Noction Flow Analyzer v23.05 is here. This version comes with a number of new features...
BGP Conditional Route Injection
As long as there is a component route (the more specific route) in the BGP table, the aggregate route (the less specific route) can be advertised to BGP neighbors. This article, however, focuses on the oppositexf concept – De-aggregation. This feature allows to reconstruct a component route from a received aggregated prefix and is accomplished by BGP Conditional Route Injection.
What is BGP Conditional Route Injection?
Conditional Route Injection is a technique that injects a route based on a condition and the already existing route. The injected route is usually the more specific (component) route, which is conditionally inserted into the BGP table and advertised to the neighbor. The component route does not have to be in the routing table, instead, it is generated by a router when the injection-map is applied. However, the aggregate route must be present in the BGP table in order to inject the component route into the local BGP table.
The command for conditional route injection consists of two route-maps.
router bgp 64500 bgp inject-map map1 exist-map map2
The condition here is represented by exist-map. The map contains two statements that should be matched in order to inject a component route. Those are the aggregated prefix and the route-source. The route-source consists of the prefix-list matching the advertising source address of the aggregated route. It is the IP address of a BGP neighbor with the prefix length /32.
route-map AGGREGATE-EXIST permit 10 match ip address prefix-list AGGREGATE-ROUTE match ip route-source prefix-list NEIGHBOR
The inject-map contains a sequence matching a single or more injected routes.
route-map INJECT permit 10 set ip address prefix-list INJECTED-ROUTE
BGP Conditional Route Injection Configuration
Let’s discuss the configuration of the conditional route injection using the network topology depicted in Picture 1. The Customer Edge (CE) router is in AS64500 and has a multi-homed connection to ISP-A (AS64501) and ISP-B (AS64502). ISP-A is configured to advertise the 172.16.0.0/24 and 172.16.1.0/24 prefixes as a single aggregate prefix 172.16.0.0/14. Similarly, the ISP-B router advertises prefixes 172.16.2.0/24 and 172.16.3.0/24 as a single aggregated prefix 172.16.0.0/14.
Picture 1: Network Topology
The CE router has installed the aggregate-route 172.16.0.0/14 route into its BGP table (Picture 2), with the the best path via a next-hop 10.0.0.2 (ISP-A).
Picture 2: BGP Table of CE
Let’s say that a customer wants to send traffic to 172.16.0.0/24 and 172.16.1.0/24 via ISP-A and traffic to 172.16.2.0/24 and 172.16.3.0/24 via ISP-B. Sure, he might ask providers to advertise the component routes. However, if such a scenario should be configured locally on a CE router, BGP conditional route injection can be used to install all component routes into the BGP table of the router CE, based on the presence of the received aggregate route 172.16.0.0/14.
1. ISP-A Configuration
interface GigabitEthernet0/0 description link to CE Ip address 10.0.0.2 255.255.255.252
Component routes must be presented in a routing table of ISP-A in order to advertise them via eBGP.
ip route 172.16.0.0 255.255.255.0 Null0 ip route 172.16.1.0 255.255.255.0 Null0
For the purpose of demonstration, we will only advertise an aggregate route. Therefore we suppress the advertisement of the component routes with a keyword summary-only.
irouter bgp 64501 network 172.16.0.0 mask 255.255.255.0 network 172.16.1.0 mask 255.255.255.0 aggregate-address 172.16.0.0 255.252.0.0 summary-only neighbor 10.0.0.1 remote-as 64500
interface GigabitEthernet0/01 description link to CE Ip address 10.0.0.6 255.255.255.252 ip route 172.16.2.0 255.255.255.0 Null0 ip route 172.16.3.0 255.255.255.0 Null0 router bgp 64502 network 172.16.2.0 mask 255.255.255.0 network 172.16.3.0 mask 255.255.255.0 aggregate-address 172.16.0.0 255.252.0.0 summary-only neighbor 10.0.0.5 remote-as 64500
3. CE Configuration
interface GigabitEthernet0/0 description Link to ISP-A ip address 10.0.0.1 255.255.255.252 interface GigabitEthernet0/1 description Link to ISP-B ip address 10.0.0.5 255.255.255.252
First, we will configure BGP and conditional route injection.
router bgp 64500 neighbor 10.0.0.2 remote-as 64501 neighbor 10.0.0.6 remote-as 64502 bgp inject-map INJECT-ISP-A exist-map AGGREGATE-ISP-A bgp inject-map INJECT-ISP-B exist-map AGGREGATE-ISP-B
Now, we need to define both exist-maps. The maps contain prefix-lists matching the aggregate-prefix and the neighbor’s IP address.
route-map AGGREGATE-ISP-A permit 10 match ip address prefix-list AGGREGATE-ROUTE match ip route-source prefix-list ISP-A-IP route-map AGGREGATE-ISP-B permit 10 match ip address prefix-list AGGREGATE-ROUTE match ip route-source prefix-list ISP-B-IP
Once we have created the exist-maps we can go further and specify a prefix-list matching the aggregate prefix and two prefix-lists, each matching the neighbor’s IP address.
ip prefix-list AGGREGATE-ROUTE seq 10 permit 172.16.0.0/14 ip prefix-list ISP-A-IP seq 10 permit 10.0.0.2/32 ip prefix-list ISP-B-IP seq 10 permit 10.0.0.6/32
Create an injection-map for each ISP. The maps contain a prefix-list that matches the injected routes. The route-maps set community local-AS that prevents the advertisement of the injected routes outside of AS 64500. It effectively avoids routing loops as the injected routes are not advertised to ISPs.
route-map INJECT-ISP-A permit 10 set ip address prefix-list INJECTED-ROUTE-A set community local-AS route-map INJECT-ISP-B permit 10 set ip address prefix-list INJECTED-ROUTE-B set community local-AS
The prefix-list INJECTED-ROUTE-A matches the component routes that are injected into the BGP table of CE with the next-hop IP 10.0.0.2 (ISP-A).
ip prefix-list INJECTED-ROUTE-A seq 10 permit 172.16.0.0/24 ip prefix-list INJECTED-ROUTE-A seq 20 permit 172.16.1.0/24
Similarly, the prefix-list INJECTED-ROUTE-B matches the component routes that are injected into the BGP table of CE with the next-hop IP 10.0.0.6 (ISP-A).
ip prefix-list INJECTED-ROUTE-B seq 10 permit 172.16.2.0/24 ip prefix-list INJECTED-ROUTE-B seq 20 permit 172.16.3.0/24
Now let’s inspect the BGP table on the CE router. There is the aggregate-route 172.16.0.0/14 learned from both ISPs along with the four locally generated injected routes.
CE# show ip bgp | begin Network
Picture 3: BGP Table of CE
The injected routes can be checked with the command below.
CE# show ip bgp injected-paths | begin Network
Picture 4: Checking Injected Paths
The BGP Conditional Route Injection feature injects more specific prefixes into a BGP routing table over the less specific prefixes that were selected through a normal route aggregation. The outbound traffic can now be routed using the more specific prefixes over individual uplinks. This improves routing accuracy as the more specific routing information is used and we do not need to rely on a single aggregate route.
Boost BGP Preformance
Automate BGP Routing optimization with Noction IRP
SUBSCRIBE TO NEWSLETTER
You May Also Like
Diverting DDoS traffic using the FlowSpec redirect-to-IP next-hop capability (configuration example)
Distributed denial-of-service (DDoS) attacks can be a major threat to the availability and security of networks. These...
Diverting DDoS traffic using the FlowSpec redirect via VRF capability. Configuration example.
In the previous article, we described different DDoS attacks and their impact on network infrastructure. We focused on...
BGP traffic rerouting, Flowspec, and the DDoS Scrubbing Centers
When it comes to distributed denial-of-service (DDoS) attacks, they are far from a downward trend. Although the...