Aggregate Route Indirect Next-Hop Option
This chapter provides information about aggregate routes with indirect next-hop option.
Topics in this chapter include:
Applicability
This chapter was initially written based on SR OS Release 11.0.R1. The CLI in the current edition corresponds to SR OS Release 22.10.R1.
Overview
In SR OS nodes, IPv4 and IPv6 aggregate routes can be configured. A configured aggregate route that has the best preference for the prefix is activated, and therefore, added to the routing table, when it has at least one contributing route; the aggregate route is removed from the routing table when there are no longer any contributing routes. A contributing route is any route installed in the forwarding table that is a more specific match of the aggregate. For example, the route 10.16.12.0/24 is a contributing route to the aggregate route 10.16.12.0/22, but for this same aggregate, the routes 10.16.0.0/16 and 10.0.0.0/8 are not contributing routes.
In Aggregate routes, Router A can advertise all four routes or one aggregate route. By aggregating the four routes, fewer updates are sent on the link between routers A and B, router B needs to maintain a smaller routing table resulting in better convergence and router B saves on computational resources by evaluating fewer entries in its routing table.
It is possible to configure an indirect hop for aggregate routes. The indirect next hop specifies where packets will be forwarded if they match the aggregate route, but not a more specific route in the IP forwarding table.
Different network operators have different requirements on how to forward a packet that matches an aggregate route but not any of the more specific routes in the forwarding table that activated the aggregate. In general, there are three different options:
The packet can be forwarded according to the next-most specific route, ignoring the aggregate route. This can lead to routing loops in some topologies.
The packet can be discarded.
The packet can be forwarded toward an indirect next-hop address that is configured by the operator. The indirect next-hop could be the address of a threat management server that analyzes the packets it receives for security threats. This option requires the aggregate route to be installed in the forwarding table with a resolved next-hop interface determined from a route lookup of the indirect next-hop address.
Configuration
The example topology with two PEs is shown in Example topology.
Initial configuration
The nodes have the following basic configuration:
cards, MDAs
ports
router interfaces
The router interfaces on PE-1 are configured as follows:
# on PE-1:
configure
router Base
interface "int-PE-1-PE-2"
address 192.168.12.1/30
port 1/1/c1/1:1000
exit
interface "int-PE-1-PE-4"
address 192.168.14.1/30
port 1/1/c2/1:1000
exit
interface "system"
address 192.0.2.1/32
exit
The configuration on PE-2 is similar. The IP addresses are shown in Example topology. In this example, static routes are configured. There is no need for an IGP, but it could be configured.
Aggregate route with indirect next hop option
This feature adds the indirect keyword and an associated IP address parameter to the aggregate command in the configuration contexts of the base router and of VPRN services.
The aggregate route configuration commands are as follows:
configure [ router | service vprn <vprn-id> ] aggregate ?
- no aggregate <ip-prefix/ip-prefix-length>
- aggregate <ip-prefix/ip-prefix-length> [summary-only] [as-set] [aggregator
<as-number:ip-address>] [discard-component-communities] [black-hole [generate-icmp]]
[community <comm-id1> [<comm-id2> <comm-id3> .. up to 12]] [description
<description>] [local-preference <local-preference>] [tunnel-group <tunnel-group-id>]
[policy <policy-name>]
- aggregate <ip-prefix/ip-prefix-length> [summary-only] [as-set] [aggregator
<as-number:ip-address>] [discard-component-communities] [indirect <ip-address>]
[community <comm-id1> [<comm-id2> <comm-id3> .. up to 12]] [description
<description>] [local-preference <local-preference>] [tunnel-group <tunnel-group-id>]
[policy <policy-name>]
---snip---
Parameters:
indirect — This indicates that the aggregate route has an indirect address. The indirect option is mutually exclusive with the black-hole option. To change the next-hop type of an aggregate route (for example, from black-hole to indirect) the route must be deleted and then re-added with the new next-hop type (however, other configuration attributes can generally be changed dynamically).
<ip-address> — Installing an aggregate route with an indirect next-hop is supported for both IPv4 and IPv6 prefixes. However, if the aggregate prefix is IPv6, the indirect next-hop must be an IPv6 address and if the aggregate prefix is IPv4, the indirect next-hop must be an IPv4 address.
If an indirect next-hop is not resolved, the aggregate route will show up as black-hole.
The aggregate route 10.16.12.0/22 is configured as follows:
# on PE-1:
configure
router Base
aggregate 10.16.12.0/22 community 64496:64498 indirect 192.168.11.11
This creates an aggregate route, but there are no contributing routes that are more specific defined yet. Therefore, the aggregate route remains inactive:
*A:PE-1# show router aggregate
===============================================================================
Legend: G - generate-icmp enabled
===============================================================================
Aggregates (Router: Base)
===============================================================================
Prefix Aggr IP-Address Aggr AS
Summary AS Set State
NextHop Community NextHopType
-------------------------------------------------------------------------------
10.16.12.0/22 0.0.0.0 0
False False Inactive
192.168.11.11 64496:64498 Indirect
-------------------------------------------------------------------------------
No. of Aggregates: 1
===============================================================================
The inactive aggregate route does not appear in the routing table:
*A:PE-1# show router route-table
===============================================================================
Route Table (Router: Base)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
192.0.2.1/32 Local Local 00h18m35s 0
system 0
192.168.12.0/30 Local Local 00h18m35s 0
int-PE-1-PE-2 0
192.168.14.0/30 Local Local 00h18m35s 0
int-PE-1-PE-4 0
-------------------------------------------------------------------------------
No. of Routes: 3
Configure contributing routes to activate the aggregate route
The aggregate route remains inactive as long as there is no contributing route which is more specific than the aggregate route. The following contributing routes are statically configured on PE-1:
# on PE-1:
configure
router Base
static-route-entry 10.16.12.0/24
next-hop 192.168.14.2
no shutdown
exit
exit
static-route-entry 10.16.13.0/24
next-hop 192.168.14.2
no shutdown
exit
exit
static-route-entry 10.16.14.0/24
next-hop 192.168.14.2
no shutdown
exit
exit
static-route-entry 10.16.15.0/24
next-hop 192.168.14.2
no shutdown
exit
exit
As a result, the aggregate route becomes active:
*A:PE-1# show router aggregate
===============================================================================
Legend: G - generate-icmp enabled
===============================================================================
Aggregates (Router: Base)
===============================================================================
Prefix Aggr IP-Address Aggr AS
Summary AS Set State
NextHop Community NextHopType
-------------------------------------------------------------------------------
10.16.12.0/22 0.0.0.0 0
False False Active
192.168.11.11 64496:64498 Indirect
-------------------------------------------------------------------------------
No. of Aggregates: 1
===============================================================================
The active aggregate route is added to the route table, as well as the contributing routes:
*A:PE-1# show router route-table
===============================================================================
Route Table (Router: Base)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.16.12.0/22 Blackh* Aggr 00h00m00s 130
Black Hole 0
10.16.12.0/24 Remote Static 00h00m00s 5
192.168.14.2 1
10.16.13.0/24 Remote Static 00h00m00s 5
192.168.14.2 1
10.16.14.0/24 Remote Static 00h00m00s 5
192.168.14.2 1
10.16.15.0/24 Remote Static 00h00m00s 5
192.168.14.2 1
192.0.2.1/32 Local Local 00h19m40s 0
system 0
192.168.12.0/30 Local Local 00h19m40s 0
int-PE-1-PE-2 0
192.168.14.0/30 Local Local 00h19m40s 0
int-PE-1-PE-4 0
-------------------------------------------------------------------------------
No. of Routes: 8
The aggregate route is black-holed because the next hop is not resolved. There is no route to 192.168.11.0/24.
Configure resolving route to indirect next hop
A static route is configured on PE-1 to the indirect next hop, as follows:
# on PE-1:
configure
router Base
static-route-entry 192.168.11.0/24
next-hop 192.168.12.2
no shutdown
exit
exit
In the route table, the aggregate route is no longer black-holed. The next hop for the indirect next hop is 192.168.12.2 (PE-2).
*A:PE-1# show router route-table
===============================================================================
Route Table (Router: Base)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.16.12.0/22 Remote Aggr 00h00m14s 130
192.168.12.2 0
10.16.12.0/24 Remote Static 00h04m27s 5
192.168.14.2 1
10.16.13.0/24 Remote Static 00h04m27s 5
192.168.14.2 1
10.16.14.0/24 Remote Static 00h04m27s 5
192.168.14.2 1
10.16.15.0/24 Remote Static 00h04m27s 5
192.168.14.2 1
192.0.2.1/32 Local Local 00h24m08s 0
system 0
192.168.11.0/24 Remote Static 00h00m14s 5
192.168.12.2 1
192.168.12.0/30 Local Local 00h24m08s 0
int-PE-1-PE-2 0
192.168.14.0/30 Local Local 00h24m08s 0
int-PE-1-PE-4 0
-------------------------------------------------------------------------------
No. of Routes: 9
In this example, PE-2 is the resolved indirect next hop and it has a route for prefix 10.16.12.0/22:
# on PE-2:
configure
router Base
static-route-entry 10.16.12.0/22
next-hop 192.168.23.2
no shutdown
exit
exit
The route table on PE-2 looks as follows:
*A:PE-2# show router route-table
===============================================================================
Route Table (Router: Base)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.16.12.0/22 Remote Static 00h00m00s 5
192.168.23.2 1
192.0.2.2/32 Local Local 00h25m17s 0
system 0
192.168.12.0/30 Local Local 00h25m17s 0
int-PE-2-PE-1 0
192.168.23.0/30 Local Local 00h25m17s 0
int-PE-2-PE-3 0
-------------------------------------------------------------------------------
No. of Routes: 4
Conclusion
Aggregate routes offer several advantages, the key being reduction in the routing table size and overcoming routing loops, among other things. Aggregate routes with indirect next hop option helps in faster network convergence by decreasing the number of route table changes. This example shows how to configure aggregate routes with indirect next hop option.