(06) Foundation: Establishing a BGP session

with an ISP (Part 3)

Are you ready for more? Here we go-- Establishing a BGP Session with an ISP, part
three. And that title, even the title of it is kind of-- well, I don't want to say misleading. But it's
so much bigger than that. We are establishing a BGP session with a quote unquote "ISP" as we
do this. But it's almost like I want to title it "Learning BGP." But how nice and bland is that? So
just know that we are establishing a BGP session. But as we're doing this, we're learning a lot
of the core concepts of BGP. So let's get into it.
What we talked about in the last Nugget, and I want to do a little review of that, was
how the BGP session formed between the two ISPs. We got into the route selection process-as a matter of fact, let me just slide this right over here. We got router one doing a Show IP
BGP Summary, establishing two neighbor relationships with the two ISPs. We received the
routes, the unique routes, from each one. And then, we had this route, which was received by
both of them, assuming both of them were connected to other autonomous systems. And you
saw when we did the BGP looking glass in the last Nugget with AT&T that it gets pretty big.
You can have many, many, many redundant routes based on the number of peers that you
have. But we receive these routes from those ISPs. Now initially, it chose this as the best path
to get there-- ISP1, autonomous system 111. We decided, well, ISP2 might have the better
link. So we went in and tweaked the weight. That started the whole discussion of the BGP
route selection process and how weight is the strongest one. But it's not so much that I want
to focus on, oh, that's how we modify the weight. There's going to be a lot of modifications. As
a matter of fact, even in this Nugget, we're going to get into some pretty cool stuff. But I
wanted you to just see that this is one of the ways that we can do that.

Now, BGP is a distance vector routing protocol-- well, technically they'll pull it up and
say, it's an advance distance vector routing protocol just so you don't put in the same
category as RIP. But really, if you think about it, it's like wow, it is kind of like RIP in that it uses
this kind of hop count metric with AS path. And also-- and I would say the biggest thing-- if
you were to go home at the end of the day and say, tell me the definition of a distance vector
routing protocol-- I don't know who would ask you at home, your wife, your husband, whoever,
your kids, and they say, dad, mom, tell me, what's a distance vector routing protocol-- you
would say, it is a routing protocol that only knows what its neighbors told it. And they would
say, oh, thanks.
So that's really what happens is ISP1 is telling router one, here's the best routes that I
picked. And I want to make sure that that's clear. ISP1, maybe this is that AT&T router. They've
got 50 different peers, or 12 different peers coming out of there. And they're receiving the full
internet routing table from each one of them. Man, I can't even imagine how much memory
that would consume. But he's got all of these different paths. He's going to pick the best of
those paths and then forward those on to you, router one. And ISP2 is going to do the same
thing. It's going to forward you the best of those paths. And that's one of the big differences
between distance vector and link state. Link state, rather than knowing just what the neighbor
has told it, knows everything. It has the whole topology mapped out to where it knows that
ISP1 has those 12 different peers and 12 different paths to reach those networks. But man,
can you imagine the explosive memory utilization of a router that would have to have all of
those different paths? Frankly, it just would not work. There'd be no way to make that work. I
would say, well, I guess anything's possible. But even with today's 128 gigs of RAM kind of
thing, even that would be like, well, I don't know. It might not fit it all. So anyhow, that brings
us to BGP and where we are here. So that was kind of just the cram session review. We've got
router one now receiving those routes. We had it pick the best one.

