(06) Foundation: Establishing a BGP session with an ISP (Part 3)

Are you ready for more? Here we go-- Establishing a BGP Session with an ISP, part three. And that title, even the title of it is kind of-- well, I don't want to say misleading. But it's so much bigger than that. We are establishing a BGP session with a quote unquote "ISP" as we do this. But it's almost like I want to title it "Learning BGP." But how nice and bland is that? So just know that we are establishing a BGP session. But as we're doing this, we're learning a lot of the core concepts of BGP. So let's get into it. What we talked about in the last Nugget, and I want to do a little review of that, was how the BGP session formed between the two ISPs. We got into the route selection process-- as a matter of fact, let me just slide this right over here. We got router one doing a Show IP BGP Summary, establishing two neighbor relationships with the two ISPs. We received the routes, the unique routes, from each one. And then, we had this route, which was received by both of them, assuming both of them were connected to other autonomous systems. And you saw when we did the BGP looking glass in the last Nugget with AT&T that it gets pretty big. You can have many, many, many redundant routes based on the number of peers that you have. But we receive these routes from those ISPs. Now initially, it chose this as the best path to get there-- ISP1, autonomous system 111. We decided, well, ISP2 might have the better link. So we went in and tweaked the weight. That started the whole discussion of the BGP route selection process and how weight is the strongest one. But it's not so much that I want to focus on, oh, that's how we modify the weight. There's going to be a lot of modifications. As a matter of fact, even in this Nugget, we're going to get into some pretty cool stuff. But I wanted you to just see that this is one of the ways that we can do that.

Now, BGP is a distance vector routing protocol-- well, technically they'll pull it up and say, it's an advance distance vector routing protocol just so you don't put in the same category as RIP. But really, if you think about it, it's like wow, it is kind of like RIP in that it uses this kind of hop count metric with AS path. And also-- and I would say the biggest thing-- if you were to go home at the end of the day and say, tell me the definition of a distance vector routing protocol-- I don't know who would ask you at home, your wife, your husband, whoever, your kids, and they say, dad, mom, tell me, what's a distance vector routing protocol-- you would say, it is a routing protocol that only knows what its neighbors told it. And they would say, oh, thanks. So that's really what happens is ISP1 is telling router one, here's the best routes that I picked. And I want to make sure that that's clear. ISP1, maybe this is that AT&T router. They've got 50 different peers, or 12 different peers coming out of there. And they're receiving the full internet routing table from each one of them. Man, I can't even imagine how much memory that would consume. But he's got all of these different paths. He's going to pick the best of those paths and then forward those on to you, router one. And ISP2 is going to do the same thing. It's going to forward you the best of those paths. And that's one of the big differences between distance vector and link state. Link state, rather than knowing just what the neighbor has told it, knows everything. It has the whole topology mapped out to where it knows that ISP1 has those 12 different peers and 12 different paths to reach those networks. But man, can you imagine the explosive memory utilization of a router that would have to have all of those different paths? Frankly, it just would not work. There'd be no way to make that work. I would say, well, I guess anything's possible. But even with today's 128 gigs of RAM kind of thing, even that would be like, well, I don't know. It might not fit it all. So anyhow, that brings us to BGP and where we are here. So that was kind of just the cram session review. We've got router one now receiving those routes. We had it pick the best one.

Advertising Networks to BGPThis Nugget, I want to start talking about, now, advertising networks out. Here's one of the strange things is router one has formed to neighbors. And those neighbors have transmitted routes down to router one. But router one has not told ISP1 or ISP2 about a single thing. It's just a recipient. It has received those routes from those neighbors. It hasn't given anything out, because that's BGP's default nature. It will not pass anything that you don't tell it to pass. Now, that's as an enterprise customer. Now, keep in mind, for instance, when you establish, ISP1 establishes, peering with all these different BGP peers, they dump their whole routing table. BGP is going to naturally jump on and say, OK, let me pick the best of those routes and pass those on. So it's not like I have to tell ISP1, hey, pick the best routes, let's type in which routes to send-- nothing like that. But one thing I will say is all ISP1 will do naturally is pass them on, meaning if ISP1 has these networks, 151.x.x.x, it will never tell anybody about those networks until you allow it to do so. So that brings us into how do we advertise networks with BGP? One way, the first way, is by using the Network command. Now, you might remember when I was talking about BGP a couple Nuggets ago. I said the Network command with BGP works differently than the Network command of other routing protocols. Normally, the Network command-- we'll just grab OSPF-- one, enables Hello packets, which, as soon as I type in-- let's say I type in network 150.1.1.0 in OSPF, it would say, oh, there's an interface. It's 150.1.1 something. Let me start, number one, sending hello packets out that interface. And then, number two, I will automatically advertise any interface, any connected interface, of that device, that starts with 150.1.1.-- anything, depending on the wild card mass and all that. That's what we're used to. But here's one of the differences with BGP. The Network command-- and catch this. I'm going to say it slow, because it's a big difference. The Network command with BGP takes a route from the routing table and advertises it via BGP. I'll say it again. The Network command with BGP takes a route from the existing routing table, routing table that could have been built with static routes, with internal routing protocols, with da, da, da, however stuff got in your routing table, BGP, the Network command with BGP will take one of those routes that's on your internal routing table and then send it out to your neighbors. So let me demonstrate that. Let's use router one. I'm going to go to router one. Actually, as a matter of fact, let me go to ISP1. I've got a couple neighbor up/down statements there. I'm going to do, show IP BGP from ISP1's perspective. And you can see a little different view here-- take a look. First off, I see all of these routes, which look a little different. Because ISP1 is originating them. See, we've got 150.1.1.0. You might say, well, how did those routes get there? Well, let me do a show IP interface brief. They don't really exist. They're just loop-back interfaces that I created. And I said, well, let's advertise those into the system. So we've got these, which say, I am the next hop. And one of Cisco's tweaks is they say, automagically, when a router originates a route, it will automatically make the weight 32,768-- really high, really preferred weight. Because Cisco's like, obviously, if you're the origin of that route, then you've got the best path. Network Command vs. RedistributionYou're right there. Now, you might go, well, why does it have a question mark for the path? How come it doesn't know where that came from? Well, let me show you how I got those routes in there. I'm going to do a show run section router BGP. So this is from the ISP's perspective. Look at what I did. OK, pretend that's not there. Right here, I have the command, Redistribute Connected, meaning take all of your connected interfaces, Loopback1, anything that you're plugged into, and send it into the BGP routing table. So that will automatically take this. Now, I added a route map. That's why I said, ignore this. Because we're going to talk about that in this section, to filter it down so I don't get, for instance, the serial link showing up in there. And maybe there are some private networks, or something that you don't want in there. Any time you do redistribution, that totally nulls out the path, the origin. It says, I don't know where it came from. It was redistributed. However, if you send something in using the network command, it will say, oh, I know where that came from. It came from in IGP. It came from internally. But the big thing-- I don't want to get too deep into this. But I will say, look at these. I'm like, I don't want to get too deep. Let me tell you more. So these routes actually pass through. That's not good. If you're a customer, that's one of the things you really want to watch out for. Transit AS ConceptYou received routes from ISP2. And they just went ahead and passed through you, because that's what BGP does, up to ISP1. So what does ISP1 do? Well, if he doesn't have another connection over here to ISP2, he's like, oh, well, by golly, that's a pretty good path to reach those networks. You just became a transit autonomous system, meaning ISP1 is going to go through you to reach ISP2. I guess you could say you're a type of ISP, but you don't want to be. Because you're paying them. They're not paying you to go through you as kind of a bridge. So that's one of the things that you would want to filter. You'd want to make sure that routes that came in from ISP2 don't actually make it through to ISP1, because maybe ISP1 would start using