Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

How would I do this?

I have a location that we don't want anyone to accidentally route to. We run BGP as the only routing protocol along with some statics. The attached picture is what I currently have, but this is causing a problem. The router on the right side of the page connects to a switch that reloads itself occassionally. When it does this, it brings that link, from the left router to the right router, down. I want to know if I'm able to run a routing protocol between just those two routers, and will keep BGP from propagating that information out to my other locations. If I run EIGRP for just those two networks, can I keep BGP from propagating that learned route? Basically, I want to have the same functionality that I have with a static route now, but I don't want anyone else being able to see it other than my data center. I've thought about ACLs, and this may be the only way I can do it.



HTH, John *** Please rate all useful posts ***

Re: How would I do this?

Router is in one of your other locations (represented by the cloud) and is receiving the update for included in the diagram by router (left), right? And you do not want this to happen, right?

In the BGP networks listed on the left, I don't see How exactly is router (left) injecting this into BGP? Are you redistributing the static into BGP?

In any case, you can certainly filter routes in various ways in the out direction of sessions from router (distribute-list, prefix-list, route-map). You can run any dynamic IGP within the particular site to assure BGP next-hop reachability. BGP will not advertise the network unless you instruct it to do so (e.g. via network or redistribute command), and even if you do inject some network into BGP, you can still filter it in the sessions with particular neighbors. If you need to do some redistribution into BGP for the dynamic IGP scenario, you can filter at the point of redistribution. This way, you won't need a filter in the BGP session.

Re: How would I do this?

Not exactly. I forgot to note it, but is my core switch, but it is receiving the update from and it's via BGP from a static route on

What I want is to be able to see and via some routing protocol because the statics don't seem to bring the link back up when the provider's switch loses power. I'm thinking that a routing protocol may be the way to go. Currently, I have to telnet into the router and ping the address in order to bring the link back up, and I'm hoping that a routing protocol would do this for me when it saw the link back up.

I'm not well versed on bgp beyond the basics of redistributing statics.

So, you're saying that I could run eigrp on router and advertise the and networks with the router, and on the router only advertise and via eigrp and bgp won't distribute this route to anyone else?



HTH, John *** Please rate all useful posts ***

Re: How would I do this?

I added a couple of sentences at the end of my last post. BGP might look difficult, but can be controlled more easily from propagating routes than other protocols. If you don't inject some network into it, it won't creep in. If you do inject, you can still filter. I am still not sure I understand all your requirements, but those things are generally true.

Re: How would I do this?

Just to be a little more practical, here is a link about filtering networks with BGP:

It is about filtering updates received from a neighbor (in direction), but the concepts are the same when sending updates to a neighbor (out direction). You just specify the direction in/out, depending on what you are trying to do. In your case, even if some route reaches a router and you don't want it there, you can still filter the update in the in direction at the particular router (or in the out on the sending router). Note that prefix-list is more elegant and easier to configure.

Remember to clear the sessions softly if needed. You have access to all your BGP routers, so you can clear softly in the out direction of the router that is sending the update for the policy to take effect (clear ip bgp soft out):

When you redistribute into BGP, you can filter the routes that are injected into BGP with a route-map, as per the redistribute command syntax: