Solved: Routing Null0 Question

sebbing · ‎11-02-2022

Hey all,

I have a question regarding a Null0 route that I have on my router. (I inherited the network configs and am trying to clean it up.) I have a very basic understanding of the Null0 route, in that it is designed to drop traffic The route in question is:

ip route 192.168.176.0 255.255.240.0 Null0 250

I guess in the basic sense, the question I have is, with that route in place, and I have an OSPF route going to another interface of a subnet within that /20 subnet, wouldn't the traffic destined for say 192.168.177.128 /25 be routed and not dropped? I would think that the most specific route wins. Right?

I am wondering if I need the larger subnet (That I am broadcasting VIA eBGP to ISP) or should I remove the Null0 routes all together.

Thanks for your help!

Richard Burts · ‎11-03-2022

We do not know much about this situation and something that we do not know yet might change our answers. But based on what I know at this point I am guessing that the static route to null0 was put into the configuration so that BGP would advertise that network. You can put statements into BGP to advertise a network, but BGP will not advertise that network if there is not an extra in the routing table that is an exact match for the network configured in BGP. If you remove that static route to null0 I am guessing that BGP will stop advertising that route.

HTH

Rick

View solution in original post

sebbing · ‎11-03-2022

Thank you for your answers Richard and David,

Richard, If I understand you correctly, If I do not have a route that is "nested" inside a, say /16, and there is nothing on the network with that /16, BGP does not advertise that route? If I understand that correctly, that is good info to know and something I didnt realize. So in a way, it would be good to keep the

ip route 192.168.176.0 255.255.240.0 Null0 250

in there but eliminate all the other smaller /24s from the Null0 routing table?

IE:
ip route 192.168.176.0 255.255.240.0 Null0 250 <--keep
ip route 192.168.177.0 255.255.255.0 Null0 250 <--remove

Would it be best practices for me to advertise the largest summarized route to Null0 for subnet that I am using?

Thanks SO much for the help, it is really helping me understand this better!

View solution in original post

Richard Burts · ‎11-03-2022

You asked " If I do not have a route that is "nested" inside a, say /16". It does not matter whether some networks are nested inside the /16 or not. What matters is that if the BGP config has a network statement for 192.168.176.0/20 is there an entry in the routing table for 192.168.176.0/20. If there is an entry in the routing table then BGP advertises the network. If there is not an entry in the routing table for that address (and mask) then BGP does not advertise the network. This is a basic behavior of BGP. So I suggest that you keep that static route using null0.

If there are other static routes using null0 then we need to understand more about your environment to be able to give good advice about whether to keep them or to remove them. If there is a route like

ip route 192.168.177.0 255.255.255.0 Null0 250

it does not have any significance for BGP but might have significance for something else. To help us understand better the environment would you post the current running config? If you have concerns about posting the whole config could you at least post the parts of the config dealing with interfaces (if there are public IP then obscure the first octet and tell us whether it is class A, or class B, or class C - for private IP there is no need to obscure anything), and anything related to routing (dynamic protocols, static routes, etc). It might also be helpful if you would post the output of show ip route (obscuring any Public IP as suggested above).

HTH

Rick

View solution in original post

David Ruess · ‎11-02-2022

Hello,

Yes the more specific route would win as long as that route is in the routing table. Sometimes a Null0 route is places just to get an entry in the routing table like as you mention for BGP since it derives its advertisements from the routing table itself. It also has a very high Administrative Distance which points to its there for a reason and is deliberate.

Are you experiencing issues with routing to bring this up? If so could you provide the contents of that routing table.

-David

sebbing · ‎11-03-2022

Hi David,

We are not experiencing any issues with them at the moment. We have had issues with routing and Cisco has asked why they were there, along with a new colleague. Problem is, at this point, no one really knows why they are there. When I was hired, the company didn't have any one who took care of the network and they had done a hardware upgrade a few months before I was hired.

I am looking at it from the standpoint of, if it is not truly needed, then get rid of it. I just want to get the network as clean as possible at this point. If it is needed, I have no problem leaving it there.

If needed, is the best way to go about this, having the largest summary subnet in there with a Null0? IE: a 192.168.0.0/16 instead of a bunch of /24s?

Thanks for your help!

David Ruess · ‎11-03-2022

I agree with the network cleanup. You can do an aggregate address in BGP if you have /24s you need to summarize to the ISP. I would verify with the rest of the config to see if the static route is referenced anywhere else. If not you can schedule a service interruption. Remove the route, see if anyone complains....if so add the route back in. Worst case if you lose connection to the device you can just reset it and it'll revert the config.

Hope that helps

-David

Richard Burts · ‎11-03-2022

We do not know much about this situation and something that we do not know yet might change our answers. But based on what I know at this point I am guessing that the static route to null0 was put into the configuration so that BGP would advertise that network. You can put statements into BGP to advertise a network, but BGP will not advertise that network if there is not an extra in the routing table that is an exact match for the network configured in BGP. If you remove that static route to null0 I am guessing that BGP will stop advertising that route.

HTH

Rick

sebbing · ‎11-03-2022

Thank you for your answers Richard and David,

Richard, If I understand you correctly, If I do not have a route that is "nested" inside a, say /16, and there is nothing on the network with that /16, BGP does not advertise that route? If I understand that correctly, that is good info to know and something I didnt realize. So in a way, it would be good to keep the

ip route 192.168.176.0 255.255.240.0 Null0 250

in there but eliminate all the other smaller /24s from the Null0 routing table?

IE:
ip route 192.168.176.0 255.255.240.0 Null0 250 <--keep
ip route 192.168.177.0 255.255.255.0 Null0 250 <--remove

Would it be best practices for me to advertise the largest summarized route to Null0 for subnet that I am using?

Thanks SO much for the help, it is really helping me understand this better!

sebbing · ‎11-03-2022

Hi David,

Thank you for all the info you have provided thus far. If I am understanding you and Richard correctly, I will just keep the largest Null0 subnet route and delete all the smaller ones.

I think that if we eventually get rid of a whole summarized subnet, then we can look into removing that Null0 route at that time.

I hope I understand this a bit better with your responses. Let me know if it appears that I am misunderstanding you guys.

Thank you SO much!

Richard Burts · ‎11-03-2022

You asked " If I do not have a route that is "nested" inside a, say /16". It does not matter whether some networks are nested inside the /16 or not. What matters is that if the BGP config has a network statement for 192.168.176.0/20 is there an entry in the routing table for 192.168.176.0/20. If there is an entry in the routing table then BGP advertises the network. If there is not an entry in the routing table for that address (and mask) then BGP does not advertise the network. This is a basic behavior of BGP. So I suggest that you keep that static route using null0.

If there are other static routes using null0 then we need to understand more about your environment to be able to give good advice about whether to keep them or to remove them. If there is a route like

ip route 192.168.177.0 255.255.255.0 Null0 250

it does not have any significance for BGP but might have significance for something else. To help us understand better the environment would you post the current running config? If you have concerns about posting the whole config could you at least post the parts of the config dealing with interfaces (if there are public IP then obscure the first octet and tell us whether it is class A, or class B, or class C - for private IP there is no need to obscure anything), and anything related to routing (dynamic protocols, static routes, etc). It might also be helpful if you would post the output of show ip route (obscuring any Public IP as suggested above).

HTH

Rick

Richard Burts · ‎11-08-2022

This has been a good discussion. I am glad that our explanations have been helpful. Thank you for marking this question as solved. This will help other participants in the community to identify discussions which have helpful information. This community is an excellent place to ask questions and to learn about networking. I hope to see you continue to be active in the community.

HTH

Rick

MHM Cisco World · ‎11-03-2022

Hi
are you still have Q about your issue,
if you have write to me your Q