Advertising Networks to BGP

This Nugget, I want to start talking about, now, advertising networks out. Here's one of
the strange things is router one has formed to neighbors. And those neighbors have
transmitted routes down to router one. But router one has not told ISP1 or ISP2 about a single
thing. It's just a recipient. It has received those routes from those neighbors. It hasn't given
anything out, because that's BGP's default nature. It will not pass anything that you don't tell
it to pass. Now, that's as an enterprise customer. Now, keep in mind, for instance, when you
establish, ISP1 establishes, peering with all these different BGP peers, they dump their whole
routing table. BGP is going to naturally jump on and say, OK, let me pick the best of those
routes and pass those on. So it's not like I have to tell ISP1, hey, pick the best routes, let's
type in which routes to send-- nothing like that. But one thing I will say is all ISP1 will do
naturally is pass them on, meaning if ISP1 has these networks, 151.x.x.x, it will never tell
anybody about those networks until you allow it to do so. So that brings us into how do we
advertise networks with BGP? One way, the first way, is by using the Network command. Now,
you might remember when I was talking about BGP a couple Nuggets ago.
I said the Network command with BGP works differently than the Network command of
other routing protocols. Normally, the Network command-- we'll just grab OSPF-- one, enables
Hello packets, which, as soon as I type in-- let's say I type in network 150.1.1.0 in OSPF, it
would say, oh, there's an interface. It's 150.1.1 something. Let me start, number one, sending
hello packets out that interface. And then, number two, I will automatically advertise any
interface, any connected interface, of that device, that starts with 150.1.1.-- anything,
depending on the wild card mass and all that. That's what we're used to.
But here's one of the differences with BGP. The Network command-- and catch
this. I'm going to say it slow, because it's a big difference. The Network command
with BGP takes a route from the routing table and advertises it via BGP. I'll say it
again. The Network command with BGP takes a route from the existing routing
table, routing table that could have been built with static routes, with internal
routing protocols, with da, da, da, however stuff got in your routing table, BGP, the
Network command with BGP will take one of those routes that's on your internal
routing table and then send it out to your neighbors.
So let me demonstrate that. Let's use router one. I'm going to go to router one.
Actually, as a matter of fact, let me go to ISP1. I've got a couple neighbor up/down statements
there. I'm going to do, show IP BGP from ISP1's perspective. And you can see a little different
view here-- take a look. First off, I see all of these routes, which look a little different. Because
ISP1 is originating them. See, we've got 150.1.1.0. You might say, well, how did those routes
get there? Well, let me do a show IP interface brief. They don't really exist. They're just loopback interfaces that I created. And I said, well, let's advertise those into the system. So we've
got these, which say, I am the next hop. And one of Cisco's tweaks is they say, automagically,
when a router originates a route, it will automatically make the weight 32,768-- really high,
really preferred weight. Because Cisco's like, obviously, if you're the origin of that route, then
you've got the best path.

Network Command vs. Redistribution

You're right there. Now, you might go, well, why does it have a question mark for the
path? How come it doesn't know where that came from? Well, let me show you how I got
those routes in there. I'm going to do a show run section router BGP. So this is from the ISP's
perspective. Look at what I did. OK, pretend that's not there. Right here, I have the command,
Redistribute Connected, meaning take all of your connected interfaces, Loopback1, anything
that you're plugged into, and send it into the BGP routing table. So that will automatically take
this. Now, I added a route map. That's why I said, ignore this. Because we're going to talk
about that in this section, to filter it down so I don't get, for instance, the serial link showing
up in there. And maybe there are some private networks, or something that you don't want in
there. Any time you do redistribution, that totally nulls out the path, the origin. It says, I don't

know where it came from. It was redistributed. However, if you send something in using the
network command, it will say, oh, I know where that came from. It came from in IGP. It came
from internally. But the big thing-- I don't want to get too deep into this. But I will say, look at
these. I'm like, I don't want to get too deep. Let me tell you more. So these routes actually
pass through. That's not good. If you're a customer, that's one of the things you really want to
watch out for.

Transit AS Concept
You received routes from ISP2. And they just went ahead and passed through you,
because that's what BGP does, up to ISP1. So what does ISP1 do? Well, if he doesn't have
another connection over here to ISP2, he's like, oh, well, by golly, that's a pretty good path to
reach those networks. You just became a transit autonomous system, meaning ISP1 is going
to go through you to reach ISP2. I guess you could say you're a type of ISP, but you don't want
to be. Because you're paying them. They're not paying you to go through you as kind of a
bridge.
So that's one of the things that you would want to filter. You'd want to make sure that
routes that came in from ISP2 don't actually make it through to ISP1, because maybe ISP1
would start using you. Now, let me mention, let me back up, stop the truck-- ISP1 and 2, if this
is real-world, I would say would be very, let's just say, not responsible, very not responsible if
they didn't put filters on themselves.
ISPs will often put on filters that says, you can only send us exactly what
routes you've told us you're going to send us. For instance-- that's kind of strange. For
instance, if I want to give the ISPs 200.1.1.0 and advertise that out both places so the rest of
the world can find redundant paths to me, then I would have to tell them, modify your filters.
Allow me to advertise this. Because if what just happened here, what I just showed you right
there, were to happen in the real world, that would be very painful for the ISP.

