BGP Aggregate AS-SET

When you use the BGP aggregate-address command on Cisco IOS without any parameters, then all information of individual route attributes such as AS_PATH is lost.

This can cause issues since the AS_PATH is used for loop prevention. For example, it’s possible that an AS installs a summary that it shouldn’t. With the AS-SET parameter, you can optionally include AS information in the summary. In this lesson, I’ll show you how to do this.

Configuration

Here is the topology we’ll use:

Bgp Aggregate As Set Topology Lab

We have four routers, all in a different AS. R2 and R3 have a loopback with an IP address that are advertised in BGP. R1 will send an aggregate to R4.

Want to take a look for yourself? Here you will find the startup configuration of each device.

Right now, there is no aggregate so R4 sees two separate prefixes with the correct AS path information:

R4#show ip bgp 
BGP table version is 3, local router ID is 192.168.14.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, 
              x best-external, a additional-path, c RIB-compressed, 
              t secondary path, 
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>   172.16.2.2/32       192.168.14.1                           0 1 2 i
 *>   172.16.3.3/32       192.168.14.1                           0 1 3 i

Each prefix has the correct AS path.

Without AS-SET

Let’s create a summary/aggregate. We’ll start without the AS-SET parameter so that we have a before and after example:

R1(config)#router bgp 1
R1(config-router)#aggregate-address 172.16.0.0 255.255.0.0 summary-only

Here’s what we get on R4:

R4#show ip bgp 
BGP table version is 10, local router ID is 192.168.14.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, 
              x best-external, a additional-path, c RIB-compressed, 
              t secondary path, 
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>   172.16.0.0       192.168.14.1             0             0 1 i

We see the 172.16.0.0/16 prefix but all AS path information is lost. This prefix seems to come from AS 1 only.

If R4 was connected to R2 or R3 then those routers would install this prefix without hesitation since they don’t see their own AS number in the summary route. This could cause routing loops.

With AS-SET

Let’s add the as-set parameter on R1 now:

R1(config)#router bgp 1
R1(config-router)#aggregate-address 172.16.0.0 255.255.0.0 summary-only as-set

Here’s what we get on R4:

R4#show ip bgp 
BGP table version is 11, local router ID is 192.168.14.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, 
              x best-external, a additional-path, c RIB-compressed, 
              t secondary path, 
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>   172.16.0.0       192.168.14.1             0             0 1 {2,3} i

We now see the AS path information in the aggregate. This helps against routing loops as it shows the AS numbers in the aggregate. If R2 or R3 would somehow receive this aggregate, they would not accept it since they see their own AS number.

So, should we always use AS-SET? Maybe, there is a downside to using this. Whenever there is a change in the aggregate, an update will be sent by R1. For example, let’s shut the loopback on R3:

R3(config)#interface Loopback 0
R3(config-if)#shutdown

The summary on R4 now looks like this:

R4#show ip bgp 
BGP table version is 12, local router ID is 192.168.14.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, 
              x best-external, a additional-path, c RIB-compressed, 
              t secondary path, 
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>   172.16.0.0       192.168.14.1             0             0 1 2 i

Information about AS 3 has been removed. It’s interesting to see that this router does now show 1 {2} but just 1 2.

If you have an aggregate that covers hundreds or thousands of prefixes then a change in your aggregate is likely. If you have a flapping network somewhere, it’s possible that your aggregate keeps getting updated.

Conclusion

You have now learned how you can include AS path information in aggregates (summaries) with the AS-SET parameter. This helps to prevent routing loops in case the aggregate somehow makes it back to one of the ASes where one of the prefixes that fall within the range of your aggregate originated from.

The disadvantage of AS-SET is that by including AS path information, it’s possible that your aggregate gets updated whenever there is a change. With a flapping network somehow, this could mean that your aggregate keeps getting updated over and over again.

I hope you enjoyed this lesson. If you have any questions feel free to leave a comment!

Unit 1: Introduction to BGP

Unit 2: BGP Neighbor Adjacency

Unit 3: BGP Attributes

Unit 4: BGP Communities

Unit 5: BGP Filtering

Unit 6: Advanced BGP Features

Unit 7: BGP Convergence