BGP Route Summarization Tutorial with Configurations
Table of Contents
- What is BGP Route Summarization? ‹
- How to configure BGP Route Summarization? ‹
- Aggregate-address summary-only ‹
- Aggregate-address suppress-map ‹
- Neighbor unsuppress-map ‹
- Aggregate-address as-set ‹
- Aggregate-address attribute-map (MPLS VPN) ‹
- Download section ‹
What is BGP Route Summarization?
BGP is a robust routing protocol designed to scale and connect networks globally. It must handle large routing tables, and satisfy various technical and business requirements. Consequently, BGP route summarization (prefix aggregation) serves many use cases and has a variety of available features which are introduced in this blog post.
The following packet capture shows a BGP Update message advertising the summary route 192.168.0.0/16 along with the attributes Aggregator and Atomic Aggregate. These attributes are attached to a summary route and remain unchanged between Autonomous Systems. Thus, a BGP speaking router always knows who created the summary route.
Notice in the above packet capture there is an additional BGP Update message which includes the Withdrawn Routes field. This means, the included three prefixes are being replaced by the single summary route. The mechanism is standardized in RFC 4271 which states the following.
[...] the IP prefix that expresses the destination for a previously advertised route can be advertised in the WITHDRAWN ROUTES field in the UPDATE message, thus marking the associated route as being no longer available for use, [...]
RFC 4271, A Border Gateway Protocol 4 (BGP-4)
How to configure BGP Route Summarization?
The following table displays BGP Route Summarization configurations and their effect on the advertised BGP prefix. Each configuration snippet is described in context and has its dedicated section later on in this blog post.
| Configuration | Description |
|---|---|
1) Summary-only R1#show run | sec ^router bgp router bgp 65001 bgp router-id 1.1.1.1 bgp log-neighbor-changes aggregate-address 192.168.0.0 255.255.0.0 summary-only redistribute ospfv3 10 route-map RM-FILTER-OSPF neighbor 10.2.0.2 remote-as 65002 |
Advertises only single summary route 192.168.0.0/16 and suppresses any component routes. |
2) Suppress-map R1#show run | sec ^router bgp router bgp 65001 bgp router-id 1.1.1.1 bgp log-neighbor-changes aggregate-address 192.168.0.0 255.255.0.0 suppress-map RM-SUPPRESS-MAP redistribute ospfv3 10 route-map RM-FILTER-OSPF neighbor 10.2.0.2 remote-as 65002 |
The BGP suppress-map specifies particular prefixes that will be replaced by the summary route. Prefixes specified by the suppress-map are thus not independently advertised. Anything else will be separately advertised in addition to the summary route. |
3) Unsuppress-map R1#show run | sec ^router bgp router bgp 65001 bgp router-id 1.1.1.1 bgp log-neighbor-changes aggregate-address 192.168.0.0 255.255.0.0 summary-only redistribute ospfv3 10 route-map RM-FILTER-OSPF neighbor 10.2.0.2 remote-as 65002 neighbor 10.2.0.2 unsuppress-map RM-UNSUPPRESS-MAP |
This is the opposite of suppress-map, namely any prefix specified in the unsuppress-map will be advertised in addition to the summary route. |
4) As-set R1#show run | sec ^router router bgp 65001 bgp router-id 1.1.1.1 bgp log-neighbor-changes aggregate-address 192.168.0.0 255.255.0.0 as-set summary-only redistribute ospfv3 10 route-map RM-FILTER-OSPF neighbor 10.2.0.2 remote-as 65002 |
The as-set keyword ensures that the summary route retains any attributes it had before aggregation, such as the AS Path. This is important if the aggregating router is not the one originating the individual BGP prefixes. |
5) Attribute-map R1#show run | sec ^router bgp router bgp 65001 bgp router-id 1.1.1.1 bgp log-neighbor-changes aggregate-address 192.168.0.0 255.255.0.0 summary-only attribute-map RM-ATTRIBUTE-MAP redistribute ospfv3 10 route-map RM-FILTER-OSPF neighbor 10.2.0.2 remote-as 65002 |
A BGP attribute-map can be configured to attach additional informaton to BGP aggregate routes, such as a community value. |
Aggregate-address summary-only
In the following example, OSPFv3 advertises IPv4 prefixes from R1 to R2. Route redistribution is configured on R2, and the three OSPFv3 prefixes are redistributed into BGP. Note that the 10.1.0.0/30 link between R1 and R2 is not redistributed into BGP.
