But wouldn't that just send the packets sourced from router R3 destined to 10.0.0.0/24 to the null0 interface on R2?

Because once packets reach R2, R2 will realize that the most specific route it has for this subnet is the one pointing to Null 0.

Yes, you are right. That would have been too easy I guess....:)

I'll look into it further...

Thank you so much for your effort Georg. Would love to hear any ideas you can get regarding this, as it's been really boggling my mind.

Georg, that is probably the most elegant solution I've seen posted yet.

All this time I was trying to control what gets redistributed into my IGP, what my IGP was advertising, or I was trying to find a way to inject a route into my IGP. But by injecting the "sub-route" into BGP actually gives me a lot more control, as well as the fact that I will be able to better control the failover mechanism down the line, once there is a second BGP peer through a second router to the ISP.

Amazing! Thanks a lot for this. :-)

Hello

One of which will be going to R3, and other carved-out nets will be advertised to other routers (R4, R5, ... Rn) from R2.

@Georg - Nice solution! - however may I ask given the above request-

As this is not neighbor specific, It looks like this would inject the summary and the /24 into any other peers and a their inbound filter would need to be amended to accommodate each advertised /24 and would this solution scale to other peers?

res
Paul

Hey Paul, that's not necessarily true because that can be controlled by filtering what goes out of R2 to those other neighbors. This can be achieved in a number of ways, mainly BGP with route-maps would have been my go-to choice, however I'm restricted by project requirements to use an IGP between R2 and the remote routers (i.e. R3, R4, ... Rn).

The solution I developed uses OSPF. BGP is redistributed into OSPF area 0, and every remote router is assigned to another OSPF area. As an example, the VTI between R2 & R3 is in OSPF area 3, rendering R2 an ABR. Next, I configure OSPF on R2 to filter a single prefix to be sent to each area/remote router, accordingly.

Hello
According to you OP, R2 is only receiving a /16 aggregate, as the ISP is suppressing the more specific routes, So R2 doesn't know about them. Its only aware of the summary.

So regarding Georgs last posts, What I highlighted was ONLY a viable statement using BGP as a solution.

Due to the fact using the bgp inject-map xxx exist-map xx globally would advertise the injected /24 prefix to other bgp peers also meaning you have to filter these /24 prefix from the other bgp peers  This I was guess was something you really didn't want to start doing, thus from what i can see it  wouldn't be scalable either.



res
Paul

For example:

R1

interface Loopback0
ip address 10.0.1.1 255.255.255.0 secondary
ip address 10.0.2.1 255.255.255.0 secondary
ip address 10.0.3.1 255.255.255.0 secondary
ip address 10.0.0.1 255.255.255.0

ip prefix-list SUPPRESS-NETS seq 5 permit 10.0.1.0/24
ip prefix-list SUPPRESS-NETS seq 10 permit 10.0.2.0/24
ip prefix-list SUPPRESS-NETS seq 15 permit 10.0.3.0/24

route-map SUPPRESS permit 5
match ip address prefix-list SUPRESS SUPPRESS-NETS

router bgp 65500
no synchronization
bgp log-neighbor-changes
network 10.0.0.0 mask 255.255.255.0
network 10.0.1.0 mask 255.255.255.0
network 10.0.2.0 mask 255.255.255.0
network 10.0.3.0 mask 255.255.255.0
aggregate-address 10.0.0.0 255.255.252.0 summary-only suppress-map SUPPRESS
neighbor 10.12.0.2 remote-as 100
no auto-summary

clear ip bgp * soft

R2

R2 is receiving the allowed prefix and the aggregate subnet. 

R2#SH IP BGP
BGP table version is 24, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 2.2.2.2/32 0.0.0.0 0 32768 i
*> 10.0.0.0/24 10.12.0.1 0 0 65500 i
*> 10.0.0.0/22 10.12.0.1 0 0 65500 i
R2#

R2#SH IP ROUTE
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

2.0.0.0/32 is subnetted, 1 subnets
C 2.2.2.2 is directly connected, Loopback0
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C 10.12.0.0/24 is directly connected, FastEthernet0/0
B 10.0.0.0/24 [20/0] via 10.12.0.1, 00:07:08
B 10.0.0.0/22 [20/0] via 10.12.0.1, 00:06:07
C 10.23.0.0/24 is directly connected, FastEthernet0/1

Once the subnet is on the routing table, you could redistribute into the IGP.

ip prefix-list BGP-->OSPF seq 5 permit 10.0.0.0/24

route-map BGP-->OSPF permit 5
match ip address prefix-list BGP-->OSPF

router ospf 100
log-adjacency-changes
redistribute bgp 100 subnets route-map BGP-->OSPF
network 10.23.0.2 0.0.0.0 area 0

R3

Receive the prefix only.

R3>ena
R3#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

10.0.0.0/24 is subnetted, 2 subnets
O E2 10.0.0.0 [110/1] via 10.23.0.2, 00:01:58, FastEthernet0/1
C 10.23.0.0 is directly connected, FastEthernet0/1
R3#

Please rate this comment if it is useful :-)

Julio, that's extremely close and thanks so much for the example. There is one issue though, and I guess I should have clarified that in my original post; I have no control over R1, as it's controlled by a service provider, with whom I'm peering over BGP.

The main idea is that I want to be able to "carve out" smaller subnets from the much larger /16 subnet that's being advertised to me. One of which will be going to R3, and other carved-out nets will be advertised to other routers (R4, R5, ... Rn) from R2.

Your approach got me thinking though. Is there a way where I can actually filter parts of the incoming /16 advertised route on R2? For example, if I'm receiving the whole /16 on R2, can it then filter out everything except 10.0.0.0/24, and start working that way.

Or if there is any (better) other way, I'm all ears!

Hello

You didnt specify the how R2 was connecting to R3 so i have assumed it via ebgp

R2
ip prefix-list 10 seq 5 deny 10.0.0.0/8
ip prefix-list 10 seq 10 permit 0.0.0.0/0 le 32

route-map STAN permit 10
match ip address prefix-list 10

ip route 10.10.10.0 255.255.255.0 (r1 isp nexthop)

router bgp 2
network 10.10.10.0 mask 255.255.255.0
neighbor (r3) route-map STAN out

This will basically suppress the aggregate from ISP to be advertised to R3 and with the /24 static applied on R2 you can advertise this /24 prefix from R2.

res
Paul

Sure for example if you dont have control of R1, you could use the static route, R2 already know that the subnet 10.0.0.0/24 is part of the supernet and it is being known through R1 so:

R2#Sh ip route 10.0.0.3 --> is a component of the supernet
Routing entry for 10.0.0.0/22
Known via "bgp 100", distance 20, metric 0
Tag 65500, type external
Last update from 10.12.0.1 00:21:34 ago
Routing Descriptor Blocks:
* 10.12.0.1, from 10.12.0.1, 00:21:34 ago
Route metric is 0, traffic share count is 1
AS Hops 1
Route tag 65500

R2#Sh ip route 10.0.1.3  ---> is a component of the supernet
Routing entry for 10.0.0.0/22
Known via "bgp 100", distance 20, metric 0
Tag 65500, type external
Last update from 10.12.0.1 00:21:37 ago
Routing Descriptor Blocks:
* 10.12.0.1, from 10.12.0.1, 00:21:37 ago
Route metric is 0, traffic share count is 1
AS Hops 1
Route tag 65500

Step 1) Create a static route with the specific prefix pointing as next hop the IP of R1 interface. 

ip route 10.0.0.0 255.255.255.0 10.12.0.1 tag 70 (I set up a tag 70 but you could use a route-map and set a tag, the tag is optional)

Step 2) Redistribute into the IGP (assuming R2 and R3 are using IGP only, but it could be used for BGP as well (PBR), in my case the IGP is OSPF, for testing purposes I set up the identifier 70.

router ospf 100
log-adjacency-changes
redistribute static subnets tag 70
network 10.23.0.2 0.0.0.0 area 0

Step 3) Just test :-) , verify R3 

R3#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

3.0.0.0/32 is subnetted, 1 subnets
C 3.3.3.3 is directly connected, Loopback0
10.0.0.0/24 is subnetted, 2 subnets
O E2 10.0.0.0 [110/20] via 10.23.0.2, 00:05:00, FastEthernet0/1
C 10.23.0.0 is directly connected, FastEthernet0/1
R3#

R3#sh ip route 10.0.0.1
Routing entry for 10.0.0.0/24
Known via "ospf 100", distance 110, metric 20
Tag 70, type extern 2, forward metric 10
Last update from 10.23.0.2 on FastEthernet0/1, 00:00:17 ago
Routing Descriptor Blocks:
* 10.23.0.2, from 2.2.2.2, 00:00:17 ago, via FastEthernet0/1
Route metric is 20, traffic share count is 1
Route tag 70

Note

*I have advertised the Loopback0's R3 into BGP on R2 for testing purposes:

R2

router bgp 100
no synchronization
bgp log-neighbor-changes
network 2.2.2.2 mask 255.255.255.255
network 3.3.3.3 mask 255.255.255.255
neighbor 10.12.0.1 remote-as 65500
no auto-summary

R2#sh ip bgp
BGP table version is 6, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 2.2.2.2/32 0.0.0.0 0 32768 i
*> 3.3.3.3/32 10.23.0.3 11 32768 i
*> 10.0.0.0/22 10.12.0.1 0 0 65500 i

R2#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

2.0.0.0/32 is subnetted, 1 subnets
C 2.2.2.2 is directly connected, Loopback0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/11] via 10.23.0.3, 00:08:16, FastEthernet0/1
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C 10.12.0.0/24 is directly connected, FastEthernet0/0
S 10.0.0.0/24 [1/0] via 10.12.0.1
B 10.0.0.0/22 [20/0] via 10.12.0.1, 00:14:59
C 10.23.0.0/24 is directly connected, FastEthernet0/1

R1

R1#sh ip bgp
BGP table version is 14, local router ID is 10.0.0.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 2.2.2.2/32 10.12.0.2 0 0 100 i
*> 3.3.3.3/32 10.12.0.2 11 0 100 i
s> 10.0.0.0/24 0.0.0.0 0 32768 i
*> 10.0.0.0/22 0.0.0.0 32768 i
s> 10.0.1.0/24 0.0.0.0 0 32768 i
s> 10.0.2.0/24 0.0.0.0 0 32768 i
s> 10.0.3.0/24 0.0.0.0 0 32768 i

Verify with ping on R3

R3#ping 10.0.0.1 source l0 RE
R3#ping 10.0.0.1 source l0 REpeat 100

Type escape sequence to abort.
Sending 100, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
Packet sent with a source address of 3.3.3.3
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (100/100), round-trip min/avg/max = 16/22/40 ms
R3#

R3#traceroute 10.0.0.1 source 3.3.3.3 numeric

Type escape sequence to abort.
Tracing the route to 10.0.0.1

1 10.23.0.2 16 msec 8 msec 24 msec
2 10.12.0.1 32 msec * 32 msec
R3#
R3#

And here we go!