you. Now, let me mention, let me back up, stop the truck-- ISP1 and 2, if this is real-world, I would say would be very, let's just say, not responsible, very not responsible if they didn't put filters on themselves. ISPs will often put on filters that says, you can only send us exactly what routes you've told us you're going to send us. For instance-- that's kind of strange. For instance, if I want to give the ISPs 200.1.1.0 and advertise that out both places so the rest of the world can find redundant paths to me, then I would have to tell them, modify your filters. Allow me to advertise this. Because if what just happened here, what I just showed you right there, were to happen in the real world, that would be very painful for the ISP. Transit AS is Painful for ISPs tooMaybe you're paying them for a T1 line, 1.544 megabits per second of bandwidth. And all of their uplinks up here, those are like your OC 192s, just insane gigabytes per second, their uplinks out to higher level ISPs. Well, if they don't put their filters on right, and you send these routes right through, well man, you're going to start showing up some really good paths through ISP1. Remember, BGP does not see bandwidth. This-- invisible, does not see that that is a T1 line. So what these ISPs will do is, if they don't have filters, it'll say, oh, well that's a pretty good route. And all of a sudden, all of their other customers start getting really, really slow connections. Because they start using your T1 lines to cross-connect to these ISPs. And that could destroy them. So they will obviously protect themselves just as much as you want to protect yourself from doing that kind of thing. But again, I'm going a little deeper into this than I wanted to. But that's just a great view from the ISP's perspective. Advertising Routes to ISPsBut I want you to see that these guys, this ISP-- and let me go over to ISP2, show IP BGP-- they don't have any 200.1.1 routes, meaning router one is not advertising this network to them. That's just a connected interface. It's not in BGP. So let me cut to the chase. Let's get into the Network command. I'll do a show run section BGP. Oh, ahh, my wife just walked in with some fresh-baked chocolate chip cookies. How do you keep recording BGP when there's-- I'm turning to my right, and there's some fresh-- guys, here's my passion for BGP. I'm going to keep going, I think. I'm going to go into router BGP, autonomous system 500, and let's talk quickly about the-- no I'm just kidding. Let's talk about the Network command. The Network command, when I type in Network, it seems, it feels, just like any other protocol. But watch how this works. If I type in network 200-- let's just say, well, I want 200.0.0.0, most the time, you might say, oh, OK, so you're wanting to advertise any 200 network. No, no, no-- BGP works on a system of exact matches. So it's going to go out, and it's going to say, do I have the 200.0.0/24 network? You might say, why did you put the slash 24 in there? Well, because that's the default class. And I didn't include a mask. I didn't tell it that it was using any kind of different mask. So it's assuming default class-- same thing if I were to do this. Let's say-- OK, let me just say this just for grins-- I've got a whole bunch of 10 networks, 10.1, 10.2, 10.3, whatever, all plugged into router one. With our current mentality of how the Network command works, we would say, well, easy. Let's just say network 10.0.0.0. And maybe even some people might say, well, let's do a mask of 255.0.0.0. And by the way, that's a real subnet mask, not a wild card mask. So it's network mask. And you might say, OK, so that'll go around and find all those 10.1, 10.2, 10.3. No, no, no-- here's what it does. If I type in network 10.0.0, even if I put the mask on there like this, BGP goes to the routing table. It says, routing table, do you have a route for 10.0.0.0/8, or 10.0.0.255.0.0.0, the class A network? And the routing table responds, if the routing table were a person. And it responds back, and it says, oh, well no, actually, I have 10.1, 10.2, 10.3 with slash 16's. BGP goes, oh, no, I'm sorry, that's not a match. I'm not going to advertise anything. So here's the big picture with this Network command. It's kind of painful. The Network command has to be an exact match from the routing table. If I want to advertise the 200.1.1.0, then I have to go in and type in Network 200.1.1.0. Now thankfully, in this case, I could just hit the Enter key. Because it's going to assume a class C subnet mask, and that happens to be what I'm using. But maybe, I don't know, let's just say that's 200-- well, no, let's go with it a different network. Let's say that was 179.5.1.0/24, just some other public subnet. Well, I couldn't go in there and type in network 179.5.4.0 and press the Enter key, because BGP automatically says, oh, OK, that's 179? That's a class B network. I'm looking for 179.5.0.0 in