BGP – Conditional Route Advertisement

With the Border Gateway Routing Protocol (BGP), we can use conditions to control BGP route advertisement on a per-neighbor basis. These conditions are basic “IF, THEN” statements that can be broken down into three pieces.

Access Control Lists (ACLs), which define the route or routes that will be used to define conditions (you can also use prefix-lists), Route-Maps, which call the ACLs with a ‘match ip address [ACL]‘ statement, and Exist-Maps, Non-Exist-Maps and Advertise-Maps.

The Exist-Map and Non-Exist-Map represent the “IF” statement, and use a route-map to track a route or routes in the BGP routing table. If the routes do not exist in the BGP routing table the IF condition cannot be met.

The Advertise-Map represents the “THEN” statement, and uses a route-map to determine what route or routes will be advertised should the “IF” statement be met.

• Exist-Map: “IF” a route exists in the BGP routing table, “THEN” advertise the route or routes defined in the Advertise-Map, “ELSE” don’t advertise the route(s) in the Advertise-Map.
• Non-Exist-Map: “IF” a route doesn’t exist in the BGP routing table, “THEN” advertise the route or routes defined in the Advertise-Map, “ELSE” don’t advertise the route(s) in the Advertise-Map.

As an example, observe the following topology and configuration. Spoke01, Spoke02 and Hub01 are peering with each other, using BGP.

Hub01#show run | s bgp
router bgp 1
 no synchronization
 bgp log-neighbor-changes
 network 192.168.0.0 mask 255.255.254.0
 neighbor 1.1.110.10 remote-as 10
 neighbor 1.1.120.20 remote-as 20
 no auto-summary

Spoke01#show run | s bgp
router bgp 10
 no synchronization
 bgp log-neighbor-changes
 network 172.17.1.0 mask 255.255.255.224
 neighbor 1.1.110.1 remote-as 1
 no auto-summary

Spoke02#show run | s bgp
router bgp 20
 no synchronization
 bgp log-neighbor-changes
 network 10.10.10.0 mask 255.255.255.0
 neighbor 1.1.120.1 remote-as 1
 no auto-summary

Lets provide the following conditional statement to Hub01:

• “IF” Hub01’s BGP routing table contains the network 10.10.10.0/24, advertised from Spoke02, “THEN” advertise Hub01’s network 192.168.0.0/23 to Spoke01.
• However, if the network 10.10.10.0/24, advertised from Spoke02 is not in the BGP routing table, do not advertise Hub01’s network 192.168.0.0/23, to Spoke01.

Hub01#show ip bgp | b Network
   Network          Next Hop            Metric LocPrf Weight Path
*> 10.10.10.0/24    1.1.120.20               0             0 20 i
*> 172.17.1.0/27    1.1.110.10               0             0 10 i
*> 192.168.0.0/23   0.0.0.0                  0         32768 i

Hub01#show ip bgp neighbors 1.1.110.10 advertised-routes | begin Network
   Network          Next Hop            Metric LocPrf Weight Path
*> 10.10.10.0/24    1.1.120.20               0             0 20 i
*> 192.168.0.0/23   0.0.0.0                  0         32768 i

Total number of prefixes 2

Hub01(config)# access-list 1 permit 192.168.0.0 0.0.1.255
Hub01(config)# ip prefix 10slash24 permit 10.10.10.0/24

Hub01(config)#route-map IF-EXIST
Hub01(config-route-map)#match ip address prefix-list 10slash24
Hub01(config-route-map)#exit
Hub01(config)#route-map THEN-ADVERTISE
Hub01(config-route-map)#match ip address 1
Hub01(config-route-map)#exit

Hub01(config)#router bgp 1
Hub01(config)#neighbor 1.1.110.10 advertise-map THEN-ADVERTISE exist-map IF-EXIST

Spoke02(config)#int l0
Spoke02(config-if)#shut
*May 29 22:55:44: %LINK-5-CHANGED: Interface Loopback0, changed state to administratively down
*May 29 22:55:45: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to down
Spoke02(config-if)#do show ip int bri | i Loo
Loopback0                  10.10.10.1      YES manual administratively down down

Hub01#debug ip bgp updates 
BGP updates debugging is on for address family: IPv4 Unicast
*23:46:08: BGP(0): 1.1.120.20 rcv UPDATE about 10.10.10.0/24 -- withdrawn
*23:46:08: BGP(0): 1.1.110.10 send unreachable 10.10.10.0/24
*23:46:08: BGP(0): 1.1.110.10 send UPDATE 10.10.10.0/24 -- unreachable

Hub01#show ip bgp neighbors 1.1.110.10 advertised-routes | begin Network
   Network          Next Hop            Metric LocPrf Weight Path
*> 192.168.0.0/23   0.0.0.0                  0         32768 i

Total number of prefixes 1 

*23:46:16: BPG(0): Condition IF-EXIST changes to Withdraw
*23:46:39: BGP(0): 1.1.110.10 192.168.0.0/23 matches advertise map THEN-ADVERTISE, state: Withdraw
*23:46:39: BGP(0): 1.1.110.10 send unreachable 192.168.0.0/23
*23:46:39: BGP(0): 1.1.110.10 send UPDATE 192.168.0.0/23 -- unreachable

Hub01#show ip bgp neighbors 1.1.110.10 advertised-routes                

Total number of prefixes 0