03-21-2023 12:37 PM - last edited on 04-03-2023 10:41 PM by Translator
with separate mgmt interface I have two static 10 /8 routes:
route INSIDE 10.0.0.0 255.0.0.0 10.100.2.245 1
route MGMT 10.0.0.0 255.0.0.0 10.100.25.1 15
BLDRE-FW-INET3# sh route | i 10.0.0.0
S 10.0.0.0 255.0.0.0 [1/0] via 10.100.2.245, INSIDE
BLDRE-FW-INET3# sh route management-only | i 10.0.0.0
S 10.0.0.0 255.0.0.0 [15/0] via 10.100.25.1, MGMT
relevant BGP cfg:
router bgp 65121
address-family ipv4 unicast
redistribute static
no auto-summary
no synchronization
exit-address-family
result as expected shown via INSIDE:
BLDRE-FW-INET3# sh bgp | i 10.0.0.0
*> 10.0.0.0 10.100.2.245 0 32768 ?
Since I have no auto-summary, I perhaps would expect above not to be in BGP.
When I shut the MGMT interface or delete the MGMT route:
BLDRE-FW-INET3# sh route | i 10.0.0.0
S 10.0.0.0 255.0.0.0 [1/0] via 10.100.2.245, INSIDE
BLDRE-FW-INET3#
BLDRE-FW-INET3# sh route management-only | i 10.0.0.0
BLDRE-FW-INET3#
BLDRE-FW-INET3# sh bgp | i 10.0.0.0
BLDRE-FW-INET3#
The MGMT route is gone as expected, INSIDE route stays in table as expected, but the route is gone in BGP.
Why was 10 /8 in BGP to begin with if tied to MGMT interface?
I don't want auto-summary because I have other more specific routes I want in BGP. I tried to put in a network statement:
BLDRE-FW-INET3(config)# router bgp 65121
BLDRE-FW-INET3(config-router)# address-family ipv4 unicast
BLDRE-FW-INET3(config-router-af)# network 10.0.0.0 mask 255.0.0.0
ERROR: BGP configuration not supported on management-only/BVI interface
Bottom line:
I want to redistribute specific static routes into BGP with no auto-summary and I want 10 /8 route included. How might I workaround this behavior?
Solved! Go to Solution.
04-03-2023 07:51 AM - last edited on 04-03-2023 10:42 PM by Translator
My fix is:
! SPLIT 10 /8 ON MGMT
route MGMT 10.128.0.0 255.128.0.0 10.100.25.1 15
route MGMT 10.0.0.0 255.128.0.0 10.100.25.1 15
! ADD NETWORK STMT TO BGP
router bgp 65121
address-family ipv4 unicast
network 10.0.0.0
04-03-2023 07:58 AM
Sorry I check your post now
The bgp nwtwork command check RIB and advertise prefix only if thw prefix is exactly same as see in RIB.
Here the issue of mgmt interfaces and down make bgp not advertise 10.0.0.0 is this route is advertise vai redsitrubte ststic not via network command
What you need is
Aggragte-address this make sure that this prefix will advertise via bgp.
04-05-2023 06:53 AM
thanks
already had redistribute static, then worked with network command as in my fix
on another asa had redistribute static with route map and had to use aggregate address
router bgp 65122
address-family ipv4 unicast
! neighbors
redistribute static route-map PRIVATE
aggregate-address 10.0.0.0 255.0.0.0
no auto-summary
no synchronization
exit-address-family
route Null0 10.0.0.0 255.0.0.0 252
DENCL-404-FW-INET/act/pri# sh bgp
BGP table version is 37005, local router ID is 10.206.2.44
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
r> 10.0.0.0 0.0.0.0 32768 i
So RIB-failure but now advertising to neighbors, which is what I need
04-03-2023 07:27 AM
Hello @andrew.neff
It's possible that the 10/8 route was originally in BGP because it was redistributed into BGP through the "redistribute static" command in your BGP configuration. Since the MGMT interface is configured with a static route for the 10/8 network, it would have been included in the static routes that were redistributed into BGP.
When you shut down or delete the MGMT interface and its corresponding route, the 10/8 route is no longer present in the routing table, so it is removed from BGP as well.
As for your question about redistributing specific static routes into BGP with no auto-summary, one workaround could be to use route maps to selectively redistribute the desired static routes into BGP. For example, you could create a route map that matches only the static routes you want to redistribute and then apply that route map to the "redistribute static" command in your BGP configuration.
04-03-2023 07:49 AM
Definitely the supposedly "management-only" 10 /8 route was redistributed into BGP even though the INSIDE route is the one in the main route table. This seems like nonsense to me, but I'm not a Cisco product programmer. My mistake was thinking management-only works like a vrf.
When MGMT interface is down, the INSIDE route then falls prey to no auto-summary so I end up with no 10 /8 in BGP. To work around this, I've added network 10.0.0.0 under router bgp, removed the MGMT 10/8, and added two static MGMT 10/9s. I think that's my solution as a workaround.
04-03-2023 07:51 AM - last edited on 04-03-2023 10:42 PM by Translator
My fix is:
! SPLIT 10 /8 ON MGMT
route MGMT 10.128.0.0 255.128.0.0 10.100.25.1 15
route MGMT 10.0.0.0 255.128.0.0 10.100.25.1 15
! ADD NETWORK STMT TO BGP
router bgp 65121
address-family ipv4 unicast
network 10.0.0.0
04-03-2023 07:58 AM
Sorry I check your post now
The bgp nwtwork command check RIB and advertise prefix only if thw prefix is exactly same as see in RIB.
Here the issue of mgmt interfaces and down make bgp not advertise 10.0.0.0 is this route is advertise vai redsitrubte ststic not via network command
What you need is
Aggragte-address this make sure that this prefix will advertise via bgp.
04-05-2023 06:53 AM
thanks
already had redistribute static, then worked with network command as in my fix
on another asa had redistribute static with route map and had to use aggregate address
router bgp 65122
address-family ipv4 unicast
! neighbors
redistribute static route-map PRIVATE
aggregate-address 10.0.0.0 255.0.0.0
no auto-summary
no synchronization
exit-address-family
route Null0 10.0.0.0 255.0.0.0 252
DENCL-404-FW-INET/act/pri# sh bgp
BGP table version is 37005, local router ID is 10.206.2.44
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
r> 10.0.0.0 0.0.0.0 32768 i
So RIB-failure but now advertising to neighbors, which is what I need
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide