Conditional OSPF Default Route: Tested Configuration

One of my readers asked for a working configuration of the conditional OSPF default route advertisement feature. In my scenario, the OSPF default route would be announced whenever an Internet prefix (172.18.0.0/16) would be present in the IP routing table.

router ospf 1
 log-adjacency-changes
 network 0.0.0.0 255.255.255.255 area 0
 default-information originate always route-map FromInternet
!
router bgp 11
 bgp log-neighbor-changes
 neighbor 172.16.1.2 remote-as 21
!
ip access-list standard FromInternet
 permit 172.18.0.0
!
route-map FromInternet permit 10
 match ip address FromInternet

Caveats:

  • The route map configured in the default-information originate command tests the IP prefixes in the IP routing table. You can thus match only on those attributes that are present in the IP routing table (IP prefix, metric, next-hop), not on additional BGP attributes (like AS-path), which would be really cool
  • Contrary to what Sebastian wrote in his comment, you don’t have to redistribute the BGP route into OSPF to make it work in IOS release 12.4(11)T or 12.2SRC, but it looks the IP prefix you test cannot be a subnet.

12 comments:

  1. Hi!

    That's strange, it didn't work for me in 12.4(11)T, and this is the response I got from TAC:

    ------------------------
    the problem with originate default information is that it's a special redistribution. In this configuration you 'redistribute' into OSPF routes x.x.x.x/16 and y.y.y.y/20 with the only exception that during redistribution they become default route.

    This said, usual restrictions on redistribution apply and iBGP routes are not redistributed into IGP.
    ------------------------

    Perhaps I have a special configuration which triggered the problem, I don't know.
  2. Did you use default-information originate or default-information originate always? I would sort-of understand why you'd need to redistribute a route into OSPF without the always keyword.
  3. No, I used originate always, because I don't have a default route set on the router... Did you have a (static) default route in your configuration somewhere?
  4. No default route. I might still have the original (complete) router configurations. Send me a message and I'll send them to you.
  5. It works for me. I already thought of doing this, then the site confirmed. I do not use the 'always' keywork. I learn the default from BGP, then in my route-map match a prefix-list of 0.0.0.0/0 and a tag of the AS it should be from. No redistribution in my setup.
    FYI: matching on next-hop didn't work.. using tags is cleaner anyway.
  6. Another Caveat is the route-map reference should always match a classful network.

    EIGRP's default-information originate would add a Classful static entry into to the config but OSPF does not.

    Sharath
  7. It was a little bit challenging to notice that a route-map, used by default-information-originate, will never match an iBGP route! ;)
  8. Thanks for the tip! It does make sense (IBGP route is supposed to be coming from across the OSPF domain), but it's definitely a bit under-documented.
  9. what will be the configuration for next hop? i tried to do the next hop setting, but it didnt work.

    default-information originate always route-map TEST_1

    route-map TEST_1 permit 10
    match ip next-hop 12
    route-map TEST_1 permit 20
    match ip next-hop 13

    access-list 12 permit 192.10.1.254
    access-list 13 permit 204.12.1.254

    show ip route
    B 118.0.0.0/8 [20/0] via 204.12.1.254, 00:42:37
    B 222.22.2.0/24 [20/0] via 192.10.1.254, 00:27:02
  10. Hello. I am curious as to the opposite: ¿is it possible to announce the default route to a OSPF neighbor when a certain prefix is removed from the routing table?
    Replies
    1. You probably need to create a fake route that is tracking an absence of a route, and advertise the default route based on the presence of that fake route. Something along the lines of

      http://blog.ipspace.net/2007/08/install-static-route-when-ip-address-is.html
    2. Thanks for your reply. I do admire your work.
      I tested it by means of IP SLA and Boolean Not and it worked, as you pointed out, a bit obscure though. I am going to test what you suggested.
Add comment
Sidebar