Preventing private route advertising

- B
- Bernard Herickx
  
  Contact options for registered users
posted
18 years ago

Wed, May 25, 2005 6:17 AM

How do I prevent a router from advertising a private network (10.0.0.0/8,

172.166.0.0/12, 192.168.0.0/16) on the Internet with RIP, EIGRP and OSPF?

Let say, to give an example, the topology is:

hostA--switch--R1--R2--R3--switch--hostB

with the following networks: LAN "hostA--switch--R1" is 172.18.81.0/24 WAN "R1--R2" is 62.235.14.128/26 WAN "R2--R3" is 198.133.219.64/27 LAN "R3--switch--hostB" is 10.22.33.0/24

If you configure one routing protocol as EIGRP on the three routers, hostA is allowed to reach hostB and vice versa. With real networks, you can't. Routers are not supposed to route packets with a private destination address through the internet. How is this prevented? What command is used?

Thanks to throw light on this point.

Bernard.

- H
- Hansang Bae
  
  Contact options for registered users
Vote on answer
posted
18 years ago

Wed, May 25, 2005 7:33 AM

Keep in mind that there is nothing special about RFC 1918 addresses. It's only by convention that we block these from propagating into the world.

So for EIGRP you could use an outbound distribute-list and apply it under "router eigrp" for the interface in question.

- J
- Jon Hartman
  
  Contact options for registered users
Vote on answer
posted
18 years ago

Tue, May 31, 2005 10:18 AM

Bear in mind, most/all peering between entites and their Tier 1 or 2 providers are done via BGP, which is very much policy-friendly. A typical BGP configuration is locked down to only permit certain advertisments out. Unless you are redistributing and not filtering, it would be rather difficult to accidentally leak these routes.

Beyond that, many providers will have route-maps on their end that will only permit whatever subnets you've told them you want to advertise.

-Jon