Hello,
Thanks for letting me know we can't use route-map for this. Backdoor command will not be applicable to my situation. Maybe you can think of a different way other than changing AD for my issue.
Here is the case:
My router (R1) has a WAN link via eBGP and it has peering with LAN layer 3 switch (SW1) via ospf. Further behind SW1, I have some other routing that advertise some specific subnets (say x.x.x.x). The SW1 itself has other LAN subnets (say y.y.y.y) advertise to R1 as well.
R1 WAN is MPLS network where there is another site R2. R2 LAN also has ospf and also via some other transport learning that x.x.x.x as well.
When all is up and running, R1 is the primary router to learn x.x.x.x from LAN and redistribute ospf into bgp and advertise that out to WAN for everyone else to reach.
Now, say something in the LAN goes down where SW1 no longer learn the x.x.x.x from the further downstream in the LAN and thus R1 no longer learn x.x.x.x from LAN. Now R2's x.x.x.x that learned from its own LAN is the only surviving path, therefore, it redistribute into bgp and advertise out to WAN. Now R1 learn it via eBGP inbound and it now redistribute it into OSPF to the SW1 so that service behind SW1 can be reachable to x.x.x.x via R1 --> R2 --> LAN --> backdoor -->
The thing is, now the LAN at R1 site recovers from the outage, SW1 now learns about the x.x.x.x from downstream again and dump the x.x.x.x that learns from R1. So SW1 tries to advertise this route back to R1 via ospf. But then R1 already has this route in its routing table and bgp table, so when the SW1 ospf route shows up now, R1 is not going to flip it back to use the ospf route and stuck with the WAN BGP route.
So this is my issue, and so one of the solution that works was to match ACL for only x.x.x.x coming in from WAN and change the AD to 120 and then it works. But it's not scable as i will have many x.x.x.x in many other sites.
I cannot change "everything" coming from WAN to be AD 120 either, only those specific in those setup.
I know one thing, if the ospf route gets in router first (i.e. say I shut down the WAN interface), so that the ospf get redistributed first into R1 , it has a default redistribution weight of 32768, therefore, even though if R1 sees an inbound advertisement from WAN afterwards (i.e. now bring up the WAN interface), it will not pick that eBGP and will stay with ospf redistributed route because of the weight from WAN is 0 and from LAN redistribute is 32768, so the LAN will win even if we clear the route from routing table...etc, R1 will solid to pick the LAN as best route and ignore the WAN inbound. So this is good as my intention is to prefer LAN advertisement wherever available. However, all I need to break this is when my LAN goes down and that route gets in via WAN, then when my LAN comes up, R1 will not redistribute the ospf into bgp to compare weight anymore as the WAN route is already in the routing and bgp table, the LAN ospf didn't get a chance to redistribute, therefore ospf loses to the ebgp.
Does anyone has other solution other than changing AD with ACL then? I cannot filter out the WAN route as i do need it to come in during LAN outage. I cannot change all my WAN route AD as only those specific x.x.x.x needs to be this way and leave everything else alone.
Summary: R1 needs to prefer LAN advertisement and advertise out of BGP wherever the LAN learns that specific subnet. During a WAN outage in R1, it is fine and LAN wins always. So no issue there. However, during LAN outage and restored, R1 stucks with WAN and will not flip back to LAN. I can set community in R2 to identify those specific subnets so R1 can see inbound, however, seems like there is no command that we can use to change AD via route-map. ACL is just not scalable although it worked and solved my situation.
thanks,
Joyce
