BGP: announce only aggregates

General questions
1

Hi,
i have multiple BGP peers. Currently I’m announcing the aggregates and also the single /24

Can someone tell me how to only announce the aggregates and not the /24 ?

2

This is a stripped down version of my config:

# show policy route-map x-out 
 rule 101 {
     action permit
     match {
         ip {
             address {
                 prefix-list x-v4-out
             }
         }
     }
 }
 rule 201 {
     action permit
     match {
         ipv6 {
             address {
                 prefix-list x-v6-out
             }
         }
     }
 }
 rule 65535 {
     action deny
 }


# show policy prefix-list x-v4-out 
 rule 1 {
     action permit
     prefix 1.2.3.0/21
 }
 rule 2 {
     action permit
     prefix 2.3.4.0/21
 }
 rule 3 {
     action permit
     ge 22
     le 24
     prefix 1.2.3.0/21
 }
 rule 4 {
     action permit
     ge 22
     le 24
     prefix 2.3.4.0/21
 }

Should I remove rules with “ge 22” and “le 24” ?

Should I also set “protocols bgp X aggregate-address” ?

3

I was able to announce only the aggregates by using this:

set protocols bgp X aggregate-address 1.2.3.0/21 summary-only

But I think this would apply to all peers. I also have some blackholing peers that need to recieve a direct /32, how can I accomplish this ?

4

Little step forward: i’ve removed the “summary-only” from the aggregate definition. In this way, BGP would aggregate address but stil announce the single subnet.
Now, i’ve denied the announce of single subnet by setting “deny” as policy in prefix-list. Now I’m announcing only the aggreagte address to each peer using the route map referring to the prefix-list policy.
The blackhole peer is not referring to that route-map, thus is still announcing the single /32

There is another issue: one peer doesn’t have a blackhole neighbour and makes use of a community, thus the single subnet, denied by the prefix-list policy must be announced anyway, if coming from a defined community.
Any way to fix this?

To recap, this is what I need:

  1. on each neighbours (3) only announce the aggregated address and NOT the single /24 or /32
  2. on a single neighbour (the fourth) announce everything, even a small /32
  3. on each neighbour (3) announce the /24 or /32 if and only if coming from a defined community
5

I can’t use the BGP aggregate address because it break routes received by my core routers. I have to aggregate only advertised route to my external neightbour.