the routing table. Are you there, are you there? No, it's not there. I'm not going to advertise anything. So if you are, for instance, using a custom subnet mask on something, you have to type that in. You have to say, no, no, no, this is what you look for, BGP. I'm taking a little time on this, because this is so different than the typical network command for OSPF or EIGRP. It's a very different use of it. So let's do it. Let's see what happens. Let's do 200.1.1.0. And I'll just hit the Enter key. And I'm glad I have this little debug that says, oh, I'm trying to find the origin. Let's see if I can apply that map. Let's do a show IP BGP on router one. And we've got-- there we go. It says, OK, I am now originating this route. Now look at this. Look at where it came from. I-- it goes ah, that is now from the IGP. Since it wasn't redistributed, I know where it came from. I know that you are internal to my system. Now, the same thing works. Now, I know, when I did this, this was just an interface on my router. But for instance, that could have been a network. Maybe that was-- let me clear off some of this. Actually, let me just wipe this all out-- chunk. That could have been a route somewhere further down on my network. Maybe this guy over here was actually connected to 200.1.1.0, and he advertised it to me via OSPF. There's our IGP internal gateway protocol. It's sitting in my routing table. I would still have to type in Network 200.1.1.0. It's not just for directly connected networks anymore. It's in essence saying, I want to take that route from OSPF and send it out via BGP to these ISPs. Do you want to see it from the ISP prospective? Let's take a look. I'm going to go to ISP1 and see what he sees, do a show IP BGP. And now, ah, there we go. I see that route showing up. I can see 200.1.1.0. Notice, it's got the I origin. And it came from autonomous system 500. The output on ISP2 should be the same-- there it is. We've got this guy as the next hop, we've got originated inside, and we've got 500 as the autonomous system that it came from. So that is one way that you can advertise networks into BGP. But as you might imagine, that's not used very often. That's why when you were looking at a lot of the routes in the BGP looking glass, a lot of them have the question mark. Sometimes, people are like, man, I don't want to type in a network command for every single network that I have. Because there's no quick way to just say, let's just do it all. Hmm, no, I was going to show you something. I'll save that for later. So what a lot of people do is they get into redistribution. Redistribution, simply put, allows you to take all of one thing and put it in another. So I can take all my OSPF routes and put them into EIGRP, or all my EIGRP routes and put them into BGP, or all my static routes and throw them into the RIP process. You can redistribute from anything to anything. So let's do this. Let's go on that router, and just to make it a little more fun, let's add some interfaces. Now right now, we've just got that 200.1.1.0 network. Let's just make believe some interfaces. I'll do some interface loop-back zero, IP address-- let's add some private networks-- 10.1.1.1. And then, let's just copy and paste away. This is how you create a haven of networks. Oh, that didn't work. There we go, that should be good. Oh, hang on-- there we go. I just paused it. I figured you didn't want to watch me change a whole bunch of numbers. So I'm going to take all those loop-back interfaces, I just created a whole bunch of them, go into router one, and slam, get them all in there. All right, so we've got a bunch of 10 networks that just came up. Now normally, again, if I was using the Network command, I would have to put them in one by one by one by one. So I do network 10.1.1.0, mask, 255.255.255.0. I can't just type in 10.0.0.0 and have them all come through. So I might want to do some redistribution here to sweep everything in. Or maybe, again, I'll come up with a scenario. I don't want to send a bunch of 10 networks to the ISP either. So we'll play with this. Let's work through this. So first thing I want to do, I'm going to do a show run section BGP, and do router BGP 500. I'm going to yank that Network statement out, because we're going to go at this a different way. So I'll say, no network. So that's no longer being advertised to the others. And now, I want to do a Redistribute. And let's just say connected. Let's say, redistribute connected, and allow all of those coming in. You can see immediately all of these routes came in, some of which we wanted and we expected to come into the picture, some of which we may not have wanted. Maybe I don't want my WAN links in the picture. And for instance, I'm also saying that the 200 network didn't show up either. And that's probably just because the BGP-- it's called the BGP scanner process-- has not removed it yet from the BGP table. But it will, so let's do a show IP BGP. So right there, you can see we've got a whole bunch of BGP routes. OK, it did show up. We've got 200.1.1.0. Oh, it's still there from the old ones, because you see it's I. All of these are now showing up with little question marks, because it's saying, I don't know where those came from. And we just sent a bunch of private networks to our ISP. So when we're doing redistribution to bring networks in, one of things you'll often want to do is filtering, meaning I don't want to just send the entire router's interfaces to the ISP. It might be the private networks. Maybe I don't want to send the WAN links or something. But actually, let's do this. First off, I'm going to go to the ISP and show you that now, when I do a show IP BGP, all of those private networks are showing up in the system. Oh, and actually, I just thought of it. This isn't going to disappear until I do that clear IP BGP. And that's one of the things you'll have to get used to is you have to reset your BGP sessions. Any time you make any changes to attributes, anything that you're modifying-- normally, adding a new network won't take a reset. But just because we previously had the 200 network in the network table and kind of did some switcharoo, we just had to do a little clear of the session. So let's do a show IP BGP now. And it looks like we still haven't gotten all of our routes in. They're still building all of the routes in the routing table. So it'll take some time. BGP is slow. So meanwhile-- there we go. It's starting to put it in there. And now, we've got the 200 network that is showing up, and should now show up as a-- man, it showed up as an internal route. Why? Show run section BGP-- did I not take that Network command out? Oh, didn't I say no? Didn't I remove that? Am I crazy? Where you watching? What's going on here? What's happening? Oh, no, I didn't type the No command. That would explain it. Router BGP 500 no, and plug that guy in there. There we go, so that will yank it out of the network. And OK, that's better now. It's putting it in with an incomplete origin. I was thinking, I didn't think we would have to clear the session for that. So anyhow, let's come up with a scenario here to where I want to filter. Here is what I want to do. I only want to allow public facing networks. I don't want to have all these 10 networks show up at the client sites or the ISPs. I'm just coming up with the scenario on the fly, because I'm also thinking of some future stuff I want to do. So we might shift it around later. So here's, for instance, how I can do a filter. And please tell me right now-- everything I'm doing is just kind of an example, kind of big picture thoughts. We're going to break them down much more as we go through. So let's say I wanted to find a filter. Almost every filter that you do in BGP will rely on an access list, at least if you're filtering based on IP address or subnet mask. So what I'll do is I'll say, I want to create an access list. Let's create access list 60. And we'll do permit-- and these are the ones I want to permit. I want to permit the 200.1.1.0 network, 0.255. I want to permit, we'll say, the 150.1.1.0 networks. So that's my WAN links. I want to permit those in the table. Then, I want to go in-- let's do router PGP 500. And I'm going to show you an often confused command called Distribute List. What a distribute list does is allow you to filter networks from getting out. But when we're applying it-- you can actually apply a Distribute List. Let me show you this. If I typed in neighbor 150.1.1.1, I can apply a distribute list to that neighbor. And that makes sense to where I say, OK, that would affect that neighbor. So as I send routes to that neighbor, or receive routes from that neighbor, it's going to filter it through whatever I apply here as a distribute list. That kind of makes sense to a lot of people. It's like, OK, I got that. But when you apply it to the router as a whole, when I'm saying, it's not really applied to a neighbor, I'm going to apply the distribute list to the BGP router process, that can do one of two things. One, it can impact all neighbors. So for example, I can say, I want to restrict these networks as I advertise them to all neighbors. Or I can do something really funky, which is what I'm going to do now, which is effect the redistribution. I'm going to say, distribute list 60. Let me hit the question mark. You can see 60. It says, what access list number do you want to do it based on? Well, it created access list 60, which just says, permit this, permit that. And then you guys remember, at the bottom of every access list is an implicit Deny All. So I'm permitting those two things. I'm going to say, I'm going to apply distribute list 60, hit the question mark, outbound. But then, you look at all this. It's like, well, wait a second? Are you saying, outbound a specific interface? Well, I could. I could say, outbound to anything on