This post represents the solution and explanation for quiz-16. Have a look at the quiz to understand the problem.

Quiz Review

The network in the quiz consists of 3 sites, each represented by a sub-confederation, AS65100 / AS65200 / AAS65300, and a partner site (AS 400) represented by R4.
The problem appears due to a rather transient situation in the production network, such as: at this moment BGP runs only between R3 <-> R1 and R1 <-> R2 while the physical link between R3 and R2 was recently installed and no BGP was configured on it. During this temporary situation (until full BGP peering will be configured between R3 and R2) there are 2 requirements:

  • site-3/R3 needs to use this direct link to reach site-2/R2 (so a static route is configured on R3)
  • while site-2/R2 runs in pre-production mode, its prefix (192.168.200.0/24) must not be advertised to partner company, R4

quiz-16-1

A requirement that I "forced" into the quiz was: "do not use route-maps or other policies applied to the BGP neighbors". The reason I put this was to direct the reader into discovering the RIB-Failure route on R3 and suggesting Suppress-Inactive discussion.

What Suppress-Inactive Command Does

Let me start by defining the inactive routes = routes that are not installed into the RIB, most of the times because they are also learned from another routing protocol that has a better (read lower) administrative distance.
Such routes are marked in the BGP table with a "r" and also displayed with command show ip bgp rib-failure: 

R3#sh ip bgp
BGP table version is 5, local router ID is 192.168.255.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 10.0.0.0         10.0.0.4                 0             0 400 i
*> 192.168.100.0    192.168.13.1             0    100      0 (65100) i
r> 192.168.200.0    192.168.12.2             0    100      0 (65100 65200) i
R3#
R3#sh ip bgp rib-failure
Network            Next Hop                      RIB-failure   RIB-NH Matches
192.168.200.0      192.168.12.2        Higher admin distance              n/a
R3#
R3#sh ip route 192.168.200.0
Routing entry for 192.168.200.0/24
  Known via "static", distance 1, metric 0
  Routing Descriptor Blocks:
  * 192.168.23.2
      Route metric is 0, traffic share count is 1

As seen above, the reason for the RIB-Failure is the existence of the static route (of course, lower AD comparing to BGP).

The default behavior on Cisco routers, as opposed to Juniper, is to advertise these inactive BGP prefixes as long as they are selected as "best" in the BGP table. I don't want to debate here which approach regarding the default behavior is better, Cisco's or Juniper's... my personal position in this matter would support Juniper approach because, in my opinion, advertising inactive BGP routes is an exception from normal designs, not a rule (when I say "rule" I mean that you don't design routes to be advertised by both BGP and IGP at the same time) !

Of course, you can disable this default advertising of inactive routes with the command bgp suppress-inactive under the BGP process.

Default behavior 

R3#sh ip bgp neigh 10.0.0.4 advertised-routes
BGP table version is 5, local router ID is 192.168.255.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 192.168.100.0    192.168.13.1             0    100      0 (65100) i
r> 192.168.200.0    192.168.12.2             0    100      0 (65100 65200) i

Total number of prefixes 2
R3#

With bgp suppress-inactive 

R3#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R3(config)#router bgp 65300
R3(config-router)#bgp suppress-inactive
R3(config-router)#^Z
R3#
R3#sh ip bgp rib-failure
Network            Next Hop                      RIB-failure   RIB-NH Matches
192.168.200.0      192.168.12.2        Higher admin distance               No
R3#
R3#sh ip bgp neigh 10.0.0.4 advertised-routes
BGP table version is 7, local router ID is 192.168.255.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 192.168.100.0    192.168.13.1             0    100      0 (65100) i

Total number of prefixes 1
R3#

RIB Next-Hop Matches

An interesting fact about this command is the existence of this condition: command works (suppresses the advertising of BGP inactive routes) only when the comparison of these two next-hops (NH) returns a "NO":

  • the next-hop of the BGP route selected as "best"
  • the next-hop of the route as installed in the RIB (the NH from the protocol that "beats" BGP)

IF these two Next-Hops do not match,
Then the inactive route is suppressed: 

R3#sh ip bgp rib-failure
Network            Next Hop                      RIB-failure   RIB-NH Matches
192.168.200.0      192.168.12.2        Higher admin distance               No
R3#
R3#sh ip bgp neigh 10.0.0.4 advertised-routes
...
   Network          Next Hop            Metric LocPrf Weight Path
*> 192.168.100.0    192.168.13.1             0    100      0 (65100) i

Total number of prefixes 1
R3#

IF these two Next-Hops match,
Then the inactive route is not suppressed.
Note that I'm modifying the static route on R3 to match the BGP NH: 

R3#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R3(config)#ip route 192.168.200.0 255.255.255.0 192.168.12.2
R3(config)#^Z
R3#
R3#sh ip bgp rib-failure
Network            Next Hop                      RIB-failure   RIB-NH Matches
192.168.200.0      192.168.12.2        Higher admin distance              Yes
R3#
R3#sh ip bgp neigh 10.0.0.4 advertised-routes
...
   Network          Next Hop            Metric LocPrf Weight Path
*> 192.168.100.0    192.168.13.1             0    100      0 (65100) i
r> 192.168.200.0    192.168.12.2             0    100      0 (65100 65200) i

Total number of prefixes 2
R3#

This means that if the two next-hop matches, there is no way that you can suppress the BGP inactive route. My own explanation for this: since the BGP next-hop matches the one of better AD routing protocol, then this prefix is "almost active" or "as good as active", so it will always be advertised to other BGP peers according to the BGP rules.

ATTENTION

The RIB-NH Match is relevant only when using bgp suppress-inactive command. If this command is not configured (the default behavior) this field is n/a (see below) 
R3#sh ip bgp
BGP table version is 5, local router ID is 192.168.255.3
...
   Network          Next Hop            Metric LocPrf Weight Path
*> 10.0.0.0         10.0.0.4                 0             0 400 i
*> 192.168.100.0    192.168.13.1             0    100      0 (65100) i
r> 192.168.200.0    192.168.12.2             0    100      0 (65100 65200) i
R3#
R3#sh ip bgp rib-failure
Network            Next Hop                      RIB-failure   RIB-NH Matches
192.168.200.0      192.168.12.2        Higher admin distance              n/a
R3#

Thank you for your comments and interest in the quiz!
Subscribe to this blog to get more interesting quizzes and detailed solutions.