12-03-2020 09:24 AM
Hello Team,
In my core switch there is one default route towards wan router and ospf confirmation also there. I am not getting why both are there ?
In ospf database there are many external routes I can see in my core switch and neighbors also.
1. Why we are using one default route and ospf plz let me know.
2. During the sd wan migration what route I will change. Default route or ospf confirmation.
12-03-2020 10:34 AM
Hello
@jain.manish94 wrote:1. Why we are using one default route and ospf plz let me know.
2. During the sd wan migration what route I will change. Default route or ospf confirmation.
It depends, Can you verify if the default and the opsf routes have the same next hop address if they do then you don't really require both and just the default route would suffice
As for the migration you would have check if the migration is going to use same routing protocols and next-hop addressing .
12-03-2020 11:03 AM
There are things about this environment that we do not know and that impacts our ability to give good advice. We are told only about a wan router and a core switch. Are there other switches/other routers in this network? We are not told how the wan router is set up. Is it running any dynamic routing protocol?
The original post asks "Why we are using one default route and ospf plz let me know." I would be more confident in responding if I knew more about this environment but will suggest this as an explanation. When a network has a wan router and a core switch there are a couple of approaches that can be used:
- it is possible (and in fact quite common) to run a dynamic routing protocol between the wan router and the core switch. This allows the wan router to learn routes for all of the networks/subnets of the inside and to advertise a default route to the core switch.
- but some organizations do not want to run a dynamic routing protocol on the device at the edge of their network. The reasoning for this is frequently that in case the edge device becomes compromised they want to minimize the potential impact on the inside network.
It sounds like the original post is following the second approach.
12-03-2020 10:08 PM
With default route there is vrrp IP as a next hop of wan routers.
Sh ip ospf database
Here I can see other ip address and in neighbors also but those others 2 IP also belongs to wan routers.
12-04-2020 12:46 AM
Hello @jain.manish94 ,
so the WAN routers are two and not only one.
>> With default route there is vrrp IP as a next hop of wan routers.
You can verify if you have OSPF injected default routes with the command
show ip ospf database external 0.0.0.0
on the core switch
The usage of a static default route with next-hop the VRRP VIP may be an attempt to send all internet directed traffic to a single WAN router (the one with VRRP active master state) or it is present because actually none of the WAN routers is sending a default route in OSPF to the core switch ( see the previous suggested check if the output is empty you are in this case).
Hope to help
Giuseppe
12-04-2020 07:22 AM
Actually now I am thinking about the site migration can any one help because now we will remove wan router which is connecting to our core switch and then first we will connect SECURITY gateway of sd wan then from SECURITY gateway we will connect our wan router.
Now what they need to be done from sd wan device perspective??
So that we will get our ospf external routes also.
And the default route also should be there.
12-05-2020 01:40 AM
Hello
do you have topology diagrams on how your current design is and of the intended?
12-05-2020 07:18 AM
I think from SDwan device they have to configure ospf also right.?
12-05-2020 07:20 AM
so from sd wan device perspective they will also configure ospf right ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide