There's a mobile version of our website.
I am setting up a Point to Point VPN and using a public IP address on one of the interfaces on our LAN router, which is using BGP for the MPLS connections. The Network this Public address is from is located on our Border router, out side of the firewall. The problem I'm having is that the BGP on the LAN router is advertising the Public network to the inside and causing routing conflicts. I know BGP is not like EIGRP, but is there any way to set an interface to Passive, like in EIGRP, so the network is not advertised? I know I can do this in EIGRP because I've done it before. I have read just about everything I could find on the Cisco site about it and found nothing. Is there some other way I'm not seeing to achieve the same result of hiding this Public network from BGP?
There is not any command in BGP equivalent to the passive-interface command in EIGRP, And there is no need for such a command in BGP because BGP works very differently from EIGRP in what it does with the network command.
In EIGRP the routing protocol process looks at the network command and looks for interfaces that match the network command and includes them in the routing process activity. And the passive-interface command is the way to say that even though the interfaces matches that it should not be active in the routing protocol.
BGP does not do this. BGP does not look at or select interfaces. What BGP does with the network command is to look in the routing table and if it finds a network in the routing table that matches the network command then BGP advertises the network.
So it seems to me that there is a simple solution for your issue. If you do not want BGP to advertise that network then remove the network command under BGP for that network.
Your topology is not very clear to me.
Do you have any redistribution from BGP to your LAN IGP protocol? In this case you could filter this subnet and not redistribute it to the IGP protocol. This can easily be configured with a route map.
Do you redistribute connected subnets (including this with the public ip) to BGP? If yes, this subnet can be removed again by applying a route map to the redistribution of connected to BGP.
Otherwise you can just remove the BGP network statement as Richard recommended.
Hope that helps.
You can use a route-map on the border router to control which addresses are distributed to the internal network.
Sent from Cisco Technical Support iPad App
Thank you for all the responses to my question, Let me add in some additional information. I do not have the Network for this subnet defined in the BGP table. I do have a redistribute static and a redistribute connected for advertising of the other networks. I just need to isolate the particular subnet from being advertised. I'm thinking that applying a route map to the redistribution of connected in the BGP statements, as Vasilis suggested, is going to be the way to hopefully fix this.
If you have redistribute connected to get the routes into BGP then a route map to control the redistribution would probably be the optimum solution.
I am happy that my post helped you.
You can apply the next configuration to filter the particular subnets to be redistributed to BGP.
router bgp AS
redistribute static route-map static-to-bgp
redistribute connected route-map connected-to-bgp
route-map static-to-bgp deny 10
match ip address prefix-list Public-S-block
route-map static-to-bgp permit 999
route-map connected-to-bgp deny 10
match ip address prefix-list Public-C-block
route-map connected-to-bgp permit 999
ip prefix-list Public-S-block permit Public_IPs/XX
ip prefix-list Public-C-block permit Public_IPs/XX
Please rate the helpful posts!
Login to share your discussion activity with your friends on Facebook. You can control what you share and turn off sharing anytime.
Your Facebook friends can now see that you have started this discussion
Your Facebook friends can now see that you have commented on this discussion
Your Facebook friends can now see that you have read this discussion