Aggregate Route Indirect Next-Hop Option
This chapter provides information about aggregate routes with indirect next-hop option.
Topics in this chapter include:
Applicability
This chapter was initially written based on SR OS Release 11.0.R1. The MD-CLI in the current edition corresponds to SR OS Release 22.10.R1.
Overview
In SR OS nodes, IPv4 and IPv6 aggregate routes can be configured. A configured aggregate route that has the best preference for the prefix is activated, and therefore, added to the routing table, when it has at least one contributing route; the aggregate route is removed from the routing table when there are no longer any contributing routes. A contributing route is any route installed in the forwarding table that is a more specific match of the aggregate. For example, the route 10.16.12.0/24 is a contributing route to the aggregate route 10.16.12.0/22, but for this same aggregate, the routes 10.16.0.0/16 and 10.0.0.0/8 are not contributing routes.
In Aggregate routes , Router A can advertise all four routes or one aggregate route. By aggregating the four routes, fewer updates are sent on the link between routers A and B, router B needs to maintain a smaller routing table resulting in better convergence and router B saves on computational resources by evaluating fewer entries in its routing table.
It is possible to configure an indirect hop for aggregate routes. The indirect next hop specifies where packets will be forwarded if they match the aggregate route, but not a more specific route in the IP forwarding table.
Different network operators have different requirements on how to forward a packet that matches an aggregate route but not any of the more specific routes in the forwarding table that activated the aggregate. In general, there are three different options:
-
The packet can be forwarded according to the next-most specific route, ignoring the aggregate route. This can lead to routing loops in some topologies.
-
The packet can be discarded.
-
The packet can be forwarded toward an indirect next-hop address that is configured by the operator. The indirect next-hop could be the address of a threat management server that analyzes the packets it receives for security threats. This option requires the aggregate route to be installed in the forwarding table with a resolved next-hop interface determined from a route lookup of the indirect next-hop address.
Configuration
The example topology with two PEs is shown in Example topology.
Initial configuration
The nodes have the following basic configuration:
-
cards, MDAs
-
ports
-
router interfaces
The router interfaces on PE-1 are configured as follows:
# on PE-1:
configure {
router "Base" {
interface "int-PE-1-PE-2" {
port 1/1/c1/1:1000
ipv4 {
primary {
address 192.168.12.1
prefix-length 30
}
}
}
interface "int-PE-1-PE-4" {
port 1/1/c2/1:1000
ipv4 {
primary {
address 192.168.14.1
prefix-length 30
}
}
}
interface "system" {
ipv4 {
primary {
address 192.0.2.1
prefix-length 32
}
}
}
The configuration on PE-2 is similar. The IP addresses are shown in Example topology. In this example, static routes are configured. There is no need for an IGP, but it could be configured.
Aggregate route with indirect next hop option
This feature adds the indirect keyword and an associated IP address parameter to the aggregate command in the configuration contexts of the base router and of VPRN services.
The aggregate route configuration command in the base router context is as follows:
*[ex:/configure router "Base" aggregates aggregate 10.16.12.0/22]
A:admin@PE-1# ?
Immutable fields - indirect
aggregator + Enter the aggregator context
apply-groups - Apply a configuration group at this level
apply-groups-exclude - Exclude a configuration group at this level
as-set - Use AS_SET path segment type for the aggregate route
community - Community name that is added to the aggregate route
description - Text description
discard-component- - Advertise aggregate with aggregate route community set
communities
local-preference - Local preference used when aggregate route is exported
policy - Policy name for the aggregated route
summary-only - Advertise the aggregate route only
tunnel-group - Tunnel group from which to associate the MC IPSec state
Choice: next-hop
blackhole :+ Enable the blackhole context
indirect :- Address of the indirect next hopParameters:
-
indirect — This indicates that the aggregate route has an indirect address. The indirect option is mutually exclusive with the black-hole option.
-
<ip-address> — Installing an aggregate route with an indirect next-hop is supported for both IPv4 and IPv6 prefixes. However, if the aggregate prefix is IPv6, the indirect next-hop must be an IPv6 address and if the aggregate prefix is IPv4, the indirect next-hop must be an IPv4 address.
If an indirect next-hop is not resolved, the aggregate route will show up as black-hole.
The aggregate route 10.16.12.0/22 is configured as follows:
# on PE-1:
configure {
router "Base" {
aggregates {
aggregate 10.16.12.0/22 {
community ["64496:64498"]
indirect 192.168.11.11
This creates an aggregate route, but there are no contributing routes that are more specific defined yet. Therefore, the aggregate route remains inactive:
[/]
A:admin@PE-1# show router aggregate
===============================================================================
Legend: G - generate-icmp enabled
===============================================================================
Aggregates (Router: Base)
===============================================================================
Prefix Aggr IP-Address Aggr AS
Summary AS Set State
NextHop Community NextHopType
-------------------------------------------------------------------------------
10.16.12.0/22 0.0.0.0 0
False False Inactive
192.168.11.11 64496:64498 Indirect
-------------------------------------------------------------------------------
No. of Aggregates: 1
===============================================================================
The inactive aggregate route does not appear in the routing table:
[/]
A:admin@PE-1# show router route-table
===============================================================================
Route Table (Router: Base)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
192.0.2.1/32 Local Local 00h02m31s 0
system 0
192.168.12.0/30 Local Local 00h02m31s 0
int-PE-1-PE-2 0
192.168.14.0/30 Local Local 00h02m31s 0
int-PE-1-PE-4 0
-------------------------------------------------------------------------------
No. of Routes: 3
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
Configure contributing routes to activate the aggregate route
The aggregate route remains inactive as long as there is no contributing route which is more specific than the aggregate route. The following contributing routes are statically configured on PE-1:
# on PE-1:
configure {
router "Base" {
static-routes {
route 10.16.12.0/24 route-type unicast {
next-hop "192.168.14.2" {
admin-state enable
}
}
route 10.16.13.0/24 route-type unicast {
next-hop "192.168.14.2" {
admin-state enable
}
}
route 10.16.14.0/24 route-type unicast {
next-hop "192.168.14.2" {
admin-state enable
}
}
route 10.16.15.0/24 route-type unicast {
next-hop "192.168.14.2" {
admin-state enable
}
}
As a result, the aggregate route becomes active:
[/]
A:admin@PE-1# show router aggregate
===============================================================================
Legend: G - generate-icmp enabled
===============================================================================
Aggregates (Router: Base)
===============================================================================
Prefix Aggr IP-Address Aggr AS
Summary AS Set State
NextHop Community NextHopType
-------------------------------------------------------------------------------
10.16.12.0/22 0.0.0.0 0
False False Active
192.168.11.11 64496:64498 Indirect
-------------------------------------------------------------------------------
No. of Aggregates: 1
===============================================================================
The active aggregate route is added to the route table, as well as the contributing routes:
[/]
A:admin@PE-1# show router route-table
===============================================================================
Route Table (Router: Base)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.16.12.0/22 Blackh* Aggr 00h00m29s 130
Black Hole 0
10.16.12.0/24 Remote Static 00h00m29s 5
192.168.14.2 1
10.16.13.0/24 Remote Static 00h00m29s 5
192.168.14.2 1
10.16.14.0/24 Remote Static 00h00m29s 5
192.168.14.2 1
10.16.15.0/24 Remote Static 00h00m29s 5
192.168.14.2 1
192.0.2.1/32 Local Local 00h03m20s 0
system 0
192.168.12.0/30 Local Local 00h03m20s 0
int-PE-1-PE-2 0
192.168.14.0/30 Local Local 00h03m20s 0
int-PE-1-PE-4 0
-------------------------------------------------------------------------------
No. of Routes: 8
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
* indicates that the corresponding row element may have been truncated.
The aggregate route is black-holed because the next hop is not resolved. There is no route to 192.168.11.0/24.
Configure resolving route to indirect next hop
A static route is configured on PE-1 to the indirect next hop, as follows:
# on PE-1:
configure {
router "Base" {
static-routes {
route 192.168.11.0/24 route-type unicast {
next-hop "192.168.12.2" {
admin-state enable
}
}
In the route table, the aggregate route is no longer black-holed. The next hop for the indirect next hop is 192.168.12.2 (PE-2).
[/]
A:admin@PE-1# show router route-table
===============================================================================
Route Table (Router: Base)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.16.12.0/22 Remote Aggr 00h00m03s 130
192.168.12.2 0
10.16.12.0/24 Remote Static 00h00m55s 5
192.168.14.2 1
10.16.13.0/24 Remote Static 00h00m55s 5
192.168.14.2 1
10.16.14.0/24 Remote Static 00h00m55s 5
192.168.14.2 1
10.16.15.0/24 Remote Static 00h00m55s 5
192.168.14.2 1
192.0.2.1/32 Local Local 00h03m45s 0
system 0
192.168.11.0/24 Remote Static 00h00m03s 5
192.168.12.2 1
192.168.12.0/30 Local Local 00h03m45s 0
int-PE-1-PE-2 0
192.168.14.0/30 Local Local 00h03m45s 0
int-PE-1-PE-4 0
-------------------------------------------------------------------------------
No. of Routes: 9
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
In this example, PE-2 is the resolved indirect next hop and it has a route for prefix 10.16.12.0/22:
# on PE-2:
configure {
router "Base" {
static-routes {
route 10.16.12.0/22 route-type unicast {
next-hop "192.168.23.2" {
admin-state enable
}
}
}The route table on PE-2 looks as follows:
[/]
A:admin@PE-2# show router route-table
===============================================================================
Route Table (Router: Base)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.16.12.0/22 Remote Static 00h00m00s 5
192.168.23.2 1
192.0.2.2/32 Local Local 00h04m03s 0
system 0
192.168.12.0/30 Local Local 00h04m03s 0
int-PE-2-PE-1 0
192.168.23.0/30 Local Local 00h04m03s 0
int-PE-2-PE-3 0
-------------------------------------------------------------------------------
No. of Routes: 4
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
Conclusion
Aggregate routes offer several advantages, the key being reduction in the routing table size and overcoming routing loops, among other things. Aggregate routes with indirect next hop option helps in faster network convergence by decreasing the number of route table changes. This example shows how to configure aggregate routes with indirect next hop option.