We have two Internet connections, one in our main site and one in our DR site.
In both locations, we are receiving a default route via BGP and distributing that route into OSPF on the edge routers.
In both sites the edge routers have an OSPF adjacentcy with the firewall.
The firewalls have an OSPF adjacentcy with the core switches.
All internal routing in both locations is via OSPF in area 0, but OSPF is seperate at both locations, OSPF is only routing locally at each site.
The two locations are connected via BGP across a DS3 with 7206 routers. These routers are doing mutual reditribution between OSPF and BGP.
Both edge routers, both firewalls and both 7206 routers have OSPF default-information originate configured, with no metric set.
Everything is working, but I have some questions:
Internally, all routes advertised by the Firewall interfaces have an OSPF metric of 11, while the default route has a metric of 1.
Since no metric is set on the edge router distributing the BGP into OSPF, the metric should be 1, but with "default-information originate" distributing the default route, does it also distribute the originating metric as well?
For example, the firewall sees the default route with an ospf metric of 1
The firewall is also distributing the default route with "default-information originate" the core switches and the 7206 router see the default route with a metric of 1, while all other routes from the firewall have a metric of 11.
Is this by design?
Is it ok to have multiple configurations of "default-information originate" throughout an OSPF area?
"The firewall is also distributing the default route with "default-information originate" the core switches and the 7206 router see the default route with a metric of 1, while all other routes from the firewall have a metric of 11"
The routes that are metric 11, are these routes that have been passed to the firewall from the edge routers ?
If so the difference is that you are generating a default route on the firewall but the other routes are simply passed from the edge routers. So you are not comparing like for like.
"Is it ok to have multiple configurations of "default-information originate" throughout an OSPF area?"
But you havent have you, because you said the 2 area 0s were actually 2 totally separate areas ?. And having it on the edge routers and the firewalls is still pointing to the same exit or have i misunderstood ?
"The routes that are metric 11, are these routes that have been passed to the firewall from the edge routers ? "
No, these are what the core switches see that are being advertised by the firewall, all of the DMZ interfaces have metric 11, whil the default route, that is being distributed by the firewall has a metric of 1.
Also, in the documentation, the "default-information originate", with no metric defined should give the route a metric of 10.
From the command reference:
(Optional) Metric used for generating the default route. If you omit a value and do not specify a value using the default-metric router configuration command, the default metric value is 10. The value used is specific to the protocol."
Could the fact that the metric was defined by being ditributed from BGP, be the metric that the firewall just passes to the switches and 7206?
As far as where "default-information originate" is defined, in both locations:
On the Internet edge router
On the firewall
On the 7206 router
The core switches do not, but every device in the OSPF area sees the default route with a metric of 1, which they are getting it from the Internet Edge router distribution from BGP into OSPF.
"No, these are what the core switches see that are being advertised by the firewall, all of the DMZ interfaces have metric 11, whil the default route, that is being distributed by the firewall has a metric of 1."
Ahh, my mistake, i misunderstood your setup. As Peter says the default route is treated as an external route in OSPF and by default it will be a metric-type of E2 which means the metric does not change as it advertised throughout the OSPF domain.
If you want to use more precise metrics then as Guiseppe says you may want to consider changing the metric-type to E1.
The "default-information originate" command causes the OSPF router to redistribute the default route from the routing table to the OSPF domain. It works as a very selective mechanism that redistributes solely the default route. If no explicit metric is specified with this command, the metric 1 is used. By default, the default route metric is Type2 which means that it will not increase as it is propagated through your OSPF domain.
It is OK to have multiple routers within an OSPF domain configured with "default-information originate" command as long as these routers are indeed gateways outside your OSPF domain, i.e. they really are boundary routers between your network and the external world.
EDIT: I had some misinformation here regarding the metric of default route. I've removed it.
without no additional parameters an LSA type 5 O E2 is injected in the OSPF domain representing the default route with seed metric 1.
O E2 metric is considered bigger then internal metric and you cannot see it increasing on downstream routers.
However, downstream routers will consider the OSPF forwarding metric that is the path cost to reach the ASBR (the node that originated the default route).
So in your case, each device taking part in OSPF domain will receive two LSA type 5 data structures for net 0.0.0.0/0 one coming from the BGP router and one from the C7206 router.
The OSPF design recommendations for multiple ASBR exit points are the following:
move to OSPF O E1 routes that sum the seed metric to the internal path to reach the ASBR to have optimal routing.
Also if you want to build a hierarchy of default routes (for example if the DS3 link should be used only if BGP router or link has failed on the same site) you need to set different seed metric.
By using a seed metric of 500 and O E1 routes you can make the C7206 DS3 router a backup exit point used only when primary fails.
you can use a route-map with the command or you can set both the metric type and the (seed ) metric on the same line with the default-originate command.
moving to O E1 and setting different seed metric according to your needs can be seen as an improvement to current scenario.
default seed metric is 10 not 1 I confused with default values for redistribution
default-information originate [always] [metric metric-value] [metric-type type-value] [route-map map-name]
Hope to help
Currently the Internet default route will fail over to the DR side Internet when we loose the Main site Internet.
Both sites are doing mutual distribution of bgp to ospf, with no route filters and no change to the seed metric, but in the Main site, bgp has an AD set to 150, so all routes from the DR side are in the route table as bgp with an AD of 150.
I see that your current scenario has played with AD values to build a hierarchy and as it could be expected DR site is the backup link.
However, if BGP AD for eBGP routes is 150 this means that C7206 is not really injecting a default route in OSPF.
It is ready to do it when the default route from OSPF disappears.
To check this you should use the database show commands:
show ospf database external 0.0.0.0
do this on different devices and look at the number of LSA you see.
also on the C7206 you can check locally originated LSA.
if actually the C7206 is not injecting its own default route in OSPF there is no competition and everything works well.
In my opinion playing with AD is more tricky then using OSPF O E1 with different seed metric.
If someone not aware of the use of the distance command in router bgp on the C7206 removes it there can be some issues.
Hope to help
That is correct that the 7206 does not inject a default route, unless the default from the edge router is lost.
But that was another question I had about multiple instances of "default-information originate:
What prevents the 7206 from trying to distribute the default route also?
the key point is the changed AD:
a BGP route 0.0.0.0/0 is not installed in the local routing table and the OSPF route is installed and wins.
As a result of this the C7206 doesn't advertise a default route in OSPF because it is using a default route coming from OSPF.
Hope to help
My understanding is that the router that is distributing a default route with default-information originate, is advertising the default route that is in the local route table.
Does the default route to be advertised with this command, only get distributed into OSPF if it is NOT in the OSPF route table?
my understanding is that a default route learned by a different routing protocol or static route has to be in the routing table before the ASBR can inject a default route in OSPF domain.
if the only default route is received on the same OSPF domain where the node should inject its own it suppresses its advertisement as a result of this consistency check.
Hope to help