BGP Local-AS command

Local-as is useful when we have a change in the AS number of the BGP domain. However, we do not have a change to change the AS number in the bgp process yet. This command will help the neighbor think that it connects to the old AS number.

Followings are the example of the local-as and its option in BGP.
R1 = AS 100
R2 = AS 200
R3 = AS 300
Configure the network to have R1 thinks that R2 is in AS 65001 (Use local-AS)

R1

router bgp 100
 no synchronization
 bgp log-neighbor-changes
 network 1.1.1.0 mask 255.255.255.0
 network 2.2.2.0 mask 255.255.255.0
 network 3.3.3.0 mask 255.255.255.0
 neighbor 192.168.1.2 remote-as 65001
 no auto-summary

Local AS

R2
router bgp 200
 no synchronization
 bgp log-neighbor-changes
 neighbor 192.168.1.1 remote-as 100
 neighbor 192.168.1.1 local-as 65001
 neighbor 192.168.2.2 remote-as 300
 no auto-summary


R3#sh ip bgp
BGP table version is 46, local router ID is 192.168.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 1.1.1.0/24       192.168.2.1                            0 200 65001 100 i
*> 2.2.2.0/24       192.168.2.1                            0 200 65001 100 i
*> 3.3.3.0/24       192.168.2.1                            0 200 65001 100 i

When having a "no prepend", R2 will not prepend local-as to the update forwarding to R3. Therefore, the R3 will see only the real AS from R2 (without the 65001)


Local AS with no prepend
R2

router bgp 200
 no synchronization
 bgp log-neighbor-changes
 neighbor 192.168.1.1 remote-as 100
 neighbor 192.168.1.1 local-as 65001 no-prepend
 neighbor 192.168.2.2 remote-as 300
 no auto-summary

R3#sh ip bgp
BGP table version is 40, local router ID is 192.168.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 1.1.1.0/24       192.168.2.1                            0 200 100 i
*> 2.2.2.0/24       192.168.2.1                            0 200 100 i
*> 3.3.3.0/24       192.168.2.1                            0 200 100 i

With the no prepend and replace-as, (neighbor to R3) R2 will not prepend the local as but instead replace the real AS with the local as value and send an update to R3. Therefore, R3 will see 65001 (local-as value) and 100 (AS at R1)


Local AS with no prepend & replace as


R2
router bgp 200
 no synchronization
 bgp log-neighbor-changes
 neighbor 192.168.1.1 remote-as 100
 neighbor 192.168.1.1 local-as 65001 no-prepend replace-as
 neighbor 192.168.2.2 remote-as 300
 neighbor 192.168.2.2 local-as 65001 no-prepend replace-as
 no auto-summary

R3#sh ip bgp

BGP table version is 28, local router ID is 192.168.2.2

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

              r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path

*> 1.1.1.0/24       192.168.2.1                            0 65001 100 i

*> 2.2.2.0/24       192.168.2.1                            0 65001 100 i

*> 3.3.3.0/24       192.168.2.1                            0 65001 100 i

Mapping Agent (MAP RP)

The functionality of the mapping agent is the map multicast group to the RP in the Auto-RP process. In order to specify which multicast group going to which RP, we use this following command.

ip pim rp-announce-filter rp-list XXX group-list XXX


We can specify RPs in the rp-list and groups in the group-list.

