What is the best practice for inserting a gateway (default-route) into my ospf network. I'm currently connected with three Internet connections from two different ISPs on two different routers. These two routers talk to my internal network via ospf and I want them to learn the default routes from my ISP routers obviously. Currently on the ISP routers have default-information always on the ospf process which i know is not a best practice. If a peer goes down, it will probably hit a black hole even though i run ibgp between the routers. I believe I want to use just default-information originate on my OSPF processes and have the default route point through my BGP. So my question is what is the "preferred" way of accomplishing this? Would it be to do a static route to my three different uplinks with the default route, or can i do it better through the neighbor command on bgp and inject the default route in my border routers. I hope this makes sense. I can do a drawing to if that would help.
My border routers are like this:
border router a: connected only to ispa. (learns full Internet routing table)
border router b: connected to ispb and ispa (learns full Internet routing table from both)
both routers connected to lan and participating in ospf. The border routers also connected via ibgp.
What is the setup like behind your border routers? For example, is it a dual core Layer3 switch, and would that switch be recieving (2) default-routes at the moment?
i'm upgrading soon, but currently these two different border routers are in two different data centers. Each border router connects to a 3750 Layer Switch that is stacked. They each only have 1 default route:
Routing entry for 0.0.0.0/0, supernet
Known via "ospf 2000", distance 110, metric 1, candidate default path
Tag 2000, type extern 2, forward metric 1
Last update from x.x.x.x on GigabitEthernet1/0/19, 13:18:44 ago
Routing Descriptor Blocks:
* x.x.x.x, from x.x.x.x, 13:18:44 ago, via GigabitEthernet1/0/19
Route metric is 1, traffic share count is 1
Route tag 2000
I'm upgrading this however to possibly asr9k or something else. Haven't figured it out because the access network flows through the above switches. I have exhausted my 10 year old switches :)...
So what is the background on why the configuration on your border routers are using the 'always' option for redistribution. Is it because you are learning the default-route via iBGP?
I think the background is it was assumed (and it used to be 1 router) that it would generate all traffic from the LAN to the WAN. I just think this is a miss-configuration point. The default-route isn't really learned except from the LAN perspective because of "always". I figured on the border routers i have to make them the default route but on ospf i think it should only be default-originate but not always if that makes sense. I think if say the router with 1 uplink dies on the ISPA side, traffic will blackhole possibly. Well, not in this case cause ibgp will know the route but i want it configured correctly. I assumed it would need to have default on upstream isps. then since they know a default route (the border routers) that they would generate it in ospf minus the "always" clause.
Am I correct in assuming the ISPs are advertising you a default-route via BGP?
If so - then you should be able to remove the always option. This way the border routers (ASBR) will originate a default-route only if one is in the routing table.
I'd hope they are - quick way to confirm would just be to 'show ip route' or check the BGP advertisements 'show ip bgp <neighbor> routes>. I think (lacking a BGP router at the moment :().
If they aren't - then you have more work to do. Unfortunately if you dont have the route in your table you can't normally advertise it. Back to the OSPF default-route 'always' workaround.
When you start getting into workarounds - generally - your straying from the path of proper design. But thats just my opinion. Easy way = ISP to advertise you a full table and default route.
A workaround would be to configure a static default route and tie it to an IP SLA probe targeted to the upstream IP address of your next-hop of that ISP. If the ICMP probe becomes unreachable then the static route will become invalid and you will see it withdrawn from your OSPF advertisements.
No problem on the quick responses :)
I asked 1 of the 2 and they definitely don't advertise. I knew the command and never seen it that is why I said just full routes. I don't filter anything so i was certain they just gave me the default route. Your spot on the command. Neither advertise default just a full routing table. So the answer to my question is
ip route 0/0 upstream isp. i thought "maybe" in my neighbor statement on bgp i could do default-originate or something without advertising and it would update my routing table. i know null0 on default route would not work good unless advertising or something.
No, unfortunately not.
Asking your ISP to advertise you a default-route shouldn't be a big deal. It would save you additional complexity in your designs in my opinion.