Route Summarization

This chapter contains the following sections:

Introduction

Route summarization simplifies route tables by replacing many specific addresses with a single address. For example, 10.1.1.0/24, 10.1.2.0/24, and 10.1.3.0/24 can be replaced with 10.1.0.0/16. Route summarization policies enable routes to be shared efficiently among border leaf switches and their neighboring switches.

Two forms of route summarization are supported in ACI beginning in the Cisco APIC 5.2(4) release:

  • Route Summarization at the L3Out External EPG Level:

    This configuration of route summarization at the L3Out External EPG Level allows route summarization towards external L3Out peers only.

  • Route Filtering and Aggregation at the VRF Level:

    Beginning in the Cisco APIC 5.2(4) release, Cisco APIC also provides option to perform route filtering and aggregation of routes that are advertised in a fabric to reduce the scale requirements of the fabric. This feature is configured at the VRF level. Enabling route summarization at the VRF level helps to achieve summarization of routes into the ACI fabric, as well as towards external BGP L3Out peers.

Details of both of the above mentioned forms of summarization are described in the upcoming sections below.

Route Summarization at the L3Out External EPG Level

BGP, OSPF, or EIGRP route summarization policies are applied to a bridge domain or transit subnet. For OSPF, inter-area and external route summarization are supported. Summary routes are exported; they are not advertised within the fabric.

Enabling route summarization at the L3Out External EPG helps to achieve route summarization towards L3Out peers only and not within the ACI fabric. To achieve summarization of routes into the ACI fabric as well as towards external L3Out peers, see Route Filtering and Aggregation at the VRF Level.

Also, with this route summarization configured, the aggregate prefix would be advertised to external L3Out peers and more-specific prefixes would not be advertised to the L3Out peers.

Route Filtering and Aggregation at the VRF Level

By default, border leaf nodes receive many prefixes from the directly connected, static route, and routing protocols and these prefixes gets redistributed in MP-BGP and these prefixes are advertised to all leaf and spine switches. Leaf switches programs all the prefixes of configured VRFs in the LPM. By using this feature, administrators can selectively import prefixes of a VRF into LPM table or export prefixes of a VRF to MP-BGP or L3Out peers.

Beginning in the Cisco APIC 5.2(4) release, Cisco APIC provides option to summarize or filter routes that are advertised in a fabric to reduce the scale requirements of the fabric.

The following route control policies are added under VRF.

BGP Route Summarization Policy

This policy allows you to aggregate prefixes to a larger subnet irrespective of whether the subnet is learned directly from an external router or not. You can specify in the policy whether to advertise only the aggregated subnets or to advertise all prefixes within the subnet. This policy controls aggregation for L3Out peers and MP-BGP.

The following configurations are available in this policy:

  • Nodes: A list of border leaf nodes on which the route profile needs to be applied.

    • At least one border leaf must be configured for the policy to be deployed.

    • Spine switches are not supported in this policy.

    • You can configure multiple policies for each VRF instance, border leaf node pair.

    • This policy is vPC unaware. Therefore, you can configure different policies between nodes in a vPC pair.

    • This policy is applicable only for the unicast address family.

  • Subnets: A list of subnets with each subnet pointing to the BGP route summarization policy configured under tenant.

    • You must configure at least one subnet to deploy the policy.

    • There should be no overlap between subnets that are associated with different route summarization policies for the same node.

  • BGP route summarization policy: Using the route summarization policy control state options, you can either enable advertisement of only the aggregate prefixes to peers, or you can allow advertisement of both the aggregate as well as specific prefixes to peers.

    • When you configure route summarization for the same subnet on a VRF instance as well as l3extSubnet, the Cisco APIC raises a fault. Clear this fault before performing a fabric upgrade or switch reload.

    • To configure a BGP route summarization policy, see Configuring Route Control Policy in VRF Using the GUI.

Intra-VRF Import Route Control Policy

This policy allows you to control the prefixes to be registered in the routing table.

The following configurations are available in this policy:

  • Nodes: A list of leaf nodes on which the route profile needs to be applied.

    • At least one leaf must be configured for the policy to be deployed.

    • Spine switches are not supported in this policy.

    • If there is no import route control policy that is configured for the VRF, leaf node, then all prefixes of the VRF from MP-BGP will be registered in the node’s routing table.

    • This policy is vPC unaware. Therefore, you can configure different policies between nodes in a vPC pair.

  • Route Map: Configure the same way that you configure an existing route profile configuration for a tenant. Following route-map match and set clauses are applicable in the Import Route Control configuration:

    Match Clauses:

    • IP Prefix List

    • Community

    • Extended Community (match on color extended community is not supported)

    • Regex Community

    • Regex Extended Community

    Set Clauses:

    • Community

    • Extended Community

    • Tag

    • Weight

    • Preference

    • Metric

If route summarization or fabric export control is configured to suppress a prefix in MP-BGP, then this policy will not be updated in the receiver leaf’s routing table even if it is allowed by the import route control policy for the leaf.

The procedures for configuring an inter-VRF import route control policy is provided in Configuring Route Control Policy in VRF Using the GUI.

VRF Export Route Control Policy

This policy allows you to control the prefixes to be advertised to a fabric.

The following configurations are available in this policy:

  • Nodes: A list of border leaf nodes on which the route profile needs to be applied.

    • At least one border leaf must be configured for the policy to be deployed.

    • Spine switches are not supported in this policy.

    • If there is no export route control policy that is configured for the VRF, border leaf pair, then all prefixes of the VRF from border leafs to MP-BPG will be advertised.

    • This policy is vPC unaware. Therefore, you can configure different policies between nodes in a vPC pair.

  • Route Map: Configure the same way that you configure an existing route profile configuration for a tenant. Following route-map match and set clauses are applicable to the Export Route Control configuration:

    Match Clauses:

    • IP Prefix List

    • Community

    • Extended Community (match on color extended community is not supported)

    • Regex Community

    • Regex Extended Community

    Set Clauses:

    • Community

    • Extended Community (except setting extended community to None)

    • Weight

    • Preference

    • Metric

The procedures for configuring a VRF export route control policy is provided in Configuring Route Control Policy in VRF Using the GUI.

Guidelines and Limitations

A route summarization policy configured under an external EPG will result in the summarized prefix being advertised to all of the BGP peers that are connected to the same border leaf switch and in the same VRF. This includes BGP peers that belong to different L3Outs if the same border leaf switch and VRF condition is met.

If you do not want this behavior to take place and you want to limit which BGP peers receive the aggregate route, block the routes where applicable using outbound route-maps on the respective L3Outs.

Configuring Route Summarization at L3out External EPG Level Using the GUI

This section explains the steps to configure route summarization associated to an L3Out External EPG. Enabling route summarization using these configuration steps helps to achieve route summarization towards L3Out peers only, and not within the ACI fabric.

Also, with the route summarization configured, the aggregate prefix would be advertised to external L3Out peers and more-specific prefixes would not be advertised to the L3Out peers.

To achieve summarization of routes into the ACI fabric as well as towards external L3Out peers, see Configuring Route Control Policy in VRF Using the GUI.

Before you begin

For each of the following configurations, you have already created an L3 Out. For the L3 Out, you can create external routed networks, subnets, and route summarization polices.

Procedure

Step 1

Configure BGP route summarization using the GUI as follows:

  1. On the menu bar, choose Tenants > common

  2. In the Navigation pane, expand Networking > L3Outs .

  3. Right-click on L3Outs, then select Create L3Out.

    The Create L3Out wizard appears.

  4. In the work pane, enter the necessary information (Name, VRF, and L3 Domain), then check the check box next to BGP.

  5. Click Next.

    The Nodes and Interfaces window appears.

  6. In the Nodes and Interfaces window, fill in the appropriate fields, then click Next.

    The Protocols window appears.

  7. In the Protocols window, fill in the appropriate fields, then click Next.

    The External EPG window appears.

  8. Enter a name in the Name field, then uncheck the Default EPG for all external networks field.

    The Subnets field appears.

  9. Click + above Route Summarization Policy.

    The Create Subnet dialog box appears.

  10. In the Specify the Subnet dialog box, you can associate a route summarization policy to the subnet as follows:

Example:

  • Enter an IP address in the IP Address field.

  • Check the check box next to Export Route Control Subnet.

  • Check the check box next to External Subnets for the External EPG.

  • From the BGP Route Summarization Policy drop-down menu, select either default for an existing (default) policy or Create BGP route summarization policy to create a new policy.

  • If you selected Create BGP route summarization policy, the Create BGP Route Summarization Policy dialog box appears. Enter a name for it in the Name field, check the Control State check box for Generate AS-SET information, click Submit, click OK, the click Finish.

    Note

     

    The Do not advertise more specifics control state option and Address Type Control option are applicable only when a policy is applied on the VRF Route Control policy. Here, both AF Ucast and AF Mcast are enabled by default.

Step 2

Configure OSPF inter-area and external summarization using the GUI as follows:

  1. On the menu bar, choose Tenants > common.

  2. In the Navigation pane, expand Networking > L3Outs > External EPGs, then click on the configured external EPG.

    The overview information for that configured external EPG appears.

  3. In the work pane, click the + sign above Route Summarization Policy.

    The Create Subnet dialog box appears.

  4. In the Specify the Subnet dialog box, you can associate a route summarization policy to the subnet as follows:

Example:

  • Enter an IP address in the IP Address field.

  • Check the check box next to Export Route Control Subnet.

  • Check the check box next to External Subnets for the External EPG.

  • From the OSPF Route Summarization Policy drop-down menu, choose either default for an existing (default) policy or Create OSPF route summarization policy to create a new policy.

  • If you chose Create OSPF route summarization policy, the Create OSPF Route Summarization Policy dialog box appears. Enter a name for it in the Name field, check the check box next to Inter-Area Enabled, enter a value next to Cost, click SUBMIT.

Step 3

Configure EIGRP summarization using the GUI as follows:

  1. On the menu bar, choose Tenants > common

  2. In the Navigation pane, expand Networking.> L3Outs.

  3. Right-click on L3Outs, choose Create L3Out.

    The Create L3Out dialog box appears.

  4. In the work pane, check the check box next to EIGRP.

  5. Enter a name in the Name field, click NEXT.

    The External EPG Networks dialog box appears.

  6. In the work pane, click the + sign.

    The Define an External Network dialog box appears.

  7. Enter a name in the Name field, then click the + sign above Route Summarization Policy.

    The Create Subnet dialog box appears.

  8. In the Specify the Subnet dialog box, you can associate a route summarization policy to the subnet as follows:

Example:

  • Enter an IP address in the IP Address field.

  • Check the check box next to Export Route Control Subnet.

  • Check the check box next to External Subnets for the External EPG.

  • Check the check box next to EIGRP Route Summarization, click OK, click OK, click FINISH.

Configuring Route Control Policy in VRF Using the GUI

This section explains the steps to configure route summarization for a VRF. This includes steps to configure a route summarization policy, intra-VRF import route control, and VRF export route control.

Enabling route summarization using the steps in this section helps to achieve summarization of routes into the ACI fabric, as well as towards external BGP L3Out peers. Further, with the route summarization configured using the steps in this section, the more-specific prefixes may or may not be advertised along with the aggregate prefix, based on the control state option enabled.

Procedure

Step 1

Navigate to Tenants > tenant_name > Networking > VRFs > vrf_name.

Step 2

On the VRF - vrf_name work pane, click the Route Control tab.

Step 3

Determine how you want to configure route filtering and aggregation at the VRF level.

  • To configure a BGP route summarization policy, go to Step 4.

  • To configure an inter-VRF import route control policy, go to Step 5.

  • To configure a VRF export route control policy, go to Step 6.

Step 4

Configure the Route Summarization Policy using the GUI as follows:

  1. Click + next to the Route Summarization Policy.

    The Create Route Summarization Policy dialog box appears.

  2. Enter a name in the Name field and select switches from the Nodes list.

  3. Click + next to Subnets.

    The Create Association of Subnet to Summarization Policy dialog box appears.

  4. Enter an IP address in the Subnet field.

  5. Select a policy from the BGP Route Summary Policy list.

    The Create BGP Route Summarization Policy dialog box appears.

  6. Enter a name in the Name filed and select the appropriate Control State and Address Type Controls options.

    If the Do not advertise more specifics control state option in the BGP route summarization policy configuration is enabled, aggregate prefix would be advertised and more-specific prefixes would not be advertised to peers. If the Do not advertise more specifics option is not enabled, both the aggregate and the more-specific prefixes would be advertised to the peers.

  7. Click Submit and confirm the previous configurations.

Note

 

If the aggregate prefix is learned from L3Out peers and from the locally originated aggregate prefix at the border leafs using the route summarization policy configuration, to prefer the externally learned aggregate prefix as the BGP best path over the locally originated aggregate prefix, the incoming weight of all routes originating from the L3Out peers must be set to 32769 or greater.

Step 5

Configure the Intra-VRF Import Route Configuration Policy using the GUI as follows:

  1. Click + next to the Intra-VRF Import Route Configuration Policy.

    The Create VRF Import Route Control Policy dialog box appears.

  2. Enter a name in the Name field and select switches from the Nodes list.

  3. Select a policy from the Route Profile for Import list.

  4. Click Submit.

Step 6

Configure the VRF Export Route Configuration Policy using the GUI as follows:

  1. Click + next to the VRF Export Route Configuration Policy.

    The Create VRF Export Route Control Policy dialog box appears.

  2. Enter a name in the Name field and select switches from the Nodes list.

  3. Select a policy from the Route Profile for Export list.

  4. Click Submit.