Transit AS is Painful for ISPs too

Maybe you're paying them for a T1 line, 1.544 megabits per second of bandwidth. And
all of their uplinks up here, those are like your OC 192s, just insane gigabytes per second,
their uplinks out to higher level ISPs. Well, if they don't put their filters on right, and you send
these routes right through, well man, you're going to start showing up some really good paths
through ISP1. Remember, BGP does not see bandwidth. This-- invisible, does not see that that
is a T1 line. So what these ISPs will do is, if they don't have filters, it'll say, oh, well that's a
pretty good route. And all of a sudden, all of their other customers start getting really, really
slow connections. Because they start using your T1 lines to cross-connect to these ISPs. And
that could destroy them. So they will obviously protect themselves just as much as you want
to protect yourself from doing that kind of thing. But again, I'm going a little deeper into this
than I wanted to. But that's just a great view from the ISP's perspective.

Advertising Routes to ISPs

But I want you to see that these guys, this ISP-- and let me go over to ISP2, show IP
BGP-- they don't have any 200.1.1 routes, meaning router one is not advertising this network
to them. That's just a connected interface. It's not in BGP. So let me cut to the chase. Let's get
into the Network command. I'll do a show run section BGP. Oh, ahh, my wife just walked in
with some fresh-baked chocolate chip cookies. How do you keep recording BGP when there's-I'm turning to my right, and there's some fresh-- guys, here's my passion for BGP. I'm going to
keep going, I think. I'm going to go into router BGP, autonomous system 500, and let's talk
quickly about the-- no I'm just kidding. Let's talk about the Network command. The Network
command, when I type in Network, it seems, it feels, just like any other protocol. But watch
how this works. If I type in network 200-- let's just say, well, I want 200.0.0.0, most the time,
you might say, oh, OK, so you're wanting to advertise any 200 network. No, no, no-- BGP
works on a system of exact matches. So it's going to go out, and it's going to say, do I

