Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
641
Views
4
Helpful
9
Replies

How to stop advertising default route into ospf

Gaurav-Mahajan-external
Level 1
Level 1

‎04-29-2025 09:43 AM

Hello

Please refer below diagram

We are using the default-information originate on cedges
but when DIA 1 is unreachable or i apply an acl with deny all on the isp interface still it advertises the default route in ospf

Is there a way to use an ip sla and deny the advertisement 

GauravMahajanexternal_0-1745944825981.png

 

Labels:
0 Helpful
9 Replies 9

Joseph W. Doherty
Hall of Fame
Hall of Fame

‎04-29-2025 10:30 AM

Are you using the always option, and if not, is a default route still in the route table?

0 Helpful

David Ruess
VIP
VIP

‎04-29-2025 10:36 AM

Hello,

 

You could use IP SLA with a static route on both cEdges. So, when your connection is gone, the IP SLA removes the static default route from the cEdge and wont be advertised by OSPF.

 

-David

Gaurav-Mahajan-external
Level 1
Level 1

‎04-29-2025 11:05 AM - edited ‎04-29-2025 11:08 AM

On core switch

GauravMahajanexternal_1-1745949817047.png

I am not using always in ospf



when DIA one is offline the default route is still in the routing tabke

 

0 Helpful

MatthewW98
Level 1
Level 1
In response to Gaurav-Mahajan-external

‎04-29-2025 01:05 PM

I think what is happening is that edge 01 still has a default route in its routing table from edge 02 (while DIA 1 is offline), because it has that default route, it will continue to advertise its own default route.

0 Helpful

Gaurav-Mahajan-external
Level 1
Level 1

‎04-29-2025 12:00 PM

Interface Gi0/0/0------ISP Interface

nfeesmadpr02#sh ip access-lists
Standard IP access list DIA_TEST
10 deny any (31042 matches)

Access list applied on ISP to deny everything


IP SLA statistics
nfeesmadpr02#sh ip sla statistics
IPSLAs Latest Operation Statistics

IPSLA operation id: 1
Latest RTT: NoConnection/Busy/Timeout
Latest operation start time: 18:53:03 UTC Tue Apr 29 2025
Latest operation return code: Timeout
Number of successes: 158
Number of failures: 152
Operation time to live: Forever


Ip routes Track
nfeesmadpr02#sh ip route track-table
ip route 0.0.0.0 0.0.0.0 212.221.28.113 track 1 state is [down]
ip route vrf 10 0.0.0.0 0.0.0.0 Tunnel1 track 1 state is [down]
ip route vrf 10 0.0.0.0 0.0.0.0 Tunnel2 track 1 state is [down]


But in the routing table i still see routes present
Gateway of last resort is 212.221.28.113 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 212.221.28.113

S* 0.0.0.0/0 is directly connected, Tunnel2
is directly connected, Tunnel1


How we can delete the default routes, any script required

0 Helpful

Jens Albrecht
Level 4
Level 4
In response to Gaurav-Mahajan-external

‎04-29-2025 01:23 PM

If you only tell us the symptoms without providing your config, then all we can do is nothing but guesswork.

Richard Burts
Hall of Fame
Hall of Fame
In response to Jens Albrecht

‎04-29-2025 08:00 PM

I absolutely agree with Jens that if you give us only very general description of the issue and no details of the configuration then it is difficult for us to give good advice. I am especially interested in the details of how you implement  default-information originate.

Generally speaking default-information originate instructs the device to originate and advertise a default route. And I am not sure how to change that if DIA is not reachable. Do those devices run any routing protocol with their upstream neighbors? If so perhaps you could use that to generate a default to the downstream devices?

Or perhaps you could write some script that would check for loss of connectivity ti DIA and react by changing the configuration to remove  default-information originate?

HTH

Rick

MHM Cisco World
VIP
VIP
In response to Gaurav-Mahajan-external

‎04-29-2025 11:03 PM

There is NAT sure, NAT make cedge redistribute default from VPN0 into VPNx. 

You need to change way you config NAT. 

This sdwan not normal network. 

MHM

0 Helpful

paul driver
VIP
VIP

‎05-01-2025 12:46 AM - edited ‎05-01-2025 12:47 AM

Hello
You need to make the default-originate to be advertised conditional and NOT use the Always keyword.
For a condition to occur you could use ipsla/object tracking based on a dummy route or a current static default however the below example is based on a dummy route applied to both DIA rtrs.


Example: 

  1. Create an ip sla monitor and track to poll/track an upstream destination sourcing from each DIA wan interface
    ip sla 1
    icmp-echo <wan ip>  source-ip < DAI1/2 >
    threshold 1000
    timeout 1000
    frequency 5
    ip sla schedule 1 life forever start-time now

    track 10 ip sla 1 reachability

  2.  Create a dummy route on each DIA rtr to be tracked 
    ip route 169.169.169.169 255.255.255.255 Null0 track 10

  3. Create an standard host acl to match on that dummy route 
    access-list 1 permit 169.169.169.169

  4. Create route-map to match on the access-list
    route-map track 
    match ip address 1

  5. Apply the default-information originate under the ospf process with a route-map matching the standard access-list.
    Here you could use differing metric-types for path path preference or the same metric type with differing metric values.

    router ospf x
    default-information originate metric-type 1 metric x route-map track

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents