Route prefix manipulation

Unanswered Question
Mar 6th, 2009
User Badges:
  • Bronze, 100 points or more

Hello all,


I'm trying to route traffic to 10.1.21.204 though the static route listed below. However, due the longer prefix rule, the route will use BGP. Is there any way to manipulate this?


FYI the BGP route is coming from my ISP and the static is injected dynamically via Reverse Routing - which checks the acl applied to a cryptomap and then adds the routes based on the ACL.


access-list 123 permit ip 10.1.23.0 0.0.0.255 10.0.0.0 0.255.255.255


The above ACL added the static route you see below.


10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks

S 10.0.0.0/8 [1/0] via 38.x.x.x

B 10.1.21.0/24 [20/0] via 10.1.99.200, 02:12:03


Thx.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.3 (3 ratings)
Loading.
adamclarkuk_2 Fri, 03/06/2009 - 11:39
User Badges:
  • Silver, 250 points or more

Hi


Yes there is, do try the following


ip route 10.1.21.204 255.255.255.255 38.x.x.x

This will create a host route and will beat the BGP learned route.

DialerString_2 Sun, 03/08/2009 - 19:42
User Badges:
  • Bronze, 100 points or more

Adam,


The 10.1.21.204 route is only one of hundreds and I've thought about the 32 bit mask. I don't know if there is any other way to change that route...hmmmm

adamclarkuk_2 Mon, 03/09/2009 - 03:05
User Badges:
  • Silver, 250 points or more

Hi


As an example, you can catch the class C using


ip route 10.1.21.0 255.255.255.0 38.x.x.x

This will override the BGP learned route as static AD beats BGP.


ip route 10.1.21.0 255.255.255.128 38.x.x.x

This will match 0 - 127


This method is assuming you are trying to match contiguous address space.


If you have discontiguous address's you will need to use multiple ip route statements.


If not, you could also look at using PBR (Policy based routing).

Edison Ortiz Fri, 03/06/2009 - 11:39
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

Is there any way to manipulate this?


Add a host route which will give you the longest prefix possible.


ip route 10.1.21.204 255.255.255.255 38.x.x.x


HTH,


__


Edison.

DialerString_2 Mon, 03/09/2009 - 06:21
User Badges:
  • Bronze, 100 points or more

I should have been more specific in my description - sorry about that. I have hundreds of routes and the trick will be to modify this acl not to create the /8 network. My current network is 10.1.0.0 255.255.255.0 and I would have to modify the acl to create a 32 bit network for my scheme. I don't even know if its possible.


access-list 123 permit ip 10.1.23.0 0.0.0.255 10.0.0.0 0.255.255.255



adamclarkuk_2 Mon, 03/09/2009 - 06:51
User Badges:
  • Silver, 250 points or more

Reverse route is doing it's thing so unless you can be more specific with your destination on your crypto ACL (10.0.0.0 0.255.255.255 ), you are going to have to add more specific static routes I'm afraid.


DialerString_2 Mon, 03/09/2009 - 06:59
User Badges:
  • Bronze, 100 points or more

Adam,


I just figured it out - I think but I have to try it in my lab first. I will modify the acl with the following:


access-list 123 permit ip 10.1.23.0 0.0.0.255 10.0.0.0 0.255.255.128

access-list 123 permit ip 10.1.23.0 0.0.0.255 10.0.0.127 0.255.255.128


I'm hoping this should catch it.

DialerString_2 Wed, 03/11/2009 - 07:55
User Badges:
  • Bronze, 100 points or more

Ok the acl didn't work BUT I finally figured it out. I used something call Enhanced Object Tracking.


If my device and ping "A" then use "B" as the next hop. If my device can't ping "A" then use "C". In my case, send traffic through normal route processing.


The link is below that help me with this.


http://www.nil.com/ipcorner/SmallSiteMultiHoming/



Big ups to everyone that posted and big props to Adam.

Actions

This Discussion