Route Policy Action to Suppress BGP Route Installation
This chapter describes Route Policy Action to Suppress BGP Route Installation.
Topics in this chapter include:
Applicability
The information and configuration in this chapter are based on SR OS Release 20.5.R1. The route policy action to suppress BGP and BGP Labeled Unicast (BGP-LU) route installation in the route table and tunnel table associated with the BGP instance is supported in SR OS Release 19.10.R1and later.
Overview
In some deployments, a Route Reflector (RR) or PE router receives many BGP routes that must be re-advertised to other peers whereas these BGP routes do not need to be installed in the route table and Forwarding Information Base (FIB) of the RR or PE router. Network operators can suppress BGP route installation in the route table when they know that the router can forward the associated traffic anyway; for example, using a default or summary route. By suppressing BGP route installation, CPM memory is saved as well as FIB table space in the line cards.
The disable-route-table-install policy action only takes effect in BGP import policies and only for the IPv4, IPv6, label-IPv4, and label-IPv6 address families.
With this policy action in place, the following applies:
when a BGP unlabeled IPv4 or IPv6 route is received from a base router or VPRN BGP peer, the route is:
not installed in the Route Table Manager (RTM)
not downloaded to the IOMs for installation in the FIB tables
not available for CPM routing (for example, for control plane traffic)
not available to resolve other routes
when a BGP-LU IPv4 route is received from a base router or VPRN BGP peer, the route is:
not installed in the RTM and Tunnel Table Manager (TTM)
not downloaded to the IOMs for installation in the FIB tables
not available for CPM routing (for example, for control plane traffic)
not available as a tunnel to resolve other routes
Note:If the BGP-LU IPv4 route is re-advertised with a new next-hop, the disable-route-table-install policy action does not prevent a new Incoming Label Map (ILM) label from being allocated for the route and programmed into the ILM tables of the line cards.
when a BGP-LU IPv6 route is received from a base router BGP peer, the route is:
not installed in the RTM
not downloaded to the IOMs for installation in the FIB tables
not available for CPM routing (for example, for control plane traffic)
not available to resolve other routes
Usual BGP rules do not allow the advertising of inactive routes when advertise-inactive is not configured. However, routes marked by the disable-route-table-install policy action can be re-advertised, even if advertise-inactive is not configured toward the RIB-OUT peer and even if next-hop-self is configured toward the RIB-OUT peer. Because of the latter, incorrect use of this feature can blackhole traffic.
The disable-route-table-install command at the BGP instance level does not allow a route to be advertised under next-hop-self conditions.
The disable-route-table-install policy action overrides the effect of the selective-label-ipv4-install command. Even if a /32 BGP-LU route should be installed in the route table and tunnel table because it has a dependent service, the disable-route-table-install policy action suppresses the installation.
Configuration
Example topology shows the example topology for this feature.
