cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1074
Views
1
Helpful
5
Replies

10 /8 static redistributed into BGP on ASA 5525 with no auto-summary

andrew.neff
Level 1
Level 1

with separate mgmt interface I have two static 10 /8 routes:

route INSIDE 10.0.0.0 255.0.0.0 10.100.2.245 1
route MGMT 10.0.0.0 255.0.0.0 10.100.25.1 15

BLDRE-FW-INET3# sh route | i 10.0.0.0
S 10.0.0.0 255.0.0.0 [1/0] via 10.100.2.245, INSIDE
BLDRE-FW-INET3# sh route management-only | i 10.0.0.0
S 10.0.0.0 255.0.0.0 [15/0] via 10.100.25.1, MGMT

relevant BGP cfg:

router bgp 65121
address-family ipv4 unicast
redistribute static
no auto-summary
no synchronization
exit-address-family

result as expected shown via INSIDE:

BLDRE-FW-INET3# sh bgp | i 10.0.0.0
*> 10.0.0.0 10.100.2.245 0 32768 ?

Since I have no auto-summary, I perhaps would expect above not to be in BGP.

When I shut the MGMT interface or delete  the MGMT route:

BLDRE-FW-INET3# sh route | i 10.0.0.0
S 10.0.0.0 255.0.0.0 [1/0] via 10.100.2.245, INSIDE
BLDRE-FW-INET3#
BLDRE-FW-INET3# sh route management-only | i 10.0.0.0
BLDRE-FW-INET3#
BLDRE-FW-INET3# sh bgp | i 10.0.0.0
BLDRE-FW-INET3#

The MGMT route is gone as expected, INSIDE route stays in table as expected, but the route is gone in BGP.

Why was 10 /8 in BGP to begin with if tied to MGMT interface?

I don't want auto-summary because I have other more specific routes I want in BGP.  I tried to put in a network statement:

BLDRE-FW-INET3(config)# router bgp 65121
BLDRE-FW-INET3(config-router)# address-family ipv4 unicast
BLDRE-FW-INET3(config-router-af)# network 10.0.0.0 mask 255.0.0.0
ERROR: BGP configuration not supported on management-only/BVI interface

Bottom line:

I want to redistribute specific static routes into BGP with no auto-summary and I want 10 /8 route included.  How might I workaround this behavior?

 

 

3 Accepted Solutions

Accepted Solutions

andrew.neff
Level 1
Level 1

My fix is:

! SPLIT 10 /8 ON MGMT
route MGMT 10.128.0.0 255.128.0.0 10.100.25.1 15
route MGMT 10.0.0.0 255.128.0.0 10.100.25.1 15
! ADD NETWORK STMT TO BGP
router bgp 65121
address-family ipv4 unicast
network 10.0.0.0

 

View solution in original post

Sorry I check your post now

The bgp nwtwork command check RIB and advertise prefix only if thw prefix is exactly same as see in RIB.

Here the issue of mgmt interfaces and down make bgp not advertise 10.0.0.0 is this route is advertise vai redsitrubte ststic  not via network command

What you need is 

Aggragte-address this make sure that this prefix will advertise via bgp. 

View solution in original post

thanks

already had redistribute static, then worked with network command as in my fix

on another asa had redistribute static with route map and had to use aggregate address

router bgp 65122
address-family ipv4 unicast
! neighbors
redistribute static route-map PRIVATE
aggregate-address 10.0.0.0 255.0.0.0
no auto-summary
no synchronization
exit-address-family

route Null0 10.0.0.0 255.0.0.0 252

DENCL-404-FW-INET/act/pri# sh bgp

BGP table version is 37005, local router ID is 10.206.2.44
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
r> 10.0.0.0 0.0.0.0 32768 i

So RIB-failure but now advertising to neighbors, which is what I need

 

View solution in original post

5 Replies 5

M02@rt37
VIP
VIP

Hello @andrew.neff 

It's possible that the 10/8 route was originally in BGP because it was redistributed into BGP through the "redistribute static" command in your BGP configuration. Since the MGMT interface is configured with a static route for the 10/8 network, it would have been included in the static routes that were redistributed into BGP.

When you shut down or delete the MGMT interface and its corresponding route, the 10/8 route is no longer present in the routing table, so it is removed from BGP as well.

As for your question about redistributing specific static routes into BGP with no auto-summary, one workaround could be to use route maps to selectively redistribute the desired static routes into BGP. For example, you could create a route map that matches only the static routes you want to redistribute and then apply that route map to the "redistribute static" command in your BGP configuration.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

andrew.neff
Level 1
Level 1

Definitely the supposedly "management-only" 10 /8 route was redistributed into BGP even though the INSIDE route is the one in the main route table.  This seems like nonsense to me, but I'm not a Cisco product programmer.  My mistake was thinking management-only works like a vrf.

When MGMT interface is down, the INSIDE route then falls prey to no auto-summary so I end up with no 10 /8 in BGP.  To work around this, I've added network 10.0.0.0 under router bgp, removed the MGMT 10/8, and added two static MGMT 10/9s.  I think that's my solution as a workaround.

andrew.neff
Level 1
Level 1

My fix is:

! SPLIT 10 /8 ON MGMT
route MGMT 10.128.0.0 255.128.0.0 10.100.25.1 15
route MGMT 10.0.0.0 255.128.0.0 10.100.25.1 15
! ADD NETWORK STMT TO BGP
router bgp 65121
address-family ipv4 unicast
network 10.0.0.0

 

Sorry I check your post now

The bgp nwtwork command check RIB and advertise prefix only if thw prefix is exactly same as see in RIB.

Here the issue of mgmt interfaces and down make bgp not advertise 10.0.0.0 is this route is advertise vai redsitrubte ststic  not via network command

What you need is 

Aggragte-address this make sure that this prefix will advertise via bgp. 

thanks

already had redistribute static, then worked with network command as in my fix

on another asa had redistribute static with route map and had to use aggregate address

router bgp 65122
address-family ipv4 unicast
! neighbors
redistribute static route-map PRIVATE
aggregate-address 10.0.0.0 255.0.0.0
no auto-summary
no synchronization
exit-address-family

route Null0 10.0.0.0 255.0.0.0 252

DENCL-404-FW-INET/act/pri# sh bgp

BGP table version is 37005, local router ID is 10.206.2.44
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
r> 10.0.0.0 0.0.0.0 32768 i

So RIB-failure but now advertising to neighbors, which is what I need

 

Review Cisco Networking for a $25 gift card