Showing results for 
Search instead for 
Did you mean: 

Cisco Community Designated VIP Class of 2020


Redundancy - OSPF redistribution and Static

Here is my network configuration: -(Firewall)--- R1 -- (static)ISP ---- R2 --- (OSPF)---R3----(OSPF)--- HQ -----

- R1 connects to R2 through an ISP with a default route to R2

- at R2

+ Subnet is redistributed into OSPF

+ Static route IP route <ISP>

(we just send traffic to through the ISP next ho router and they will send it to R1)

- at R3

Subnet is seen at R3 through OSPF

now i have a new dedicated link between R1 and R3

What i want to achieve is the redundancy for the

- Traffic to HQ shall go to ISP if R2 is reachable through ISP (first priority)

- If the link to R2 fails traffic shall go to R3

With the following conditions:

1. I am not allowed to configure dynamic routing between R1 and R2

2. No restriction on routing protocol between R1 & R3

HSRP won't work because

If the ISP link fails traffic will be sent to R3 but because the OSPF static route redistribution

at R2, the traffic going back to through R3 will be dropped by ISP

If i configure OSPF for the new link between R1&R3 and redistribute into OSPF at R1 (with higher metric than at R3),what shall i do to ensure that the redistributed static route to through ISP will not be injected (and thus the redistributed static route through R1 will be in routing table) when the link between R1 & R2 throuhg ISP fails ?

What is the best solution to my problem ? Appreciate your help


Re: Redundancy - OSPF redistribution and Static


Do you still use the default route only over the ISP link or can point specific HQ routes?

Router choses a link based on the longest match and hence the default will be mayched only when the route is not learned via another routing protocol.

With Specific routes--

Say for eg. HQ has subnet

Then on R1 configure

ip route

run ospf with R3

router ospf 100

redistribute static subnets route-map test

network area 0

route-map test permit 10

match ip address 10

access-list 10 permit

R1 uses the static route due to lower AD but also advertises the source via OSPF to R3

On R3 configure

router ospf 100

network area 0

distance 120 10

access-list 10 permit

The above configuration makes the direct link less preferrable.

When the ISP link fails, the traffic to HQ will be forwarded via OSPF to R3. The redistributed static route from R2 would be flushed out of R2 and R3. R3 would start using the direct link to R1 to send the traffic.

With only default route

If you only want to use the default route from R1 then you need to deny the OSPF routing updates from being installed in the routing table.

For this you need to tweak the OSPF config at R1 in addition to what configured above

At R1 configure a floating static route via the direct link and deny the ospf updates

ip route and remove the specific HQ routes

router ospf 100

distribute-list route-map deny-ospf-routes in

route-map deny-ospf-routes deny 10

match ip address 20

access-list 20 permit any

HTH, rate if it does



Re: Redundancy - OSPF redistribution and Static


One simple solution is you can configure floating static route in R1 to reach R3 by setting some administrative distance and configure another floating static route in R3 to reach R1 with administrative value higher than OSPF routes (110). So, the link between R1 and R3 will behave as a backup link.


ip route 240

Here 240 is the administrative distance.

I think running OSPF between R1 and R3 will not work, in that case link between R1 and R3 will take preference over the link through ISP. Since link through ISP is an external OSPF route which is less preferred than OSPF IA or intra-area routes.




Re: Redundancy - OSPF redistribution and Static


You are right and hence he needs to do configure it the way i posted above if using OSPF


CreatePlease to create content
Content for Community-Ad
FusionCharts will render here