The initial configuration on the nodes includes:
Cards, MDAs, ports
Router interfaces
SR-ISIS (on RR-2 and PE-3 in AS 64500)
An eBGP session is established between PE-1 in AS 64501 and RR-2 in AS 64500, and an iBGP session between RR-2 and PE-3 in AS 64500 with next-hop-self. The BGP configuration on RR-2 is as follows:
# on RR-2:
configure
router Base
bgp
split-horizon
next-hop-resolution
labeled-routes
transport-tunnel
family label-ipv4
resolution-filter
no ldp
sr-isis
exit
resolution filter
exit
exit
exit
exit
group "eBGP"
local-as 64500
peer-as 64501
neighbor 192.168.12.1
family ipv4 label-ipv4
next-hop-self
exit
exit
group "iBGP-IPv4"
family ipv4 label-ipv4
cluster 192.0.2.2
peer-as 64500
neighbor 192.0.2.3
next-hop-self
exit
exit
no shutdown
exit
PE-1 exports BGP IPv4 and BGP-LU IPv4 routes to RR-2 shows that PE-1 advertises two BGP IPv4 routes and two BGP-LU IPv4 routes to RR-2:
BGP route 10.1.0.1/32 with community 1:1
BGP-LU route 10.2.0.1/32 with community 2:2
BGP route 10.131.0.1/32 without community
BGP-LU route 10.132.0.1/32 without community
On PE-1, the following export policies are applied for BGP neighbor 192.168.12.2:
# on PE-1:
configure
router Base
policy-options
begin
prefix-list "10.1.0.0/16"
prefix 10.1.0.0/16 longer
exit
prefix-list "10.2.0.0/16"
prefix 10.2.0.0/16 longer
exit
prefix-list "10.131.0.0/16"
prefix 10.131.0.0/16 longer
exit
prefix-list "10.132.0.0/16"
prefix 10.132.0.0/16 longer
exit
community "1:1"
members "1:1"
exit
community "2:2"
members "2:2"
exit
policy-statement "export-10.1"
entry 10
from
prefix-list "10.1.0.0/16"
exit
to
protocol bgp
exit
action accept
community add "1:1"
exit
exit
exit
policy-statement "export-10.2"
entry 10
from
prefix-list "10.2.0.0/16"
exit
to
protocol bgp-label
exit
action accept
community add "2:2"
exit
exit
exit
policy-statement "export-10.131"
entry 10
from
prefix-list "10.131.0.0/16"
exit
to
protocol bgp
exit
action accept
exit
exit
exit
policy-statement "export-10.132"
entry 10
from
prefix-list "10.132.0.0/16"
exit
to
protocol bgp-label
exit
action accept
exit
exit
exit
commit
exit
bgp
split-horizon
group "eBGP"
local-as 64501
peer-as 64500
neighbor 192.168.12.2
family ipv4 label-ipv4
next-hop-self
export "export-10.1" "export-10.2" "export-10.131"
"export-10.132"
exit
exit
no shutdown
exit
Initially, RR-2 has no import policy matching any of these four routes, so all these BGP and BGP-LU routes will be active:
*A:RR-2# show router bgp routes
===============================================================================
BGP Router ID:192.0.2.2 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>i 10.1.0.1/32 None None
192.168.12.1 None 0
64501 -
u*>i 10.131.0.1/32 None None
192.168.12.1 None 0
64501 -
-------------------------------------------------------------------------------
Routes : 2
===============================================================================
*A:RR-2# show router bgp routes label-ipv4
===============================================================================
BGP Router ID:192.0.2.2 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>i 10.2.0.1/32 None None
192.168.12.1 None 0
64501 524287
u*>i 10.132.0.1/32 None None
192.168.12.1 None 0
64501 524287
-------------------------------------------------------------------------------
Routes : 2
===============================================================================
These routes are installed in the Routing Table Manager (RTM):
*A:RR-2# show router route-table protocol bgp
===============================================================================
Route Table (Router: Base)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.1.0.1/32 Remote BGP 00h43m49s 170
192.168.12.1 0
10.131.0.1/32 Remote BGP 00h43m49s 170
192.168.12.1 0
-------------------------------------------------------------------------------
No. of Routes: 2
*A:RR-2# show router route-table protocol bgp-label
===============================================================================
Route Table (Router: Base)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.2.0.1/32 Remote BGP_LABEL 00h43m49s 170
192.168.12.1 0
10.132.0.1/32 Remote BGP_LABEL 00h43m49s 170
192.168.12.1 0
-------------------------------------------------------------------------------
No. of Routes: 2
Also, the BGP-LU routes will each have an entry in the tunnel table, as follows:
*A:RR-2# show router tunnel-table protocol bgp
===============================================================================
IPv4 Tunnel Table (Router: Base)
===============================================================================
Destination Owner Encap TunnelId Pref Nexthop Metric
Color
-------------------------------------------------------------------------------
10.2.0.1/32 bgp MPLS 262145 12 192.168.12.1 1000
10.132.0.1/32 bgp MPLS 262146 12 192.168.12.1 1000
-------------------------------------------------------------------------------
Flags: B = BGP or MPLS backup hop available
L = Loop-Free Alternate (LFA) hop available
E = Inactive best-external BGP route
k = RIB-API or Forwarding Policy backup hop
===============================================================================
All the BGP routes exported by PE-1 are installed in the FIB of RR-2, as follows:
*A:RR-2# show router fib 1 10.0.0.0/8 longer
===============================================================================
FIB Display
===============================================================================
Prefix [Flags] Protocol
NextHop
-------------------------------------------------------------------------------
10.1.0.1/32 BGP
192.168.12.1 (int-RR-2-PE-1)
10.2.0.1/32 BGP_LABEL
192.168.12.1 (int-RR-2-PE-1)
10.131.0.1/32 BGP
192.168.12.1 (int-RR-2-PE-1)
10.132.0.1/32 BGP_LABEL
192.168.12.1 (int-RR-2-PE-1)
-------------------------------------------------------------------------------
Total Entries : 4
-------------------------------------------------------------------------------
===============================================================================
Disable-route-table-install policy action
On RR-2, an import policy is configured that only accepts BGP routes with community "1:1" or "2:2"; all other routes match the policy default-action disable-route-table-install. This implies that the BGP IPv4 route 10.131.0.1/32 will not be installed in the route table and BGP-LU IPv4 route 10.132.0.1/32 will not be installed in the route table and tunnel table. Suppression of BGP route installation in the RTM and in the Tunnel Table Manager (TTM) can be done when the router has other ways of forwarding the associated traffic; in this example, via a static route 10.128.0.0/9.
# on RR-2:
configure
router Base
static-route-entry 10.128.0.0/9
next-hop 192.168.12.1
no shutdown
exit
exit
policy-options
begin
community "1:1"
members "1:1"
exit
community "2:2"
members "2:2"
exit
policy-statement "bgp-install-1:1-2:2"
entry 10
from
community "1:1"
exit
action accept
exit
exit
entry 20
from
community "2:2"
exit
action accept
exit
exit
default-action accept
disable-route-table-install
exit
exit
commit
info
exit
bgp
group "eBGP"
local-as 64500
peer-as 64501
neighbor 192.168.12.1
family ipv4 label-ipv4
next-hop-self
import "bgp-install-1:1-2:2"
exit
exit
With this import policy, BGP route 10.1.0.1/32 is active, but route 10.131.0.1/32 is inactive, as follows:
*A:RR-2# show router bgp routes
===============================================================================
BGP Router ID:192.0.2.2 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>i 10.1.0.1/32 None None
192.168.12.1 None 0
64501 -
*>i 10.131.0.1/32 None None
192.168.12.1 None 0
64501 -
-------------------------------------------------------------------------------
Routes : 2
===============================================================================
In a similar way, BGP-LU IPv4 route 10.2.0.1/32 is active, but route 10.132.0.1/32 is inactive:
*A:RR-2# show router bgp routes label-ipv4
===============================================================================
BGP Router ID:192.0.2.2 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>i 10.2.0.1/32 None None
192.168.12.1 None 0
64501 524287
*>i 10.132.0.1/32 None None
192.168.12.1 None 0
64501 524287
-------------------------------------------------------------------------------
Routes : 2
===============================================================================
BGP route 10.131.0.1/32 and BGP-LU route 10.132.0.1/32 have the flag "Disable-RTM-Install" set, but both routes are advertised to the RIB-OUT peer PE-3, as follows:
*A:RR-2# show router bgp routes hunt
===============================================================================
BGP Router ID:192.0.2.2 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
-------------------------------------------------------------------------------
RIB In Entries
-------------------------------------------------------------------------------
Network : 10.1.0.1/32
Nexthop : 192.168.12.1
---snip---
Community : 1:1
---snip---
Flags : Used Valid Best IGP
---snip---
Network : 10.131.0.1/32
Nexthop : 192.168.12.1
---snip---
Community : No Community Members
---snip---
Flags : Valid Best IGP Disable-RTM-Install
---snip---
-------------------------------------------------------------------------------
RIB Out Entries
-------------------------------------------------------------------------------
Network : 10.1.0.1/32
Nexthop : 192.0.2.2
---snip---
Community : 1:1
---snip---
Network : 10.131.0.1/32
Nexthop : 192.0.2.2
---snip---
Community : No Community Members
---snip---
*A:RR-2# show router bgp routes label-ipv4 hunt
===============================================================================
BGP Router ID:192.0.2.2 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP Routes
===============================================================================
-------------------------------------------------------------------------------
RIB In Entries
-------------------------------------------------------------------------------
Network : 10.2.0.1/32
Nexthop : 192.168.12.1
---snip---
Community : 2:2
---snip---
Flags : Used Valid Best IGP
---snip---
Network : 10.132.0.1/32
Nexthop : 192.168.12.1
---snip---
Community : No Community Members
---snip---
Flags : Valid Best IGP Disable-RTM-Install
---snip---
-------------------------------------------------------------------------------
RIB Out Entries
-------------------------------------------------------------------------------
Network : 10.2.0.1/32
Nexthop : 192.0.2.2
---snip---
Community : 2:2
---snip---
Network : 10.132.0.1/32
Nexthop : 192.0.2.2
---snip---
Community : No Community Members
---snip---
On RR-2, the route table now only has one BGP route and one BGP-LU route, as follows:
*A:RR-2# show router route-table protocol bgp
===============================================================================
Route Table (Router: Base)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.1.0.1/32 Remote BGP 00h13m48s 170
192.168.12.1 0
-------------------------------------------------------------------------------
No. of Routes: 1
*A:RR-2# show router route-table protocol bgp-label
===============================================================================
Route Table (Router: Base)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.2.0.1/32 Remote BGP_LABEL 00h13m48s 170
192.168.12.1 0
-------------------------------------------------------------------------------
No. of Routes: 1
On RR-2, the FIB contains BGP route 10.1.0.1/32, BGP-LU route 10.2.0.1/32, and static route 10.128.0.0/9:
*A:RR-2# show router fib 1 10.0.0.0/8 longer
===============================================================================
FIB Display
===============================================================================
Prefix [Flags] Protocol
NextHop
-------------------------------------------------------------------------------
10.1.0.1/32 BGP
192.168.12.1 (int-RR-2-PE-1)
10.2.0.1/32 BGP_LABEL
192.168.12.1 (int-RR-2-PE-1)
10.128.0.0/9 STATIC
192.168.12.1 (int-RR-2-PE-1)
-------------------------------------------------------------------------------
Total Entries : 3
-------------------------------------------------------------------------------
===============================================================================
On RR-2, the tunnel table contains a BGP tunnel toward destination 10.2.0.1/32, but no tunnel toward destination 10.132.0.1/32, as follows:
*A:RR-2# show router tunnel-table protocol bgp
===============================================================================
IPv4 Tunnel Table (Router: Base)
===============================================================================
Destination Owner Encap TunnelId Pref Nexthop Metric
Color
-------------------------------------------------------------------------------
10.2.0.1/32 bgp MPLS 262145 12 192.168.12.1 1000
-------------------------------------------------------------------------------
Flags: B = BGP or MPLS backup hop available
L = Loop-Free Alternate (LFA) hop available
E = Inactive best-external BGP route
k = RIB-API or Forwarding Policy backup hop
===============================================================================
RR-2 advertises both the active and the inactive/suppressed routes to RIB-OUT peer PE-3. The result is that, on PE-3, the route table contains both BGP routes and both BGP-LU routes:
*A:PE-3# show router route-table protocol bgp
===============================================================================
Route Table (Router: Base)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.1.0.1/32 Remote BGP 00h11m38s 170
192.168.23.1 10
10.131.0.1/32 Remote BGP 00h11m38s 170
192.168.23.1 10
-------------------------------------------------------------------------------
No. of Routes: 2
*A:PE-3# show router route-table protocol bgp-label
===============================================================================
Route Table (Router: Base)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.2.0.1/32 Remote BGP_LABEL 00h11m38s 170
192.0.2.2 (tunneled:SR-ISIS:0) 10
10.132.0.1/32 Remote BGP_LABEL 00h11m38s 170
192.0.2.2 (tunneled:SR-ISIS:0) 10
-------------------------------------------------------------------------------
No. of Routes: 2
Disable-route-table-install command
The disable-route-table-install command in the BGP global context is mainly used for off-path route reflectors that do not participate in traffic forwarding.
