 i
*> 10.0.0.0 24.1.14.1 0 0 10 i
* 24.1.34.3 0 2 10 i
*> 33.0.0.0/16 24.1.34.3 0 0 2 i
*> 44.0.0.0/16 0.0.0.0 0 32768 i
R4#
Here we are the route in back.
Now the same one but replacing non-exist-map by exist-map this would be equivalent to saying “if I have a route to 2.2.2.2 learned through BGP I will advertise my 10.0.0.0”
neighbor 24.1.14.4 advertise-map R2-NET exist-map R2
R1(config-router)#do sh ip bgp
BGP table version is 82, local router ID is 24.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 0.0.0.0 0 32768 i
*>i2.2.2.2/32 24.1.2.2 0 100 0 i
* i10.0.0.0 24.1.2.2 0 100 0 i
*> 0.0.0.0 0 32768 i
*>i33.0.0.0/16 24.1.2.2 0 100 0 2 i
* 24.1.14.4 0 1 2 i
*> 44.0.0.0/16 24.1.14.4 0 0 1 i
R4#sh ip bgp
BGP table version is 49, local router ID is 24.1.14.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* 1.1.1.1/32 24.1.34.3 0 2 10 i
*> 24.1.14.1 0 0 10 i
*> 2.2.2.2/32 24.1.14.1 0 10 i
* 24.1.34.3 0 2 10 i
*> 10.0.0.0 24.1.14.1 0 0 10 i
* 24.1.34.3 0 2 10 i
*> 33.0.0.0/16 24.1.34.3 0 0 2 i
*> 44.0.0.0/16 0.0.0.0 0 32768 i
Now lets shut down the link between R1 and R2
On R1
*Apr 5 14:54:51.107: BPG(0): Condition R2 changes to Withdraw
*Apr 5 14:54:51.107: BPG(0): Condition R2 changes to Withdraw
*Apr 5 14:54:51.111: BGP(0): net 10.0.0.0/8 matches ADV MAP R2-NET: bump version to 85
*Apr 5 14:54:51.131: BGP(0): nettable_walker 10.0.0.0/8 route sourced locally
*Apr 5 14:54:51.131: BGP: topo global:IPv4 Unicast:base Remove_fwdroute for 10.0.0.0/8
*Apr 5 14:55:15.711: BGP(0): 24.1.14.4 session 1 10.0.0.0/8 matches advertise map R2-NET, state: Withdraw
*Apr 5 14:55:15.711: BGP(0): 24.1.14.4 send unreachable (format) 10.0.0.0/8
*Apr 5 14:55:15.715: BGP(0): 24.1.14.4 send UPDATE 10.0.0.0/8 -- unreachable
*Apr 5 14:55:15.715: BGP(0): 24.1.14.4 Format UPDATE -- unreachable :
*Apr 5 14:55:15.727: BGP(0): 24.1.14.4 rcv UPDATE w/ attr: nexthop 24.1.14.4, origin i, originator 0.0.0.0, path 1 2 10, community , extended community , SSA attribute
*Apr 5 14:55:15.727: BGPSSA ssacount is 0
*Apr 5 14:55:15.727: BGP(0): 24.1.14.4 rcv UPDATE about 10.0.0.0/8 -- DENIED due to: AS-PATH contains our own AS;
R1(config-if)#do sh ip bgp
BGP table version is 85, local router ID is 24.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 0.0.0.0 0 32768 i
*> 10.0.0.0 0.0.0.0 0 32768 i
*> 33.0.0.0/16 24.1.14.4 0 1 2 i
*> 44.0.0.0/16 24.1.14.4 0 0 1 i
On R4
*Apr 5 14:54:55.043: BGP(0): 24.1.14.1 rcv UPDATE about 2.2.2.2/32 -- withdrawn
*Apr 5 14:54:55.047: BGP(0): Revise route installing 1 of 1 routes for 2.2.2.2/32 -> 24.1.34.3(global) to main IP table
*Apr 5 14:54:55.051: BGP(0): 24.1.14.1 send UPDATE (format) 2.2.2.2/32, next 24.1.14.4, metric 0, path 2 10
*Apr 5 14:54:55.059: BGP(0): updgrp 1 - 24.1.14.1 updates replicated for neighbors: 24.1.34.3
*Apr 5 14:54:55.083: BGP(0): 24.1.34.3 rcv UPDATE w/ attr: nexthop 24.1.34.3, origin i, originator 0.0.0.0, path 2 1 10, community , extended community , SSA attribute
*Apr 5 14:54:55.083: BGPSSA ssacount is 0
*Apr 5 14:54:55.083: BGP(0): 24.1.34.3 rcv UPDATE about 1.1.1.1/32 -- DENIED due to: AS-PATH contains our own AS;
*Apr 5 14:55:25.831: BGP(0): 24.1.14.1 rcv UPDATE about 10.0.0.0/8 -- withdrawn
*Apr 5 14:55:25.831: BGP(0): Revise route installing 1 of 1 routes for 10.0.0.0/8 -> 24.1.34.3(global) to main IP table
*Apr 5 14:55:25.831: BGP(0): 24.1.14.1 send UPDATE (format) 10.0.0.0/8, next 24.1.14.4, metric 0, path 2 10
*Apr 5 14:55:25.831: BGP(0): updgrp 1 - 24.1.14.1 updates replicated for neighbors: 24.1.34.3
R4#sh ip bgp
BGP table version is 51, local router ID is 24.1.14.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 24.1.14.1 0 0 10 i
*> 2.2.2.2/32 24.1.34.3 0 2 10 i
*> 10.0.0.0 24.1.34.3 0 2 10 i
*> 33.0.0.0/16 24.1.34.3 0 0 2 i
*> 44.0.0.0/16 0.0.0.0 0 32768 i
Note that you can check the status easily with show ip bgp neighbors
R1(config-if)#do sh ip bgp neig 24.1.14.4 | i Cond Condition-map R2, Advertise-map R2-NET, status: Withdraw
In our lab scenario there isn’t much interest in this command, but it could be useful in :
- the first example we wanted to advertise a smaller net to keep connectivity if the link between R1 and R2 is down
- the second example, stop advertising to avoid a split network
Got something to say?