fast ethernet 0/0 or serial 0/0, or whatever I want. But I can actually say, outbound connected. Now, here's what that's going to do. Let me do a show run section BGP-- I typed in the Redistribute Connected. But what I said is, OK, now that I'm redistributing everything there, I'm going to say, I want to apply access list 60 to filter those connected routes as they are sending their routes out to the BGP process. That's the best way I've figured to read that thing. Because otherwise, if you read it, it's like 60 out connected? Is that like as I'm sending it to the connected--? What's that mean? It means, as I'm doing redistribution, I'm taking those connected routes and putting them into BGP. As they're coming out from the connected routes, go ahead and filter with 60. Now, remember, connected is kind of weird. Most people would have-- for instance, I'm redistributing EIGRP. So I would say, redistribute EIGRP into BGP. And as they're coming out of the EIGRP, if that's what I would do, I want to pass them through distribute list 60, or access list number 60. That makes a little more sense, because this connected thing is a little weird. Redistributing Connected is kind of weird in the first place. Actually, I have to clear it. Let's take a look, do a show IP BGP. Oh, nope, it took effect right away. You can see that all of the 10 networks-- this is from the ISP's perspective-- all of the 10 networks are now being blocked from that redistribution. If I go to router one and do a Show IP BGP, I can see no more 10 networks. I filtered them by applying distribute list 60, access list 60, to those connected routes as they came out into the BGP process. I know it's a very strange way of doing that. But that's one way of filtering. Let me show you another-- router BGP 500. Let me do a No, make sure I get that No command in there, distribute list 60 connected. So yank that off, and now it's going to say, OK let's shove all those-- I like this debug running all the time-- so I can see all those 10 routes, just like little fish swam their way back into the table. The second way that you can do this is, you can use a route map. Route maps are going to be kind of the pinnacle of everything that we do in BGP. And you're going to see it again and again and again. This is just kind of big picture topics right now. For instance, let's say all of these networks that are showing up at the ISP, I'm like, OK, that's great. That's what I wanted to do. But I don't want them to show up with question marks. Because, well, it just disturbs me. I don't like the question mark. I want people to know that it came, it originated, from my network. I don't want them to know that I'm doing redistribution, which they would know if they saw the question mark. So I might do something like this. I'm going to say, route map, and you type in a name. Let's call it CHANGE_ORIGIN. And it is cases sensitive, so I'm in the route map CHANGE_ORIGIN. And I'm going to say, well, I want to match-- hmm, I already have access list 60. Let's do this. Let's do access list 61, permit any. That's nice and simple. Let's go into route map CHANGE_ORIGIN. And I'm going to say, match the IP-- actually, I could have just that without a match statement, but we'll talk about that later-- match IP address 61. And I'm going to set-- now take a look at this. Almost everything that the route map is geared around setting is based around BGP attributes. Look at that-- the weight. We've got, set the origin. That's what we're after. Set the local preference. Set communities. Set the AS path attribute. There's all kinds of different things that we can set. But just look at the description-- BGP, BGP, BGP. I mean, route maps are almost tailored for BGP, even though they do all kinds of other stuff. I'm going to say, set the origin to IGP. I don't want them to show up as an unknown heritage. What kind of background is that? So I'm going to go in and say, router BGP. Let's do 500. Actually, hang on, I've got redistribute connected, that was it. And I'm going to say, as I'm redistributing, put them through the route map. And that's where I'll say, change origin, and apply that. So now, it says, OK I'm going through, and I'm applying the map. Let me do a Show IP BGP. Look at that, eh? Come on, where's my applause? [CHEERING] Isn't that cool? Because now, it starts opening-- all I'm doing right now-- here's The Matrix for you. All I'm doing right now, Neo, is freeing your mind. You have to free your mind. These are just possibilities, things that you can do in BGP, to manipulate almost everything. Everything is almost customizable in BGP. You can do almost anything. So all of these that were redistributed, we just changed the path to say, no, no, no, they're not a question mark. They're an I. And you could even go in and change them to an E or anything like that. So that's just some of the stuff that you can do in this BGP world. I'm trying to think right now if-- ahh, I'm going to do it. SummarizationThere's just one more thing-- I don't think it'd be worth breaking into another Nugget at this point-- I want to show you, and that's going to be summarization. Did you know, until very recently, and it's 2012 right now, so until very recently, like within the last year or two, BGP always had a feature called Auto-Summary, which was on by default on Cisco routers? Now, that Auto-Summary, you might remember that from EIGRP. It's one of the first things you go in and turn off. You're like, I don't want auto-anything. You auto not use it. I want to be able to summarize wherever. Well, take that, and then take it to a protocol with the complexity of BGP, and you're like, Auto-Summary? OK, come on-- and I don't know if this is going to be testable, so I'm just going to mention it-- as of recently, I know that the test does not hit IOS versions, but until recently, Auto-Summary was always on with BGP. Nowadays, you probably have seen it when I've done a couple show run section BGPs. Nowadays, it always comes with Auto-Summary off. The same thing with this Synchronization rule, which we'll talk about later. That always used to be on and cause all kinds of problems. Now, it's off by default. So thankfully, it's not going to auto-summarize anything. So then, what are the ways of doing summary routes? How do you do a summary route with BGP? Let me show you the easy way, first of all. You might want to go in and say, well, I want to summarize all of these 10 networks down to one advertisement. Let's get lazy there, right? Let's do router BGP 500. You can use the command. It's actually Aggregate Address, because you're aggregating. You're taking a bunch of smaller networks and making them one large network. And I could say, well, I want to do the 10.1.0.0 with an aggregate mask of 255.255.0.0. And then, there's all kinds of attributes you can put on there. Well, actually let me show you this. Because this is the trip. I'm just going to hit the Enter key right there, right? It's like, OK, well that was easy. Well what it does, by default, is it will build this aggregate, as you saw in this debug that I have turned on. By the way, if you're wondering, what is that debug, it's a debug BGP all, debug IP BGP all. So in a production router, that's not a good debug to use. But it's kind of cool to see this. What it did was, it said, hey, I'm going to aggregate that. But check this out, I'm going to do a show IP BGP. It says, OK, I'm now going to have the summary mask in there, the summary route, I should say, in there. But let's look at the ISP's perspective, right? From the ISP's perspective, it's like, oh, oh, ISP, here's your summary. But I'm also going to advertise all the more specific routes. Seriously, that's the default with Aggregate Address. So look at this. When I hit the question mark, that's what made me laugh is I was like, I want to show this to you. What almost all the time you're going to do is add on that bad boy. Hey, I'm putting a summary in here. I want you to suppress the more specific routes that match this aggregate address, yank those out of the BGP table, and you can see, it's like match, match, match, match, suppress. Oh, I love this debug. It's great. So I can see all these things suppressed. Now, when I go to the ISP router, you're like, ahh, much better. 10.1.0.0/16 is suppressed. Now, look at this. I'm going to do a Show IP BGP on router one. Look at that. They're all there. But notice what's happened to them. Look at their little stars, the little stars that said, oh, you are no longer a valid route. You are now a suppressed route. You've been smushed down. So that's one of the ways that you can do an aggregate address, or a summary route. It's pretty cool. Now, let me show you another one. And this one is-- kind of bend your mind a little bit, but hopefully not too much. I'm going to say, OK, let's get that out there. We'll let all of those things come out of suppression. So let's do a show run section BGP. Let me show you how a lot people do really good summary routes. What they might do is say, let's take this off. Rather than redistribute all of my connected interfaces and put all kinds of routes in the table and then have to kind of smuch them down, they'll create a manual summary. What they'll do is go back and they'll do, well, let's create a route, a static route, to 10.1.0.0 with a mask of 255.255.0.0. And let's go ahead and just send that guy to null 0. [GASPS] People gasp-- what, but, wait a second. Well first off, let me ask you, what is null 0? It's the garbage can. It's the bit bucket. You're throwing stuff away. So you're like, well, wait a sec, didn't you just say trash everything starting with 10.1? So if this router, if router one, is receiving traffic for the 10.1 networks, aren't you dropping it? And I would say, well, yeah, actually I am. But let's preface that a little. Let's do a show IP route and go to the number one rule of routing. The number one rule of routing says, when I have a match-- for instance, right here. Here's my garbage route that throws away everything starting with 10.1. When I have a packet coming in, I'm always, always-- number one rule-- always use the more specific route first. It doesn't matter. You remember, when you get into CCNA, they start talking about administrative distance. They're like, oh, lower administrative distance is always better than higher administrative distance. And you start learning things, like 120 is RIP, 1 is static, all those kinds of things. And that's good to know. But this rule even beats that. This rule beats metric. This rule beats everything. It says, if there is a more specific route, then use that. So what are we doing here? What we did was create a static route to the garbage can. So now, I'm going to go in to router BGP 500, and type in, network 10.1.0.0 mask 255.255.0.0. Let's use the Network command to advertise this network to everybody else. So now, I can go over to ISP1. Let's hit the up arrow. And there it is. Look at that, we've got a nice little summary route right there. Oh, these guys haven't disappeared yet. I might have to reset the neighbor for that. But nonetheless, I've got my summary route that has showed up in the table. So it's going to start sending traffic to me for all the 10.1 networks. Well, my router's going to receive it. And it says, OK, if it's 10.1.1, it matches this. If it's 10.1.2-- because these are more specific. The only time it's going to match this null 0 route is if you're trying to give this router something for the 10 network that it doesn't have. I should say more specifically for the 10.1 network. Isn't it like if somebody sent a package for 10.1.12, which is not in this list, it's going to say, oh, well you match this and you get dropped? So that way, it keeps it from doing that. So I'll do a clear IP BGP star just to clear out the ISPs, get us a good solid table back in play. So we saw two ways of doing summaries. One is using the aggregate address, which is great if you've got a bunch of small networks in the table and you want to smush them down. The other one is to create a manual. Let's do a show run, include IP route, create a manual static route that is-- oh, wait a sec. Do I still have those being sent in there? Anyway, we'll get back to that-- create a manual static route to null 0, and then advertise that route. Remember, the network command with BGP takes something out of the routing table, which in this case is our static route to null 0, takes that out of the routing table and puts that in the BGP table. That's the goal of the network command. So we take that and advertise that to everybody else. So let me just-- I saw all the 10 networks jumping in there again. Oh, I still have this command. Today is the day of Jeremy leaving commands in that he thought were gone. So let's do a new Redistribute Connected and watch all those little-- please? OK, it's gone, so let me do a Show IP BGP. OK, that looks better, there we go. So now, I can go over to the ISP, let's just do a-- there we go. OK, that's what I want to see. This is just that static route that I had in there. So that's the big picture. So man, how do I summarize this? This Nugget has been a little bit of everything. And if for right now you're feeling like, wow, it's kind of like we went over here and went over there, and where are we, I kind of want you to have that feeling. But at the same time, I want you to walk away going, OK, I think I got a little of what he was doing. Because really, I'm kind of doing the big picture premise, and then the rest of this series we're going to spend breaking down a lot of these into individual tools and components and features that you can use. And we'll put a lot more practical scenarios to it. It's just for now, I just want to show you a lot of the flexibility and big picture. So what have we seen? I'd say my major goal for this Nugget was to show you how to advertise networks outside of your own. So if I want to send something to the ISP, how do I do it? One way is the Network command. The other way is using redistribution. And if you use redistribution, you better start getting some skills with filtering. Because you saw that when we do Redistribute Connected, for instance, or OSPF, it's going to send them all into the BGP table, which you probably don't want. So we looked at using a distribute list to filter it down, or a route map to filter it down. And then finally, we took all of that and said, well, what about summaries? How do you do summaries with BGP? We saw that we could use the Aggregate Address command. Or we could use a static route to null 0 and then manually advertise that, so a lot of big picture pieces in place that, again, we're going to be breaking down. I hope this has been informative for you, and I'd like to thank you for viewing.