We are a small ISP with links from two larger upstreams.
Take for example , I am advertising 192.168.52.0 / 22 IP Block through ISP1. For this I am putting a Null0 route " ip route 192.168.52.0 255.255.252.0 Null0 " . One of the router's interface is assigned with the IP address 192.168.52.1 /22 - whole customer network is running through that interface.So far so good.
Now I want to introduce ISP2 & advertise only 192.168.52.0/24 IP Block through ISP2. This I cant - the Block is not getting advertised unless and until I add the route " ip route 192.168.52.0 255.255.255.0 Null0 " & as soon as I add this route the interface on which the IP address 192.168.52.1 /22 is assigned stops pinging- and it is turning to a mess.
Any suggestion to how to advertise only the 192.168.52.0/24 block through ISP2 .
Please revert if any clarification is needed.
The problem you have is that 192.168.52.0/24 is more specific than 192.168.52.0/22 so you are blackholing the traffic as the more specific route is always chosen.
1) add the Null0 route on another device and redistribute
2) add the route but point it in the next-hop direction eg.
L3 switch 192.168.52.2 -> 192.168.52.1/22 Router -> ISP
so for option 1
on the L3 switch add "ip route 192.168.52.0 255.255.255.0 Null0" and then redistribute into your IGP.
Note that this assumes
i) you are running an IGP between the L3 switch and the router
ii) the L3 switch knows about the 192.168.52.x networks
For option 2
add to the router - "ip route 192.168.52.0 255.255.255.0 192.168.52.2
again this assumes that the L3 switch knows about the 192.168.52.x networks.
If you are unclear can you post a topology diagram ?
You should already have the route for 192.168.52.0/22 as configured at the interface GigabitEthernet0/12.
Thus, please try to remove the "ip route 192.168.52.0 255.255.252.0 Null0"
Thanks & Regards,
There is a reason why you might want to keep the null 0 route for 192.168.52.0/22 even when it duplicates a local route in the routing table. To promote stability in the BGP routing table (and to avoid possible dampening by your upstream provider) you might want to continue to advertise the network/subnet even when it is not locally reachable. Keeping the null 0 route accomplishes this.
Jon as correctly identified the problem as the fact that your new null0 route is more specific than the connected route, and more specific routes are always preferred over less specific routes. Even though I normally advocate that you should not configure static routes specifying the outbound interface rather than the next hop when the outbound interface is Ethernet, I believe that this is a case where that could be useful. The reasons why we usually want to avoid static routes specifying the interface do not apply here - it will cause the router to ARP for any address falling in the range of the static route (but the router already must ARP for all these addresses since they are really on the connected interfce). So I would suggest that this might be a good solution for your issue:
ip route 192.168.52.0 255.255.255.0 gig0/12
Here alternate approach of using static route is to use BGP inject-map. As aggregate prefix(192.168.52.0/22) is already present in routing table you can use this feature to import specific subnet(192.168.53.0/24) of this aggregate into BGP table. Then use filtering method to control your advertisement to ISPs.
Thanks for your suggestion.I have done exactly what you have pointed- but could not be sure what will be the possible consequence ,since it is in our production, thats why I reverted back.Please suggest if everything will be alright .
What I have done -
1] removed the route " ip route 192.168.53.0 255.255.255.0 Null0 "
2] added the route " ip route 192.168.52.0 255.255.255.0 gig0/12"
Apparently , everything was working fine . But when I issued " sh ip bgp neighbors < Peer IP - Upstream2 > advertised-routes " it showed -
Network *> 188.8.131.52/24
unlike in normal circumstances which shows 0.0.0.0 as the next-hop.
I dont know what may be the result, since the block is getting advertised towards 192.168.55.254.
Its like that , I would like to take 192.168.53.0/24 instead of 192.168.52.0/24.
However the configuration for IP Block 192.168.52.0/24 or 192.168.53.0/24 will be same isnt it ?
Please refer to the "sh run" output of the router specified below in the network diagram.
Waiting for your reply.
Please read Point# 2 as -
2] added the route " ip route 192.168.53.0 255.255.255.0 gig0/12"
Sorry for mistyping.
I am stuck at the point , if it is normal to show 184.108.40.206 in the next hop instead of 0.0.0.0 when I am issuing " sh ip bgp neighbor < IP > advertised-routes " command.
If it is yes then the issue is solved .
Any suggestion is most welcome.
I have not used this particular implementation and can not say authoritatively that it is normal. But I believe that this is in fact the expected behavior. Most of the time when a router originates a route advertisement in BGP it is the next hop and it represents it in the BGP table as 0.0.0.0. In this case the static route is indicating that the next hop is somewhere in the connected subnet but does not know exactly where. So it is using the highest available address in the subnet.
As long as you are advertising the /22 subnet, then this next hop address would be reachable. And I believe that it would not have any negative effect on your network.
Perhaps I am missing something but is this just an announcement issue?
Couldn't you create a prefix-list for this specific IP range
ip prefix-list ISP-A-Announce-OUT seq 5 permit 192.168.52.0/22 le 24
obviously you would need route-map and applied to the bgp neigh statement.
Again, maybe I am missing something.
The problem is EBGP cannot advertise a route unless it finds it in the IGP routing table. It's not in the IGP routing table so the only way to get it in there is to add a static route.
Problem is if the next-hop is Null0 all the traffic is blackholed because it's the more specific route.
I understand that part but if there is already a ip route in there for the /22 would not the prefix list then use the /24 because of the le 24 at the end of it?
I may be misunderstanding what you are getting at but it must be an exact match ie. the network and the subnet mask before it can be advertised.
And that is why I suggested that he not use a null 0 static route but use a static route specifying the outbound interface with the specific prefix and subnet mask that he wants.
Something like this:
ip route 192.168.52.0 255.255.255.0 gig0/12
"And that is why I suggested that he not use a null 0 static route but use a static route specifying the outbound interface with the specific prefix and subnet mask that he wants."
Yes i realise that. I totally agree with you.
Think you mistook my last post to Rick ie the other Rick (engagerocks), as addressed to you :-).
My apologies. You are correct that I did not realize that there were 2 Rick active in the thread. Thanks for helping me realize this. Your comment to the other Rick now makes sense.
I stand corrected.
I was thinking in reference to permitting and or denying incoming traffic on specific announcements using the le command.
Sorry to muddy up the water
Perhaps my understanding of BGP inject map is wrong but isn't that can be used in this case as you already have aggregate route and you want to inject more specific route?
I have checked BGP Inject Maps with cisco docs- it may be possible by inject-maps , but the feature is available only with some specific hardaware/software platforms.I need to depend upon traditional methods available.
Lets do it & monitor it for sometime. I will update you with feedbacks.
I've never used this feature but from the looks of it your understanding is perfectly correct, this would indeed be another solution to the same problem.
The settings are working ok , it is running for the last 3-4 days I have not registered any problems.
Thanks to all.