Select Page

Route SummarizatioN

IS-IS | Route Summarization

  • Summarization of level 1 routes will require the local definition of one or more aggregate routes, and a corresponding policy that will block specific prefixes while advertising the aggregates into level 2 only.
  • Because the IS-IS protocol does not offer support of area-range statements, route summarization requires the definition of an aggregate route and the policy needed to advertise this aggregate while suppressing the more specific prefixes.

Juniper vMX 14 & EVE-NG Pro is used for this lab.

 Devices Configuration: 

[email protected]> show configuration |display set 
set version 14.1R4.8
set system host-name R1
set system root-authentication encrypted-password "$1$1vv1gtZ/$QRerVp.aWq.yznUXUflH01"
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set interfaces ge-0/0/0 unit 0 family inet address 13.13.13.1/24
set interfaces ge-0/0/0 unit 0 family iso
set interfaces ge-0/0/1 unit 0 family inet address 12.12.12.1/24
set interfaces ge-0/0/1 unit 0 family iso
set interfaces lo0 unit 1 family inet address 1.1.1.1/24
set interfaces lo0 unit 1 family inet address 11.11.11.11/24
set interfaces lo0 unit 1 family iso address 49.0001.0010.0100.1001.00
set protocols isis level 1 disable
set protocols isis interface ge-0/0/0.0
set protocols isis interface ge-0/0/1.0
set protocols isis interface lo0.1    
[email protected]> show configuration |display set 
set version 14.1R4.8
set system host-name R2
set system root-authentication encrypted-password "$1$6NgzFXZ4$QNSfWywONMNrbQBIWM9uj0"
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set interfaces ge-0/0/0 unit 0 family inet address 24.24.24.2/24
set interfaces ge-0/0/0 unit 0 family iso
set interfaces ge-0/0/1 unit 0 family inet address 12.12.12.2/24
set interfaces ge-0/0/1 unit 0 family iso
set interfaces lo0 unit 2 family inet address 2.2.2.2/24
set interfaces lo0 unit 2 family inet address 22.22.22.22/24
set interfaces lo0 unit 2 family iso address 49.0024.0020.0200.2002.00
set routing-options aggregate route 192.168.0.0/22 discard
set protocols isis export name-summary
set protocols isis interface ge-0/0/0.0 level 2 disable
set protocols isis interface ge-0/0/1.0 level 1 disable
set protocols isis interface lo0.2
set policy-options policy-statement name-summary term name-summary-route from protocol aggregate
set policy-options policy-statement name-summary term name-summary-route from route-filter 192.168.0.0/22 exact
set policy-options policy-statement name-summary term name-summary-route to level 2
set policy-options policy-statement name-summary term name-summary-route then accept
set policy-options policy-statement name-summary term name-prevent-specific from protocol isis
set policy-options policy-statement name-summary term name-prevent-specific from route-filter 192.168.0.0/22 longer
set policy-options policy-statement name-summary term name-prevent-specific to level 2
set policy-options policy-statement name-summary term name-prevent-specific then reject      
[email protected]> show configuration |display set 
set version 14.1R4.8
set system host-name R3
set system root-authentication encrypted-password "$1$BmHomLh4$FDpwK6Kmrts.PEipzkPOV1"
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set interfaces ge-0/0/0 unit 0 family inet address 13.13.13.3/24
set interfaces ge-0/0/0 unit 0 family iso
set interfaces ge-0/0/1 unit 0 family inet address 35.35.35.3/24
set interfaces ge-0/0/1 unit 0 family iso
set interfaces lo0 unit 3 family inet address 3.3.3.3/24
set interfaces lo0 unit 3 family inet address 33.33.33.33/24
set interfaces lo0 unit 3 family iso address 49.0035.0030.0300.3003.00
set routing-options aggregate route 172.16.0.0/21 discard
set protocols isis export name-summary
set protocols isis interface ge-0/0/0.0 level 1 disable
set protocols isis interface ge-0/0/1.0 level 2 disable
set protocols isis interface lo0.3
set policy-options policy-statement name-summary term name-summary-route from protocol aggregate
set policy-options policy-statement name-summary term name-summary-route from route-filter 172.16.0.0/21 exact
set policy-options policy-statement name-summary term name-summary-route to level 2
set policy-options policy-statement name-summary term name-summary-route then accept
set policy-options policy-statement name-summary term name-prevent-specifics from protocol isis
set policy-options policy-statement name-summary term name-prevent-specifics from route-filter 172.16.0.0/21 longer
set policy-options policy-statement name-summary term name-prevent-specifics to level 2
set policy-options policy-statement name-summary term name-prevent-specifics then reject    
[email protected]> show configuration |display set 
set version 14.1R4.8
set system host-name R4
set system root-authentication encrypted-password "$1$WaL4BSs9$mlznqm3jQMhdGgufqq1YF1"
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set interfaces ge-0/0/0 unit 0 family inet address 24.24.24.4/24
set interfaces ge-0/0/0 unit 0 family iso
set interfaces lo0 unit 4 family inet address 4.4.4.4/24
set interfaces lo0 unit 4 family inet address 44.44.44.44/24
set interfaces lo0 unit 4 family inet address 192.168.0.4/24
set interfaces lo0 unit 4 family inet address 192.168.1.4/24
set interfaces lo0 unit 4 family inet address 192.168.2.4/24
set interfaces lo0 unit 4 family inet address 192.168.3.4/24
set interfaces lo0 unit 4 family iso address 49.0024.0040.0400.4004.00
set protocols isis traceoptions file R4-log
set protocols isis traceoptions flag all
set protocols isis level 2 disable
set protocols isis interface ge-0/0/0.0
set protocols isis interface lo0.4
[email protected]> show configuration |display set 
set version 14.1R4.8
set system host-name R5
set system root-authentication encrypted-password "$1$6je78aHL$nA1h3Nf4xv8RDzIinFAnS0"
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set interfaces ge-0/0/1 unit 0 family inet address 35.35.35.5/24
set interfaces ge-0/0/1 unit 0 family iso
set interfaces lo0 unit 5 family inet address 5.5.5.5/24
set interfaces lo0 unit 5 family inet address 55.55.55.55/24
set interfaces lo0 unit 5 family inet address 172.16.0.5/24
set interfaces lo0 unit 5 family inet address 172.16.1.5/24
set interfaces lo0 unit 5 family inet address 172.16.2.5/24
set interfaces lo0 unit 5 family inet address 172.16.3.5/24
set interfaces lo0 unit 5 family inet address 172.16.4.5/24
set interfaces lo0 unit 5 family inet address 172.16.5.5/24
set interfaces lo0 unit 5 family inet address 172.16.6.5/24
set interfaces lo0 unit 5 family inet address 172.16.7.5/24
set interfaces lo0 unit 5 family iso address 49.0035.0050.0500.5005.00
set protocols isis level 2 disable
set protocols isis interface ge-0/0/1.0
set protocols isis interface lo0.5      
— Configuration | Verification —

— ISIS Neighbor:

[email protected]R1> show isis interface 
IS-IS interface database:
Interface             L CirID Level 1 DR        Level 2 DR        L1/L2 Metric
ge-0/0/0.0            2   0x3 Disabled          R1.03                  10/10
ge-0/0/1.0            2   0x2 Disabled          R1.02                  10/10
lo0.1                 2   0x1 Passive           Passive                 0/0

[email protected]> show isis adjacency 
Interface             System         L State        Hold (secs) SNPA
ge-0/0/0.0            R3             2  Up                   23  0:5:86:71:38:0
ge-0/0/1.0            R2             2  Up                   26  0:5:86:71:16:1

[email protected]R2> show isis interface                
IS-IS interface database:
Interface             L CirID Level 1 DR        Level 2 DR        L1/L2 Metric
ge-0/0/0.0            1   0x1 R4.02             Disabled               10/10
ge-0/0/1.0            2   0x1 Disabled          R1.02                  10/10
lo0.2                 3   0x1 Passive           Passive                 0/0

[email protected]> show isis adjacency 
Interface             System         L State        Hold (secs) SNPA
ge-0/0/0.0            R4             1  Up                    7  0:5:86:71:50:0
ge-0/0/1.0            R1             2  Up                    7  0:5:86:71:ef:1

[email protected]R3> show isis adjacency 
Interface             System         L State        Hold (secs) SNPA
ge-0/0/0.0            R1             2  Up                    7  0:5:86:71:ef:0
ge-0/0/1.0            R5             1  Up                    8  0:5:86:71:6c:1