have the 200.0.0/24 network? You might say, why did you put the slash 24 in there? Well,
because that's the default class. And I didn't include a mask. I didn't tell it that it was using
any kind of different mask. So it's assuming default class-- same thing if I were to do this. Let's
say-- OK, let me just say this just for grins-- I've got a whole bunch of 10 networks, 10.1, 10.2,
10.3, whatever, all plugged into router one. With our current mentality of how the Network
command works, we would say, well, easy. Let's just say network 10.0.0.0. And maybe even
some people might say, well, let's do a mask of 255.0.0.0. And by the way, that's a real
subnet mask, not a wild card mask. So it's network mask. And you might say, OK, so that'll go
around and find all those 10.1, 10.2, 10.3. No, no, no-- here's what it does. If I type in network
10.0.0, even if I put the mask on there like this, BGP goes to the routing table. It says, routing
table, do you have a route for 10.0.0.0/8, or 10.0.0.255.0.0.0, the class A network? And the
routing table responds, if the routing table were a person. And it responds back, and it says,
oh, well no, actually, I have 10.1, 10.2, 10.3 with slash 16's. BGP goes, oh, no, I'm sorry, that's
not a match. I'm not going to advertise anything. So here's the big picture with this Network
command. It's kind of painful. The Network command has to be an exact match from the
routing table. If I want to advertise the 200.1.1.0, then I have to go in and type in Network
200.1.1.0. Now thankfully, in this case, I could just hit the Enter key. Because it's going to
assume a class C subnet mask, and that happens to be what I'm using. But maybe, I don't
know, let's just say that's 200-- well, no, let's go with it a different network. Let's say that was
179.5.1.0/24, just some other public subnet. Well, I couldn't go in there and type in network
179.5.4.0 and press the Enter key, because BGP automatically says, oh, OK, that's 179? That's
a class B network. I'm looking for 179.5.0.0 in the routing table. Are you there, are you there?
No, it's not there. I'm not going to advertise anything. So if you are, for instance, using a
custom subnet mask on something, you have to type that in. You have to say, no, no, no, this
is what you look for, BGP. I'm taking a little time on this, because this is so different than the
typical network command for OSPF or EIGRP. It's a very different use of it. So let's do it. Let's
see what happens. Let's do 200.1.1.0. And I'll just hit the Enter key. And I'm glad I have this
little debug that says, oh, I'm trying to find the origin. Let's see if I can apply that map. Let's
do a show IP BGP on router one. And we've got-- there we go. It says, OK, I am now originating
this route. Now look at this. Look at where it came from. I-- it goes ah, that is now from the
IGP. Since it wasn't redistributed, I know where it came from. I know that you are internal to
my system. Now, the same thing works. Now, I know, when I did this, this was just an
interface on my router. But for instance, that could have been a network. Maybe that was-- let
me clear off some of this. Actually, let me just wipe this all out-- chunk. That could have been
a route somewhere further down on my network. Maybe this guy over here was actually
connected to 200.1.1.0, and he advertised it to me via OSPF. There's our IGP internal gateway
protocol. It's sitting in my routing table. I would still have to type in Network 200.1.1.0. It's not
just for directly connected networks anymore. It's in essence saying, I want to take that route
from OSPF and send it out via BGP to these ISPs. Do you want to see it from the ISP
prospective? Let's take a look. I'm going to go to ISP1 and see what he sees, do a show IP BGP.
And now, ah, there we go. I see that route showing up. I can see 200.1.1.0. Notice, it's got the
I origin. And it came from autonomous system 500. The output on ISP2 should be the same-there it is. We've got this guy as the next hop, we've got originated inside, and we've got 500
as the autonomous system that it came from. So that is one way that you can advertise
networks into BGP. But as you might imagine, that's not used very often. That's why when you
were looking at a lot of the routes in the BGP looking glass, a lot of them have the question
mark. Sometimes, people are like, man, I don't want to type in a network command for every
single network that I have. Because there's no quick way to just say, let's just do it all. Hmm,
no, I was going to show you something. I'll save that for later. So what a lot of people do is
they get into redistribution. Redistribution, simply put, allows you to take all of one thing and
put it in another. So I can take all my OSPF routes and put them into EIGRP, or all my EIGRP
routes and put them into BGP, or all my static routes and throw them into the RIP process. You
can redistribute from anything to anything. So let's do this. Let's go on that router, and just to
make it a little more fun, let's add some interfaces. Now right now, we've just got that
200.1.1.0 network. Let's just make believe some interfaces. I'll do some interface loop-back
zero, IP address-- let's add some private networks-- 10.1.1.1. And then, let's just copy and

paste away. This is how you create a haven of networks. Oh, that didn't work. There we go,
that should be good. Oh, hang on-- there we go. I just paused it. I figured you didn't want to
watch me change a whole bunch of numbers. So I'm going to take all those loop-back
interfaces, I just created a whole bunch of them, go into router one, and slam, get them all in
there. All right, so we've got a bunch of 10 networks that just came up. Now normally, again,
if I was using the Network command, I would have to put them in one by one by one by one.
So I do network 10.1.1.0, mask, 255.255.255.0. I can't just type in 10.0.0.0 and have them all
come through. So I might want to do some redistribution here to sweep everything in. Or
maybe, again, I'll come up with a scenario. I don't want to send a bunch of 10 networks to the
ISP either. So we'll play with this. Let's work through this. So first thing I want to do, I'm going
to do a show run section BGP, and do router BGP 500. I'm going to yank that Network
statement out, because we're going to go at this a different way. So I'll say, no network. So
that's no longer being advertised to the others. And now, I want to do a Redistribute. And let's
just say connected. Let's say, redistribute connected, and allow all of those coming in. You can
see immediately all of these routes came in, some of which we wanted and we expected to
come into the picture, some of which we may not have wanted. Maybe I don't want my WAN
links in the picture. And for instance, I'm also saying that the 200 network didn't show up
either. And that's probably just because the BGP-- it's called the BGP scanner process-- has
not removed it yet from the BGP table. But it will, so let's do a show IP BGP. So right there, you
can see we've got a whole bunch of BGP routes. OK, it did show up. We've got 200.1.1.0. Oh,
it's still there from the old ones, because you see it's I. All of these are now showing up with
little question marks, because it's saying, I don't know where those came from. And we just
sent a bunch of private networks to our ISP. So when we're doing redistribution to bring
networks in, one of things you'll often want to do is filtering, meaning I don't want to just send
the entire router's interfaces to the ISP. It might be the private networks. Maybe I don't want
to send the WAN links or something. But actually, let's do this. First off, I'm going to go to the
ISP and show you that now, when I do a show IP BGP, all of those private networks are
showing up in the system. Oh, and actually, I just thought of it. This isn't going to disappear
until I do that clear IP BGP. And that's one of the things you'll have to get used to is you have
to reset your BGP sessions. Any time you make any changes to attributes, anything that
you're modifying-- normally, adding a new network won't take a reset. But just because we
previously had the 200 network in the network table and kind of did some switcharoo, we just
had to do a little clear of the session. So let's do a show IP BGP now. And it looks like we still
haven't gotten all of our routes in. They're still building all of the routes in the routing table.
So it'll take some time. BGP is slow. So meanwhile-- there we go. It's starting to put it in there.
And now, we've got the 200 network that is showing up, and should now show up as a-- man,
it showed up as an internal route. Why? Show run section BGP-- did I not take that Network
command out? Oh, didn't I say no? Didn't I remove that? Am I crazy? Where you watching?
What's going on here? What's happening? Oh, no, I didn't type the No command. That would
explain it. Router BGP 500 no, and plug that guy in there. There we go, so that will yank it out
of the network. And OK, that's better now. It's putting it in with an incomplete origin. I was
thinking, I didn't think we would have to clear the session for that. So anyhow, let's come up
with a scenario here to where I want to filter. Here is what I want to do. I only want to allow
public facing networks. I don't want to have all these 10 networks show up at the client sites
or the ISPs. I'm just coming up with the scenario on the fly, because I'm also thinking of some
future stuff I want to do. So we might shift it around later. So here's, for instance, how I can do
a filter. And please tell me right now-- everything I'm doing is just kind of an example, kind of
big picture thoughts. We're going to break them down much more as we go through. So let's
say I wanted to find a filter. Almost every filter that you do in BGP will rely on an access list, at
least if you're filtering based on IP address or subnet mask. So what I'll do is I'll say, I want to
create an access list. Let's create access list 60. And we'll do permit-- and these are the ones I
want to permit. I want to permit the 200.1.1.0 network, 0.255. I want to permit, we'll say, the
150.1.1.0 networks. So that's my WAN links. I want to permit those in the table. Then, I want
to go in-- let's do router PGP 500. And I'm going to show you an often confused command
called Distribute List. What a distribute list does is allow you to filter networks from getting
out. But when we're applying it-- you can actually apply a Distribute List. Let me show you

this. If I typed in neighbor 150.1.1.1, I can apply a distribute list to that neighbor. And that
makes sense to where I say, OK, that would affect that neighbor. So as I send routes to that
neighbor, or receive routes from that neighbor, it's going to filter it through whatever I apply
here as a distribute list. That kind of makes sense to a lot of people. It's like, OK, I got that.
But when you apply it to the router as a whole, when I'm saying, it's not really applied to a
neighbor, I'm going to apply the distribute list to the BGP router process, that can do one of
two things. One, it can impact all neighbors. So for example, I can say, I want to restrict these
networks as I advertise them to all neighbors. Or I can do something really funky, which is
what I'm going to do now, which is effect the redistribution. I'm going to say, distribute list 60.
Let me hit the question mark. You can see 60. It says, what access list number do you want to
do it based on? Well, it created access list 60, which just says, permit this, permit that. And
then you guys remember, at the bottom of every access list is an implicit Deny All. So I'm
permitting those two things. I'm going to say, I'm going to apply distribute list 60, hit the
question mark, outbound. But then, you look at all this. It's like, well, wait a second? Are you
saying, outbound a specific interface? Well, I could. I could say, outbound to anything on fast
ethernet 0/0 or serial 0/0, or whatever I want. But I can actually say, outbound connected.
Now, here's what that's going to do. Let me do a show run section BGP-- I typed in the
Redistribute Connected. But what I said is, OK, now that I'm redistributing everything there,
I'm going to say, I want to apply access list 60 to filter those connected routes as they are
sending their routes out to the BGP process. That's the best way I've figured to read that
thing. Because otherwise, if you read it, it's like 60 out connected? Is that like as I'm sending it
to the connected--? What's that mean? It means, as I'm doing redistribution, I'm taking those
connected routes and putting them into BGP. As they're coming out from the connected
routes, go ahead and filter with 60. Now, remember, connected is kind of weird. Most people
would have-- for instance, I'm redistributing EIGRP. So I would say, redistribute EIGRP into BGP.
And as they're coming out of the EIGRP, if that's what I would do, I want to pass them through
distribute list 60, or access list number 60. That makes a little more sense, because this
connected thing is a little weird. Redistributing Connected is kind of weird in the first place.
Actually, I have to clear it. Let's take a look, do a show IP BGP. Oh, nope, it took effect right
away. You can see that all of the 10 networks-- this is from the ISP's perspective-- all of the 10
networks are now being blocked from that redistribution. If I go to router one and do a Show IP
BGP, I can see no more 10 networks. I filtered them by applying distribute list 60, access list
60, to those connected routes as they came out into the BGP process. I know it's a very
strange way of doing that. But that's one way of filtering. Let me show you another-- router
BGP 500. Let me do a No, make sure I get that No command in there, distribute list 60
connected. So yank that off, and now it's going to say, OK let's shove all those-- I like this
debug running all the time-- so I can see all those 10 routes, just like little fish swam their way
back into the table. The second way that you can do this is, you can use a route map. Route
maps are going to be kind of the pinnacle of everything that we do in BGP. And you're going to
see it again and again and again. This is just kind of big picture topics right now. For instance,
let's say all of these networks that are showing up at the ISP, I'm like, OK, that's great. That's
what I wanted to do. But I don't want them to show up with question marks. Because, well, it
just disturbs me. I don't like the question mark. I want people to know that it came, it
originated, from my network. I don't want them to know that I'm doing redistribution, which
they would know if they saw the question mark. So I might do something like this. I'm going to
say, route map, and you type in a name. Let's call it CHANGE_ORIGIN. And it is cases
sensitive, so I'm in the route map CHANGE_ORIGIN. And I'm going to say, well, I want to
match-- hmm, I already have access list 60. Let's do this. Let's do access list 61, permit any.
That's nice and simple. Let's go into route map CHANGE_ORIGIN. And I'm going to say, match
the IP-- actually, I could have just that without a match statement, but we'll talk about that
later-- match IP address 61. And I'm going to set-- now take a look at this. Almost everything
that the route map is geared around setting is based around BGP attributes. Look at that-- the
weight. We've got, set the origin. That's what we're after. Set the local preference. Set
communities. Set the AS path attribute. There's all kinds of different things that we can set.
But just look at the description-- BGP, BGP, BGP. I mean, route maps are almost tailored for
BGP, even though they do all kinds of other stuff. I'm going to say, set the origin to IGP. I don't

want them to show up as an unknown heritage. What kind of background is that? So I'm going
to go in and say, router BGP. Let's do 500. Actually, hang on, I've got redistribute connected,
that was it. And I'm going to say, as I'm redistributing, put them through the route map. And
that's where I'll say, change origin, and apply that. So now, it says, OK I'm going through, and
I'm applying the map. Let me do a Show IP BGP. Look at that, eh? Come on, where's my
applause? [CHEERING] Isn't that cool? Because now, it starts opening-- all I'm doing right
now-- here's The Matrix for you. All I'm doing right now, Neo, is freeing your mind. You have to
free your mind. These are just possibilities, things that you can do in BGP, to manipulate
almost everything. Everything is almost customizable in BGP. You can do almost anything. So
all of these that were redistributed, we just changed the path to say, no, no, no, they're not a
question mark. They're an I. And you could even go in and change them to an E or anything
like that. So that's just some of the stuff that you can do in this BGP world. I'm trying to think
right now if-- ahh, I'm going to do it.