Example


//Mapping agent 

ip pim send-rp-discovery Loopback0 scope 16
!
ip pim rp-announce-filter rp-list R2_RP group-list R2_GROUPS
ip pim rp-announce-filter rp-list R1_RP group-list R1_GROUPS
!
ip access-list standard R1_GROUPS
 permit 224.0.0.0 0.255.255.255
 permit 226.0.0.0 0.255.255.255
 permit 228.0.0.0 0.255.255.255
 permit 230.0.0.0 0.255.255.255
 permit 232.0.0.0 0.255.255.255
 permit 234.0.0.0 0.255.255.255
 permit 236.0.0.0 0.255.255.255
 permit 238.0.0.0 0.255.255.255
!
ip access-list standard R1_RP
 permit 150.1.1.1
!
ip access-list standard R2_GROUPS
 permit 225.0.0.0 0.255.255.255
 permit 227.0.0.0 0.255.255.255
 permit 229.0.0.0 0.255.255.255
 permit 231.0.0.0 0.255.255.255
 permit 233.0.0.0 0.255.255.255
 permit 235.0.0.0 0.255.255.255
 permit 237.0.0.0 0.255.255.255
 permit 239.0.0.0 0.255.255.255
!
ip access-list standard R2_RP
 permit 150.1.2.2

Multilink PPP

The point of Multilink PPP is to take multiple PPP links and “bond” them together to act as a single PPP link. These PPP links that are being bonded could be an ISDN BRI circuit, T1 circuits, or other types of PPP circuits. Also, with multilink PPP, it can breaks large packets into smaller pieces, and send them other multiple physical links simulataneously.

Configuration example

Multilink PPP over Frame Relay (MLPPPoFR)

Configuration
R1
interface Multilink1
 ip address 192.168.1.1 255.255.255.0
 ppp multilink
 ppp multilink interleave
 ppp multilink group 1
!
interface FastEthernet0/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/0
 no ip address
 encapsulation frame-relay
 clock rate 2000000
 frame-relay map ip 192.168.1.2 102
 frame-relay interface-dlci 102 ppp Virtual-Template1
 no frame-relay inverse-arp
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/1
 no ip address
 encapsulation frame-relay
 clock rate 2000000
 frame-relay map ip 192.168.1.2 102
 frame-relay interface-dlci 102 ppp Virtual-Template1
!
interface Virtual-Template1
 ip address 192.168.1.1 255.255.255.0
 ppp multilink
 ppp multilink interleave
 ppp multilink group 1
!

R2

interface Multilink1
 ip address 192.168.1.2 255.255.255.0
 ppp multilink
 ppp multilink interleave
 ppp multilink group 1
!
interface FastEthernet0/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/0
 no ip address
 encapsulation frame-relay
 clock rate 2000000
 frame-relay map ip 192.168.1.1 201
 frame-relay interface-dlci 201 ppp Virtual-Template1
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/1
 no ip address
 encapsulation frame-relay
 shutdown
 clock rate 2000000
 frame-relay map ip 192.168.1.1 201
 frame-relay interface-dlci 201 ppp Virtual-Template1
!
interface Virtual-Template1
 no ip address
 ppp multilink
 ppp multilink interleave
 ppp multilink group 1

Verify Configuration

Router#show ppp multilink

Multilink1

  Bundle name: Router

  Remote Endpoint Discriminator: [1] Router

  Local Endpoint Discriminator: [1] Router

  Bundle up for 00:10:20, total bandwidth 100000, load 1/255

  Receive buffer limit 12000 bytes, frag timeout 1000 ms

  Interleaving disabled

    0/0 fragments/bytes in reassembly list

    0 lost fragments, 0 reordered

    0/0 discarded fragments/bytes, 0 lost received

    0xF received sequence, 0x16 sent sequence

  Member links: 1 active, 2 inactive (max not set, min not set)

    Vi3, since 00:10:20, 375000 weight, 1496 frag size

    Vi1 (inactive)

    Vt1 (inactive)

No inactive multilink interfaces

Router#

Reference

http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/mlppp_over_fr_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1027188

Distribute-list gateway

"distribute-list gateway" is the command that allows us to permit or deny routing update based on source of the updates.

Example Configuration


We have R1, R2 and R3 in the RIP routing domain.  However, we want to receive the routing updates from R3 only. Here is the configuration example to accomplish this.

R2

router rip
 network 2.0.0.0
 network 192.168.1.0
 network 192.168.2.0
 distribute-list gateway R3-ONLY in
 no auto-summary
!
!
ip prefix-list R3-ONLY seq 5 permit 192.168.2.2/32

R2 Routing table

Before putting in the command

R2#sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

R    1.0.0.0/8 [120/1] via 192.168.1.1, 00:00:02, FastEthernet0/0

     2.0.0.0/24 is subnetted, 1 subnets

C       2.2.2.0 is directly connected, Loopback0

R    3.0.0.0/8 [120/1] via 192.168.2.2, 00:00:14, FastEthernet0/1

C    192.168.1.0/24 is directly connected, FastEthernet0/0

C    192.168.2.0/24 is directly connected, FastEthernet0/1

R2#

After distribute-list gateway command 

R2#sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     2.0.0.0/24 is subnetted, 1 subnets

C       2.2.2.0 is directly connected, Loopback0

R    3.0.0.0/8 [120/1] via 192.168.2.2, 00:00:15, FastEthernet0/1

C    192.168.1.0/24 is directly connected, FastEthernet0/0

C    192.168.2.0/24 is directly connected, FastEthernet0/1

Note: After we put in the command, the network 1.1.1.0/24 disappeared.

Frame-Relay End-to-end Keepalive

Frame-Relay end to end keepalives provides status to verify that end-to-end communications are working and that traffic is getting through.

The Frame-Relay End-to-End keepalive feature can be configured in 4 modes
- biirectional mode 
    -  both the send side and receive side are enable
- request mode
    - only the send side in enabled, and the device sends out and waits for replies to its keepalives requests
- reply mode
    - only the receive side is enabled, and the device waits for and replies to keepalive request.
- passive reply mode
    -  the device only responds to keepalive requests, but does not set any timers or keep track of any events

Example Configuration 


interface Serial1/0
 ip address 192.168.1.1
 encapsulation frame-relay
 shutdown
 serial restart-delay 0
 frame-relay interface-dlci 101
  class END2END_KEEPALIVE
!
map-class frame-relay END2END_KEEPALIVE
 frame-relay end-to-end keepalive mode request
!

Verification
show frame-relay end-to-end keepalive

Dynamic Access-list (access-enable)

Access-enable command allows us to enable the router to create temporary access-list in a dynamic access-list. There are 2 options for the access-enable command as followings.

host	Tells the software to enable access only for the host from which the Telnet session originated. If not specified, the software allows all hosts on the defined network to gain access. The dynamic access list contains the network mask to use for enabling the new network.
timeout	Specifies an idle timeout for the temporary access list entry. If the access list entry is not accessed within this period, it is automatically deleted and requires the user to authenticate again. The default is for the entries to remain permanently.

Example Configuration

To be able to telnet to R3, user needs to login to R2 first with the username of CISCO and Password CISCO. If they successfully authenticates, the access-list in R2 will temporarily allow telnet access to R3.

R1 --- R2 ----R3

R2 configuration

username TELNET password 0 CISCO

username TELNET autocommand access-enable timeout 5

ip access-list extended DYN_TELNET

 dynamic DYN_TELNET_ACCESS permit tcp any any eq telnet

 deny   tcp any host 10.1.1.2

 permit ip any any

!

line vty 0 4

login

 autocommand  access-enable

Apply access-list to the interface facing R1

interface FastEthernet0/0

 ip address 192.168.1.2 255.255.255.0

 ip access-group DYN_TELNET in

 duplex auto

 speed auto

Verify Configuration

// We did not have access to R3

R1#telnet 10.1.1.2

Trying 10.1.1.2 ...

% Destination unreachable; gateway or host down

//Try authenticate with R2 to have access-list created ( dynamic )

R1#

R1#

R1#telnet 192.168.1.2

Trying 192.168.1.2 ... Open

User Access Verification

Username: TELNET

Password:

[Connection to 192.168.1.2 closed by foreign host]

/?Try again ( telnet to R3)

R1#telnet 10.1.1.2

Trying 10.1.1.2 ... Open

User Access Verification

Username: CISCO

Password:

R3>

// successfull

Show dynamic access-list on R2

R2#sh access-lists

Extended IP access list DYN_TELNET

    10 Dynamic DYN_TELNET_ACCESS permit tcp any any eq telnet

       permit tcp any any eq telnet (30 matches)

    20 deny tcp any host 10.1.1.2 (3 matches)

    30 permit ip any any (81 matches)

R2#

Sham-link (MPLS - VPN )

In the diagram above, R1 and R4 are the CE routers which are in the same OSPF area . R2 and R3 are PE routers providing the MPLS VPN connectivity between customer side. The primary route from R1 to R4 will be through the MPLS network. Whenever MPLS VPN network is down, we will use the OSPF network as a backup.

In this scenario, we will have to use OSPF sham-link to help. The sham-link does like a virtual link connecting R2 and R3 together as a intraarea link. Therefore, when the sham-link is established, we will see those 2 OSPF routers (R1 and R4) learned route from each other as an intraarea routes.

Creating a Sham-Link:

Before you create a sham-link between PE routers in an MPLS VPN, you must:• Configure a separate /32 address on the remote PE so that OSPF packets can be    sent    over the VPN backbone to the remote end of the sham-link. The /32 address must meet the following criteria:– Belong to a VRF.– Not be advertised by OSPF.– Be advertised by BGP.You can use the /32 address for other sham-links.• Associate the sham-link with an existing OSPF area

Before enable Sham-link

R1#sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     172.16.0.0/24 is subnetted, 1 subnets

O IA    172.16.1.0 [110/10019] via 192.168.1.2, 00:00:00, FastEthernet0/0

C    192.168.1.0/24 is directly connected, FastEthernet0/0

O IA 192.168.2.0/24 [110/11] via 192.168.1.2, 00:00:00, FastEthernet0/0

     150.1.0.0/32 is subnetted, 2 subnets

O E2    150.1.3.3 [110/1] via 192.168.1.2, 00:00:03, FastEthernet0/0

O E2    150.1.2.2 [110/1] via 192.168.1.2, 00:00:03, FastEthernet0/0

After enable Sham-link

R1#sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     172.16.0.0/24 is subnetted, 1 subnets

O       172.16.1.0 [110/10020] via 192.168.1.2, 00:00:05, FastEthernet0/0

C    192.168.1.0/24 is directly connected, FastEthernet0/0

O    192.168.2.0/24 [110/21] via 192.168.1.2, 00:00:05, FastEthernet0/0

     150.1.0.0/32 is subnetted, 2 subnets

O E2    150.1.3.3 [110/1] via 192.168.1.2, 00:00:57, FastEthernet0/0

O E2    150.1.2.2 [110/1] via 192.168.1.2, 00:00:57, FastEthernet0/0

Configuration 

R2 (PE)

interface Loopback0

 ip vrf forwarding VPN_A

 ip address 150.1.2.2 255.255.255.255

!

interface FastEthernet0/0

 ip vrf forwarding VPN_A

 ip address 192.168.1.2 255.255.255.0

 duplex auto

 speed auto

!

interface FastEthernet0/1

 ip address 10.1.1.1 255.255.255.0

 duplex auto

 speed auto

 mpls ip

!

router ospf 10 vrf VPN_A

 log-adjacency-changes

 area 0 sham-link 150.1.2.2 150.1.3.3

 redistribute bgp 100 subnets

 network 192.168.1.0 0.0.0.255 area 0

!

//MPLS domain

router ospf 1

 log-adjacency-changes

 network 10.1.1.0 0.0.0.255 area 23

!

router bgp 100

 bgp log-neighbor-changes

 neighbor 10.1.1.2 remote-as 100

 !

 address-family ipv4

  neighbor 10.1.1.2 activate

  no auto-summary

  no synchronization

 exit-address-family

 !

 address-family vpnv4

  neighbor 10.1.1.2 activate

  neighbor 10.1.1.2 send-community both

 exit-address-family

 !

 address-family ipv4 vrf VPN_A

  redistribute ospf 10 vrf VPN_A

  neighbor 10.1.1.2 remote-as 100

  neighbor 10.1.1.2 activate

  no synchronization

  network 150.1.2.2 mask 255.255.255.255

 exit-address-family

!

R3(PE)

!

interface Loopback0

 ip vrf forwarding VPN_A

 ip address 150.1.3.3 255.255.255.255

!

interface FastEthernet0/0

 ip address 10.1.1.2 255.255.255.0

 duplex auto

 speed auto

 mpls ip

!

interface FastEthernet0/1

 ip vrf forwarding VPN_A

 ip address 192.168.2.1 255.255.255.0

 duplex auto

 speed auto

!

router ospf 10 vrf VPN_A

 log-adjacency-changes

 area 0 sham-link 150.1.3.3 150.1.2.2

 redistribute bgp 100 subnets

 network 192.168.2.0 0.0.0.255 area 0

!

// MPLS domain

router ospf 1

 log-adjacency-changes

 network 10.1.1.0 0.0.0.255 area 23

!

router bgp 100

 no synchronization

 bgp log-neighbor-changes

 neighbor 10.1.1.1 remote-as 100

 no auto-summary

 !

 address-family vpnv4

  neighbor 10.1.1.1 activate

  neighbor 10.1.1.1 send-community both

 exit-address-family

 !

 address-family ipv4 vrf VPN_A

  redistribute ospf 10 vrf VPN_A

  neighbor 10.1.1.1 remote-as 100

  neighbor 10.1.1.1 activate

  no synchronization

  network 150.1.3.3 mask 255.255.255.255

 exit-address-family

!

**Note**

The intraroute learn by MPLS VPN of OSPF can be achieved by configuring the domain-id  in the OSPF process as well. Domain-id can be used if there is no backup link in the same OSPF area.

What makes sham-links better than the domain-id option is it can be configured the cost associated to the link as well. Therefore, in this scenario, we may increase cost of the intraarea backup link to 9999 to make sure the route going through MPLS network as a primary route.

R1

interface FastEthernet0/1

 ip address 172.16.1.1 255.255.255.0

 ip ospf cost 9999

 duplex auto

 speed auto

You should configure an OSPF sham link under the following circumstances:

1. Two CE routers are linked together by a Layer 3 VPN.
2. These CE routers are in the same OSPF area.
3. An intraarea link is configured between the two CE routers.

If there is no intraarea link between the CE routers, you do not need to configure an OSPF sham link.

Legacy Frame Relay

Legacy FRTS has the following characteristics:

- Enabled with frame-relay traffic-shaping command at physical interface level
- Incompatible with GTS or MQC commands at subinterfaces or physical interface levels
- With FRTS you can enforce bitrate per-VC (VC-granular, unlike GTS), by applying a map-class to PVC
- When no map-class is explicitly applied to PVC, it’s CIR and Tc are set to 56K/125ms by default
- Shaping parameters are configured under map-class frame-relay configuration submode
- Allows to configure fancy-queueing (WFQ/PQ/CQ) or simple FIFO per-VC
- No option to configure fancy-queueing at interface level: interface queue is forced to FIFO (if no FRF.12 is configured)
- Allows for adaptive shaping (throttling down to minCIR) on BECN reception (just as GTS) and option to reflect incoming FECNs as BECNs
- Option to enable adaptive shaping which responds to interface congestion (non-empty interface queue)

Example


map-class frame-relay SHAPE_384K
 frame-relay cir 384000
 frame-relay bc 3840
 frame-relay be 0
 !
 ! Adaptive shaping: respond to BECNs and interface congestion
 !
 frame-relay adaptive-shaping becn
 frame-relay adaptive-shaping interface-congestion
 !
 ! Per-VC fancy-queueing
 !
 frame-relay fair-queue
!
interface Serial 0/0/0:0
 frame-relay traffic-shaping
!
interface Serial 0/0/0:0.1
 ip address 177.0.112.1 255.255.255.0
 frame-relay interface-dlci 112
  class SHAPE_384K


Reference
http://blog.ine.com/2008/01/22/legacy-frts/

Reflexive ACLs

Reflexive ACLs were introduced in Cisco IOS Software Release 11.3. Reflexive ACLs allow IP packets to be filtered based on upper-layer session information. They are generally used to allow outbound traffic and to limit inbound traffic in response to sessions that originate inside the router.


Reflexive ACLs can be defined only with extended named IP ACLs. They cannot be defined with numbered or standard named IP ACLs, or with other protocol ACLs. Reflexive ACLs can be used in conjunction with other standard and static extended ACLs.


**Note that local originated traffic does not match the reflextive ACLs.


Example configuration
R1 ------- R2
Configure the reflexive access-list to allow all tcp/udp/icmp traffic passing through and allow to return. Allow icmp and telnet which is originated from the router itself passing through also to the other router.


ip access-list extended ACL_IN
 permit udp any any eq rip
 permit tcp any any eq bgp
 permit icmp any any echo-reply
 permit tcp any eq telnet any established
 evaluate REFLECT

**Note: we need to allow icmp and telnet traffic back to R1 because the local originated traffic does not match the reflextive ACL**


ip access-list extended ACL_OUT
 permit tcp any any reflect REFLECT
 permit udp any any reflect REFLECT
 permit icmp any any reflect REFLECT
!
!

interface FastEthernet0/0

 ip address 192.168.1.1 255.255.255.0

 ip access-group ACL_IN in

 ip access-group ACL_OUT out

 duplex auto

 speed auto

The summarization in BGP can be done with the aggregate command. However, this aggregate command when enabled the router will automatically send this aggregated updated to all of its neighbor by default. Sometimes, we do not want to advertise the aggregated route to all of the neighbor. We use the unsuppressed-map command to help us accomplish this.

The example below show the command and how to configure aggregate update and unsuppressed-map.

Example

We have R1 trying to advertise the summary route of 172.16.0.0/16 network to R2 and advertise the full updates with the subnets to R3. With the aggregate command alone R3 will only receive an aggregated update. Therefore, we will add the unsuppressed-map command as an option in the neighbor statement to R3. In this example, R3 wants to receive all subnets from R1, so the route-map UNSUPPRESS will not contain any match statement. We can modify the unsuppressed subnet in the router-map command to match the specify subnets we want to see in R3.

router bgp 100
 no synchronization
 bgp log-neighbor-changes
 network 172.16.1.0 mask 255.255.255.0
 network 172.16.2.0 mask 255.255.255.0
 network 172.16.3.0 mask 255.255.255.0
 network 172.16.4.0 mask 255.255.255.0
 aggregate-address 172.16.0.0 255.255.0.0 summary-only
 neighbor 192.168.1.2 remote-as 100
 neighbor 192.168.1.2 unsuppress-map UNSUPPRESS
 neighbor 192.168.2.2 remote-as 100
 no auto-summary

Verify the configuration 

R2>sh ip bgp

BGP table version is 10, local router ID is 192.168.2.2

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

              r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path

*>i172.16.0.0       192.168.2.1              0    100      0 i

R2>

R3#sh ip bgp

BGP table version is 14, local router ID is 192.168.1.2

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

              r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path

*>i172.16.0.0       192.168.1.1              0    100      0 i

*>i172.16.1.0/24    192.168.1.1              0    100      0 i

*>i172.16.2.0/24    192.168.1.1              0    100      0 i

*>i172.16.3.0/24    192.168.1.1              0    100      0 i

*>i172.16.4.0/24    192.168.1.1              0    100      0 i

R3#

Now, we can see that R3 has bgp updates for all subnets from R1 as opposed to R2 has only summary routers advertised from R1.