Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3425
Views
0
Helpful
12
Replies

BGP redistribute static suppressing host route

axeleratorcisco
Level 1
Level 1

‎06-28-2013 06:46 AM - last edited on ‎03-25-2019 03:39 PM by Community Manager

Hello,

I have two routers advertising /24 or larger subnets to peers.

I am doing this by using static routes, and under the BGP process i have a simple redistribute static command, so it redistributes every route to the peers.

I want to exclude a single host ip address from within a certain /24 to be advertised.

Is there a way to do this without using a route map, distribute list etc etc..?

Of course i could make all static single host routes in that subnet which then get redistributed, and leave the one host out which i don't want in. Then delete the static route to the subnet....

But this isn't efficient of course.

Can i use the redistribute static command and use another option behind it, to exclude a single address?

Since there are a ton of routes I'd like a pretty safe way to exclude this route.

Thanks in advance.

Labels:
0 Helpful
12 Replies 12

Steven Clinton
Level 1
Level 1

‎06-28-2013 07:10 AM

It depends, what exactly are you trying to accomplish?

If you truly just want to ensure that a single host route is not being advertised, you are going to have to stop advertising the larger subnet (/24) and advertise smaller ones (/25, /26, etc) you don't necessarily have to break it down to individual host routes(/32), but you would need to use some combinations of /25, /26's, etc... to fill in all the subnets that you do want to advertise. This would help you avoid entering in all of the /32's individually. However this doesn't scale well and will not work for Internet peering since the minimum advertisement must be a /24.

The biggest question is why do you not want to advertise it this specific route?

Sent from Cisco Technical Support iPhone App

0 Helpful

axeleratorcisco
Level 1
Level 1
In response to Steven Clinton

‎06-28-2013 07:20 AM

i want to exclude one host route

the other side needs to advertise this single address and NAT it to another ip, so it seems that we are not advertising this ip anymore but it now "lives" on the domain on the other side

but now, the entire subnet is (doesn't really matter if /24 or /25 or /26) advertised and i'm looking for the easiest most risk free option of excluding this host route, so it doesn't get redistributed

has nothing to do with the internet, just internal network issue

0 Helpful

axeleratorcisco
Level 1
Level 1
In response to axeleratorcisco

‎06-28-2013 07:40 AM

no not really

hopefully this will clarify:

from domain OLD we have a router which has a static route to a subnet, which points to a firewall

from domain OLD on this router i have a bgp process with domain NEW

from domain OLD i execute the "redistribute static" command so this subnet gets redistributed to domain NEW

domain NEW thinks it can now find all servers in this subnet on domain OLD

on domain OLD we want to disable one server in this subnet

on domain NEW we have a new server with a completely different ip, and it must seem as if connections from that server are originating from this single host address on domain OLD

therefore we want to use a 1:1 NAT on domain NEW

connections now starting from server on domain NEW will enter domain OLD and travel further down the path, appearing as if coming from the server's old ip address

therefore we have to stop adverting this single ip address from domain OLD, and advertise it from domain NEW

so i could make tons of single host statics on domain OLD and remove the subnet, excluding the single host ip of the old server

my question is: what is the easiest way to do it?

probably a route map which denies this host route and permits any

but are there other ways to do it? with the redistribute static command perhaps? or can the no network statement be used for this single ip address under the bgp process?

hope that clarifies

0 Helpful

Steven Clinton
Level 1
Level 1

‎06-28-2013 07:28 AM

Do you have a diagram?

0 Helpful

Gajendra R'
Level 1
Level 1

‎06-28-2013 08:13 AM

Hi ,

  By using Prefix list you can exclude the route which you don’t want to advertise.

   Deny statement of prefix list or distribution list will help you to do the action...

Thanks

Enjoy.

0 Helpful

Steven Clinton
Level 1
Level 1

‎06-28-2013 08:16 AM

Prefix list will only work if you are advertising the indivual host routes, otherwise you will still advertise the larger aggregate subnet, the /24 in this case and traffic will still be routed to the router.

0 Helpful

axeleratorcisco
Level 1
Level 1
In response to Steven Clinton

‎06-28-2013 09:26 AM

is this correct?

other posters says to use prefix list...

i think a simple access-list blocking the host route and permitting any would be good

then redistribute static routemap command

show ip route and bgp is gonna be a little bit tough we got a crapload of networks in this routing table.. i just wanna exclude one host route from being redistributed to domain NEW

just look at it as a simple one on one bgp relationship where i use the most basic redistribute command to get subnets across to the other side, just wanting to exclude one host in a subnet

with the network command no possibilities of denying?

or redistribute static ... deny host route?

0 Helpful

Steven Clinton
Level 1
Level 1

‎06-28-2013 08:28 AM

Can you provide a "show ip route" and "show ip bgp" from borh routers? Also, if you could provide a "show run | sec router bgp" from each, that may help.

Thanks

0 Helpful

Steven Clinton
Level 1
Level 1

‎06-28-2013 09:37 AM

To answer the simple question of whether you can exclude individual networks using prefix-lists, route-maps, etc when redistributing, the answers is yes.

However, based in your original post you stated that you are advertising a /24 that encompasses this single host route. If this is accurate, then you will not be able to exclude the individual host route from the larger /24 in this way. You would have to stop advertising the /24 that includes the host route and then advertise all of the smaller networks within that /24, excluding the one host route. This is if you want to advertise all IPs within the /24, except the single host (/32).

Am I misunderstanding your intention?

Sent from Cisco Technical Support iPhone App

0 Helpful

axeleratorcisco
Level 1
Level 1
In response to Steven Clinton

‎06-28-2013 09:44 AM

i am advertising a /24 encompassing this single host route

yes i do want to advertise all ip's in this segment, excluding the one host route

would a distribute list work?

access-list 10 permit deny 1.1.1.1 255.255.255.255

access-list 10 permit any

router bgp x

neighbor NEW remote-as NEW

neighbor NEW distribute-list 10 out

?

or will it still advertise the /24?         

0 Helpful

Steven Clinton
Level 1
Level 1

‎06-28-2013 09:38 AM

This would be simpler to understand if I had more data and/or an example to work from

Sent from Cisco Technical Support iPhone App

0 Helpful

Steven Clinton
Level 1
Level 1

‎06-30-2013 05:21 AM

The access list in your example would block a host route of 1.1.1.1/32 from being advertised, but if a larger /24 such as 1.1.1.0/24 is being advertised, it will still direct traffic to that router if no longer match exists.

Sent from Cisco Technical Support iPhone App

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card