Summarization
There's just one more thing-- I don't think it'd be worth breaking into another Nugget at
this point-- I want to show you, and that's going to be summarization. Did you know, until very
recently, and it's 2012 right now, so until very recently, like within the last year or two, BGP
always had a feature called Auto-Summary, which was on by default on Cisco routers? Now,
that Auto-Summary, you might remember that from EIGRP. It's one of the first things you go in
and turn off. You're like, I don't want auto-anything. You auto not use it. I want to be able to
summarize wherever. Well, take that, and then take it to a protocol with the complexity of
BGP, and you're like, Auto-Summary? OK, come on-- and I don't know if this is going to be
testable, so I'm just going to mention it-- as of recently, I know that the test does not hit IOS
versions, but until recently, Auto-Summary was always on with BGP. Nowadays, you probably
have seen it when I've done a couple show run section BGPs. Nowadays, it always comes with
Auto-Summary off. The same thing with this Synchronization rule, which we'll talk about later.
That always used to be on and cause all kinds of problems. Now, it's off by default. So
thankfully, it's not going to auto-summarize anything. So then, what are the ways of doing
summary routes? How do you do a summary route with BGP? Let me show you the easy way,
first of all. You might want to go in and say, well, I want to summarize all of these 10 networks
down to one advertisement. Let's get lazy there, right? Let's do router BGP 500. You can use
the command. It's actually Aggregate Address, because you're aggregating. You're taking a
bunch of smaller networks and making them one large network. And I could say, well, I want
to do the 10.1.0.0 with an aggregate mask of 255.255.0.0. And then, there's all kinds of
attributes you can put on there. Well, actually let me show you this. Because this is the trip.
I'm just going to hit the Enter key right there, right? It's like, OK, well that was easy. Well what
it does, by default, is it will build this aggregate, as you saw in this debug that I have turned
on. By the way, if you're wondering, what is that debug, it's a debug BGP all, debug IP BGP all.
So in a production router, that's not a good debug to use. But it's kind of cool to see this. What
it did was, it said, hey, I'm going to aggregate that. But check this out, I'm going to do a show
IP BGP. It says, OK, I'm now going to have the summary mask in there, the summary route, I
should say, in there. But let's look at the ISP's perspective, right? From the ISP's perspective,
it's like, oh, oh, ISP, here's your summary. But I'm also going to advertise all the more specific
routes. Seriously, that's the default with Aggregate Address. So look at this. When I hit the
question mark, that's what made me laugh is I was like, I want to show this to you. What
almost all the time you're going to do is add on that bad boy. Hey, I'm putting a summary in
here. I want you to suppress the more specific routes that match this aggregate address, yank
those out of the BGP table, and you can see, it's like match, match, match, match, suppress.
Oh, I love this debug. It's great. So I can see all these things suppressed. Now, when I go to
the ISP router, you're like, ahh, much better. 10.1.0.0/16 is suppressed. Now, look at this. I'm
going to do a Show IP BGP on router one. Look at that. They're all there. But notice what's
happened to them. Look at their little stars, the little stars that said, oh, you are no longer a
valid route. You are now a suppressed route. You've been smushed down. So that's one of the
ways that you can do an aggregate address, or a summary route. It's pretty cool. Now, let me
show you another one. And this one is-- kind of bend your mind a little bit, but hopefully not

too much. I'm going to say, OK, let's get that out there. We'll let all of those things come out
of suppression. So let's do a show run section BGP. Let me show you how a lot people do really
good summary routes. What they might do is say, let's take this off. Rather than redistribute
all of my connected interfaces and put all kinds of routes in the table and then have to kind of
smuch them down, they'll create a manual summary. What they'll do is go back and they'll do,
well, let's create a route, a static route, to 10.1.0.0 with a mask of 255.255.0.0. And let's go
ahead and just send that guy to null 0. [GASPS] People gasp-- what, but, wait a second. Well
first off, let me ask you, what is null 0? It's the garbage can. It's the bit bucket. You're throwing
stuff away. So you're like, well, wait a sec, didn't you just say trash everything starting with
10.1? So if this router, if router one, is receiving traffic for the 10.1 networks, aren't you
dropping it? And I would say, well, yeah, actually I am. But let's preface that a little. Let's do a
show IP route and go to the number one rule of routing. The number one rule of routing says,
when I have a match-- for instance, right here. Here's my garbage route that throws away
everything starting with 10.1. When I have a packet coming in, I'm always, always-- number
one rule-- always use the more specific route first. It doesn't matter. You remember, when you
get into CCNA, they start talking about administrative distance. They're like, oh, lower
administrative distance is always better than higher administrative distance. And you start
learning things, like 120 is RIP, 1 is static, all those kinds of things. And that's good to know.
But this rule even beats that. This rule beats metric. This rule beats everything. It says, if
there is a more specific route, then use that. So what are we doing here? What we did was
create a static route to the garbage can. So now, I'm going to go in to router BGP 500, and
type in, network 10.1.0.0 mask 255.255.0.0. Let's use the Network command to advertise this
network to everybody else. So now, I can go over to ISP1. Let's hit the up arrow. And there it
is. Look at that, we've got a nice little summary route right there. Oh, these guys haven't
disappeared yet. I might have to reset the neighbor for that. But nonetheless, I've got my
summary route that has showed up in the table. So it's going to start sending traffic to me for
all the 10.1 networks. Well, my router's going to receive it. And it says, OK, if it's 10.1.1, it
matches this. If it's 10.1.2-- because these are more specific. The only time it's going to match
this null 0 route is if you're trying to give this router something for the 10 network that it
doesn't have. I should say more specifically for the 10.1 network. Isn't it like if somebody sent
a package for 10.1.12, which is not in this list, it's going to say, oh, well you match this and
you get dropped? So that way, it keeps it from doing that. So I'll do a clear IP BGP star just to
clear out the ISPs, get us a good solid table back in play. So we saw two ways of doing
summaries. One is using the aggregate address, which is great if you've got a bunch of small
networks in the table and you want to smush them down. The other one is to create a manual.
Let's do a show run, include IP route, create a manual static route that is-- oh, wait a sec. Do I
still have those being sent in there? Anyway, we'll get back to that-- create a manual static
route to null 0, and then advertise that route. Remember, the network command with BGP
takes something out of the routing table, which in this case is our static route to null 0, takes
that out of the routing table and puts that in the BGP table. That's the goal of the network
command. So we take that and advertise that to everybody else. So let me just-- I saw all the
10 networks jumping in there again. Oh, I still have this command. Today is the day of Jeremy
leaving commands in that he thought were gone. So let's do a new Redistribute Connected
and watch all those little-- please? OK, it's gone, so let me do a Show IP BGP. OK, that looks
better, there we go. So now, I can go over to the ISP, let's just do a-- there we go. OK, that's
what I want to see. This is just that static route that I had in there. So that's the big picture. So
man, how do I summarize this? This Nugget has been a little bit of everything. And if for right
now you're feeling like, wow, it's kind of like we went over here and went over there, and
where are we, I kind of want you to have that feeling. But at the same time, I want you to walk
away going, OK, I think I got a little of what he was doing. Because really, I'm kind of doing
the big picture premise, and then the rest of this series we're going to spend breaking down a
lot of these into individual tools and components and features that you can use. And we'll put
a lot more practical scenarios to it. It's just for now, I just want to show you a lot of the
flexibility and big picture. So what have we seen? I'd say my major goal for this Nugget was to
show you how to advertise networks outside of your own. So if I want to send something to
the ISP, how do I do it? One way is the Network command. The other way is using

redistribution. And if you use redistribution, you better start getting some skills with filtering.
Because you saw that when we do Redistribute Connected, for instance, or OSPF, it's going to
send them all into the BGP table, which you probably don't want. So we looked at using a
distribute list to filter it down, or a route map to filter it down. And then finally, we took all of
that and said, well, what about summaries? How do you do summaries with BGP? We saw that
we could use the Aggregate Address command. Or we could use a static route to null 0 and
then manually advertise that, so a lot of big picture pieces in place that, again, we're going to
be breaking down. I hope this has been informative for you, and I'd like to thank you for
viewing.