[c-nsp] Redistribute interface address as a /32 or /128 into BGP

[Michele Bergonzoni]

>> Now some of my monitoring and management traffic, which is addressed to
>> the customer facing interface addresses takes the shortest path into
>> 10.0.0.0/24 and through this network and might then hit the interface of
>> the router. But there is a ACL that blocks that, because it looks like
>> the customer spoofed the source address of the monitoring system.

> But you're doing it wrong. I'm not sure what is right without
> understanding more accurately what you are doing, but some flavor of

If I understand correctly, you are monitoring ICMP reachability of, say, 10.0.0.2, because reaching the router itself (e.g. its loopback or its backbone address) and getting via SNMP the state of its interface is not enough for you, you want to make sure to be able to reach addresses in the actual customer prefix, to detect routing problems with that specific prefix.

If this is the case, I have a very similar situation and I did not come up with a solution. Injecting host routes, as you tried to do and Saku explained how to do, should work but is actually cheating: you will detect routing problems with the host route, not with the customer prefix.

Or, maybe, the customer facing interface is in a VRF and the backbone/loopback is not, and you are monitoring from the VRF. Then the host route is OK, you could add a loopback in the VRF to distinguish router down vs. interface down.

Regards,
               Bergonz

-- 
Michele Bergonzoni
Network Management and Security
Network Design Team Leader
Laboratori Guglielmo Marconi
Via Porrettana 123
40037 Pontecchio Marconi (BO) - Italy
Phone +39 051 6781926
Mobile +39 3484135807