Re: OSPF default routes adwertised by two routers.

cyberrmen · ‎08-24-2008

Hello.

I have thre routers:

R1 - RID 192.168.10.1

R2 - RID 192.168.10.2

R3 - RID 192.168.10.1

they are connected in one brodcast network.

the R2 and R3 are routers connected to internet.

I want to R3 and R2 advertise default route by OSPF and R1 recive both default routes and change metric in one of them to one route be primary default route and

second be backup default route (it is needed because i want to place statefull firewall beetwen the routers).

I do the folowing configuration on router

R3 and R2:

R3:

interface Loopback0

ip address 192.168.11.1 255.255.255.0

interface FastEthernet0

ip address 192.168.10.3 255.255.255.0

speed auto

router ospf 100

log-adjacency-changes

network 192.168.10.0 0.0.0.255 area 0

network 192.168.11.0 0.0.0.255 area 0

default-information originate always metric-type 1

!

ip classless

ip route 0.0.0.0 0.0.0.0 Serial0 permanent

R2:

interface FastEthernet0

ip address 192.168.10.2 255.255.255.0

speed auto

router ospf 100

log-adjacency-changes

network 192.168.10.0 0.0.0.255 area 0

default-information originate always metric-type 1

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Serial0 permanent

AND on R1 is the folowing configuration:.

interface Ethernet0

ip address 10.0.0.1 255.255.255.0

half-duplex

!

interface FastEthernet0

ip address 192.168.10.1 255.255.255.0

speed auto

router ospf 100

router-id 192.168.10.1

log-adjacency-changes detail

network 192.168.10.0 0.0.0.255 area 0

distribute-list route-map ddd in

ip prefix-list defroute seq 10 permit 0.0.0.0/0

access-list 1 permit any

access-list 10 permit 192.168.10.3 log

access-list 20 permit 192.168.10.2

route-map ddd permit 10

match ip route-source 10

set metric 10

!

route-map ddd permit 20

match ip address 1

match ip route-source 20

The problem is that the configuration made on R1 is not working - metric do not change.

sh ip route on R1 display folowing output:

C 192.168.10.0/24 is directly connected, FastEthernet0

192.168.11.0/32 is subnetted, 1 subnets

O 192.168.11.1 [110/2] via 192.168.10.3, 00:00:25, FastEthernet0

O*E1 0.0.0.0/0 [110/2] via 192.168.10.3, 00:00:25, FastEthernet0

[110/2] via 192.168.10.2, 00:00:25, FastEthernet0

Can somebody help me, where i made mistake ?

Thanks for help.

Richard Burts · ‎08-24-2008

Wociech

OSPF as a link state protocol must draw a logical and accurate map of the network topology and from that map will calculate the routes. I do not believe that OSPF gives you the ability to manipulate the metric in the same way that some other protocols do. I believe that the set metric that you use in the route map could be effective for some other protocols but not for OSPF.

HTH

Rick

HTH

Rick

Harold Ritter · ‎08-24-2008

Wociech,

One way to achieve what you want to do is to originate the default with as an E1 on the primary side and leave the secondary as an E2 (which is the default). R1 will naturally use the route to the primary as the E1 is preferred over the E2.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Giuseppe Larosa · ‎08-25-2008

Hello Wociech,

on R2

router ospf 100

default-information originate always metric-type 1 metric 50

in this way you will have an higher seed metric for the 0.0.0.0/0 or R2.

remove all the stuff on R1 because it is wrong in theory because OSPF is link state you cannot change an LSA attribute like metric on another router: LSA is owned by the originator and is propagated unchanged on all the OSPF domain (in the case of LSA type 5 as the default route).

Only the LSA owner can send a new version of the LSA with a different field like a different metric value.

Hope to help

Giuseppe

Richard Burts · ‎08-25-2008

Wociech

In my response I focused on your question about what you can do on R1 to prefer one of the default routes and the fact that R1 can not really do that. The excellent suggestions from Harold and from Guiseppe look past that and suggest ways to achieve what you want by doing things on R2 or R3. Their suggestions should provide an effective solution to your requirements.

HTH

Rick

HTH

Rick

cyberrmen · ‎08-29-2008

The problem is not to R1 get two default routes with difrent piority. The problem is how to do that on R1.

Ok whole the problem is that i have two difrent locations far away from each other.

In one location is R2 > statefull firewall > R1

In second location is R3 > statefull firewall > R4

R2,R3 - have connection to internet.

R1 and R4 are dmz routers. DMZ have public addreses.

DMZ must be the same l2/l3 segment i in both locations.

I have first l2 connections - segment betwen R2 and firewall in location 1 is connected witch segment between R3 and wirewall in location 2.

I have second l2 connections - segment betwen R1 and firewall in location 1 is connected witch segment between R4 and wirewall in location 2.

The problem is how to configure traffic that if communication will be sent to one firewall then the return traffic will be send to this same firewall. (without emploing any nat). And maintain redundancy in case of failure of one firewall or failure one of routers R2 or R3.

Of course it is not posible to build cluster form firewals in location 1 and location 2 but they support ospf.

In IOS decumentation it is writen that metric command is suported for OSPF. I have seen the same working excamples on cisco.com that my, only difrence was that it was for the normal routes not for default which is external in meening of ospf. (but i see that it is not working with normal route too in my case).

Mayby i am missing something.