Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
218
Views
0
Helpful
0
Replies

Prevent IOS router from advertising sub-network in a large network BGP

dhr.tech1
Spotlight
Spotlight

‎04-01-2025 09:13 AM - edited ‎04-02-2025 02:21 AM

Introduction

In this blog we will try to explain how we can  prevent an IOS router from advertising a specific sub-network in a large advertise network BGP. We cannot filter the route if we're advertising the routes using a Null Route. 

When you inject a route into BGP using a network statement backed by a Null0 static route (e.g., 10.0.0.0/8 → Null0), BGP only sees and advertises the summary. It has no visibility into smaller subnets like 10.20.20.0/24 unless they are also present in the routing table. So, trying to block such subnets using a route-map has no effect, because BGP isn’t advertising them to begin with.

Topology

dhrtech1_1-1743523061150.png

Initial Configuration

 

R1 

!
interface Loopback1
ip address 10.10.10.1 255.255.255.192
!
interface Loopback2
ip address 10.10.10.65 255.255.255.192
!
interface Loopback3
ip address 10.10.10.129 255.255.255.192
!
interface Loopback4
ip address 10.10.10.193 255.255.255.192
!
interface GigabitEthernet0/0
ip address 11.11.11.1 255.255.255.0
duplex auto
speed auto
media-type rj45
!

router bgp 100
bgp log-neighbor-changes
network 10.10.10.0 mask 255.255.255.192
network 10.10.10.64 mask 255.255.255.192
network 10.10.10.128 mask 255.255.255.192
network 10.10.10.192 mask 255.255.255.192
aggregate-address 10.10.10.0 255.255.255.192
neighbor 11.11.11.2 remote-as 200
!

R2

!
interface Loopback1
ip address 20.20.20.1 255.255.255.192
!
interface Loopback2
ip address 20.20.20.65 255.255.255.192
!
interface Loopback3
ip address 20.20.20.129 255.255.255.192
!
interface Loopback4
ip address 20.20.20.193 255.255.255.192
!
interface Loopback5
ip address 10.10.10.193 255.255.255.192
shutdown
!
interface GigabitEthernet0/0
ip address 11.11.11.2 255.255.255.0
duplex auto
speed auto
media-type rj45
!

!
router bgp 200
bgp log-neighbor-changes
network 20.20.20.0 mask 255.255.255.0
neighbor 11.11.11.1 remote-as 100
!

Initial Verification

R2R1
dhrtech1_3-1743523393214.png

 


 

dhrtech1_4-1743523455655.png

 

Objective: Ensure route 10.10.10.192/26 isn't advertised from R1 to R2.

Technical changes

 

R1

!
ip prefix-list deny_subnet seq 5 deny 10.10.10.192/26
ip prefix-list deny_subnet seq 10 permit 0.0.0.0/0 le 32
!
route-map suppress_subnet permit 10
match ip address prefix-list deny_subnet
!

router bgp 100
neighbor 11.11.11.2 route-map suppress_subnet out

!

Final Verification

 

R2 -Before changeR2 -After Change
dhrtech1_5-1743523868910.png

 

dhrtech1_6-1743523927474.png

 

 

 

 

0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents