Solved

IP Route to Null0

Posted on 2014-07-17
12
999 Views
Last Modified: 2014-07-25
I have seen on some configurations where they route a network to Null0
I am not sure what is the reason…and that network will show up as directly connected on the routing table .

example:
BB(config)#ip route 192.168.1.0 255.255.255.0 null 0
If I advertise the Network  192.168.1.0, on EIGRP to R2 then go to R2 , it will show up as learned through EIGRP


BB#sh ip route      
   S     192.168.1.0/24 is directly connected, Null0

R2#sh ip route                  
D     192.168.1.0/24 [90/2172416] via 10.1.2.3, 00:00:05, FastEthernet0/0

Thanks
0
Comment
Question by:jskfan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
12 Comments
 
LVL 11

Assisted Solution

by:naderz
naderz earned 338 total points
ID: 40203949
This is used to prevent loops. This will kill the route.

See below:

http://www.cisco.com/c/en/us/support/docs/ip/ip-routed-protocols/14956-route-to-null-interface.html
0
 

Author Comment

by:jskfan
ID: 40206244
But in which case would you use it.?
Any time you do summarization , you will have to do it ? I have seen many summarization configuration, but Null0 is not used.
0
 
LVL 11

Assisted Solution

by:naderz
naderz earned 338 total points
ID: 40206532
Well, this depends on the design and architecture, and it is a tool in the architect's tool box to control route propagation. An example is given in the link I sent you.

Let's say all routes to some address /16 are configured to come to your router from an upstream router. And, that you are subnetting per your needs on /24. Let's say you have this:

All 55.44.0.0/16 routes are forwarded to your router via static route.

You are only using 55.44.0.0/24 and 55.44.10.0/24 for now.

You also have a default route pointing to the upstream router so that you can get to the Internet.

Let's say because of the 55.44.0.0/16 static route you receive (for whatever reason) a packet destined for 55.44.30.45. Since you don't have this configured as a valid subnet at the moment in your router, your router will send it back to the upstream router via your configured default route.

To prevent this loop you configure a route to null0 for 55.44.0.0/16. All configured subnets will be OK because they are connected and all non-configured subnets will be suppressed and end on your router. No loop.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:jskfan
ID: 40207140
I thought the best way to understand it is by using a  LAB, so I took as example the one given in the link below, and created a LAB, I can see the Null0 on the routing table of the router where the Summary is applied, but cannot see the impact when it is there or it is not.
I mean I want to simulate a case when Null0 is not there, how the loop gets triggered.
Note: that I removed Default route from R1 though it is used in the Example, I do not see its usage anyway.

http://ccie4all.wordpress.com/2013/01/04/summary-routes-to-null0/

The Configuration is as follows:

R1#sh run
Building configuration...

Current configuration : 990 bytes
!
! Last configuration change at 05:31:19 UTC Sun Jul 20 2014
!
upgrade fpd auto
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
no logging console
!
no aaa new-model
!
!
!
ip source-route
ip cef    
!
!
!
!
no ip domain lookup
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
redundancy
!
!
! 
!
!         
!
!
!
!
!
interface FastEthernet0/0
 ip address 12.12.12.1 255.255.255.0
 duplex auto
 speed auto
 !
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
 !
!
!
!
router eigrp 1
 network 12.0.0.0
 passive-interface default
 no passive-interface FastEthernet0/0
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
!
!
!
!
!
!
!
control-plane
 !
!
!
mgcp fax t38 ecm
mgcp behavior g729-variants static-pt
!
!
!         
gatekeeper
 shutdown
!
!
line con 0
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 login
!
end

R1#

Open in new window



R2#sh run
Building configuration...

Current configuration : 1452 bytes
!
! Last configuration change at 05:21:17 UTC Sun Jul 20 2014
!
upgrade fpd auto
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
no logging console
!
no aaa new-model
!
!
!
ip source-route
ip cef    
!
!
!
!
no ip domain lookup
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
redundancy
!
!
! 
!
!         
!
!
!
!
!
interface Loopback1
 ip address 2.2.2.1 255.255.255.255
 !
!
interface Loopback2
 ip address 2.2.2.2 255.255.255.255
 !
!
interface Loopback3
 ip address 2.2.2.3 255.255.255.255
 !
!
interface Loopback4
 ip address 2.2.2.4 255.255.255.255
 !
!
interface Loopback5
 ip address 2.2.2.5 255.255.255.255
 !
!
interface Loopback6
 ip address 2.2.2.6 255.255.255.255
 !
!
interface FastEthernet0/0
 ip address 12.12.12.2 255.255.255.0
 ip summary-address eigrp 1 2.2.2.0 255.255.255.248
 duplex auto
 speed auto
 !
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
 !
!
!
!
router eigrp 1
 network 2.0.0.0
 network 2.0.0.0 0.0.0.255
 network 12.0.0.0
 passive-interface default
 no passive-interface FastEthernet0/0
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
!
!
!
!
!
!
!
control-plane
 !
!
!
mgcp fax t38 ecm
mgcp behavior g729-variants static-pt
!
!
!
gatekeeper
 shutdown
!
!
line con 0
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 login
!
end

R2#

Open in new window


R2#sh ip route
 

Gateway of last resort is not set

      2.0.0.0/8 is variably subnetted, 7 subnets, 2 masks
D        2.2.2.0/29 is a summary, 00:17:29, Null0
C        2.2.2.1/32 is directly connected, Loopback1
C        2.2.2.2/32 is directly connected, Loopback2
C        2.2.2.3/32 is directly connected, Loopback3
C        2.2.2.4/32 is directly connected, Loopback4
C        2.2.2.5/32 is directly connected, Loopback5
C        2.2.2.6/32 is directly connected, Loopback6
      12.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        12.12.12.0/24 is directly connected, FastEthernet0/0
L        12.12.12.2/32 is directly connected, FastEthernet0/0
R2#
0
 
LVL 11

Expert Comment

by:naderz
ID: 40207755
I am not sure I agree with how the example is setup.

R1 needs to tell R2 that it is the default for all routes R2 does not know about. R2 needs to summarize all its routes to R1 such that R1 will send all routes within that summary to R2.

Then you need to setup R2 such that it has a few subnets within that summary it told R1 about. Get rid of one of the loopbacks and test ping to that loopback from R1. R1 will send the icmp to R2 and R2 will not now what to do with it. Because it does not have it configured. R2 will send it to R1 because R1 is rthe deafult route. R1 will start again by sending it to R2 because R2 said come to me for that packet (via the summary route). On and on....

Note: Put "no auto-summary" back in the EIGRP configs; don't take it out. You don't want to summarize along the Class boundaries.

To understand this you need to focus on how routers populate their routing tables and what does that really mean.
0
 

Author Comment

by:jskfan
ID: 40207895
<<Note: Put "no auto-summary" back in the EIGRP configs; don't take it out. You don't want to summarize along the Class boundaries.>>

On this IOS version Auto-Summary is ON by default…

--Well I believe I understand the usage of Null0 per your comments.
it sounds like Null0 comes into play when one or more of the Networks that have are part of the Summary, go down.
You suggested that I can remove one of the Loopbacks and do the test…So I came to understand that if I remove loopback 1, for instance, when 2.2.2.1 is part of the Summary,  then if I ping loopback 1(2.2.2.1) R2 will not find it, it will send the request back to R1, and the loop keeps going on and on  until the TTL expires.
0
 

Author Comment

by:jskfan
ID: 40207902
Or I can increase the prefix of the summary from /29 to 30, and ping a fictitious ip address which has to be part of the summary, example  2.2.2.7, that will show the usage of Null0…

If what I am thinking is correct the I wonder how can I debug it to see the effect of Null0
0
 
LVL 46

Assisted Solution

by:Craig Beck
Craig Beck earned 112 total points
ID: 40216900
I think naderz has really answered your question although another use for routing to null is when you want to mitigate an attack, for example.

Let's say a device on the internet is trying to hack into a server on your network.  Configure a static route to the source IP address via Null0 and it immediately stops traffic from being routed back to the source.

I think you misunderstood naderz here...
<<Note: Put "no auto-summary" back in the EIGRP configs; don't take it out. You don't want to summarize along the Class boundaries.>>

On this IOS version Auto-Summary is ON by default…
Naderz was saying to turn auto-summary OFF, not on.
0
 
LVL 29

Assisted Solution

by:Jan Springer
Jan Springer earned 50 total points
ID: 40216940
I use null routes with BGP to nail the route into the routing table to prevent dampening when having problems with flaps in downstream circuits, IGPs, etc.
0
 
LVL 11

Accepted Solution

by:
naderz earned 338 total points
ID: 40218755
craigbeck and jesper have given very good usage examples for the null0 also. Again, routing to null0, once its effect understood, is a very good tool for various purposes.

jskfan: in answer to your last post (sorry I could not  reply earlier): your understanding is correct. To see routing to null0 in action I can think of, I have not tried this yet, this setup:

*** Note: what I am mentioning here should NOT be done in a production router. ONLY in a lab.

Debug on ip packets on both routers and start a ping from one router to a non-existing (but routable) subnet on the other router. Use the setup described above.

Note: deubg on ip packets in a production environment could, and most probably will, disrupt and stop all routing. The process will be simply too costly for the router to keep up an cpu will peg to 100% and be overtaxed. In production environments this is done very carefully with extended access-lists.
0
 

Author Closing Comment

by:jskfan
ID: 40220848
Thank you Guys!
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen some questions on problems with SSH/telnet access to Cisco routers that may occur despite the fact that from a PC connected to your LAN, Internet connectivity is in place and users can access Internet sites without any issues.  There are…
I eventually solved a perplexing problem setting up telnet for a new switch.  I installed a new Cisco WS-03560X-24P switch connected to an existing Cisco 4506 running a WS-X4013-10GE Sup II-Plus. After configuring vlans and trunking,  I could no…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question