Solved: default-information send route even if the route map is not satisfied

M.jawad · ‎08-26-2024

so i have R2--R7--R8

R2 is sending default route to R7, to test default-information originate behavior with route map i given it a false condition but it still generating default route into ospf

R7#sh run | s bgp
router bgp 3
bgp log-neighbor-changes
network 7.7.7.7 mask 255.255.255.255
neighbor EXTERNAL peer-group
neighbor EXTERNAL route-map EXTERNAL_IN in
neighbor EXTERNAL route-map EXTERNAL_OUT out
neighbor INTERNAL peer-group
neighbor INTERNAL remote-as 3
neighbor INTERNAL route-map INTERNAL_IN in
neighbor INTERNAL route-map INTERNAL_OUT out
neighbor 10.7.2.2 remote-as 1
neighbor 10.7.2.2 peer-group EXTERNAL
neighbor 10.8.6.6 peer-group INTERNAL
R7#sh run | s ospf
ip ospf 1 area 0
router ospf 1
default-information originate route-map FALSE
R7#sh run | s FALSE
default-information originate route-map FALSE
ip prefix-list FALSE seq 5 permit 1.1.1.1/32
ip prefix-list FALSE_2 seq 5 permit 5.5.5.5/32
route-map FALSE permit 10
match ip address prefix-list FALSE
match ip next-hop FALSE_2

R7#sh ip ospf database self-originate | in 0.0.0.0
0.0.0.0         7.7.7.7         154         0x80000002 0x00662F 1

R7#sh ip bgp
    Network          Next Hop            Metric LocPrf Weight Path
*>   0.0.0.0          10.7.2.2                               0 1 ?

R7#sh ip route
B* 0.0.0.0/0 [20/0] via 10.7.2.2, 00:36:36

if i forced the ebgp down R7 lose default route and stop sending it to ospf, please not r6 is down just to keep things simple, i also removed any extras i deemed unnecessary, can someone explain why the default route is getting advertised while the condition in route map is false? i am assuming it is doing logical AND, smh

Giuseppe Larosa · ‎08-27-2024

Hello @M.jawad ,

to check IP next-hop of a route use a standard ACL nor a prefix-list that is likely not supported it would need the prefix keyword if supported to discriminate between a named IP ACL and a prefix-list.

I have used in the past match ip next-hop with standard ACL numbered 1 to 99 with no issues.

In my case I wanted to have a different seed metric depending on the BGP next-hop the route was learned in generating the default route in OSPF domain.

Edit:

your configuration attempts to match next-hop with a non existing IP ACL named FALSE_2 as a result of this the match ip next-hop is always satisfied regardless of effective next-hop. (not existing ACL = permit any )

Hope to help

Giuseppe

View solution in original post

MHM Cisco World · ‎08-26-2024

to more clear

""R2 is sending default route to R7, to test default-information originate behavior with route map i given it a false condition but it still generating default route into ospf"" <<- more elaborate this statement

MHM

Harold Ritter · ‎08-26-2024

Hi @M.jawad ,

The only match statement permitted in the context of the "default-information originate route-map" statement is "match ip address" to check the presence of a specific route in the RIB. You should remove the "match ip next-hop" statement and test again.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

paul driver · ‎08-27-2024

Hello
As @Harold Ritter has stated, ammend the route-map FALSE and the condictional default should work, if/when the loss of 1.1.1.1/32 is incurred

route-map FALSE permit 10
no match ip next-hop FALSE_2

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Giuseppe Larosa · ‎08-27-2024