Network Summarizations Made Easy
Network summarization is rather simple to setup, yet may be potent if not done properly. In this post there’s insight regarding this topic. Read more.
Notice: This blog post was originally published on Indeni before its acquisition by BlueCat.
The content reflects the expertise and perspectives of the Indeni team at the time of writing. While some references may be outdated, the insights remain valuable. For the latest updates and solutions, explore the rest of our blog
Key takeawaysThis key takeaway was generated through LLMs crawling the page and coming up with an overview of the content.The article explains network route summarization, highlighting that dynamic routing protocols like EIGRP and RIP can automatically summarize routes while OSPF does not, but automatic summarization is often avoided because it tends to be error-prone and overly loose. It describes an indeni Dynamic Knowledge signature that inspects 'show ip route' output to find summarized routes and recommends tighter, more specific summaries when possible, with remediation commands such as 'ip summary-address PROTOCOL x.x.x.x x.x.x.x' or disabling auto-summary with 'no auto-summary'. The article also provides a manual summarization walkthrough using binary conversion and bitwise AND to find the longest common prefix as the tightest useful summary, demonstrated with 192.168.4.0 and related networks resulting in 192.168.4.0 as the tightest summary.
Why do many network administrators avoid automatic summarization in dynamic routing protocols?
Many network administrators avoid automatic summarization because it is error prone and frequently produces summaries that are too loose. Loose summaries can include unintended networks, causing suboptimal routing, reachability issues, or traffic steering to broader address ranges than intended. The article notes that while protocols like EIGRP and RIP offer automatic summarization, administrators prefer manual control or tools that verify summarization tightness to prevent inclusion of unwanted networks and reduce operational risk.
How does the indeni Dynamic Knowledge signature detect and improve loose network summarizations?
The indeni signature extracts all routes, including summarized ones, by running ‘show ip route’ and then selects those marked as summarized. It analyzes each summarized route to determine whether the summary is looser than necessary and can be tightened while still covering all currently summarized networks. When loose summaries are found, indeni lists them and proposes tighter summarizations; it also provides manual remediation commands such as ‘ip summary-address PROTOCOL x.x.x.x x.x.x.x’ and suggests disabling auto summarization with ‘no auto-summary’ under the relevant protocol configuration.
What is the manual process for creating a tight route summary and how is the longest common prefix determined?
To manually create a tight route summary, convert each network address to binary octets and write their masks, then perform bitwise AND with each network’s mask to obtain their network bits. Compare the binary representations of all networks to find the longest common prefix shared by every network to be summarized. The longest common prefix yields the tightest possible summary because it minimizes inclusion of unwanted networks. The article demonstrates this with 192.168.4.0/24, 192.168.5.0/23, and 192.168.6.0/24, concluding the longest common prefix corresponds to 192.168.4.0 as the tightest summary.
Network summarization is rather simple to setup, yet may be potent if not done properly. I wanted to share some of my insight with you regarding this topic. We all know that some of the most popular dynamic routing protocols would summarize network automatically for you if you configured them to, for example, EIGRP and RIP allow for automatic summarization while OSPF does not. With that said, most network admins would avoid setting up automatic summarization as this is very error prone and usually results in network summarizations being too loose. I recently added a signature to indeni’s Dynamic Knowledge platform that helps users out with network summarization. In this signature, we take all the summarized routes and look at them to make sure that they are as summarized as possible. If they are not, we propose a more summarized option for the user.
The way we actually do it is quite simple, we use “show ip routes” to get all the routes including those summarized. We then select all the summarized routes and check whether they are loose and could be “tightened up”.
Here is what it looks like on indeni:
Alert Description:
Network summarizations might be too loose. Some of the network summaries can be tightened and still contain all the currently summarized networks. The following loose networks have been found: 10.10.0.0/16 192.0.0.0/8
Manual Remediation steps:
The suggested networks summarizations can be manually configured using the command: “ip summary-address PROTOCOL x.x.x.x x.x.x.x” Auto summarization can be turned off by manually issuing the command “no auto-summary” under the relevant protocol configuration.
For those of you who choose to do it manually, here is how you summarize routes:
Say you want to summarize these networks: 192.168.4.0/24 192.168.5.0/23 192.168.6.0/24
First thing you have to do is convert the networks into their binary octets (here is a simple conversion table) 192.168.4.0 / 24 turns into 11000000.10101000.00000100.00000000 / 24 192.168.5.0 / 23 turns into 11000000.10101000.00000101.00000000 / 23 192.168.6.0 / 22 turns into 11000000.10101000.00000110.00000000 / 22 A / 24 mask is translated to 24 one bits followed by 32-24=8 trailing zeros: 11111111.11111111.11111111.00000000 To apply the mask you have to do a bitwise AND between the network and its mask.
1100 0000 .1010 1000 .0000 0100 .0000 0000 &
1111 1111 .1111 1111 .1111 1111 .0000 0000
1100 0000 .1010 1000 .0000 0100 .0000 0000
1100 0000 .1010 1000 .0000 0101 .0000 0000 &
1111 1111 .1111 1111 .1111 1110 .0000 0000
1100 0000 .1010 1000 .0000 0100 .0000 0000
1100 0000.1010 1000 .0000 0110.0000 0000 &
1111 1111 .1111 1111 .1111 1111 .0000 0000
1100 0000.1010 1000. 0000 0110.0000 0000
Notice that the first two networks are the same.
Now, let’s look at our networks and summarize them, summarizing the networks is all about finding a common prefix.
11000000.00000000.00000000.00000000 is a common prefix for both our networks, but so is 11000000.10101000.00000000.00000000 so how do you choose?
Each of the proposed summarizations contain networks that we didn’t want to include in our summary and the rule of thumb in our case says: “The tighter the summary is, the less unwanted networks are included in it”.
The tightest summary is the longest common prefix between all summarized networks, and in our case it’s: 11000000.10101000.00000100.00000000
Which translates back (use the table) to the original network of: 192.168.4.0
Related content
How to map your network with user-defined links in Integrity X
Map your network with user-defined links in Integrity X to define and manage custom relationships, such as dual-stack and NAT environments.
Automate your DDI modernization path by migrating with Micetro
Automate cross-platform DNS and DHCP migration with Micetro to reduce risk, eliminate manual effort, and modernize infrastructure faster.
Your journey to intelligent NetOps begins at Cisco Live
Visit BlueCat’s booth or book a meeting now to learn more about how our solutions can help you build a network that supports constant change.
Replace BIND and ISC with Micetro DNS/DHCP Server (MDDS)
Tired of patching and manually configuring BIND DNS and ISC DHCP? Discover how Micetro MDDS appliances can replace them for modern DDI.