using a hsrp address with ospf?

Answered Question
Jan 19th, 2010

folks

i have 2 external routers as a hsrp pair running bgp on the outside & getting a default route from my isp

the internal networks are advertised to my bgp peer

on the inside i have a firewall cluster with static routes pointing to the external router's internal hsrp address

i now want to advertise the bgp default route into ospf to the firewall cluster & then into my internal networks

i've successfully configured both external routers and the internal firewall now has 2 default routes with equal costs from both routers but i'm wondering .........

- should i put a metric on one route & only have one default route in the routing table and the other held in the ospf database

or

- can i distribute the default route from my external routers using the hsrp address of the internal interfaces or is it unnecessary

if i'm right it shouldn't matter and i may even be able to get rid of the hsrp configuration on the external router's internal interfaces since the bgp route advertised from the ISP router will determine where traffic is routed

apologies for the rambling post & thanks to anyone taking the time to read this or reply

I have this problem too.
0 votes
Correct Answer by Jon Marshall about 7 years 1 day ago

mulhollandm wrote:

folks

i have 2 external routers as a hsrp pair running bgp on the outside & getting a default route from my isp

the internal networks are advertised to my bgp peer

on the inside i have a firewall cluster with static routes pointing to the external router's internal hsrp address

i now want to advertise the bgp default route into ospf to the firewall cluster & then into my internal networks

i've successfully configured both external routers and the internal firewall now has 2 default routes with equal costs from both routers but i'm wondering .........

- should i put a metric on one route & only have one default route in the routing table and the other held in the ospf database

or

- can i distribute the default route from my external routers using the hsrp address of the internal interfaces or is it unnecessary

if i'm right it shouldn't matter and i may even be able to get rid of the hsrp configuration on the external router's internal interfaces since the bgp route advertised from the ISP router will determine where traffic is routed

apologies for the rambling post & thanks to anyone taking the time to read this or reply

If the external routers are using the same ISP then you are correct, you do not need HSRP anymore and you should just let OSPF propogate the 2 default routes to the firewall cluster. HSRP provides redundancy for end devices that do not participate in dynamic routing protocols but as the routers and the firewalls are using dynamic routing there is no need for HSRP in this scenario.

Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jon Marshall Tue, 01/19/2010 - 14:21

mulhollandm wrote:

folks

i have 2 external routers as a hsrp pair running bgp on the outside & getting a default route from my isp

the internal networks are advertised to my bgp peer

on the inside i have a firewall cluster with static routes pointing to the external router's internal hsrp address

i now want to advertise the bgp default route into ospf to the firewall cluster & then into my internal networks

i've successfully configured both external routers and the internal firewall now has 2 default routes with equal costs from both routers but i'm wondering .........

- should i put a metric on one route & only have one default route in the routing table and the other held in the ospf database

or

- can i distribute the default route from my external routers using the hsrp address of the internal interfaces or is it unnecessary

if i'm right it shouldn't matter and i may even be able to get rid of the hsrp configuration on the external router's internal interfaces since the bgp route advertised from the ISP router will determine where traffic is routed

apologies for the rambling post & thanks to anyone taking the time to read this or reply

If the external routers are using the same ISP then you are correct, you do not need HSRP anymore and you should just let OSPF propogate the 2 default routes to the firewall cluster. HSRP provides redundancy for end devices that do not participate in dynamic routing protocols but as the routers and the firewalls are using dynamic routing there is no need for HSRP in this scenario.

Jon

mulhollandm Tue, 01/19/2010 - 14:29

jon

many thanks for your reply

greatly appreciated

i'd already removed the hsrp config as a test & things are working but i wasn't sure if it was the right thing to do

thanks again

Actions

This Discussion