In turn, R2 summarizes the three redistributed /24 prefixes into a single /16 BGP aggregate route which is advertised to R3.
Configuration:
R1
R1#show run | sec ^router router ospfv3 10 router-id 1.1.1.1 ! address-family ipv4 unicast exit-address-family R1#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to R2 ** ip address 10.1.0.1 255.255.255.252 duplex auto speed auto media-type rj45 ipv6 address FE80::1 link-local ospfv3 network point-to-point ospfv3 10 ipv4 area 0 R1#show run int Lo10 | sec int interface Loopback10 description ** example network ** ip address 192.168.1.1 255.255.255.0 ipv6 address FE80::10 link-local ospfv3 network point-to-point ospfv3 10 ipv4 area 0 R1#show run int Lo20 | sec int interface Loopback20 description ** example network ** ip address 192.168.2.1 255.255.255.0 ipv6 address FE80::20 link-local ospfv3 network point-to-point ospfv3 10 ipv4 area 0 R1#show run int Lo30 | sec int interface Loopback30 description ** example network ** ip address 192.168.3.1 255.255.255.0 ipv6 address FE80::30 link-local ospfv3 network point-to-point ospfv3 10 ipv4 area 0 R1#show run | sec ^ipv6 uni ipv6 unicast-routing
R2
R2#show run | sec ^router bgp router bgp 65001 bgp router-id 1.1.1.1 bgp log-neighbor-changes aggregate-address 192.168.0.0 255.255.0.0 summary-only redistribute ospfv3 10 route-map RM-FILTER-OSPF neighbor 10.2.0.2 remote-as 65002 R2#show run | sec ^route-map route-map RM-FILTER-OSPF deny 10 match ip address prefix-list PL-FILTER-OSPF route-map RM-FILTER-OSPF permit 20 R2#show run | sec ^ip prefix ip prefix-list PL-FILTER-OSPF seq 5 permit 10.0.0.0/8 le 32 R2#show run | sec ^router ospf router ospfv3 10 router-id 2.2.2.2 ! address-family ipv4 unicast exit-address-family R2#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to R1 ** ip address 10.1.0.2 255.255.255.252 duplex auto speed auto media-type rj45 ipv6 address FE80::2 link-local ospfv3 network point-to-point ospfv3 10 ipv4 area 0 R2#show run int Gi0/1 | sec int interface GigabitEthernet0/1 description ** to R3 ** ip address 10.2.0.1 255.255.255.252 duplex auto speed auto media-type rj45 R2#show run | sec ^ipv6 uni ipv6 unicast-routing
R3
R3#show run | sec ^router router bgp 65002 bgp router-id 3.3.3.3 bgp log-neighbor-changes neighbor 10.2.0.1 remote-as 65001 neighbor 10.3.0.2 remote-as 65003 R3#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to R2 ** ip address 10.2.0.2 255.255.255.252 duplex auto speed auto media-type rj45 R3#show run int Gi0/1 | sec int interface GigabitEthernet0/1 description ** to R4 ** ip address 10.3.0.1 255.255.255.252 duplex auto speed auto media-type rj45
R4
R4#show run | sec ^router router bgp 65003 bgp router-id 4.4.4.4 bgp log-neighbor-changes neighbor 10.3.0.1 remote-as 65002 R4#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to R3 ** ip address 10.3.0.2 255.255.255.252 duplex auto speed auto media-type rj45
R3#show ip bgp | beg Ne Network Next Hop Metric LocPrf Weight Path *> 192.168.0.0/16 10.2.0.1 0 0 65001 i « R3 receives single summary route R3#show ip bgp 192.168.0.0 BGP routing table entry for 192.168.0.0/16, version 22 Paths: (1 available, best #1, table default) Advertised to update-groups: 1 Refresh Epoch 1 65001, (aggregated by 65001 1.1.1.1) « Summary is aggregated by R2 10.2.0.1 from 10.2.0.1 (1.1.1.1) Origin IGP, metric 0, localpref 100, valid, external, atomic-aggregate, best « This is an aggregate route rx pathid: 0, tx pathid: 0x0 R4#show ip bgp | beg Ne Network Next Hop Metric LocPrf Weight Path *> 192.168.0.0/16 10.3.0.1 0 65002 65001 i R2#show ip bgp | beg Ne Network Next Hop Metric LocPrf Weight Path *> 192.168.0.0/16 0.0.0.0 32768 i s> 192.168.1.0 10.1.0.1 2 32768 ? « Component routes are suppressed s> 192.168.2.0 10.1.0.1 2 32768 ? s> 192.168.3.0 10.1.0.1 2 32768 ? R2#show ip bgp 192.168.1.0 BGP routing table entry for 192.168.1.0/24, version 25 Paths: (1 available, best #1, table default, Advertisements suppressed by an aggregate.) Not advertised to any peer Refresh Epoch 1 Local 10.1.0.1 from 0.0.0.0 (1.1.1.1) Origin incomplete, metric 2, localpref 100, weight 32768, valid, sourced, best rx pathid: 0, tx pathid: 0x0
Aggregate-address suppress-map
In the following example, R2 is configured with a suppress-map that includes the prefixes 192.168.1.0/24 and 192.168.2.0/24 which are replaced with the BGP aggregate route 192.168.0.0/16 and advertised to R3. Meanwhile, the prefix 192.168.3.0/24 is not included in the suppress-map and therefore it is independently advertised to R3.
Configuration:
R2
R2#show run | sec ^router bgp router bgp 65001 bgp router-id 1.1.1.1 bgp log-neighbor-changes aggregate-address 192.168.0.0 255.255.0.0 suppress-map RM-SUPPRESS-MAP redistribute ospfv3 10 route-map RM-FILTER-OSPF neighbor 10.2.0.2 remote-as 65002 R2#show run | sec ^route-map RM-SUPPRESS-MAP route-map RM-SUPPRESS-MAP permit 10 match ip address prefix-list PL-SUPPRESS-MAP R2#show run | sec ^ip prefix-list PL-SUPPRESS-MAP ip prefix-list PL-SUPPRESS-MAP seq 5 permit 192.168.1.0/24 ip prefix-list PL-SUPPRESS-MAP seq 10 permit 192.168.2.0/24
R3#show ip bgp | beg Ne Network Next Hop Metric LocPrf Weight Path *> 192.168.0.0/16 10.2.0.1 0 0 65001 i *> 192.168.3.0 10.2.0.1 2 0 65001 ? « This route is not included in suppress-map R3#show ip route bgp | beg Ga Gateway of last resort is not set B 192.168.0.0/16 [20/0] via 10.2.0.1, 00:09:06 B 192.168.3.0/24 [20/2] via 10.2.0.1, 00:09:36 R2#show ip bgp | beg Ne Network Next Hop Metric LocPrf Weight Path *> 192.168.0.0/16 0.0.0.0 32768 i s> 192.168.1.0 10.1.0.1 2 32768 ? « This route is suppressed s> 192.168.2.0 10.1.0.1 2 32768 ? *> 192.168.3.0 10.1.0.1 2 32768 ?
Neighbor unsuppress-map
In this example scenario, the summary prefix 192.168.0.0/16 is advertised by R2 and received on R3. However, simultaneously an unsuppress-map configured on R2 also advertises the prefix 192.168.1.0/24 to R3, in addition to the existing 192.168.0.0/16 aggregate route.
Configuration:
R2
R2#show run | sec ^router bgp router bgp 65001 bgp router-id 1.1.1.1 bgp log-neighbor-changes aggregate-address 192.168.0.0 255.255.0.0 summary-only redistribute ospfv3 10 route-map RM-FILTER-OSPF neighbor 10.2.0.2 remote-as 65002 neighbor 10.2.0.2 unsuppress-map RM-UNSUPPRESS-MAP R2#show run | sec ^route-map RM-UNSUPPRESS-MAP route-map RM-UNSUPPRESS-MAP permit 10 match ip address prefix-list PL-UNSUPPRESS-MAP R2#show run | sec ^ip prefix-list PL-UNSUPPRESS-MAP ip prefix-list PL-UNSUPPRESS-MAP seq 5 permit 192.168.1.0/24
R3#show ip bgp | beg Ne Network Next Hop Metric LocPrf Weight Path *> 192.168.0.0/16 10.2.0.1 0 0 65001 i *> 192.168.1.0 10.2.0.1 2 0 65001 ? « Prefix advertised due to unsuppress-map R3#show ip route bgp | beg Ga Gateway of last resort is not set B 192.168.0.0/16 [20/0] via 10.2.0.1, 00:08:02 B 192.168.1.0/24 [20/2] via 10.2.0.1, 00:06:02
Aggregate-address as-set
R3 receives three /24 prefixes from R1, and proceeds to advertise a single /16 summary prefix to R4 with the AS-path information hidden on the aggregate route. Namely, when R4 receives the aggregate route created by R3 the AS-path indicates only AS 65002, and does not include the originator of the component prefixes which is AS 65001. The as-set keyword ensures the full AS-path is displayed on a BGP summary route.
Configuration:
R3
R3#show run | sec ^router router bgp 65002 bgp router-id 3.3.3.3 bgp log-neighbor-changes aggregate-address 192.168.0.0 255.255.0.0 as-set summary-only neighbor 10.2.0.1 remote-as 65001 neighbor 10.3.0.2 remote-as 65003
R4#show ip bgp 192.168.0.0 BGP routing table entry for 192.168.0.0/16, version 45 Paths: (1 available, best #1, table default) Not advertised to any peer Refresh Epoch 1 65002, (aggregated by 65002 3.3.3.3) « Before as-set configured on R3 10.3.0.1 from 10.3.0.1 (3.3.3.3) Origin IGP, metric 0, localpref 100, valid, external, atomic-aggregate, best rx pathid: 0, tx pathid: 0x0 R4#show ip bgp 192.168.0.0 BGP routing table entry for 192.168.0.0/16, version 49 Paths: (1 available, best #1, table default) Not advertised to any peer Refresh Epoch 1 65002 65001, (aggregated by 65002 3.3.3.3) « After as-set configured on R3 10.3.0.1 from 10.3.0.1 (3.3.3.3) Origin incomplete, metric 0, localpref 100, valid, external, best rx pathid: 0, tx pathid: 0x0 R4#show ip bgp | beg Ne Network Next Hop Metric LocPrf Weight Path *> 192.168.0.0/16 10.3.0.1 0 0 65002 65001 ?
Aggregate-address attribute-map (MPLS VPN)
In the following example scenario, R1 and R2 are configured in VRF Gold and form an OSPFv3 neighborship in the IPv4 address-family. R2 receives three prefixes from R1 via OSPFv3, and proceeds to redistribute those prefixes into BGP AS 65001.
Between R2 and R3 there is no VRF configured, and in fact a Multiprotocol-BGP (MP-BGP) VPNv4 neighborship is established so that R2 can advertise the single MPLS VPN aggregate prefix 192.168.0.0/16 to R3. Due to the attribute-map configuration on R2, the VPN route receives the local preference 525 and the BGP standard community 65001:100 attribute values.
Configuration:
R1
R1#show run | sec ^router router ospfv3 10 router-id 1.1.1.1 ! address-family ipv4 unicast vrf Gold exit-address-family R1#show run | sec ^vrf vrf definition Gold rd 1:1 ! address-family ipv4 exit-address-family ! address-family ipv6 exit-address-family R1#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to R2 ** vrf forwarding Gold ip address 10.1.0.1 255.255.255.252 duplex auto speed auto media-type rj45 ipv6 address FE80::1 link-local ospfv3 network point-to-point ospfv3 10 ipv4 area 0 R1#show run int Lo10 | sec int interface Loopback10 description ** example network ** vrf forwarding Gold ip address 192.168.1.1 255.255.255.0 ipv6 address FE80::10 link-local ospfv3 network point-to-point ospfv3 10 ipv4 area 0 R1#show run int Lo20 | sec int interface Loopback20 description ** example network ** vrf forwarding Gold ip address 192.168.2.1 255.255.255.0 ipv6 address FE80::20 link-local ospfv3 network point-to-point ospfv3 10 ipv4 area 0 R1#show run int Lo30 | sec int interface Loopback30 description ** example network ** vrf forwarding Gold ip address 192.168.3.1 255.255.255.0 ipv6 address FE80::30 link-local ospfv3 network point-to-point ospfv3 10 ipv4 area 0 R1#show run | sec ^ipv6 uni ipv6 unicast-routing
R2
