There are things about this environment that we do not know and that impacts our ability to give good advice. We are told only about a wan router and a core switch. Are there other switches/other routers in this network? We are not told how the wan router is set up. Is it running any dynamic routing protocol?

The original post asks "Why we are using one default route and ospf plz let me know." I would be more confident in responding if I knew more about this environment but will suggest this as an explanation. When a network has a wan router and a core switch there are a couple of approaches that can be used:

- it is possible (and in fact quite common) to run a dynamic routing protocol between the wan router and the core switch. This allows the wan router to learn routes for all of the networks/subnets of the inside and to advertise a default route to the core switch.

- but some organizations do not want to run a dynamic routing protocol on the device at the edge of their network. The reasoning for this is frequently that in case the edge device becomes compromised they want to minimize the potential impact on the inside network.

It sounds like the original post is following the second approach.

With default route there is vrrp IP as a next hop of wan routers.

Sh ip ospf database 

Here I can see other ip address and in neighbors also but those others 2 IP also belongs to wan routers.

Hello @jain.manish94 ,

so the WAN routers are two and not only one.

>> With default route there is vrrp IP as a next hop of wan routers.

You can verify if you have OSPF injected default routes with the command

show ip ospf database external 0.0.0.0

on the core switch

The usage of a static default route with next-hop the VRRP VIP may be an attempt to send all internet directed traffic to  a single WAN router (the one with VRRP active master state) or it is present because actually none of the WAN routers is sending a default route in OSPF to the core switch ( see the previous suggested check if the output is empty you are in this case).

Hope to help

Giuseppe

Actually now I am thinking about the site migration can any one help because now we will remove wan router which is connecting to our core switch and then first we will connect SECURITY gateway of sd wan then from SECURITY gateway we will connect our wan router.

Now what they need to be done from sd wan device perspective??

So that we will get our ospf external routes also.

And the default route also should be there.

Hello

do you have topology diagrams on how your current design is and of the intended?

 I think from SDwan device they have to configure ospf also right.?

 so from sd wan device perspective they will also configure ospf right ?