[email protected]> show isis interface 
IS-IS interface database:
Interface             L CirID Level 1 DR        Level 2 DR        L1/L2 Metric
ge-0/0/0.0            2   0x1 Disabled          R1.03                  10/10
ge-0/0/1.0            1   0x1 R5.02             Disabled               10/10
lo0.3                 3   0x1 Passive           Passive                 0/0

[email protected]R4> show isis interface 
IS-IS interface database:
Interface             L CirID Level 1 DR        Level 2 DR        L1/L2 Metric
ge-0/0/0.0            1   0x2 R4.02             Disabled               10/10
lo0.4                 1   0x1 Passive           Passive                 0/0

[email protected]> show isis adjacency 
Interface             System         L State        Hold (secs) SNPA
ge-0/0/0.0            R2             1  Up                   25  0:5:86:71:16:0

[email protected]R5> show isis interface 
IS-IS interface database:
Interface             L CirID Level 1 DR        Level 2 DR        L1/L2 Metric
ge-0/0/1.0            1   0x2 R5.02             Disabled               10/10
lo0.5                 1   0x1 Passive           Passive                 0/0

[email protected]> show isis adjacency 
Interface             System         L State        Hold (secs) SNPA
ge-0/0/1.0            R3             1  Up                   26  0:5:86:71:38:1
[email protected]> ping 5.5.5.5 
PING 5.5.5.5 (5.5.5.5): 56 data bytes
64 bytes from 5.5.5.5: icmp_seq=0 ttl=61 time=53.610 ms
64 bytes from 5.5.5.5: icmp_seq=1 ttl=61 time=5.071 ms
64 bytes from 5.5.5.5: icmp_seq=2 ttl=61 time=5.234 ms
[email protected]> ping 4.4.4.4 
PING 4.4.4.4 (4.4.4.4): 56 data bytes
64 bytes from 4.4.4.4: icmp_seq=0 ttl=61 time=6.626 ms
64 bytes from 4.4.4.4: icmp_seq=1 ttl=61 time=5.548 ms
64 bytes from 4.4.4.4: icmp_seq=2 ttl=61 time=5.132 ms 
[email protected]> show route 0.0.0.0/0 protocol isis detail       
inet.0: 27 destinations, 27 routes (27 active, 0 holddown, 0 hidden)
0.0.0.0/0 (1 entry, 1 announced)
        *IS-IS  Preference: 15
                Level: 1
                Next hop type: Router, Next hop index: 577
                Address: 0x96905b4
                Next-hop reference count: 10
                Next hop: 35.35.35.3 via ge-0/0/1.0, selected
                Session Id: 0x140
                State: 
                Age: 8:06       Metric: 10 
                Validation State: unverified 
                Task: IS-IS
                Announcement bits (1): 0-KRT 
                AS path: I

— Summarize all 192.168.x on R2:

Summarize all 192.168 NW @R2 By creating a routing policy with two terms;
term1 - route filter subnet for L2
term2 - deny all other more specific routes

R2>
set policy-options policy-statement name-summary term name-summary-route from protocol aggregate
set policy-options policy-statement name-summary term name-summary-route from route-filter 192.168.0.0/22 exact
set policy-options policy-statement name-summary term name-summary-route to level 2
set policy-options policy-statement name-summary term name-summary-route then accept
set policy-options policy-statement name-summary term name-prevent-specific from protocol isis
set policy-options policy-statement name-summary term name-prevent-specific from route-filter 192.168.0.0/22 longer
set policy-options policy-statement name-summary term name-prevent-specific to level 2
set policy-options policy-statement name-summary term name-prevent-specific then reject

[email protected]# show |compare 
[edit protocols isis]
+ export name-summary;

192.168.0.0/22 does not exist in routing table' so no way to summarize that. therefore create a Discard route for that subnet as well.

[email protected]# show |compare 
[edit]
+ routing-options {
+ aggregate {
+ route 192.168.0.0/22 discard;
+ }
[email protected]> show route 192.168.0.0/22 extensive    
inet.0: 36 destinations, 36 routes (36 active, 0 holddown, 0 hidden)
192.168.0.0/22 (1 entry, 1 announced)
TSI:
KRT in-kernel 192.168.0.0/22 -> {}
IS-IS level 2, LSP fragment 0x957cf78
        *Aggregate Preference: 130
                Next hop type: Discard
                Address: 0x92c4a24
                Next-hop reference count: 2
                State: <Active Int Ext>
                Age: 1:00:19 
                Validation State: unverified 
                Task: Aggregate
                Announcement bits (2): 0-KRT 1-IS-IS 
                AS path: I (LocalAgg)
                                Flags: Discard  Depth: 0        Active
                AS path list:
                AS path: I Refcount: 8
                Contributing Routes (8):
                        192.168.0.0/24 proto IS-IS
                        192.168.0.4/32 proto IS-IS
                        192.168.1.0/24 proto IS-IS
                        192.168.1.4/32 proto IS-IS
                        192.168.2.0/24 proto IS-IS
                        192.168.2.4/32 proto IS-IS
                        192.168.3.0/24 proto IS-IS
                        192.168.3.4/32 proto IS-IS
                        
On R2>  Discard route is there; also more specific routes are there as well.
On Other Routers like R1 & R3 --> only see aggregate, NO specific.                        

[email protected]> show route |match 192.168 
192.168.0.0/22     *[Aggregate/130] 01:08:05
192.168.0.0/24     *[IS-IS/15] 01:06:40, metric 10
192.168.0.4/32     *[IS-IS/15] 01:06:40, metric 10
192.168.1.0/24     *[IS-IS/15] 01:06:40, metric 10
192.168.1.4/32     *[IS-IS/15] 01:06:40, metric 10
192.168.2.0/24     *[IS-IS/15] 01:06:40, metric 10
192.168.2.4/32     *[IS-IS/15] 01:06:40, metric 10
192.168.3.0/24     *[IS-IS/15] 01:06:40, metric 10
192.168.3.4/32     *[IS-IS/15] 01:06:40, metric 10

[email protected]> show route 192.168        
inet.0: 28 destinations, 28 routes (28 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
192.168.0.0/22     *[IS-IS/165] 01:04:36, metric 20
                    > to 12.12.12.2 via ge-0/0/1.0
                    
[email protected]> show route 192.168        
inet.0: 44 destinations, 44 routes (44 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
192.168.0.0/22     *[IS-IS/165] 01:04:12, metric 30
                    > to 13.13.13.1 via ge-0/0/0.0                    
                    
                    
--Still have reachability to more specific routes --
[email protected]> ping 192.168.2.4 source 172.16.3.5 
PING 192.168.2.4 (192.168.2.4): 56 data bytes
64 bytes from 192.168.2.4: icmp_seq=0 ttl=61 time=6.873 ms
64 bytes from 192.168.2.4: icmp_seq=1 ttl=61 time=6.848 ms

— Summarize all 172.16.x on R3:

R3>
set policy-options policy-statement name-summary term name-summary-route from protocol aggregate
set policy-options policy-statement name-summary term name-summary-route from route-filter 172.16.0.0/21 exact
set policy-options policy-statement name-summary term name-summary-route to level 2
set policy-options policy-statement name-summary term name-summary-route then accept
set policy-options policy-statement name-summary term name-prevent-specifics from protocol isis
set policy-options policy-statement name-summary term name-prevent-specifics from route-filter 172.16.0.0/21 longer
set policy-options policy-statement name-summary term name-prevent-specifics to level 2
set policy-options policy-statement name-summary term name-prevent-specifics then reject

-- Inject agg route to routing table for summary to take place --
[email protected]# set routing-options aggregate route 172.16.0.0/21 discard
 
[email protected]> show route protocol isis |match 172.16
172.16.0.0/21 *[IS-IS/165] 01:12:21, metric 20

[email protected]> show route 172.16 
inet.0: 19 destinations, 19 routes (19 active, 0 holddown, 0 hidden)

+ = Active Route, – = Last Active, * = Both
0.0.0.0/0          *[IS-IS/15] 01:26:27, metric 10
                    > to 24.24.24.2 via ge-0/0/0.0
 
— 172 not in R4 table; however due to default route; still have the reachability—

[email protected]> ping 172.16.7.5 source 192.168.3.4 
PING 172.16.7.5 (172.16.7.5): 56 data bytes
64 bytes from 172.16.7.5: icmp_seq=0 ttl=61 time=5.948 ms
Share on print
Print
Share on google
Google+
Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn

Everything your business needs to stay productive

 

The Juniper All-Access | Reading List

Leave a reply

Your email address will not be published. Required fields are marked *

ADENTECH guides

We love to help.

Get our newsletter, join the community: