Solved

IP Route to Null0

Posted on 2014-07-17
12
774 Views
Last Modified: 2014-07-25
I have seen on some configurations where they route a network to Null0
I am not sure what is the reason…and that network will show up as directly connected on the routing table .

example:
BB(config)#ip route 192.168.1.0 255.255.255.0 null 0
If I advertise the Network  192.168.1.0, on EIGRP to R2 then go to R2 , it will show up as learned through EIGRP


BB#sh ip route      
   S     192.168.1.0/24 is directly connected, Null0

R2#sh ip route                  
D     192.168.1.0/24 [90/2172416] via 10.1.2.3, 00:00:05, FastEthernet0/0

Thanks
0
Comment
Question by:jskfan
12 Comments
 
LVL 11

Assisted Solution

by:naderz
naderz earned 338 total points
Comment Utility
This is used to prevent loops. This will kill the route.

See below:

http://www.cisco.com/c/en/us/support/docs/ip/ip-routed-protocols/14956-route-to-null-interface.html
0
 

Author Comment

by:jskfan
Comment Utility
But in which case would you use it.?
Any time you do summarization , you will have to do it ? I have seen many summarization configuration, but Null0 is not used.
0
 
LVL 11

Assisted Solution

by:naderz
naderz earned 338 total points
Comment Utility
Well, this depends on the design and architecture, and it is a tool in the architect's tool box to control route propagation. An example is given in the link I sent you.

Let's say all routes to some address /16 are configured to come to your router from an upstream router. And, that you are subnetting per your needs on /24. Let's say you have this:

All 55.44.0.0/16 routes are forwarded to your router via static route.

You are only using 55.44.0.0/24 and 55.44.10.0/24 for now.

You also have a default route pointing to the upstream router so that you can get to the Internet.

Let's say because of the 55.44.0.0/16 static route you receive (for whatever reason) a packet destined for 55.44.30.45. Since you don't have this configured as a valid subnet at the moment in your router, your router will send it back to the upstream router via your configured default route.

To prevent this loop you configure a route to null0 for 55.44.0.0/16. All configured subnets will be OK because they are connected and all non-configured subnets will be suppressed and end on your router. No loop.
0
 

Author Comment

by:jskfan
Comment Utility
I thought the best way to understand it is by using a  LAB, so I took as example the one given in the link below, and created a LAB, I can see the Null0 on the routing table of the router where the Summary is applied, but cannot see the impact when it is there or it is not.
I mean I want to simulate a case when Null0 is not there, how the loop gets triggered.
Note: that I removed Default route from R1 though it is used in the Example, I do not see its usage anyway.

http://ccie4all.wordpress.com/2013/01/04/summary-routes-to-null0/

The Configuration is as follows:

R1#sh run
Building configuration...

Current configuration : 990 bytes
!
! Last configuration change at 05:31:19 UTC Sun Jul 20 2014
!
upgrade fpd auto
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
no logging console
!
no aaa new-model
!
!
!
ip source-route
ip cef    
!
!
!
!
no ip domain lookup
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
redundancy
!
!
! 
!
!         
!
!
!
!
!
interface FastEthernet0/0
 ip address 12.12.12.1 255.255.255.0
 duplex auto
 speed auto
 !
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
 !
!
!
!
router eigrp 1
 network 12.0.0.0
 passive-interface default
 no passive-interface FastEthernet0/0
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
!
!
!
!
!
!
!
control-plane
 !
!
!
mgcp fax t38 ecm
mgcp behavior g729-variants static-pt
!
!
!         
gatekeeper
 shutdown
!
!
line con 0
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 login
!
end

R1#

Open in new window



R2#sh run
Building configuration...

Current configuration : 1452 bytes
!
! Last configuration change at 05:21:17 UTC Sun Jul 20 2014
!
upgrade fpd auto
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
no logging console
!
no aaa new-model
!
!
!
ip source-route
ip cef    
!
!
!
!
no ip domain lookup
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
redundancy
!
!
! 
!
!         
!
!
!
!
!
interface Loopback1
 ip address 2.2.2.1 255.255.255.255
 !
!
interface Loopback2
 ip address 2.2.2.2 255.255.255.255
 !
!
interface Loopback3
 ip address 2.2.2.3 255.255.255.255
 !
!
interface Loopback4
 ip address 2.2.2.4 255.255.255.255
 !
!
interface Loopback5
 ip address 2.2.2.5 255.255.255.255
 !
!
interface Loopback6
 ip address 2.2.2.6 255.255.255.255
 !
!
interface FastEthernet0/0
 ip address 12.12.12.2 255.255.255.0
 ip summary-address eigrp 1 2.2.2.0 255.255.255.248
 duplex auto
 speed auto
 !
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
 !
!
!
!
router eigrp 1
 network 2.0.0.0
 network 2.0.0.0 0.0.0.255
 network 12.0.0.0
 passive-interface default
 no passive-interface FastEthernet0/0
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
!
!
!
!
!
!
!
control-plane
 !
!
!
mgcp fax t38 ecm
mgcp behavior g729-variants static-pt
!
!
!
gatekeeper
 shutdown
!
!
line con 0
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 login
!
end

R2#

Open in new window


R2#sh ip route
 

Gateway of last resort is not set

      2.0.0.0/8 is variably subnetted, 7 subnets, 2 masks
D        2.2.2.0/29 is a summary, 00:17:29, Null0
C        2.2.2.1/32 is directly connected, Loopback1
C        2.2.2.2/32 is directly connected, Loopback2
C        2.2.2.3/32 is directly connected, Loopback3
C        2.2.2.4/32 is directly connected, Loopback4
C        2.2.2.5/32 is directly connected, Loopback5
C        2.2.2.6/32 is directly connected, Loopback6
      12.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        12.12.12.0/24 is directly connected, FastEthernet0/0
L        12.12.12.2/32 is directly connected, FastEthernet0/0
R2#
0
 
LVL 11

Expert Comment

by:naderz
Comment Utility
I am not sure I agree with how the example is setup.

R1 needs to tell R2 that it is the default for all routes R2 does not know about. R2 needs to summarize all its routes to R1 such that R1 will send all routes within that summary to R2.

Then you need to setup R2 such that it has a few subnets within that summary it told R1 about. Get rid of one of the loopbacks and test ping to that loopback from R1. R1 will send the icmp to R2 and R2 will not now what to do with it. Because it does not have it configured. R2 will send it to R1 because R1 is rthe deafult route. R1 will start again by sending it to R2 because R2 said come to me for that packet (via the summary route). On and on....

Note: Put "no auto-summary" back in the EIGRP configs; don't take it out. You don't want to summarize along the Class boundaries.

To understand this you need to focus on how routers populate their routing tables and what does that really mean.
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 

Author Comment

by:jskfan
Comment Utility
<<Note: Put "no auto-summary" back in the EIGRP configs; don't take it out. You don't want to summarize along the Class boundaries.>>

On this IOS version Auto-Summary is ON by default…

--Well I believe I understand the usage of Null0 per your comments.
it sounds like Null0 comes into play when one or more of the Networks that have are part of the Summary, go down.
You suggested that I can remove one of the Loopbacks and do the test…So I came to understand that if I remove loopback 1, for instance, when 2.2.2.1 is part of the Summary,  then if I ping loopback 1(2.2.2.1) R2 will not find it, it will send the request back to R1, and the loop keeps going on and on  until the TTL expires.
0
 

Author Comment

by:jskfan
Comment Utility
Or I can increase the prefix of the summary from /29 to 30, and ping a fictitious ip address which has to be part of the summary, example  2.2.2.7, that will show the usage of Null0…

If what I am thinking is correct the I wonder how can I debug it to see the effect of Null0
0
 
LVL 45

Assisted Solution

by:Craig Beck
Craig Beck earned 112 total points
Comment Utility
I think naderz has really answered your question although another use for routing to null is when you want to mitigate an attack, for example.

Let's say a device on the internet is trying to hack into a server on your network.  Configure a static route to the source IP address via Null0 and it immediately stops traffic from being routed back to the source.

I think you misunderstood naderz here...
<<Note: Put "no auto-summary" back in the EIGRP configs; don't take it out. You don't want to summarize along the Class boundaries.>>

On this IOS version Auto-Summary is ON by default…
Naderz was saying to turn auto-summary OFF, not on.
0
 
LVL 28

Assisted Solution

by:Jan Springer
Jan Springer earned 50 total points
Comment Utility
I use null routes with BGP to nail the route into the routing table to prevent dampening when having problems with flaps in downstream circuits, IGPs, etc.
0
 
LVL 11

Accepted Solution

by:
naderz earned 338 total points
Comment Utility
craigbeck and jesper have given very good usage examples for the null0 also. Again, routing to null0, once its effect understood, is a very good tool for various purposes.

jskfan: in answer to your last post (sorry I could not  reply earlier): your understanding is correct. To see routing to null0 in action I can think of, I have not tried this yet, this setup:

*** Note: what I am mentioning here should NOT be done in a production router. ONLY in a lab.

Debug on ip packets on both routers and start a ping from one router to a non-existing (but routable) subnet on the other router. Use the setup described above.

Note: deubg on ip packets in a production environment could, and most probably will, disrupt and stop all routing. The process will be simply too costly for the router to keep up an cpu will peg to 100% and be overtaxed. In production environments this is done very carefully with extended access-lists.
0
 

Author Closing Comment

by:jskfan
Comment Utility
Thank you Guys!
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

This article is a guide to configure bridging on Cisco Routers.  This is something I never knew was possible until after making a few phone calls to Cisco.  Using bridging saved our company money by not requiring us to purchase a new switch.  Bridgi…
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now