cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
736
Views
13
Helpful
8
Replies

Route prefix manipulation

DialerString_2
Level 3
Level 3

Hello all,

I'm trying to route traffic to 10.1.21.204 though the static route listed below. However, due the longer prefix rule, the route will use BGP. Is there any way to manipulate this?

FYI the BGP route is coming from my ISP and the static is injected dynamically via Reverse Routing - which checks the acl applied to a cryptomap and then adds the routes based on the ACL.

access-list 123 permit ip 10.1.23.0 0.0.0.255 10.0.0.0 0.255.255.255

The above ACL added the static route you see below.

10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks

S 10.0.0.0/8 [1/0] via 38.x.x.x

B 10.1.21.0/24 [20/0] via 10.1.99.200, 02:12:03

Thx.

8 Replies 8

adamclarkuk_2
Level 4
Level 4

Hi

Yes there is, do try the following

ip route 10.1.21.204 255.255.255.255 38.x.x.x

This will create a host route and will beat the BGP learned route.

Adam,

The 10.1.21.204 route is only one of hundreds and I've thought about the 32 bit mask. I don't know if there is any other way to change that route...hmmmm

Hi

As an example, you can catch the class C using

ip route 10.1.21.0 255.255.255.0 38.x.x.x

This will override the BGP learned route as static AD beats BGP.

ip route 10.1.21.0 255.255.255.128 38.x.x.x

This will match 0 - 127

This method is assuming you are trying to match contiguous address space.

If you have discontiguous address's you will need to use multiple ip route statements.

If not, you could also look at using PBR (Policy based routing).

Edison Ortiz
Hall of Fame
Hall of Fame

Is there any way to manipulate this?

Add a host route which will give you the longest prefix possible.

ip route 10.1.21.204 255.255.255.255 38.x.x.x

HTH,

__

Edison.

I should have been more specific in my description - sorry about that. I have hundreds of routes and the trick will be to modify this acl not to create the /8 network. My current network is 10.1.0.0 255.255.255.0 and I would have to modify the acl to create a 32 bit network for my scheme. I don't even know if its possible.

access-list 123 permit ip 10.1.23.0 0.0.0.255 10.0.0.0 0.255.255.255

Reverse route is doing it's thing so unless you can be more specific with your destination on your crypto ACL (10.0.0.0 0.255.255.255 ), you are going to have to add more specific static routes I'm afraid.

Adam,

I just figured it out - I think but I have to try it in my lab first. I will modify the acl with the following:

access-list 123 permit ip 10.1.23.0 0.0.0.255 10.0.0.0 0.255.255.128

access-list 123 permit ip 10.1.23.0 0.0.0.255 10.0.0.127 0.255.255.128

I'm hoping this should catch it.

Ok the acl didn't work BUT I finally figured it out. I used something call Enhanced Object Tracking.

If my device and ping "A" then use "B" as the next hop. If my device can't ping "A" then use "C". In my case, send traffic through normal route processing.

The link is below that help me with this.

http://www.nil.com/ipcorner/SmallSiteMultiHoming/

Big ups to everyone that posted and big props to Adam.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco