Removing route advertisements

Stop advertising existing IP ranges to prevent clients in your on-premises network from discovering subnets or custom IP ranges in your VPC network. You can only remove existing advertisements. You can't add IP ranges to a denylist.

To remove advertisements on a Cloud Router:

Console


  1. Go to the Cloud Router page in the Google Cloud Console.
    Cloud Router list
  2. Select the Cloud Router to update.
  3. In the Cloud Router's detail page, select Edit.
  4. Find the advertised routes to delete, and then select the delete icon next to each route.
  5. After you're done deleting routes, select Save.

gcloud


Run the update command, using the --remove-advertisement-groups or --remove-advertisement-ranges flags to remove existing advertisements.

  • Use the --remove-advertisement-groups flag to remove Google-defined advertisement groups. Advertisement groups are Google-defined IP ranges that Cloud Router dynamically advertises. For a list of all advertisements groups, see the set-advertisement-groups flag in the Google SDK documentation. The following example removes the ALL_SUBNETS advertisement group:

    gcloud compute routers update my-router \
        --remove-advertisement-groups all_subnets
    
  • Use the --remove-advertisement-ranges flag to remove existing IP ranges that are being advertised, such as static external IP addresses or subnet IP ranges. The following example removes the existing 10.0.10.0/24 subnet IP range:

    gcloud compute routers update my-router \
        --remove-advertisement-ranges 10.0.10.0/24
    

API

To remove advertisements on a Cloud Router, use the routers.patch method to update the bgp.advertisedGroups[] and bgp.advertisedIpRanges[] fields.

The bgp.advertisedGroups[] and bgp.advertisedIpRanges[] fields accept arrays of advertised groups and advertised IP address ranges. When you PATCH these fields, you overwrite the existing arrays with the new ones in your request.

  1. Send a GET request to get the current arrays of advertised groups and advertised IP ranges on the router. See Viewing a Cloud Router configuration.

  2. Send a PATCH request with new arrays of advertised groups and advertised IP address ranges. Use the arrays from the GET request in the previous step and remove any groups or IP address ranges that you do not want on the router.

    PATCH https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/regions/REGION/routers/ROUTER_NAME
    {
      "bgp": {
        "advertisedGroups": [
          "ADVERTISED_GROUPS"
       ],
        "advertisedIpRanges": [
        ADVERTISED_IP_RANGES
       ]
     }
    }
    

    Replace the following values:

    • PROJECT_ID: the project that contains the Cloud Router
    • REGION: the region where the Cloud Router is located
    • ROUTER_NAME: the name of the Cloud Router
    • ADVERTISED_GROUPS: a Google-defined group that Cloud Router dynamically advertises. The only valid value is ALL_SUBNETS, which advertises subnets based on the VPC network's dynamic routing mode (similar to the default advertisements). You can send an empty array to stop advertising subnets.
    • ADVERTISED_IP_RANGES: the contents of the new array of IP address ranges.

      See the following example, which contains two IP address ranges:

      {
        "range": "1.2.3.4",
        "description": "First example range"
      },
      {
        "range": "6.7.0.0/16",
        "description": "Second example range"
      }
      

To remove advertisements on a BGP session:

Console


  1. Go to the Cloud Router page in the Google Cloud Console.
    Cloud Router list
  2. Select the Cloud Router that contains the BGP session to update.
  3. In the Cloud Router's detail page, select the BGP session to update.
  4. In the BGP session details page, select Edit.
  5. Find the advertised routes to delete, and then select the delete icon next to each route.
  6. After you're done deleting routes, select Save.

gcloud


Run the update-bgp-peer command with the --remove-advertisement-groups or --remove-advertisement-ranges flags to remove existing advertisements.

  • Use the --remove-advertisement-groups flag to remove Google-defined advertisement groups. Advertisement groups are Google-defined IP ranges that Cloud Router dynamically advertises. For a list of all advertisements groups, see the set-advertisement-groups flag in the Google SDK documentation. The following example removes the ALL_SUBNETS advertisement group:

    gcloud compute routers update-bgp-peer my-router \
        --peer-name my-bgp-session \
        --remove-advertisement-groups all_subnets
    
  • Use the --remove-advertisement-ranges flag to remove existing IP ranges, such as static external IP addresses or subnet IP ranges. The following example removes the existing 10.0.10.0/24 subnet IP range:

    gcloud compute routers update my-router \
        --peer-name my-bgp-session \
        --remove-advertisement-ranges 10.0.10.0/24
    

API

To remove advertisements on a BGP session, use the routers.patch method to update the bgpPeers[] field.

The bgpPeers[] field accepts an array of BGP peers. When you PATCH this field, you overwrite the existing array of BGP peers with the new array included in your request.

  1. Send a GET request to get the current array of BGP peers for the router. See Viewing a Cloud Router configuration.

  2. Send a PATCH request with a new array of BGP peers. For each BGP peer for which you want to remove advertisements, do the following:

    • Remove any IP address range advertisements that you do not want from the bgpPeers[].advertisedIpRanges[] field.
    • Remove any group advertisements that you do not want from the bgpPeers[].advertisedGroups[] field.
    PATCH https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/regions/REGION/routers/ROUTER_NAME
    {
      "bgpPeers": [
        BGP_PEERS
      ]
    }
    

    Replace the following values:

    • PROJECT_ID: the project that contains the Cloud Router
    • REGION: the region where the Cloud Router is located
    • ROUTER_NAME: the name of the Cloud Router
    • BGP_PEERS: the contents of the new array of BGP peers.

      See the following example. The first BGP peer includes values for the advertisedGroups[] and advertisedIpRanges[] fields. For the second BGP peer, advertisements have been removed and the advertiseMode reverted to DEFAULT.

      {
        "name": "peer-1",
        "interfaceName": "if-peer-1",
        "ipAddress": "169.254.10.1",
        "peerIpAddress": "169.254.10.2",
        "peerAsn": 64512,
        "advertisedRoutePriority": 100,
        "advertiseMode": "CUSTOM",
        "advertisedGroups": ["ALL_SUBNETS"],
        "advertisedIpRanges": [
          {
            "range": "1.2.3.4",
            "description": "First example range"
          },
          {
            "range": "6.7.0.0/16",
            "description": "Second example range"
          }
        ]
      },
      {
        "name": "peer-2",
        "interfaceName": "if-peer-2",
        "ipAddress": "169.254.20.1",
        "peerIpAddress": "169.254.20.2",
        "peerAsn": 64513,
        "advertisedRoutePriority": 100,
        "advertiseMode": "DEFAULT",
        "advertisedGroups": [],
        "advertisedIpRanges": []
      }
      

What's next