Distribute alternative default route, OSPF?

alig.norbert · ‎06-26-2018

Hi all,

I'm looking for some input/ideas about the following design:

Core router:
- Static default route pointing to the internet firewall
(e.g. ip route 0.0.0.0 0.0.0.0 10.1.1.1).
- OSPF with several branch routers.
- PBR on the interface connected to the branch routers.

Requirement:
- Distribute an alternative default route (pointing to core router interface for PBR, not firewall) from
core router over OSPF to the branches.
- So that all branch routers learn the default route through OSPF, pointing
to core router.

How can this be achieved without configure a static default route on each branch router?

Thanks a lot,
Norbert

Terence Payet · ‎06-27-2018

Hi Norbert,

Since you have OSPF neighborship with all your branches. You have three options from CORE:

Under ospf process issue "default-information originate" - This will check the RIB for a default route and if it is present, it will advertise to your branches.
Under ospf process issue "default-information originate always" - This will advertise a default route with your branches bypassing RIB checks.
Under ospf process issue "redistribute static subnets" - The third options, you might need a route-map if you have additional static routes from which you dont want to advertise with your branches.

HTH.

balaji.bandi · ‎06-27-2018

Suggestion is like this :

Make Core as OSPF Area 0

Branches are in different OSPF area example 20 ( If no other network connected to branch, then make as Stub)

Make sure you run OSPF branch to Core - P2P

Only send the routes to Branches required.

So your path always follow like this :

Branch --- Core---Internet

Make Sense ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

alig.norbert · ‎06-27-2018

Hi all,
Thanks for the reply. I‘ll build up a lab and do some testing.
I forgot to mention that the branches are connected throght a provider router
(Each branch, HQ). Internal routing is OSPF, external bgp)

Thanks,
Norbert

alig.norbert · ‎06-30-2018

Here my lab setup:

ip route 0.0.0.0 0.0.0.0 192.168.17.1

works because is not known through "network" in ospf

ip route 0.0.0.0 0.0.0.0 10.41.0.1

this should be the "local" default route for the core router after PBR
ip route 0.0.0.0 0.0.0.0 10.41.0.254

should be distributed to the branches, but not allowed as command on the same router.

Thanks,

Norbert

Core partial config:
----------------

router ospf 10
router-id 10.41.0.254
log-adjacency-changes
area 0 authentication message-digest
passive-interface default
no passive-interface Vlan41
network 10.10.0.0 0.0.0.255 area 0
network 10.41.0.0 0.0.0.255 area 0
network 10.43.0.0 0.0.255.255 area 0
network 172.16.1.0 0.0.0.255 area 0
network 172.17.1.0 0.0.0.255 area 0
network 192.168.0.0 0.0.255.255 area 0
default-information originate always
!
ip default-gateway 192.168.17.1
ip route 0.0.0.0 0.0.0.0 10.41.0.1
ip route 0.0.0.0 0.0.0.0 192.168.17.1

interface Vlan41
ip address 10.41.0.254 255.255.255.0
ip ospf message-digest-key 1 md5 xxx
ip policy route-map RM-VLAN-xx

BRANCH:
-------

interface Vlan41
ip address 10.41.0.250 255.255.255.0
ip ospf message-digest-key 1 md5 xxxx
!
interface Vlan81
ip address 10.81.0.250 255.255.255.0
ip ospf message-digest-key 1 md5 xxxx

router ospf 10
router-id 10.41.0.250
area 0 authentication message-digest
network 10.41.0.0 0.0.0.255 area 0
network 10.81.0.0 0.0.0.255 area 0

Gateway of last resort is 10.41.0.1 to network 0.0.0.0

O*E2 0.0.0.0/0 [110/1] via 10.41.0.1, 00:05:06, Vlan41
10.0.0.0/8 is variably subnetted, 8 subnets, 3 masks
O 10.43.3.0/24 [110/2] via 10.41.0.254, 2d19h, Vlan41
O 10.43.100.0/22 [110/2] via 10.41.0.254, 2d19h, Vlan41
O 10.43.200.0/24 [110/2] via 10.41.0.254, 2d19h, Vlan41
O 10.43.210.0/24 [110/2] via 10.41.0.254, 2d19h, Vlan41
172.16.0.0/24 is subnetted, 1 subnets
O 172.16.1.0 [110/2] via 10.41.0.254, 2d19h, Vlan41
172.17.0.0/24 is subnetted, 1 subnets
O 172.17.1.0 [110/2] via 10.41.0.254, 2d19h, Vlan41
O 192.168.17.0/24 [110/2] via 10.41.0.254, 2d19h, Vlan41