10-08-2014 06:19 AM - edited 03-04-2019 11:55 PM
What is the best practice for inserting a gateway (default-route) into my ospf network. I'm currently connected with three Internet connections from two different ISPs on two different routers. These two routers talk to my internal network via ospf and I want them to learn the default routes from my ISP routers obviously. Currently on the ISP routers have default-information always on the ospf process which i know is not a best practice. If a peer goes down, it will probably hit a black hole even though i run ibgp between the routers. I believe I want to use just default-information originate on my OSPF processes and have the default route point through my BGP. So my question is what is the "preferred" way of accomplishing this? Would it be to do a static route to my three different uplinks with the default route, or can i do it better through the neighbor command on bgp and inject the default route in my border routers. I hope this makes sense. I can do a drawing to if that would help.
My border routers are like this:
border router a: connected only to ispa. (learns full Internet routing table)
border router b: connected to ispb and ispa (learns full Internet routing table from both)
both routers connected to lan and participating in ospf. The border routers also connected via ibgp.
10-08-2014 06:38 AM
What is the setup like behind your border routers? For example, is it a dual core Layer3 switch, and would that switch be recieving (2) default-routes at the moment?
10-08-2014 06:50 AM
i'm upgrading soon, but currently these two different border routers are in two different data centers. Each border router connects to a 3750 Layer Switch that is stacked. They each only have 1 default route:
Routing entry for 0.0.0.0/0, supernet
Known via "ospf 2000", distance 110, metric 1, candidate default path
Tag 2000, type extern 2, forward metric 1
Last update from x.x.x.x on GigabitEthernet1/0/19, 13:18:44 ago
Routing Descriptor Blocks:
* x.x.x.x, from x.x.x.x, 13:18:44 ago, via GigabitEthernet1/0/19
Route metric is 1, traffic share count is 1
Route tag 2000
I'm upgrading this however to possibly asr9k or something else. Haven't figured it out because the access network flows through the above switches. I have exhausted my 10 year old switches :)...
10-08-2014 06:57 AM
Ok.
So what is the background on why the configuration on your border routers are using the 'always' option for redistribution. Is it because you are learning the default-route via iBGP?
10-08-2014 07:04 AM
I think the background is it was assumed (and it used to be 1 router) that it would generate all traffic from the LAN to the WAN. I just think this is a miss-configuration point. The default-route isn't really learned except from the LAN perspective because of "always". I figured on the border routers i have to make them the default route but on ospf i think it should only be default-originate but not always if that makes sense. I think if say the router with 1 uplink dies on the ISPA side, traffic will blackhole possibly. Well, not in this case cause ibgp will know the route but i want it configured correctly. I assumed it would need to have default on upstream isps. then since they know a default route (the border routers) that they would generate it in ospf minus the "always" clause.
10-08-2014 07:08 AM
Am I correct in assuming the ISPs are advertising you a default-route via BGP?
If so - then you should be able to remove the always option. This way the border routers (ASBR) will originate a default-route only if one is in the routing table.
10-08-2014 07:34 AM
I think they are just advertising me the full routing table but I can ask them. I don't see anything in my bgp table that would indicate that.
10-08-2014 07:36 AM
ok let's say they are not, then what would the second option be or what you would do.
BTW - thank you for responding very quickly!
10-08-2014 09:12 AM
I'd hope they are - quick way to confirm would just be to 'show ip route' or check the BGP advertisements 'show ip bgp <neighbor> routes>. I think (lacking a BGP router at the moment :().
If they aren't - then you have more work to do. Unfortunately if you dont have the route in your table you can't normally advertise it. Back to the OSPF default-route 'always' workaround.
When you start getting into workarounds - generally - your straying from the path of proper design. But thats just my opinion. Easy way = ISP to advertise you a full table and default route.
A workaround would be to configure a static default route and tie it to an IP SLA probe targeted to the upstream IP address of your next-hop of that ISP. If the ICMP probe becomes unreachable then the static route will become invalid and you will see it withdrawn from your OSPF advertisements.
No problem on the quick responses :)
10-08-2014 09:26 AM
I asked 1 of the 2 and they definitely don't advertise. I knew the command and never seen it that is why I said just full routes. I don't filter anything so i was certain they just gave me the default route. Your spot on the command. Neither advertise default just a full routing table. So the answer to my question is
ip route 0/0 upstream isp. i thought "maybe" in my neighbor statement on bgp i could do default-originate or something without advertising and it would update my routing table. i know null0 on default route would not work good unless advertising or something.
10-08-2014 09:32 AM
No, unfortunately not.
Asking your ISP to advertise you a default-route shouldn't be a big deal. It would save you additional complexity in your designs in my opinion.
10-08-2014 01:02 PM
Please rate helpful posts.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide