Workbook v5, BGP Conditional Route Injection question
I'm running into a wall trying to understand the output I'm seeing in my lab and the instructions in the workbook. I'll cut right to the issue: I'm not seeing the same output in the Verification steps when looking at the "advertised-routes".
In the R&S v5 Workbook, lab "BGP Conditional Route Injection", this is the summary:
R4 AS 100 summarizes 10.0.0.0/22 into BGP (four /24 Loopbacks); summary-only.
- Configure BGP Conditional Route Injection on R7 [AS 300] and R8 [AS 200] as follows:
- Traffic from AS 54 [R9/R10] going to the subnet 10.0.1.0/24 enters via R7.
- Traffic to the subnet 10.0.2.0/24 enters via R8.
I'm good with this. The issue I'm having trouble replicating is the last instruction:
- Do not allow the more specific routes to be advertised to [R5 and R3 from R8] or to R3 and R6 from R7.
- [R3/R5/R8 = AS 200] [R6 = AS 100] [R7 = AS 300]
R8:
route-map INJECT_NET1 permit 10
set ip address prefix-list NET1
ip prefix-list NET1 seq 5 permit 10.0.2.0/24
route-map IF_AGG_EXIST permit 10
match ip address prefix-list NET_AGG
match ip route-source prefix-list AGG_SRC
ip prefix-list NET_AGG seq 5 permit 10.0.0.0/22
ip prefix-list AGG_SRC seq 5 permit 155.1.23.3/32
ip prefix-list AGG_SRC seq 10 permit 155.1.58.5/32
route-map DENY_INJECT deny 10
match ip address prefix-list NET1
route-map DENY_INJECT permit 100
router bgp 200
bgp inject-map INJECT_NET1 exist-map IF_AGG_EXIST
aggregate-address 155.1.0.0 255.255.0.0 summary-only
neighbor 155.1.23.3 remote-as 200
neighbor 155.1.23.3 route-map DENY_INJECT out
neighbor 155.1.58.5 remote-as 200
neighbor 155.1.108.10 remote-as 54
As I said, I can see the injected path in BGP:
R8#sh ip bgp injected-paths
Network Next Hop Metric LocPrf Weight Path
*>i 10.0.2.0/24 155.1.45.4 0 ?
* i 155.1.13.1 0 ?
R8#sh ip bgp | i 10.0
* i 10.0.0.0/22 155.1.13.1 0 100 0 100 i
*> 10.0.1.0/24 155.1.108.10 0 54 300 ?
*>i 10.0.2.0/24 155.1.45.4 0 ? <--------------**
And it's getting to R10 AS 54:
R10#sh ip bgp 10.0.2.0
BGP routing table entry for 10.0.2.0/24, version 912
Paths: (1 available, best #1, table default)
Advertised to update-groups:
3
Refresh Epoch 6
200, (aggregated by 100 150.1.4.4)
155.1.108.8 from 155.1.108.8 (150.1.8.8)
Origin incomplete, localpref 100, valid, external, atomic-aggregate, best
rx pathid: 0, tx pathid: 0x0
However, when I check my R5 neighbor advertisement, I see:
R8#sh ip bgp neighbors 155.1.58.5 advertised-routes | i 10.0
*> 10.0.1.0/24 155.1.108.10 0 54 300 ?
I do NOT see the 10.0.2.0/24 network being advertised. I also do not see it going to R3, but presumably that's due to the "DENY_INJECT out" on the neighbor statement. Because I do NOT have the route-map on R5 neighbor statement, shouldn't the prefix be going to R5? (btw, if you don't have access to the lab, R8 is a RR-Client of R3 and R5)
Because R8 is "originating" the 10.0.2.0/24 prefix, shouldn't it be sending to its Route-Reflector, R5? So I should need to apply the DENY_INJECT filter? If not, then why call the filter in the lab?
EDIT: Sheesh, I promise the formatting was clear and clean when typing. No idea what happens after hitting POST.
Comments
Sheesh.
I promise the format of this post looked a lot neater when I was typing it out. I don't know what happened to the formatting after hitting Post.
I must be missing a basic rule with Aggregates or Conditional Route Injections. I'm not seeing the 10.0.2.0/24 even being processed in the debug of:
R8#debug ip bgp updates 155.1.58.5 out
R8#clear ip bgp 155.1.58.5 soft out