Redistribute interface address as a /32 or /128 into BGP
Brian Turnbow
b.turnbow at twt.it
Wed Mar 10 10:41:57 EST 2021
Hi,
>
> >> Now some of my monitoring and management traffic, which is addressed
> >> to the customer facing interface addresses takes the shortest path
> >> into
> >> 10.0.0.0/24 and through this network and might then hit the interface
> >> of the router. But there is a ACL that blocks that, because it looks
> >> like the customer spoofed the source address of the monitoring system.
>
> > But you're doing it wrong. I'm not sure what is right without
> > understanding more accurately what you are doing, but some flavor of
>
> If I understand correctly, you are monitoring ICMP reachability of, say,
> 10.0.0.2, because reaching the router itself (e.g. its loopback or its backbone
> address) and getting via SNMP the state of its interface is not enough for you,
> you want to make sure to be able to reach addresses in the actual customer
> prefix, to detect routing problems with that specific prefix.
>
If I have understood correctly you are looking to force the monitoring through router local links , but the monitoring system only has the one "shorter" path.
This may be done using a sla locally on the router and then polling the state of the sla from the monitoring system
Brian
More information about the cisco-nsp
mailing list