cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1342
Views
0
Helpful
6
Replies

How do I isolate a connected network from being advertised in BGP?

kevin-welch
Level 1
Level 1

I am setting up a Point to Point VPN and using a public IP address on one of the interfaces on our LAN router, which is using BGP for the MPLS connections. The Network this Public address is from is located on our Border router, out side of the firewall. The problem I'm having is that the BGP on the LAN router is advertising the Public network to the inside and causing routing conflicts. I know BGP is not like EIGRP, but is there any way to set an interface to Passive, like in EIGRP, so the network is not advertised? I know I can do this in EIGRP because I've done it before. I have read just about everything I could find on the Cisco site about it and found nothing. Is there some other way I'm not seeing to achieve the same result of hiding this Public network from BGP?

Thank you.

6 Replies 6

Richard Burts
Hall of Fame
Hall of Fame

Kevin

There is not any command in BGP equivalent to the passive-interface command in EIGRP, And there is no need for such a command in BGP because BGP works very differently from EIGRP in what it does with the network command.

In EIGRP the routing protocol process looks at the network command and looks for interfaces that match the network command and includes them in the routing process activity. And the passive-interface command is the way to say that even though the interfaces matches that it should not be active in the routing protocol.

BGP does not do this. BGP does not look at or select interfaces. What BGP does with the network command is to look in the routing table and if it finds a network in the routing table that matches the network command then BGP advertises the network.

So it seems to me that there is a simple solution for your issue. If you do not want BGP to advertise that network then remove the network command under BGP for that network.

HTH

Rick

HTH

Rick

Hi Kevin,

Your topology is not very clear to me.

Do you have any redistribution from BGP to your LAN IGP protocol? In this case you could filter this subnet and not redistribute it to the IGP protocol. This can easily be configured with a route map.

Do you redistribute connected subnets (including this with the public ip) to BGP? If yes, this subnet can be removed again by applying a route map to the redistribution of connected to BGP.

Otherwise you can just remove the BGP  network statement as Richard recommended.

Hope that helps.

Vasilis

Jeff Van Houten
Level 5
Level 5

You can use a route-map on the border router to control which addresses are distributed to the internal network.

Sent from Cisco Technical Support iPad App

kevin-welch
Level 1
Level 1

Thank you for all the responses to my question, Let me add in some additional information. I do not have the Network for this subnet defined in the BGP table. I do have a redistribute static and a redistribute connected for advertising of the other networks. I just need to isolate the particular subnet from being advertised. I'm  thinking that applying a route map to the redistribution of connected in the BGP statements, as Vasilis suggested, is going to be the way to hopefully fix this.

Thank you

Kevin

If you have redistribute connected to get the routes into BGP then a route map to control the redistribution would probably be the optimum solution.

HTH

Rick

HTH

Rick

Hi Kevin,

I am happy that my post helped you.

You can apply the next configuration to filter the particular subnets to be redistributed to BGP.

router bgp AS

redistribute static route-map static-to-bgp

redistribute connected route-map connected-to-bgp

....

route-map static-to-bgp  deny 10

match ip address prefix-list Public-S-block

route-map static-to-bgp  permit 999

route-map connected-to-bgp  deny 10

match ip address prefix-list Public-C-block

route-map connected-to-bgp permit 999

ip prefix-list Public-S-block permit Public_IPs/XX

ip prefix-list Public-C-block permit Public_IPs/XX 

Please rate the helpful posts!

Regards,

Vasilis

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco