Solved: Route-map in ospf default-information origin statement

Stephan Lache · ‎08-03-2023

Hi guys,

I want to accomplish a conditional

default route

injection into OSPF .

An

ip sla

reachability configuration is pinging a host in the internet.

If this fails the

default route

injection should be withdrawn.

I can´t figure out why this configuration is not working:

######

!
ip sla 1
icmp-echo 8.8.8.8 source-interface GigabitEthernet0/0
frequency 10
ip sla schedule 1 life forever start-time now

!
track 1 ip sla 1 reachability
!
route-map INET permit 10
match track 1
!
router ospf 1
router-id 1.1.1.1
network 1.1.1.1 0.0.0.0 area 0
network 10.1.1.0 0.0.0.255 area 0
default-information originate always metric-type 1 route-map INET
!

#######

Any help is appreciated.

Thanks

Stephan

Flavio Miranda · ‎08-05-2023

But it condition is defined on the

route-map

? The existence of a track? It will be always "yes"

View solution in original post

Peter Paluch · ‎08-05-2023

My friends,

Please, allow me to join.

The gotcha with conditional default route injection into OSPF is that the route-map is used by the OSPF IOS code only in a very limited way: It only supports the "match ip address" and "match ip address prefix-list" to specify networks whose presence will be verified in the RIB. What's even more, it doesn't work by filtering the whole routing table through the route-map to see if there are any matches, rather, it is done in the reverse way: Line by line, the referenced ACL or prefix-list entries will be treated as network/netmask combinations and looked up in the RIB. While this is obviously way more efficient than pouring the entire routing table through that route-map, it also means that the ACL or prefix-list must express only exact network/netmask matches to look for, because the entries in those lists must be convertible into a plain network/netmask values. It is thus not possible to use fancy wildcard masks in the ACL, or the "ge" and "le" operators in prefix lists to encode entire sets of networks to look for.

The "match track" reference in the route-map is completely ignored by the IOS OSPF code so it doesn't have any effect.

@Stephan Lache , you can still accomplish what you need to do but you need to do it indirectly: Install a "dummy" static indicator route into your routing table whenever the SLA probe is successful, and use the route-map for the default route to check this indicator route. This should work nicely.

So the configuration would be similar to this; I assume that the IP SLA and the track object 1 are already configured the way you had them previously.

ip route 192.0.2.255 255.255.255.255 Null0 track 1
!
ip prefix-list TrackRoute permit 192.0.2.255/32
!
route-map CheckTrackRoute permit 10
 match ip address prefix-list TrackRoute
!
router ospf 1
 default-information originate metric-type 1 route-map CheckTrackRoute

Please give it a try!

By the way, "match track" line in a route-map truly refers to the track object state, not existence (what would be the point to verify whether a track object is configured or not?), but just for OSPF, its use just isn't supported.

Regarding the use of the "always" keyword - this one has two effects, really:

1) Removes the requirement for the default route to be in the RIB before the router originates its own default route into OSPF
2) Prevents the OSPF process from installing learned default routes from other OSPF routers into the RIB

When combined with a route-map, the "always" keyword removes the check for the default route in the RIB (if that one is required, the route-map can still check it itself) but the second effect - preventing the OSPF process from installing a learned default route from other OSPF speakers in the same AS - still remains.

Best regards,
Peter

View solution in original post

Giuseppe Larosa · ‎08-03-2023

Hello @Stephan Lache ,

you need to remove the always keyword otherwise the

route-map

is useless

router ospf 1

no default-information originate always metric-type 1 route-map INET

default-information originate  metric-type 1 route-map INET

Hope to help

Giuseppe

Stephan Lache · ‎08-05-2023

HI @Giuseppe Larosa ,

thanks for your reply.

I just tested it without the

always

in the statement.

But the

default route

still is not injected into the ospf area.

I can´t figure out why.

This is the complete configuration of R1:

!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface GigabitEthernet0/0
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/1
ip address 10.1.1.101 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/3
no ip address
shutdown
duplex auto
speed auto
media-type rj45
!
router ospf 1
router-id 1.1.1.1
network 1.1.1.1 0.0.0.0 area 0
network 10.1.1.0 0.0.0.255 area 0
default-information originate metric-type 1 route-map INET
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip nat inside source list NAT interface GigabitEthernet0/0 overload
!
ip access-list standard NAT
permit 10.0.0.0 0.255.255.255
!
ip sla 1
icmp-echo 8.8.8.8 source-interface GigabitEthernet0/0
frequency 10
ip sla schedule 1 life forever start-time now
ipv6 ioam timestamp
!
route-map INET permit 10
match track 1
!

Cheers

Stephan

Stephan Lache · ‎08-05-2023

When i do a

show track 1

i see the following:

R1#show track 1
Track 1
IP SLA 1 reachability
Reachability is Up
46 changes, last change 00:00:02
Latest operation return code: OK
Latest RTT (millisecs) 3
Tracked by:
Route Map 0

I wonder why there is a 0 by tracked by

route map

Stephan Lache · ‎08-05-2023

Thanks.

I did remove

always

Flavio Miranda · ‎08-05-2023

Hi @Stephan Lache

Seems to me that the logic isn´t right.

!
track 1 ip sla 1 reachability
!
route-map INET permit 10
match track 1
!

This part of the code, seems to be only telling that there will be a track1 running. I mean, this seems to be an always yes answer. I dont see any condition to do something else. Maybe there should be a "set" statement for represent the "else".

Wondering if you can eventually remove the default route from this device during the recheability fail. If you can, this could be a solution to not advertise the default route on the OSPF

!
router ospf 1
router-id 1.1.1.1
network 1.1.1.1 0.0.0.0 area 0
network 10.1.1.0 0.0.0.255 area 0
default-information originate

With this config, OSPF will only propagate the

default route

IF, the

default route

is actually installed on the routing table. I mean, you need to have the command

ip route 0.0.0.0 0.0.0.0 <next hop>

If you can remove the command

(ip route 0.0.0.0 0.0.0.0 <next hop>)

you could use the tracker as a trigger to remove the

default route

on tracker recheability faiure and install the

default route

back when the tracker succeed.

This would work as a switch on/off on the OSPF

default-information

propagation.

You probably are going to need an EEM script to remove and install the

default route

on the router based on the traker result.

!

Stephan Lache · ‎08-05-2023

Hi @Flavio Miranda ,

Thanks for your reply.

Please correct me if i´m wrong.

default-information originate metric-type 1 route-map INET

This statement means, as long as the condition defined in the

route-ma

is fulfilled the

default route

should be originated.

Thanks

Stephan

Flavio Miranda · ‎08-05-2023

But it condition is defined on the

route-map

? The existence of a track? It will be always "yes"

Stephan Lache · ‎08-05-2023

ok. I go the point.

Thank you.

Peter Paluch · ‎08-05-2023

My friends,

Please, allow me to join.

The gotcha with conditional default route injection into OSPF is that the route-map is used by the OSPF IOS code only in a very limited way: It only supports the "match ip address" and "match ip address prefix-list" to specify networks whose presence will be verified in the RIB. What's even more, it doesn't work by filtering the whole routing table through the route-map to see if there are any matches, rather, it is done in the reverse way: Line by line, the referenced ACL or prefix-list entries will be treated as network/netmask combinations and looked up in the RIB. While this is obviously way more efficient than pouring the entire routing table through that route-map, it also means that the ACL or prefix-list must express only exact network/netmask matches to look for, because the entries in those lists must be convertible into a plain network/netmask values. It is thus not possible to use fancy wildcard masks in the ACL, or the "ge" and "le" operators in prefix lists to encode entire sets of networks to look for.

The "match track" reference in the route-map is completely ignored by the IOS OSPF code so it doesn't have any effect.

@Stephan Lache , you can still accomplish what you need to do but you need to do it indirectly: Install a "dummy" static indicator route into your routing table whenever the SLA probe is successful, and use the route-map for the default route to check this indicator route. This should work nicely.

So the configuration would be similar to this; I assume that the IP SLA and the track object 1 are already configured the way you had them previously.

ip route 192.0.2.255 255.255.255.255 Null0 track 1
!
ip prefix-list TrackRoute permit 192.0.2.255/32
!
route-map CheckTrackRoute permit 10
 match ip address prefix-list TrackRoute
!
router ospf 1
 default-information originate metric-type 1 route-map CheckTrackRoute

Please give it a try!

By the way, "match track" line in a route-map truly refers to the track object state, not existence (what would be the point to verify whether a track object is configured or not?), but just for OSPF, its use just isn't supported.

Regarding the use of the "always" keyword - this one has two effects, really:

1) Removes the requirement for the default route to be in the RIB before the router originates its own default route into OSPF
2) Prevents the OSPF process from installing learned default routes from other OSPF routers into the RIB

When combined with a route-map, the "always" keyword removes the check for the default route in the RIB (if that one is required, the route-map can still check it itself) but the second effect - preventing the OSPF process from installing a learned default route from other OSPF speakers in the same AS - still remains.

Best regards,
Peter

Stephan Lache · ‎08-05-2023

Hi Peter,

First of all.

I really appreciate your effort for this community.

You are great.

Meanwhile i have found this article:

https://supportforums.cisco.com/document/116336/ospf-reliable-conditional-default-routing

And it´s exactly working like you explained.

I was able to test it successfully.

Your explanation about the

always

statement was very helpful for me.

I was aware about point 1 , but point 2 was not clear for me:

1) Removes the requirement for the

default route

to be in the RIB before the router originates its own

default route

into OSPF
2) Prevents the OSPF process from installing learned

default routes

from other OSPF routers into the RIB

I always wondered why the

default route

from an other OSPF speaker (who is originating the

default route

as well) was

overriding the local default route

Thanks a lot

Stephan