Symptom

If we have BGPaggregate summary-only with route-policy configured, when aggregate is created, upon receiving a more specific route that pass the RPL, the more specific routes that do not pass the RPL if they are already present in the BGP table are not suppressed. Conversely, if routes are suppressed and the aggregate is deleted, those specific routes remain suppressed. BGP prefixes already present in the BGP table: *>i192.168.121.64/26 10.1.1.2 0 100 0 ? *>i192.168.121.128/25 10.1.1.3 0 100 0 ? When Aggregate is generated due to route-policy matching, BGP prefixes not tested on RPL are not suppressed: *> 192.168.121.0/24 0.0.0.0 32768 i s> 192.168.121.1/32 10.11.12.1 0 0 65002 ? s> 192.168.121.2/32 10.11.12.1 0 0 65002 ? *>i192.168.121.64/26 10.1.1.2 0 100 0 ? *>i192.168.121.128/25 10.1.1.3 0 100 0 ?

Conditions

bgp aggregate summary-only with route-policy configured. - sample config: Configuration: router bgp 64600 address-family ipv4 unicast aggregate-address 192.168.121.0/24 summary-only route-policy RP_PERMIT_AGGREGATE_S1_ONLY ! ! route-policy RP_PERMIT_AGGREGATE_S1_ONLY if (destination in (192.168.121.1/32) and next-hop in (192.168.123.1)) or (destination in (192.168.121.2/32) and next-hop in (192.168.123.3)) then apply set-community-aggregate set community (64600:1) additive endif end-policy !

Workaround

option 1) reapply aggregate configuration option 2) make sure the routes not suppressed are reinstalled after aggregate is generated

Further Problem Description