The BGP Null Route Trick

A null route means 'drop this traffic.' One reason to use a null route is for security, but you can also use it for this trick for BGP.
Here's the configuration we use for our example:

ip route 203.0.113.0 255.255.255.0 null0

router bgp 65002
network 203.0.113.0 mask 255.255.255.252

The first time people see this, they always think "wait I don't want to do that, it's going to drop all of my traffic going to those
networks!” But it won't actually drop the traffic. Let see why by looking at the routing table...

We have the /30 networks configured on our interfaces and we've also entered the static route with the /24 mask going to Null0.
If we look in the routing table, we've still got the routes on the directly connected interfaces and we've got the static route with
the “Null0” there as well because they are not exactly the same.

Now what's going happen is this: Say that traffic comes into this router with a destination address of 203.0.113.1. That would
match our connected route (203.0.113.0/30), and it would also match our static route (203.0.113.0/24). /30 is a more specific
route than the /24, it's a longer match, so the traffic will be sent out the /30 interface. Traffic is not going to get dropped.

Using the null0 route gets the summary of the addresses that match your BGP network statement into the routing table. Once
you've done this you can enter the network statement for 203.0.113.0/24 in BGP, and BGP will advertise that network.
Once we have everything configured, to see all of our BGP commands in one place we can enter “show run | section bgp”. This is
shown for R1 in the screenshot above.

“bgp log-neighbor-changes” is a default command. Whenever a BGP neighbor goes up or down it will be logged.

Once everything is configured, we want to make sure that we are sending out and receiving routes from BGP. The command for
that is simply 'show ip bgp' with no keywords at the end of the command. In this example, we can see we have 5 different routes
that are in BGP.
Let's go through these different routes... For 203.0.113.64 and 203.0.113.72, we see the next hop is 0.0.0.0. This means that the
router is advertising them itself. There's a network statement on this router for those two networks.

203.0.113.64 and 203.0.113.72 are on R1. You can see that 203.0.113.72 is the direct link going to R3 and 203.0.113.64 is the
direct link going to R4 that was configured as network statements in BGP.
Next, we have the route to 203.0.113.128 with the next hop of 172.16.0.2. That is the link going from R2 to R5. On BGP in R2, we
configured the network statement for that link. It's also being advertised on R2 in the OSPF route as well, so R1 already knew
about it. The OSPF route will go into the routing tables on other routers as OSPF has a better Administrative Distance than BGP.

Then we have 203.0.113.0, with the next hop of 203.0.113.65. That is the route that was advertised from R4. R1 learns that it can
get to 203.0.113.0 via R4.
And lastly, we have 203.0.113.136 with the next hop of 203.0.113.130. That was the route that was advertised from R5 to R2, so
it has a next hop of 203.0.113.130. R2 then passes that information on to R1 as well.

If we now enter “show ip route” on R1 we can see that we have routes to all networks. For all routes in the same AS, they're either
connected or learned from OSPF. For the two external networks behind R4 and behind R5, we can see that routes have been
learned from BGP and they have been inserted into the routing table.