R2#show run | sec ^router bgp router bgp 65001 bgp router-id 1.1.1.1 bgp log-neighbor-changes neighbor 10.2.0.2 remote-as 65001 ! address-family vpnv4 neighbor 10.2.0.2 activate neighbor 10.2.0.2 send-community both neighbor 10.2.0.2 route-map RM-COLOR out exit-address-family ! address-family ipv4 vrf Gold aggregate-address 192.168.0.0 255.255.0.0 summary-only attribute-map RM-ATTRIBUTE-MAP redistribute ospfv3 10 route-map RM-FILTER-OSPF exit-address-family R2#show run | sec ^route-map RM-ATTRIBUTE-MAP route-map RM-ATTRIBUTE-MAP permit 10 set local-preference 525 set community 65001:100 R2#show run | sec ^route-map RM-COLOR route-map RM-COLOR permit 10 set extcommunity color 100 R2#show run | sec ^route-map RM-FILTER-OSPF route-map RM-FILTER-OSPF deny 10 match ip address prefix-list PL-FILTER-OSPF route-map RM-FILTER-OSPF permit 20 R2#show run | sec ^ip prefix ip prefix-list PL-FILTER-OSPF seq 5 permit 10.0.0.0/8 le 32 R2#show run | sec ^router ospf router ospfv3 10 router-id 2.2.2.2 ! address-family ipv4 unicast vrf Gold exit-address-family R2#show run | sec ^vrf vrf definition Gold rd 65001:100 ! address-family ipv4 route-target export 65001:100 exit-address-family ! address-family ipv6 exit-address-family R2#show run int Gi1 | sec int interface GigabitEthernet1 description ** to R1 ** vrf forwarding Gold ip address 10.1.0.2 255.255.255.252 negotiation auto ipv6 address FE80::2 link-local ospfv3 network point-to-point ospfv3 10 ipv4 area 0 no mop enabled no mop sysid R2#show run int Gi2 | sec int interface GigabitEthernet2 description ** to R3 ** ip address 10.2.0.1 255.255.255.252 negotiation auto no mop enabled no mop sysid R2#show run all | sec ^mpls ip__ mpls ip R2#show run | sec ^mpls mpls label range 200 299 R2#show run | sec ^ipv6 uni ipv6 unicast-routing R2#show run | sec ^ip bgp ip bgp-community new-format
R3
R3#show run | sec ^router router bgp 65001 bgp router-id 3.3.3.3 bgp log-neighbor-changes neighbor 10.2.0.1 remote-as 65001 ! address-family vpnv4 neighbor 10.2.0.1 activate neighbor 10.2.0.1 send-community extended neighbor 10.2.0.1 route-reflector-client exit-address-family R3#show run int Gi1 | sec int interface GigabitEthernet1 description ** to R2 ** ip address 10.2.0.2 255.255.255.252 negotiation auto no mop enabled no mop sysid R3#show run | sec ^ip bgp ip bgp-community new-format
R3#show ip bgp vpnv4 rd 65001:100 192.168.0.0 BGP routing table entry for 65001:100:192.168.0.0/16, version 10 Paths: (1 available, best #1, no table) Not advertised to any peer Refresh Epoch 1 Local, (aggregated by 65001 1.1.1.1), (Received from a RR-client) 10.2.0.1 (via default) from 10.2.0.1 (1.1.1.1) Origin IGP, metric 0, localpref 525, valid, internal, atomic-aggregate, best « Local preference assigned by attribute-map Community: 65001:100 « Standard community assigned by attribute-map Extended Community: RT:65001:100 Color:100 mpls labels in/out nolabel/203 binding SID: none (color-100) rx pathid: 0, tx pathid: 0x0 Updated on Jun 8 2024 19:59:17 UTC R3#show ip bgp vpnv4 all | beg Ne Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 65001:100 *>i 192.168.0.0/16 10.2.0.1 525 100 0 i
Notice that the VPN route also has the extended community Route Target value and the BGP color community value assigned. These are not configured with the attribute-map but instead are added with the VRF configuration and under the BGP VPNv4 address-family respectively.
This example illustrates a typical MPLS L3VPN architecture with the interoperation of a Provider Edge router (R2) and a BGP Route Reflector (R3). More specifically, this example shows how a PE router can originate a BGP aggregate route and use an attribute-map to include additional BGP attributes. The following packet capture displays the particular VPN (aggregate) prefix being advertised by R2.
