[c-nsp] iBGP not propogating route to 0/8

Justin Shore justin at justinshore.com
Fri May 16 21:30:22 EDT 2008 

The default-info originate solution makes me nervous without a lab to 
test this in.  Forcing the advertisement with the network statement 
though works like a champ.  I hadn't even considered that this was being 
caused by Cisco's martian handling.  But as David Sinn pointed out, 
there are more prefixes than just 0/8 that are being suppressed.  I'll 
use the network command to force the advertisement for those networks 
too.  I need to put up a RTBH HOWTO on my website I think.

Thanks.  TGIF!
  Justin



Tassos Chatzithomaoglou wrote:
> I think it has to do with the default route "confusion"...
> 
> 1) You can use "default-information originate" under the bgp process and 
> trick bgp that this is the default route (i guess only the network part 
> is checked). The network is shown as "0.0.0.0/8" which means that the 
> router doesn't consider /8 to be the default length of 0.0.0.0, like in 
> 3.0.0.0.
> 
> R1>sh ip bgp
> BGP table version is 20, local router ID is 1.1.1.1
> Status codes: s suppressed, d damped, h history, * valid, > best, i - 
> internal,
>               r RIB-failure, S Stale
> Origin codes: i - IGP, e - EGP, ? - incomplete
> 
>    Network          Next Hop            Metric LocPrf Weight Path
> *>i0.0.0.0/8        1.1.1.2                  0    500      0 i
> *>i3.0.0.0          1.1.1.2                  0    500      0 i
> 
> 
> 2) You can use "network 0.0.0.0 mask 255.0.0.0 route-map static-to-bgp" 
> under bgp and force its advertisement.
> 
> Method 1 requires redistribution of the route, method 2 requires route 
> to be present in IGP/static.
> In your case, you have both ;)
> 
> -- 
> Tassos
> 
> 
> David Sinn wrote on 16/5/2008 7:06 μμ:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> On May 15, 2008, at 2:31 PM, Justin Shore wrote:
>>
>>> I can't think of any reason why this prefix wouldn't be advertised.   
>>> Any
>>> ideas?  I noticed it today because I have customers trying to hit 0/8
>>> IPs (0.4.24.200 for example) that my egress ACLs are catching.
>>
>> This is due to how Cisco treats martian networks per their  
>> interpretation (or real meaning) of RFC 1812.  Since the following 
>> are  martians, to cover the "Should not" route part of 5.3.7, they 
>> won't  install them in the route table.
>>
>> 0.0.0.0/8
>> 127.0.0.0/8
>> 128.0.0.0/16
>> 181.255.0.0/16
>> 192.0.0.0/24
>> 233.255.255.0/24
>> 240.0.0.0/4
>>
>> I've only personally tested 240.0.0.0/4 and it will not install in 
>> the  route table.  I've also not tried to figure out what more or 
>> less  specific routes you could try and install to cover these blocks.
>>
>> David
>>
>>
>>> Thanks
>>>  Justin
>>>
>>>
>>> _______________________________________________
>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.9 (Darwin)
>>
>> iEYEARECAAYFAkgtsPYACgkQLa9jIE3ZamNprgCfUAoV0GXj0Ob1HNg8pyifER1a
>> 6T8AoIWpvrB87i+VjRmp3avNPNRTJAV8
>> =1Klc
>> -----END PGP SIGNATURE-----
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>

More information about the cisco-nsp mailing list