This section describes the disable-route-table-install command in the general bgp context, in combination with the disable-route-table-install parameter, which is part of the policy framework (action or default-action).
The disable-route-table-install command in the general bgp context is configured as follows:
# on RR-2:
configure
router Base
bgp
disable-route-table-install
exit
The rest of the BGP configuration (including import policy) remains unchanged.
This disable-route-table-install command applies to all received BGP routes, so none of the BGP and BGP-LU routes received from PE-1 will be installed in the RTM and TTM. Therefore, all BGP and BGP-LU routes are inactive (in this example, the second route was already inactive because of the import policy).
*A:RR-2# show router bgp routes
===============================================================================
BGP Router ID:192.0.2.2 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
*>i 10.1.0.1/32 None None
192.168.12.1 None 0
64501 -
*>i 10.131.0.1/32 None None
192.168.12.1 None 0
64501 -
-------------------------------------------------------------------------------
Routes : 2
===============================================================================
*A:RR-2# show router bgp routes label-ipv4
===============================================================================
BGP Router ID:192.0.2.2 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
*>i 10.2.0.1/32 None None
192.168.12.1 None 0
64501 524287
*>i 10.132.0.1/32 None None
192.168.12.1 None 0
64501 524287
-------------------------------------------------------------------------------
Routes : 2
===============================================================================
When a BGP route is suppressed because of a disable-route-table-install general BGP command match, no flag is added. The "Disable-RTM-Install" flag is only present for the route when the disable-route-table-install policy action is matched. The following output shows that the first route did not get an additional flag:
*A:RR-2# show router bgp routes hunt | match Flags
Flags : Valid Best IGP #for BGP route 10.1.0.1/32
Flags : Valid Best IGP Disable-RTM-Install #for BGP-LU route 10.131.0.1/32
*A:RR-2# show router bgp routes label-ipv4 hunt | match Flags
Flags : Valid Best IGP #for BGP route 10.2.0.1/32
Flags : Valid Best IGP Disable-RTM-Install #for BGP-LU route 10.132.0.1/32
When the disable-route-table-install command is configured and next-hop-self is configured toward the RIB-OUT peer, no BGP routes can be advertised for routes that are not installed in the RTM. In this example, the RIB-OUT toward PE-3 remains empty, as follows (the total number of routes equals the number of routes in the RIB-IN):
*A:RR-2# show router bgp routes hunt | match "RIB Out Entries" pre-lines 2 post-lines 50
-------------------------------------------------------------------------------
RIB Out Entries
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Routes : 2
===============================================================================
*A:RR-2# show router bgp routes label-ipv4 hunt | match "RIB Out Entries" pre-lines 2 post-lines 50
-------------------------------------------------------------------------------
RIB Out Entries
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Routes : 2
===============================================================================
Conclusion
The disable-route-table-install policy action in a BGP import policy allows the marking of a route with a "Disable-RTM-Install" flag and still re-advertises this route to RIB-OUT peers, even when next-hop-self is configured. Other routers in the network can install these routes in the route table and FIB.