Re: OSPF Default Originate with HSRP

mumbles202 · ‎05-14-2021

Working on setting up a pair of 9300s to be 1 of the egress points for the network w/ a backup site at another location. Currently i have the other location using the default-information originate command w/ a metric of 5 and that works w/o any issues. At this location I'd like the 2 9300s to each track the outside and if that fails they should stop advertising the default route and then they should learn the default route via OSPF. I'm thinking of doing something like this (wrote it up in GNS w/ a couple of routers):

R1
interface FastEthernet0/0
 description Uplink to Outside
 ip address 172.30.25.1 255.255.255.248
 duplex auto
 speed auto
 standby 25 ip 172.30.25.3
 standby 25 priority 110
 standby 25 preempt


interface FastEthernet2/15
 no switchport
 ip address 192.168.15.1 255.255.255.0
 standby 15 ip 192.168.15.5
 standby 15 priority 110
 standby 15 preempt


router ospf 123
 router-id 192.168.15.1
 log-adjacency-changes
 passive-interface default
 no passive-interface FastEthernet2/15
 network 172.30.92.0 0.0.0.255 area 0
 network 192.168.15.0 0.0.0.255 area 0
 default-information originate
!
ip route 0.0.0.0 0.0.0.0 172.30.25.5 track 1

ip sla 1
 icmp-echo 172.30.25.5 source-ip 172.30.25.1
 frequency 10
ip sla schedule 1 start-time now

-------------

R2

interface FastEthernet0/0
 description Uplink to Outside
 ip address 172.30.25.2 255.255.255.248
 duplex auto
 speed auto
 standby 25 ip 172.30.25.3
 standby 25 priority 110
 standby 25 preempt


interface FastEthernet2/15
 no switchport
 ip address 192.168.15.2 255.255.255.0
 ip ospf cost 2
 standby 15 ip 192.168.15.5



router ospf 123
 router-id 192.168.15.2
 log-adjacency-changes
 passive-interface default
 no passive-interface FastEthernet2/15
 network 172.30.92.0 0.0.0.255 area 0
 network 192.168.15.0 0.0.0.255 area 0
 default-information originate metric 4
!
ip route 0.0.0.0 0.0.0.0 172.30.25.5 4 track 1

ip sla 1
 icmp-echo 172.30.25.5 source-ip 172.30.25.2
 frequency 10
ip sla schedule 1 start-time now

Is this the best way to accomplish this or is there a better approach?

Giuseppe Larosa · ‎05-15-2021

Hello @mumbles202 ,

you can skip the use of HSRP groups on the devices as they do not add any value specially on the uplinks to outside.

Each device has to monitor reachability of default static route next-hop if it fails it will remove it from routing table and it wil stop advertising a default route in OSPF.

Final note: When having multiple exit points from an OSPF domain the use of O E1 is to be preferred over default type O E2.

Hope to help

Giuseppe

mumbles202 · ‎05-17-2021

Thanks for the reply. I was using HSRP on the interface facing the ISP as I had a static route on the firewalls for any private network pointing towards the standby ip, but on second thought I'll do something dynamic like eigrp between the firewall and the switches so the firewall will be aware of the subnets in OSPF.

Yes, I intend to have the SLA on both of the devices so they'll both learn of an upstream failure and stop advertising.

Thanks for the note on E1 vs E2.

Giuseppe Larosa · ‎05-17-2021

Hello @mumbles202 ,

>> but on second thought I'll do something dynamic like eigrp between the firewall and the switches so the firewall will be aware of the subnets in OSPF.

I would suggest to use OSPF everywhere without introducing a second routing protocol.

I apologize in advance , if your sentence is just a typing error.

Hope to help

Giuseppe

mumbles202 · ‎05-20-2021

Thanks. Yes, will likely use OSPF on the firewalls upstream like you mentioned and introduce the default route via the 9300s so I can track it.