cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1664
Views
0
Helpful
8
Replies

BGP static redistribution with different next hop

waqas gondal
Level 1
Level 1

Hi,

I have a 3850 with a static default route to the ISP. 

This 3850 has a eBGP neighbour with a downstream FTD 2110. The ISP and firewall are in the same IP range for the outside interface but I can't have a static route on the firewall because of a bug that the Cisco development team is troubleshooting.

 

Basically what I can do in the short term is try and give the firewall a default route through BGP from the 3850 but instead of the 3850 being the next hop, I need the ISP to be the next hop. This is to avoid asymmetric routing to and from the ISP.

 

I'm thinking it would look something like this on the 3850.

 

access-list 101 permit ip 10.0.0.0 0.255.255.255 any

ip route 0.0.0.0 0.0.0.0 ISP

 

route-map MAP

match ip address 101

set ip next hop ISP

 

router bgp 1001

redistribute static MAP

 

Would this work?

 

Thanks,

 

Waqas

8 Replies 8

Philip D'Ath
VIP Alumni
VIP Alumni

If the static route has the correct next hop you shouldn't need "set ip next hop ISP".

Thanks Philip,

 

This is because I don't want traffic to go through the 3850 when going out to the internet. 

Would I still need the route map on the redistribute command? 

 

If the 3850 is doing the routing itself - no - because the static route will take precendence.

The 3850 has the static route. The firewall cannot have a static route configured on it because of a bug, it can only take a default route dynamically from the 3850.

Then yes, you'll need to redistribute that route.

But will my configuration give the default route to the firewall with the correct next hop (being the ISP)?

The next hop for the firewall cannot be the 3850.

It will redistribute it with whatever the next hop that the static route has.

From my understanding, when a route is redistributed to another device, the redistributing device becomes the next hop for the route.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco