03-06-2009 11:36 AM - edited 03-04-2019 03:50 AM
Hello all,
I'm trying to route traffic to 10.1.21.204 though the static route listed below. However, due the longer prefix rule, the route will use BGP. Is there any way to manipulate this?
FYI the BGP route is coming from my ISP and the static is injected dynamically via Reverse Routing - which checks the acl applied to a cryptomap and then adds the routes based on the ACL.
access-list 123 permit ip 10.1.23.0 0.0.0.255 10.0.0.0 0.255.255.255
The above ACL added the static route you see below.
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
S 10.0.0.0/8 [1/0] via 38.x.x.x
B 10.1.21.0/24 [20/0] via 10.1.99.200, 02:12:03
Thx.
03-06-2009 11:39 AM
Hi
Yes there is, do try the following
ip route 10.1.21.204 255.255.255.255 38.x.x.x
This will create a host route and will beat the BGP learned route.
03-08-2009 07:42 PM
Adam,
The 10.1.21.204 route is only one of hundreds and I've thought about the 32 bit mask. I don't know if there is any other way to change that route...hmmmm
03-09-2009 03:05 AM
Hi
As an example, you can catch the class C using
ip route 10.1.21.0 255.255.255.0 38.x.x.x
This will override the BGP learned route as static AD beats BGP.
ip route 10.1.21.0 255.255.255.128 38.x.x.x
This will match 0 - 127
This method is assuming you are trying to match contiguous address space.
If you have discontiguous address's you will need to use multiple ip route statements.
If not, you could also look at using PBR (Policy based routing).
03-06-2009 11:39 AM
Is there any way to manipulate this?
Add a host route which will give you the longest prefix possible.
ip route 10.1.21.204 255.255.255.255 38.x.x.x
HTH,
__
Edison.
03-09-2009 06:21 AM
I should have been more specific in my description - sorry about that. I have hundreds of routes and the trick will be to modify this acl not to create the /8 network. My current network is 10.1.0.0 255.255.255.0 and I would have to modify the acl to create a 32 bit network for my scheme. I don't even know if its possible.
access-list 123 permit ip 10.1.23.0 0.0.0.255 10.0.0.0 0.255.255.255
03-09-2009 06:51 AM
Reverse route is doing it's thing so unless you can be more specific with your destination on your crypto ACL (10.0.0.0 0.255.255.255 ), you are going to have to add more specific static routes I'm afraid.
03-09-2009 06:59 AM
Adam,
I just figured it out - I think but I have to try it in my lab first. I will modify the acl with the following:
access-list 123 permit ip 10.1.23.0 0.0.0.255 10.0.0.0 0.255.255.128
access-list 123 permit ip 10.1.23.0 0.0.0.255 10.0.0.127 0.255.255.128
I'm hoping this should catch it.
03-11-2009 07:55 AM
Ok the acl didn't work BUT I finally figured it out. I used something call Enhanced Object Tracking.
If my device and ping "A" then use "B" as the next hop. If my device can't ping "A" then use "C". In my case, send traffic through normal route processing.
The link is below that help me with this.
http://www.nil.com/ipcorner/SmallSiteMultiHoming/
Big ups to everyone that posted and big props to Adam.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide