Remove custom advertised routes
This page describes how to stop advertising existing IP address ranges and prevent clients in your on-premises network from discovering subnets or custom IP address ranges in your Virtual Private Cloud (VPC) network. You can only remove existing custom advertised routes. You can't add IP address ranges to a denylist.
Before you begin, make sure that you have a list of existing IP address ranges or advertisement groups that you want to remove.
Before you begin
gcloud
If you want to use the command-line examples in this guide, do the following:
- Install or update to the latest version of the Google Cloud CLI.
- Set a default region and zone.
API
If you want to use the API examples in this guide, set up API access.
Remove custom advertised routes on a Cloud Router
To remove existing custom advertised routes on a Cloud Router, follow these steps.
Console
In the Google Cloud console, go to the Cloud Routers page.
Select the Cloud Router to update.
On the Router details page, click
Edit.Find the custom advertised routes to delete, and then next to each route, click
Delete.After you finish deleting the routes, click Save.
gcloud
Remove Google-defined advertisement groups
To remove Google-defined advertisement groups, use the
gcloud compute routers update
command with the
--remove-advertisement-groups
flag. Advertisement groups are
Google-defined IP address ranges that the Cloud Router dynamically
advertises. For a list of all advertisement groups, see the
set-advertisement-groups
flag
in the Google SDK documentation.
gcloud compute routers update ROUTER_NAME \ --remove-advertisement-groups=ADVERTISED_GROUPS
Replace the following:
ROUTER_NAME
: the name of the Cloud RouterADVERTISED_GROUPS
: Google-defined IP address ranges that the Cloud Router dynamically advertisesThe only valid value is
all_subnets
, which advertises subnets based on the VPC network's dynamic routing mode (similar to default advertisement mode).
The following example updates the my-router
Cloud Router and
removes the all_subnets
advertisement group:
gcloud compute routers update my-router \ --remove-advertisement-groups all_subnets
Remove existing IP address ranges
To remove existing IP address ranges that are being advertised,
such as static external IP addresses or subnet IP address ranges,
use the gcloud compute routers update
command with the
--remove-advertisement-ranges
flag:
gcloud compute routers update ROUTER_NAME \ --remove-advertisement-ranges=ADVERTISED_IP_RANGES
Replace the following:
ROUTER_NAME
: the name of the Cloud RouterADVERTISED_IP_RANGES
: the contents of the new array of IP address rangesYou can specify both IPv4 and IPv6 custom IP address ranges. However, IPv6 custom ranges are advertised only in BGP sessions where IPv6 is enabled.
The following example removes the existing 10.0.10.0/24
subnet IP address
range from the my-router
Cloud Router:
gcloud compute routers update my-router \ --remove-advertisement-ranges 10.0.10.0/24
API
To update the bgp.advertisedGroups[]
and bgp.advertisedIpRanges[]
fields, use the
routers.patch
method.
The bgp.advertisedGroups[]
and bgp.advertisedIpRanges[]
fields accept arrays of advertised groups and advertised IP address ranges.
When you PATCH
these fields, you overwrite the existing arrays with the
new ones in your request.
Send a
GET
request to get the current arrays of advertised groups and advertised IP address ranges on the router. For details, see View BGP session configuration.Send a
PATCH
request with new arrays of advertised groups and advertised IP address ranges. Use the arrays from theGET
request in the previous step and remove any groups or IP address ranges that you do not want on the router.You can send an empty array to remove all advertised groups or advertised IP address ranges:
PATCH https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/regions/REGION/routers/ROUTER_NAME { "bgp": { "advertisedGroups": [ "ADVERTISED_GROUPS" ], "advertisedIpRanges": [ ADVERTISED_IP_RANGES ] } }
Replace the following:
PROJECT_ID
: the project that contains the Cloud RouterREGION
: the region where the Cloud Router is locatedROUTER_NAME
: the name of the Cloud RouterADVERTISED_GROUPS
: a Google-defined group that the Cloud Router dynamically advertisesThe only valid value is
ALL_SUBNETS
, which advertises subnets based on the VPC network's dynamic routing mode (similar to default advertisement mode). To stop advertising subnets, you can send an empty array.ADVERTISED_IP_RANGES
: the contents of the new array of IP address ranges
The following example contains two IP address ranges:
{ "range": "1.2.3.4", "description": "First example range" }, { "range": "6.7.0.0/16", "description": "Second example range" }
Remove custom advertised routes from a BGP session
To remove existing advertised routes from a BGP session, follow these steps.
Console
In the Google Cloud console, go to the Cloud Routers page.
Select the Cloud Router that contains the BGP session to update.
On the Router details page, select the BGP session to update.
On the BGP session details page, click
Edit.Find the advertised routes to delete, and then next to each route, click
Delete.After you finish deleting the routes, click Save.
gcloud
Remove Google-defined advertisement groups
To remove advertisement groups, use the
gcloud compute routers update-bgp-peer
command with the
--remove-advertisement-groups
flag. You can remove any
existing advertisement groups.
gcloud compute routers update-bgp-peer ROUTER_NAME \ --peer-name=PEER_NAME \ --remove-advertisement-groups=ADVERTISED_GROUPS
Replace the following:
ROUTER_NAME
: the name of the Cloud RouterPEER_NAME
: the name of your BGP peerADVERTISED_GROUPS
: a Google-defined group that Cloud Router dynamically advertisesThe only valid value is
all_subnets
, which advertises subnets based on the VPC network's dynamic routing mode (similar to default advertisement mode).
For a list of all advertisement groups, see the
set-advertisement-groups
flag
in the Google SDK documentation.
The following example updates the my-bgp-session
BGP session on the
my-router
Cloud Router to remove the all_subnets
advertisement group:
gcloud compute routers update-bgp-peer my-router \ --peer-name my-bgp-session \ --remove-advertisement-groups all_subnets
Remove existing IP ranges
To remove existing IP address ranges that are being advertised,
such as static external IP addresses or subnet IP address ranges,
use the gcloud compute routers update-bgp-peer
command with the
--remove-advertisement-ranges
flag:
gcloud compute routers update-bgp-peer ROUTER_NAME \ --peer-name=PEER_NAME \ --remove-advertisement-ranges=ADVERTISED_IP_RANGES
Replace the following:
ROUTER_NAME
: the name of the Cloud RouterPEER_NAME
: the name of your BGP peerADVERTISED_IP_RANGES
: the contents of the new array of IP address rangesYou can specify both IPv4 and IPv6 custom IP address ranges. However, IPv6 custom ranges are advertised only in BGP sessions where IPv6 is enabled.
The following example updates the my-bgp-session
BGP session on the
my-router
Cloud Router to remove the existing 10.0.10.0/24
subnet IP range:
gcloud compute routers update-bgp-peer my-router \ --peer-name my-bgp-session \ --remove-advertisement-ranges 10.0.10.0/24
API
To update the bgpPeers[]
field, use the
routers.patch
method.
The bgpPeers[]
field accepts an array of BGP peers. When you PATCH
this
field, you overwrite the existing array of BGP peers with the new array
included in your request.
Send a
GET
request to get the current array of BGP peers for the router. For details, see View BGP session configuration.Send a
PATCH
request with a new array of BGP peers. For each BGP peer that you want to remove custom advertised routes for, do the following:- Remove any IP address range advertisements that you do not want from
the
bgpPeers[].advertisedIpRanges[]
field. - Remove any group advertisements that you do not want from the
bgpPeers[].advertisedGroups[]
field.
PATCH https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/regions/REGION/routers/ROUTER_NAME { "bgpPeers": [ BGP_PEERS ] }
Replace the following:
PROJECT_ID
: the project that contains the Cloud RouterREGION
: the region where the Cloud Router is locatedROUTER_NAME
: the name of the Cloud RouterBGP_PEERS
: the contents of the new array of BGP peers
In the following example, the first BGP peer includes values for the
advertisedGroups[]
andadvertisedIpRanges[]
fields. For the second BGP peer, custom advertised routes have been removed and theadvertiseMode
has been reverted toDEFAULT
.{ "name": "peer-1", "interfaceName": "if-peer-1", "ipAddress": "169.254.10.1", "peerIpAddress": "169.254.10.2", "peerAsn": 64512, "advertisedRoutePriority": 100, "advertiseMode": "CUSTOM", "advertisedGroups": ["ALL_SUBNETS"], "advertisedIpRanges": [ { "range": "1.2.3.4", "description": "First example range" }, { "range": "6.7.0.0/16", "description": "Second example range" } ] }, { "name": "peer-2", "interfaceName": "if-peer-2", "ipAddress": "169.254.20.1", "peerIpAddress": "169.254.20.2", "peerAsn": 64513, "advertisedRoutePriority": 100, "advertiseMode": "DEFAULT", "advertisedGroups": [], "advertisedIpRanges": [] }
- Remove any IP address range advertisements that you do not want from
the
What's next
To view the configuration of a Cloud Router, its BGP sessions, and the routes that the Cloud Router is advertising, see View Cloud Router details.
To troubleshoot issues with custom advertised routes, see Troubleshooting.