Routing

Expand all | Collapse all

Aggregate route next hop reject

  • 1.  Aggregate route next hop reject

    Posted 11-28-2020 14:12
    Anyone can assist me for the following:
    lab@vmx2# run show route protocol aggregate extensive

    inet.0: 245 destinations, 245 routes (245 active, 0 holddown, 0 hidden)
    192.168.0.0/16 (1 entry, 1 announced)
    TSI:
    KRT in-kernel 192.168.0.0/16 -> {}
    *Aggregate Preference: 130
    Next hop type: Reject, Next hop index: 0
    Address: 0xce30610
    Next-hop reference count: 2
    State: <Active Int Ext>
    Local AS: 10458
    Age: 14:28
    Validation State: unverified
    Task: Aggregate
    Announcement bits (2): 0-KRT 5-Resolve tree 4
    AS path: I (LocalAgg)
    Flags: Depth: 0Active
    AS path list:
    AS path: I Refcount: 10
    Contributing Routes (10):
    192.168.0.2/32 proto Direct
    192.168.12.0/24 proto Direct
    192.168.23.0/24 proto Direct
    192.168.24.0/24 proto Direct
    192.168.0.1/32 proto IS-IS
    192.168.0.3/32 proto IS-IS
    192.168.0.4/32 proto IS-IS
    192.168.13.0/24 proto IS-IS
    192.168.14.0/24 proto IS-IS
    192.168.34.0/24 proto IS-IS

    iso.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)

    inet6.0: 24 destinations, 24 routes (24 active, 0 holddown, 0 hidden)

    [edit]

    why is the next hop rejected ?  Is this because of those direct routes? 

    thanks a lot in advance !!


  • 2.  RE: Aggregate route next hop reject

    Posted 11-28-2020 14:26
    I figured out advertising 192.168.0.0/16 via bgp.  I had an issue in policy. 

    thanks !!


  • 3.  RE: Aggregate route next hop reject

    Posted 11-29-2020 02:36
    There is nothing wrong with having an Aggregate route with reject or discard next-hop flags, this is the expected behavior. Remember that in the aggregation point you are suppose to hold the components/individual routes that compose the aggregate, if traffic destined to a route that doesn't fall within the components at the aggregation point, is usually the case to drop the traffic on the floor instead of routing it blindly, hence the reject/discard nature of the aggregate.

    Good to know you sort the policy out.

    Regards,

    Elvin


  • 4.  RE: Aggregate route next hop reject

    Posted 11-29-2020 09:04
    thanks so much !!


  • 5.  RE: Aggregate route next hop reject

     
    Posted 11-29-2020 12:24
    Hummm, how did your policy change the next-hop so that it is not reject?

    I imagine that this is how you created the aggregate: set routing-options aggregate route 192.168.0.0/16

    So, I don't see how a policy would change the next-hop. 

    Also, as Elvin mentioned, using reject/discard as next hop when an aggregate is created is actually a good thing. It prevents loops. 


    Imagine you have a topology like this: 


    What would happen if subnet 172.19.100.48/28 goes down, for example, and the route is removed from R1's routing table?

    When R2 receives a packet with DA = 172.29.100.50, it sends it to R1 not knowing that the subnet is down. On R1, the DA matches the default route, which points back to R2. Thus, R1 sends the packet back to R2. You got a "beautiful" routing loop!!!

    If there is an aggregate route in R1's routing table, the packet matches that aggregate instead of the default route, because of longest match.  Since the aggregate route has a next-hop = reject or discard, the packet is dropped instead of sent back to R2.  

    Both discard and reject drop packets matching the route. The difference is that discard is silent (it does not send an ICMP network unreachable message back to the source).  
    Discard is configured explicitly when you configure the aggregate. Reject is the default. 

    set routing-options aggregate route 192.168.0.0/16
    set routing-options aggregate route 192.168.0.0/16 discard


    Regards, 





    ------------------------------
    Yasmin Lara
    Juniper Ambassador
    JNCIE-SP, JNCIE-ENT, JNCIE-DC, JNCIE-SEC
    JNCDS-DC, JNCIA-DevOps, JNCIP-CLOUD, CCNP-ENT
    ------------------------------



  • 6.  RE: Aggregate route next hop reject

    Posted 11-29-2020 13:58
    thanks so much. 
    next-hop is still reject.

    I was supposed to create a generated route, but I created an aggregated route by mistake. After I realized that, the routing started working.

    Thanks again for your detailed explanation.


  • 7.  RE: Aggregate route next hop reject

     
    Posted 11-29-2020 14:47
    Ah! that makes more sense! :-) 

    I wrote about aggregate and generated routes a few months ago. You might be interested: 

    https://momcanfixanything.com/aggregate-generated-additional-notes/

    Regards,

    ------------------------------
    Yasmin Lara
    Juniper Ambassador
    JNCIE-SP, JNCIE-ENT, JNCIE-DC, JNCIE-SEC
    JNCDS-DC, JNCIA-DevOps, JNCIP-CLOUD, CCNP-ENT
    ------------------------------



  • 8.  RE: Aggregate route next hop reject

    Posted 11-29-2020 15:26
    Wow, such a great site !   thanks so much !!

    I will study it.