Workbook v5, BGP Conditional Route Injection question

I'm running into a wall trying to understand the output I'm seeing in my lab and the instructions in the workbook.  I'll cut right to the issue:  I'm not seeing the same output in the Verification steps when looking at the "advertised-routes".

In the R&S v5 Workbook, lab "BGP Conditional Route Injection", this is the summary:

R4 AS 100 summarizes 10.0.0.0/22 into BGP (four /24 Loopbacks); summary-only.

  • Configure BGP Conditional Route Injection on R7 [AS 300] and R8 [AS 200] as follows:
    • Traffic from AS 54 [R9/R10] going to the subnet 10.0.1.0/24 enters via R7.
    • Traffic to the subnet 10.0.2.0/24 enters via R8.

 I'm good with this.  The issue I'm having trouble replicating is the last instruction:

  • Do not allow the more specific routes to be advertised to [R5 and R3 from R8] or to R3 and R6 from R7.
  • [R3/R5/R8 = AS 200]  [R6 = AS 100]  [R7 = AS 300]
R8:


route-map INJECT_NET1 permit 10

 set ip address prefix-list NET1

  ip prefix-list NET1 seq 5 permit 10.0.2.0/24


route-map IF_AGG_EXIST permit 10

 match ip address prefix-list NET_AGG

 match ip route-source prefix-list AGG_SRC


  ip prefix-list NET_AGG seq 5 permit 10.0.0.0/22

  ip prefix-list AGG_SRC seq 5 permit 155.1.23.3/32

  ip prefix-list AGG_SRC seq 10 permit 155.1.58.5/32


route-map DENY_INJECT deny 10

 match ip address prefix-list NET1

route-map DENY_INJECT permit 100




router bgp 200

 bgp inject-map INJECT_NET1 exist-map IF_AGG_EXIST

 aggregate-address 155.1.0.0 255.255.0.0 summary-only

 neighbor 155.1.23.3 remote-as 200

 neighbor 155.1.23.3 route-map DENY_INJECT out

 neighbor 155.1.58.5 remote-as 200

 neighbor 155.1.108.10 remote-as 54




As I said, I can see the injected path in BGP:


R8#sh ip bgp injected-paths

     Network          Next Hop            Metric LocPrf Weight Path

 *>i 10.0.2.0/24      155.1.45.4                             0        ?

 * i                       155.1.13.1                             0        ?



R8#sh ip bgp | i 10.0

 * i 10.0.0.0/22      155.1.13.1               0    100      0 100 i

 *>  10.0.1.0/24      155.1.108.10                           0 54 300 ?

 *>i 10.0.2.0/24      155.1.45.4                              0  ?           <--------------**



And it's getting to R10 AS 54:


R10#sh ip bgp 10.0.2.0

BGP routing table entry for 10.0.2.0/24, version 912

Paths: (1 available, best #1, table default)

  Advertised to update-groups:

     3

  Refresh Epoch 6

  200, (aggregated by 100 150.1.4.4)

    155.1.108.8 from 155.1.108.8 (150.1.8.8)

      Origin incomplete, localpref 100, valid, external, atomic-aggregate, best

      rx pathid: 0, tx pathid: 0x0





However, when I check my R5 neighbor advertisement, I see:


R8#sh ip bgp neighbors 155.1.58.5 advertised-routes | i 10.0

 *>  10.0.1.0/24      155.1.108.10                           0 54 300 ?



I do NOT see the 10.0.2.0/24 network being advertised.  I also do not see it going to R3, but presumably that's due to the "DENY_INJECT out" on the neighbor statement.  Because I do NOT have the route-map on R5 neighbor statement, shouldn't the prefix be going to R5?  (btw, if you don't have access to the lab, R8 is a RR-Client of R3 and R5)


Because R8 is "originating" the 10.0.2.0/24 prefix, shouldn't it be sending to its Route-Reflector, R5?  So I should need to apply the DENY_INJECT filter?  If not, then why call the filter in the lab?



EDIT:  Sheesh, I promise the formatting was clear and clean when typing.  No idea what happens after hitting POST.







Comments

  • Sheesh.

    I promise the format of this post looked a lot neater when I was typing it out.  I don't know what happened to the formatting after hitting Post.

  • I must be missing a basic rule with Aggregates or Conditional Route Injections.  I'm not seeing the 10.0.2.0/24 even being processed in the debug of:

    R8#debug ip bgp updates 155.1.58.5 out
    R8#clear ip bgp 155.1.58.5 soft out

    I see 10.0.1.0/24 (originated from R7).


    I'm missing something simple. I've been looking at the lab too long...
Sign In or Register to comment.